Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virtumonde


  • Please log in to reply
12 replies to this topic

#1 sheikhs

sheikhs

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 16 May 2008 - 05:25 AM

I have run various programs both in normal mode and safe mode. I have followed advice from several forums (this is the first time i have posted on a forum) but have failed to remove the virus. IE7 barley works now and I still get popups. I was unable to run Kaspersky Online Scanner as it would not load up. To send this and to download DSS I had to use Safari 3.1. All programs listed below were updated.

Spybot 1.5
Registry Mechanic - latest version
Wintools.net
SmitfraudFix - does not work since i ran Wintools
SpyHunter
VundoFix
VirtumundoBeGone
ATF-Cleaner - does not work since i ran Wintools
Symantic Antivirus – which now appears to not be working correctly?
I'm sure i have missed a few from this list as well.

I really hope you can help me.

DSS Log is pasted below:
Deckard's System Scanner v20071014.68
Run by Sheikh on 2008-05-16 11:10:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Sheikh.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:42, on 16 May 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sheikh\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sheikh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {08677173-6747-4DAE-AF40-764A6FF60FF7} - (no file)
O2 - BHO: (no name) - {2E0B17A0-EE67-497A-9218-8FE180623AA9} - (no file)
O2 - BHO: (no name) - {3ED692F3-9010-48F9-8C39-175E8C08D654} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {68121C02-BE37-47D9-8CEE-D34BD9E91444} - (no file)
O2 - BHO: (no name) - {6CBE5A8B-441C-4948-9209-FFA464D19E74} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: (no name) - {812A3056-0794-499D-A1EE-57ECC0EF0542} - C:\WINDOWS\system32\ssqNHwVm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {9007726c-d3d4-aca9-be04-0b9d683ff829} - {928ff386-d9b0-40eb-9aca-4d3dc6277009} - C:\WINDOWS\system32\cmavbxhk.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CCDB4511-36CD-451D-A969-6CBF1111A03D} - (no file)
O2 - BHO: (no name) - {FA797DC9-AA47-44DF-A5FA-74AABB5D9F13} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BM5f7aa416] Rundll32.exe "C:\WINDOWS\system32\tptpgtgi.dll",s
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126606003911
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143624147109
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 9845 bytes

-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 11:08:16 0 d-------- C:\Program Files\Trend Micro
2008-05-15 20:55:38 0 d-------- C:\WINDOWS\Prefetch
2008-05-15 15:57:08 101952 --a------ C:\WINDOWS\system32\cmavbxhk.dll
2008-05-15 15:56:45 90176 --a------ C:\WINDOWS\system32\gxyqwlba.dll
2008-05-15 15:53:43 2112 --a------ C:\WINDOWS\system32\chjfvlbt.exe
2008-05-15 15:50:49 52336 --a------ C:\WINDOWS\system32\fpyluyuy.dll
2008-05-15 15:50:43 99904 --a------ C:\WINDOWS\system32\tptpgtgi.dll
2008-05-15 15:47:34 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-15 15:44:43 780665 --ahs---- C:\WINDOWS\system32\mVwHNqss.ini2
2008-05-15 15:44:40 276992 --a------ C:\WINDOWS\system32\ssqNHwVm.dll
2008-05-15 15:25:14 0 d-------- C:\VundoFix Backups
2008-05-13 19:56:00 616232 --ahs---- C:\WINDOWS\system32\Vxabacdd.ini2
2008-05-13 18:49:46 0 dr-h----- C:\Documents and Settings\Sheikh\Recent
2008-05-13 14:50:39 487487 --ahs---- C:\WINDOWS\system32\XIQXHkkj.ini2
2008-05-11 12:38:22 373171 --ahs---- C:\WINDOWS\system32\uCJQYFhk.ini2
2008-05-09 19:09:03 375460 --ahs---- C:\WINDOWS\system32\vyxxayxx.ini2
2008-05-09 18:03:17 43520 --a------ C:\WINDOWS\system32\ssqPjihg.dll
2008-05-09 17:34:15 0 d-------- C:\Program Files\Enigma Software Group
2008-05-09 10:17:41 0 d-------- C:\Documents and Settings\Administrator.CUSTOMER-RRYN2K\Application Data\Adobe
2008-05-09 10:12:43 2112 --a------ C:\WINDOWS\system32\ayomvvnx.exe
2008-05-09 10:00:43 374019 --ahs---- C:\WINDOWS\system32\yJjmlnmp.ini2
2008-05-09 09:17:44 1684 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-09 08:17:19 373528 --ahs---- C:\WINDOWS\system32\RuxxaGgh.ini2
2008-05-08 22:28:10 0 dr-h----- C:\Documents and Settings\Administrator.CUSTOMER-RRYN2K\Recent
2008-05-08 22:26:04 0 d-------- C:\Documents and Settings\Administrator.CUSTOMER-RRYN2K\Application Data\Uniblue
2008-05-08 22:14:11 0 d-------- C:\Documents and Settings\Administrator.CUSTOMER-RRYN2K\Application Data\Creative
2008-05-08 20:59:51 0 d-------- C:\Documents and Settings\Administrator.CUSTOMER-RRYN2K\Application Data\PC Tools
2008-05-08 10:40:42 2048 --a------ C:\WINDOWS\system32\fsuccbga.exe
2008-05-08 10:37:43 106496 --a------ C:\WINDOWS\system32\stjwrmxa.dll
2008-05-08 10:31:48 52272 --a------ C:\WINDOWS\system32\amklbblo.dll
2008-05-08 10:31:42 106496 --a------ C:\WINDOWS\system32\cijnxobq.dll
2008-05-07 22:30:12 375799 --ahs---- C:\WINDOWS\system32\pXFNonmp.ini2


-- Find3M Report ---------------------------------------------------------------

2008-05-15 20:50:47 0 d-------- C:\Documents and Settings\Sheikh\Application Data\uTorrent
2008-05-15 20:50:46 0 d-------- C:\Documents and Settings\Sheikh\Application Data\UseNeXT
2008-05-15 20:50:46 0 d-------- C:\Documents and Settings\Sheikh\Application Data\Azureus
2008-05-15 15:36:55 0 d-------- C:\Program Files\PowerISO
2008-05-09 10:22:35 0 d-------- C:\Program Files\Spyware Doctor
2008-05-08 22:27:53 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-08 22:27:52 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-08 22:27:52 0 d-------- C:\Program Files\UseNeXT
2008-05-08 22:27:52 0 d-------- C:\Program Files\QuickTime Alternative
2008-05-08 22:27:52 0 d-------- C:\Program Files\Mozilla Sunbird
2008-05-08 22:27:52 0 d-------- C:\Program Files\Movie Maker
2008-05-08 22:27:52 0 d-------- C:\Program Files\Messenger
2008-05-08 22:27:52 0 d-------- C:\Program Files\MagicISO
2008-05-08 22:27:52 0 d-------- C:\Program Files\Kyodai
2008-05-08 22:27:52 0 d-------- C:\Program Files\DivX
2008-05-07 22:26:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-07 22:25:30 0 d-------- C:\Program Files\Google
2008-04-15 15:10:36 0 d-------- C:\Program Files\iTunes
2008-04-15 15:10:24 0 d-------- C:\Program Files\iPod
2008-04-15 15:08:23 0 d-------- C:\Program Files\QuickTime
2008-04-03 15:30:45 0 d-------- C:\Documents and Settings\Sheikh\Application Data\DivX
2008-03-27 20:55:50 0 d-------- C:\Documents and Settings\Sheikh\Application Data\Vso
2008-03-27 19:36:11 0 d-------- C:\Program Files\Media Player Classic
2008-03-20 08:52:07 64508 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-20 08:51:16 0 d-------- C:\Documents and Settings\Sheikh\Application Data\Apple Computer
2008-03-19 22:11:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-19 22:11:28 0 d-------- C:\Documents and Settings\Sheikh\Application Data\Adobe
2008-03-19 22:11:11 0 d-------- C:\Program Files\Common Files
2008-03-19 22:11:11 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-19 21:45:01 0 d-------- C:\Documents and Settings\Sheikh\Application Data\PCTV4Me
2008-03-19 21:44:57 0 d-------- C:\Program Files\PCTV4Me
2008-03-19 16:06:55 0 d-------- C:\Documents and Settings\Sheikh\Application Data\AdobeUM
2008-03-18 20:11:27 0 d-------- C:\Documents and Settings\Sheikh\Application Data\U3
2008-03-18 16:08:37 0 d-------- C:\Program Files\Safari
2008-03-17 10:00:37 1056 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-16 23:32:31 0 d-------- C:\Program Files\TweakMASTER
2008-03-16 20:07:37 0 d-------- C:\Documents and Settings\Sheikh\Application Data\JAM Software
2008-03-16 20:07:32 0 d-------- C:\Program Files\JAM Software
2008-03-16 19:09:28 2540 --a------ C:\WINDOWS\unins000.dat
2008-03-16 19:05:01 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-21 03:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 03:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-21 03:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-21 03:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 03:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 03:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08677173-6747-4DAE-AF40-764A6FF60FF7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E0B17A0-EE67-497A-9218-8FE180623AA9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ED692F3-9010-48F9-8C39-175E8C08D654}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68121C02-BE37-47D9-8CEE-D34BD9E91444}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CBE5A8B-441C-4948-9209-FFA464D19E74}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{812A3056-0794-499D-A1EE-57ECC0EF0542}]
15 May 2008 15:44 276992 --a------ C:\WINDOWS\system32\ssqNHwVm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{928ff386-d9b0-40eb-9aca-4d3dc6277009}]
15 May 2008 15:57 101952 --a------ C:\WINDOWS\system32\cmavbxhk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCDB4511-36CD-451D-A969-6CBF1111A03D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA797DC9-AA47-44DF-A5FA-74AABB5D9F13}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [30 Jul 2002 12:35]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11 Jan 2008 20:54]
"BM5f7aa416"="C:\WINDOWS\system32\tptpgtgi.dll" [15 May 2008 15:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [17 Jan 2008 11:46]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18 Oct 2006 21:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04 Aug 2004 00:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23 Sep 2005 23:05:26]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [01 May 2007 11:11:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktop"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"HideClock"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"StartmenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [29 Oct 2003 17:18 49152]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqNHwVm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f7df279-8b85-11dc-a795-000cf1878e17}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GRAZAX.ppt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2eb254f0-2cdb-11da-baf9-00038a000015}]
AutoRun\command- L:\PStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1eed654-9e93-11db-a6b2-000cf1878e17}]
AutoRun\command- J:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CF9517BB-8C05-A678-7A71-D23633FA36CF}]
C:\WINDOWS\system32:svchost.exe



-- End of Deckard's System Scanner: finished at 2008-05-16 11:11:08 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 13%
Physical Memory (total/avail): 3711 MiB / 3197.05 MiB
Pagefile Memory (total/avail): 6051.48 MiB / 5770 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.24 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.75 GiB total, 56.71 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 279.47 GiB total, 40.98 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 6B300S0 - 279.47 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 279.47 GiB - F:

\\.\PHYSICALDRIVE0 - ST3120026A - 111.76 GiB - 1 partition
\PARTITION0 - Installable File System - 111.75 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\Program Files\\PopCap Games\\Diamond Mine Deluxe\\WinDM.exe"="F:\\Program Files\\PopCap Games\\Diamond Mine Deluxe\\WinDM.exe:*:Enabled:Bejeweled"
"F:\\Program Files\\BitTorrent\\bittorrent.exe"="F:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL 9.0"
"F:\\My Documents\\Downloads\\Applications\\utorrent.exe"="F:\\My Documents\\Downloads\\Applications\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Disabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Disabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Disabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Disabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Disabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Disabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Disabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Disabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Disabled:hpzwiz01.exe"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Disabled:Nero ProductSetup"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sheikh\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sheikh
LOGONSERVER=\\DELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Microsoft USB Flash Drive Manager\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft USB Flash Drive Manager\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sheikh\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sheikh\LOCALS~1\Temp
USERDOMAIN=DELL
USERNAME=Sheikh
USERPROFILE=C:\Documents and Settings\Sheikh
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Sheikh (admin)
Administrator.CUSTOMER-RRYN2K (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /nolog/l0x0009
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> F:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced Office Password Recovery (remove only) --> C:\Program Files\ElcomSoft\AOPR\uninstall.exe
AMUST Disk Cleaner 1.0 --> "C:\Program Files\AMUST\Disk Cleaner\unins000.exe"
AMUST Registry Cleaner --> "C:\Program Files\AMUST\Registry Cleaner\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AudibleManager --> F:\My Documents\My Programs\Utilities\Audible Manager\Bin\Upgrade.exe /Uninstall
Belkin Wireless Setup utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A0BBC906-9A33-4C79-A26A-758ED3503769} /l1033 REMOVE
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
blueyonder Instant Support Tool --> C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Chuzzle Deluxe --> "C:\Program Files\Zylom Games\Chuzzle Deluxe\GameInstaller.exe" --uninstall UnInstall.log
Conexant SmartHSFi V.9x 56K Speakerphone PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
ConvertXtoDVD 2.2.0.251 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Creative Zen Vision M --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x9 /remove
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Diamond Mine Deluxe 1.81y --> F:\Program Files\PopCap Games\Diamond Mine Deluxe\PopUninstall.exe F:\Program Files\PopCap Games\Diamond Mine Deluxe\Install.log
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Duplicate File Finder 1.1.0.3 --> "F:\Program Files\Duplicate File Finder\unins000.exe"
DVD Region-Free 3.22 --> "C:\Program Files\DVD Region-Free\unins000.exe"
DVD Ripper Platinum 4 --> C:\Program Files\Xilisoft\DVD Ripper Platinum 4\Uninstall.exe
EZ Photo Renamer V2.6 --> "C:\Program Files\EZ Photo Renamer\unins000.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 Exporters --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly
Google SketchUp LayOut 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly
Google SketchUp Pro 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hoyle Board Games 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB1CCBED-FA66-4D30-BFD7-EF20AD0A81FE}\setup.exe" -l0x9
Hoyle Card Games 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D361C406-ED11-4A88-AD42-4A749BBAE6F9}\setup.exe" -l0x9 -removeonly
Hoyle Casino 2006 (remove only) --> "C:\Program Files\Encore\Hoyle Casino 2006\uninstall.exe"
Hoyle Puzzle Games 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{059689BF-89A3-4FE5-B459-6EAB2903124F}\setup.exe" -l0x9 -removeonly
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Drive Key Boot Utility --> C:\Program Files\Compaq\hpdkbu\hpuninst.exe
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® PRO Network Connections Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lavasoft Reghance 2.1 -licensed- --> C:\PROGRA~1\LAVASO~1\UNWISE.EXE C:\PROGRA~1\LAVASO~1\INSTALL.LOG
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
LSP Explorer Pluginfor Ad-aware 6 --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\INSTALL.LOG
MA111 Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2558EA-B449-45A1-88C7-6B9B79EDA0D2}\Setup.exe" -l0x9
Magentic --> C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Majestic Chess --> MsiExec.exe /X{7CDD0F65-641F-4637-888A-208713EE0ED6}
Memory-Map OS Edition Version 5 --> MsiExec.exe /X{B3FB6B55-C271-44FC-BA03-BBD8B2EA6EEF}
Microsoft Autoroute with GPS Locator --> MsiExec.exe /I{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft USB Flash Drive Manager --> MsiExec.exe /I{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.7) --> C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
MP3 Player Utilities V1.28 --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
PCTV4Me (remove only) --> C:\Program Files\PCTV4Me\uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PTGui 6.0.1 --> C:\Program Files\PTGui\Uninstall.exe
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
QuickTime Alternative 1.47 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Risk II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0EE11800-A1BD-11D3-BFEB-005004AF2D32}\setup.exe" -l0x0009
Roxio Easy Media Creator 7 --> MsiExec.exe /I{CB4544EA-C189-41FE-9E3A-76591DDB852B}
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SereneScreen Aquarium --> "F:\Program Files\Aquarium\unins000.exe"
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Spyware Doctor 3.8 --> "C:\Program Files\Spyware Doctor\unins000.exe"
Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Tag&Rename 3.2 --> "F:\Program Files\TagRename\unins000.exe"
TreeSize Free V2.1 --> "C:\Program Files\JAM Software\TreeSize Free\unins000.exe"
TweakMASTER --> "C:\Program Files\TweakMASTER\unins000.exe"
Uniblue Registry Booster --> "C:\Program Files\Uniblue\Registry Booster\unins000.exe"
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
USB MP3 Player WIN98 Drivers --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MP3\U-MP3\Uninst.isu"
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
UseNeXT --> "C:\Program Files\UseNeXT\unins003.exe"
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vodafone 804SS USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Vodei Multimedia Processor 2.00 --> C:\Program Files\Vodei\uninst.exe
WinAVI Video Converter --> "F:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinTools.net 8.1.1 Professional --> "c:\Program Files\Godlike Developers\WinTools.net Professional\uninstall.exe"
XML Paper Specification Shared Components Pack 1.0 -->
ZENcast Organizer --> "C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /nolog/l0x0009


-- Application Event Log -------------------------------------------------------

Event Record #/Type68205 / Warning
Event Submitted/Written: 05/16/2008 08:58:23 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type68204 / Warning
Event Submitted/Written: 05/16/2008 08:58:23 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.

Event Record #/Type68203 / Warning
Event Submitted/Written: 05/16/2008 08:58:23 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type68202 / Warning
Event Submitted/Written: 05/16/2008 08:58:23 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.

Event Record #/Type68197 / Warning
Event Submitted/Written: 05/16/2008 08:57:38 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type74335 / Error
Event Submitted/Written: 05/16/2008 10:38:34 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type74334 / Error
Event Submitted/Written: 05/16/2008 10:38:16 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type74333 / Error
Event Submitted/Written: 05/16/2008 10:31:54 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type74324 / Error
Event Submitted/Written: 05/16/2008 10:28:03 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type74323 / Warning
Event Submitted/Written: 05/16/2008 10:19:53 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\VAIO on the network \Device\NetBT_Tcpip_{8039DDF8-EC44-4580-BDFD-0986104FD386}.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-05-16 11:02:01 ------------


I have also attached the VirtumundoBeGone log in case that is of any use to you.


[05/16/2008, 9:29:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Sheikh\Desktop\VirtumundoBeGone.exe" )
[05/16/2008, 9:29:31] - Detected System Information:
[05/16/2008, 9:29:31] - Windows Version: 5.1.2600, Service Pack 2
[05/16/2008, 9:29:31] - Current Username: Sheikh (Admin)
[05/16/2008, 9:29:31] - Windows is in SAFE mode with Networking.
[05/16/2008, 9:29:31] - Searching for Browser Helper Objects:
[05/16/2008, 9:29:31] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[05/16/2008, 9:29:31] - BHO 2: {08677173-6747-4DAE-AF40-764A6FF60FF7} ()
[05/16/2008, 9:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:31] - No filename found. Continuing.
[05/16/2008, 9:29:31] - BHO 3: {2E0B17A0-EE67-497A-9218-8FE180623AA9} ()
[05/16/2008, 9:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:31] - No filename found. Continuing.
[05/16/2008, 9:29:31] - BHO 4: {3ED692F3-9010-48F9-8C39-175E8C08D654} ()
[05/16/2008, 9:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:31] - No filename found. Continuing.
[05/16/2008, 9:29:31] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard)
[05/16/2008, 9:29:31] - BHO 6: {68121C02-BE37-47D9-8CEE-D34BD9E91444} ()
[05/16/2008, 9:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:31] - No filename found. Continuing.
[05/16/2008, 9:29:31] - BHO 7: {6CBE5A8B-441C-4948-9209-FFA464D19E74} ()
[05/16/2008, 9:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:31] - No filename found. Continuing.
[05/16/2008, 9:29:31] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/16/2008, 9:29:31] - BHO 9: {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} (TweakMASTER PRO Component)
[05/16/2008, 9:29:31] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/16/2008, 9:29:31] - BHO 11: {928ff386-d9b0-40eb-9aca-4d3dc6277009} ()
[05/16/2008, 9:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:31] - Checking for HKLM\...\Winlogon\Notify\cmavbxhk
[05/16/2008, 9:29:31] - Key not found: HKLM\...\Winlogon\Notify\cmavbxhk, continuing.
[05/16/2008, 9:29:31] - BHO 12: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
[05/16/2008, 9:29:31] - BHO 13: {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} ()
[05/16/2008, 9:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:31] - Checking for HKLM\...\Winlogon\Notify\cbXNHXOg
[05/16/2008, 9:29:31] - Found: HKLM\...\Winlogon\Notify\cbXNHXOg - This is probably Virtumundo.
[05/16/2008, 9:29:31] - Assigning {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} MSEvents Object
[05/16/2008, 9:29:31] - BHO list has been changed! Starting over...
[05/16/2008, 9:29:31] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[05/16/2008, 9:29:31] - BHO 2: {08677173-6747-4DAE-AF40-764A6FF60FF7} ()
[05/16/2008, 9:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:31] - No filename found. Continuing.
[05/16/2008, 9:29:31] - BHO 3: {2E0B17A0-EE67-497A-9218-8FE180623AA9} ()
[05/16/2008, 9:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:31] - No filename found. Continuing.
[05/16/2008, 9:29:32] - BHO 4: {3ED692F3-9010-48F9-8C39-175E8C08D654} ()
[05/16/2008, 9:29:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:32] - No filename found. Continuing.
[05/16/2008, 9:29:32] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard)
[05/16/2008, 9:29:32] - BHO 6: {68121C02-BE37-47D9-8CEE-D34BD9E91444} ()
[05/16/2008, 9:29:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:32] - No filename found. Continuing.
[05/16/2008, 9:29:32] - BHO 7: {6CBE5A8B-441C-4948-9209-FFA464D19E74} ()
[05/16/2008, 9:29:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:32] - No filename found. Continuing.
[05/16/2008, 9:29:32] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/16/2008, 9:29:32] - BHO 9: {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} (TweakMASTER PRO Component)
[05/16/2008, 9:29:32] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/16/2008, 9:29:32] - BHO 11: {928ff386-d9b0-40eb-9aca-4d3dc6277009} ()
[05/16/2008, 9:29:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:32] - Checking for HKLM\...\Winlogon\Notify\cmavbxhk
[05/16/2008, 9:29:32] - Key not found: HKLM\...\Winlogon\Notify\cmavbxhk, continuing.
[05/16/2008, 9:29:32] - BHO 12: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
[05/16/2008, 9:29:32] - BHO 13: {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} (MSEvents Object)
[05/16/2008, 9:29:32] - ALERT: Found MSEvents Object!
[05/16/2008, 9:29:32] - BHO 14: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/16/2008, 9:29:32] - BHO 15: {CCA82FD5-22C2-45C2-BBDB-788938C52ACB} ()
[05/16/2008, 9:29:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:32] - Checking for HKLM\...\Winlogon\Notify\ssqNHwVm
[05/16/2008, 9:29:32] - Key not found: HKLM\...\Winlogon\Notify\ssqNHwVm, continuing.
[05/16/2008, 9:29:32] - BHO 16: {CCDB4511-36CD-451D-A969-6CBF1111A03D} ()
[05/16/2008, 9:29:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:32] - No filename found. Continuing.
[05/16/2008, 9:29:32] - BHO 17: {FA797DC9-AA47-44DF-A5FA-74AABB5D9F13} ()
[05/16/2008, 9:29:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:32] - No filename found. Continuing.
[05/16/2008, 9:29:32] - Finished Searching Browser Helper Objects
[05/16/2008, 9:29:32] - *** Detected MSEvents Object
[05/16/2008, 9:29:32] - Trying to remove MSEvents Object...
[05/16/2008, 9:29:33] - Terminating Process: IEXPLORE.EXE
[05/16/2008, 9:29:33] - Terminating Process: RUNDLL32.EXE
[05/16/2008, 9:29:33] - Disabling Automatic Shell Restart
[05/16/2008, 9:29:33] - Terminating Process: EXPLORER.EXE
[05/16/2008, 9:29:34] - Suspending the NT Session Manager System Service
[05/16/2008, 9:29:34] - Terminating Windows NT Logon/Logoff Manager
[05/16/2008, 9:29:34] - Re-enabling Automatic Shell Restart
[05/16/2008, 9:29:34] - File to disable: C:\WINDOWS\system32\cbXNHXOg.dll
[05/16/2008, 9:29:34] - Renaming C:\WINDOWS\system32\cbXNHXOg.dll -> C:\WINDOWS\system32\cbXNHXOg.dll.vir
[05/16/2008, 9:29:34] - File successfully renamed!
[05/16/2008, 9:29:34] - Removing HKLM\...\Browser Helper Objects\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}
[05/16/2008, 9:29:34] - Removing HKCR\CLSID\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}
[05/16/2008, 9:29:34] - Adding Kill Bit for ActiveX for GUID: {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}
[05/16/2008, 9:29:34] - Deleting ATLEvents/MSEvents Registry entries
[05/16/2008, 9:29:34] - Removing HKLM\...\Winlogon\Notify\cbXNHXOg
[05/16/2008, 9:29:34] - Searching for Browser Helper Objects:
[05/16/2008, 9:29:34] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[05/16/2008, 9:29:34] - BHO 2: {08677173-6747-4DAE-AF40-764A6FF60FF7} ()
[05/16/2008, 9:29:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:34] - No filename found. Continuing.
[05/16/2008, 9:29:35] - BHO 3: {2E0B17A0-EE67-497A-9218-8FE180623AA9} ()
[05/16/2008, 9:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:35] - No filename found. Continuing.
[05/16/2008, 9:29:35] - BHO 4: {3ED692F3-9010-48F9-8C39-175E8C08D654} ()
[05/16/2008, 9:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:35] - No filename found. Continuing.
[05/16/2008, 9:29:35] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard)
[05/16/2008, 9:29:35] - BHO 6: {68121C02-BE37-47D9-8CEE-D34BD9E91444} ()
[05/16/2008, 9:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:35] - No filename found. Continuing.
[05/16/2008, 9:29:35] - BHO 7: {6CBE5A8B-441C-4948-9209-FFA464D19E74} ()
[05/16/2008, 9:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:35] - No filename found. Continuing.
[05/16/2008, 9:29:35] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/16/2008, 9:29:35] - BHO 9: {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} (TweakMASTER PRO Component)
[05/16/2008, 9:29:35] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/16/2008, 9:29:35] - BHO 11: {928ff386-d9b0-40eb-9aca-4d3dc6277009} ()
[05/16/2008, 9:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:35] - Checking for HKLM\...\Winlogon\Notify\cmavbxhk
[05/16/2008, 9:29:35] - Key not found: HKLM\...\Winlogon\Notify\cmavbxhk, continuing.
[05/16/2008, 9:29:35] - BHO 12: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
[05/16/2008, 9:29:35] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/16/2008, 9:29:35] - BHO 14: {CCA82FD5-22C2-45C2-BBDB-788938C52ACB} ()
[05/16/2008, 9:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:35] - Checking for HKLM\...\Winlogon\Notify\ssqNHwVm
[05/16/2008, 9:29:35] - Key not found: HKLM\...\Winlogon\Notify\ssqNHwVm, continuing.
[05/16/2008, 9:29:35] - BHO 15: {CCDB4511-36CD-451D-A969-6CBF1111A03D} ()
[05/16/2008, 9:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:35] - No filename found. Continuing.
[05/16/2008, 9:29:35] - BHO 16: {FA797DC9-AA47-44DF-A5FA-74AABB5D9F13} ()
[05/16/2008, 9:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 9:29:35] - No filename found. Continuing.
[05/16/2008, 9:29:35] - Finished Searching Browser Helper Objects
[05/16/2008, 9:29:35] - Finishing up...
[05/16/2008, 9:29:36] - A restart is needed.
[05/16/2008, 9:29:36] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[05/16/2008, 9:29:49] - Attempting to Restart via STOP error (Blue Screen!)

[05/16/2008, 10:04:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Sheikh\Desktop\VirtumundoBeGone.exe" )
[05/16/2008, 10:04:45] - Detected System Information:
[05/16/2008, 10:04:45] - Windows Version: 5.1.2600, Service Pack 2
[05/16/2008, 10:04:45] - Current Username: Sheikh (Admin)
[05/16/2008, 10:04:45] - Windows is in SAFE mode.
[05/16/2008, 10:04:45] - Searching for Browser Helper Objects:
[05/16/2008, 10:04:45] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[05/16/2008, 10:04:45] - BHO 2: {08677173-6747-4DAE-AF40-764A6FF60FF7} ()
[05/16/2008, 10:04:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 10:04:45] - No filename found. Continuing.
[05/16/2008, 10:04:45] - BHO 3: {2E0B17A0-EE67-497A-9218-8FE180623AA9} ()
[05/16/2008, 10:04:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 10:04:45] - No filename found. Continuing.
[05/16/2008, 10:04:45] - BHO 4: {3ED692F3-9010-48F9-8C39-175E8C08D654} ()
[05/16/2008, 10:04:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 10:04:45] - No filename found. Continuing.
[05/16/2008, 10:04:45] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard)
[05/16/2008, 10:04:45] - BHO 6: {63EEC938-4DE2-43A0-8F45-4BDD64ACB9B8} ()
[05/16/2008, 10:04:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 10:04:45] - Checking for HKLM\...\Winlogon\Notify\ssqNHwVm
[05/16/2008, 10:04:45] - Key not found: HKLM\...\Winlogon\Notify\ssqNHwVm, continuing.
[05/16/2008, 10:04:45] - BHO 7: {68121C02-BE37-47D9-8CEE-D34BD9E91444} ()
[05/16/2008, 10:04:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 10:04:45] - No filename found. Continuing.
[05/16/2008, 10:04:45] - BHO 8: {6CBE5A8B-441C-4948-9209-FFA464D19E74} ()
[05/16/2008, 10:04:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 10:04:45] - No filename found. Continuing.
[05/16/2008, 10:04:45] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/16/2008, 10:04:45] - BHO 10: {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} (TweakMASTER PRO Component)
[05/16/2008, 10:04:45] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/16/2008, 10:04:45] - BHO 12: {928ff386-d9b0-40eb-9aca-4d3dc6277009} ()
[05/16/2008, 10:04:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 10:04:45] - Checking for HKLM\...\Winlogon\Notify\cmavbxhk
[05/16/2008, 10:04:45] - Key not found: HKLM\...\Winlogon\Notify\cmavbxhk, continuing.
[05/16/2008, 10:04:45] - BHO 13: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
[05/16/2008, 10:04:45] - BHO 14: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/16/2008, 10:04:45] - BHO 15: {CCDB4511-36CD-451D-A969-6CBF1111A03D} ()
[05/16/2008, 10:04:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 10:04:45] - No filename found. Continuing.
[05/16/2008, 10:04:45] - BHO 16: {FA797DC9-AA47-44DF-A5FA-74AABB5D9F13} ()
[05/16/2008, 10:04:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 10:04:45] - No filename found. Continuing.
[05/16/2008, 10:04:45] - Finished Searching Browser Helper Objects
[05/16/2008, 10:04:45] - Finishing up...
[05/16/2008, 10:04:45] - Nothing found! Exiting...

I will refrian from running anything else until i have heard from your good selves.

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:01 AM

Posted 16 May 2008 - 10:05 AM

Hello sheikhs and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 sheikhs

sheikhs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 16 May 2008 - 11:44 AM

Attached should be the text file created by OTScanIt.exe.

Attached Files



#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:01 AM

Posted 16 May 2008 - 12:02 PM

Hi sheikhs. Let's see what we can do with this. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
MS Common Service
Files to delete:
%systemroot%\bm5f7aa416.xml
%systemroot%\system32\ablwqyxg.ini
%systemroot%\system32\amklbblo.dll
%systemroot%\system32\ayomvvnx.exe
%systemroot%\system32\cbxnhxog.dll.vir
%systemroot%\system32\chjfvlbt.exe
%systemroot%\system32\cijnxobq.dll
%systemroot%\system32\cmavbxhk.dll
%systemroot%\system32\cmavbxhk.dll 
%systemroot%\system32\fmoglobb.ini
%systemroot%\system32\fpyluyuy.dll
%systemroot%\system32\fsuccbga.exe
%systemroot%\system32\gxyqwlba.dll
%systemroot%\system32\mvwhnqss.ini
%systemroot%\system32\mvwhnqss.ini2
%systemroot%\system32\plixsamy.dll
%systemroot%\system32\plixsamy.dll 
%systemroot%\system32\putumhgq.dll
%systemroot%\system32\pxfnonmp.ini
%systemroot%\system32\pxfnonmp.ini2
%systemroot%\system32\ruxxaggh.ini
%systemroot%\system32\ruxxaggh.ini2
%systemroot%\system32\ssqnhwvm.dll
%systemroot%\system32\ssqnhwvm.dll 
%systemroot%\system32\ssqpjihg.dll
%systemroot%\system32\stjwrmxa.dll
%systemroot%\system32\tmp.reg
%systemroot%\system32\tptpgtgi.dll
%systemroot%\system32\tvrhunjq.dll
%systemroot%\system32\tvrhunjq.dll 
%systemroot%\system32\ucjqyfhk.ini
%systemroot%\system32\ucjqyfhk.ini2
%systemroot%\system32\vxabacdd.ini
%systemroot%\system32\vxabacdd.ini2
%systemroot%\system32\vyxxayxx.ini
%systemroot%\system32\vyxxayxx.ini2
%systemroot%\system32\xiqxhkkj.ini
%systemroot%\system32\xiqxhkkj.ini2
%systemroot%\system32\yjjmlnmp.ini
%systemroot%\system32\yjjmlnmp.ini2

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
NY -> (MS Common Service) MS Common Service [Win32_Own | Auto | Stopped] -> 
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> BM5f7aa416 -> %SystemRoot%\system32\tvrhunjq.dll [Rundll32.exe "C:\WINDOWS\system32\tvrhunjq.dll",s]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {08677173-6747-4DAE-AF40-764A6FF60FF7} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.]
YN -> {2E0B17A0-EE67-497A-9218-8FE180623AA9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value  does not exist or could not be read.]
YY -> {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\plixsamy.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {3ED692F3-9010-48F9-8C39-175E8C08D654} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.]
YY -> {615BA769-D61B-4343-A78F-1DBE49EA3308} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqNHwVm.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {68121C02-BE37-47D9-8CEE-D34BD9E91444} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.]
YN -> {6CBE5A8B-441C-4948-9209-FFA464D19E74} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {928ff386-d9b0-40eb-9aca-4d3dc6277009} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cmavbxhk.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {CCDB4511-36CD-451D-A969-6CBF1111A03D} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.]
YN -> {FA797DC9-AA47-44DF-A5FA-74AABB5D9F13} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{3A56EF1B-B8B8-45f6-9F79-1CC1778B9091} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {BDEE1959-AB6B-4745-A29B-F492861102CC}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\ssqNHwVm -> %SystemRoot%\system32\ssqNHwVm.dll
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\BitTorrent\bittorrent.exe -> F:\Program Files\BitTorrent\bittorrent.exe [F:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AOL 9.0\waol.exe -> C:\Program Files\AOL 9.0\waol.exe [C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\My Documents\Downloads\Applications\utorrent.exe -> F:\My Documents\Downloads\Applications\utorrent.exe [F:\My Documents\Downloads\Applications\utorrent.exe:*:Enabled:µTorrent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe -> C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe [C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Disabled:Nero ProductSetup]
[Files/Folders - Created Within 30 days]
NY -> ablwqyxg.ini -> %SystemRoot%\System32\ablwqyxg.ini
NY -> amklbblo.dll -> %SystemRoot%\System32\amklbblo.dll
NY -> ayomvvnx.exe -> %SystemRoot%\System32\ayomvvnx.exe
NY -> cbXNHXOg.dll.vir -> %SystemRoot%\System32\cbXNHXOg.dll.vir
NY -> chjfvlbt.exe -> %SystemRoot%\System32\chjfvlbt.exe
NY -> cijnxobq.dll -> %SystemRoot%\System32\cijnxobq.dll
NY -> cmavbxhk.dll -> %SystemRoot%\System32\cmavbxhk.dll
NY -> fmoglobb.ini -> %SystemRoot%\System32\fmoglobb.ini
NY -> fpyluyuy.dll -> %SystemRoot%\System32\fpyluyuy.dll
NY -> fsuccbga.exe -> %SystemRoot%\System32\fsuccbga.exe
NY -> gxyqwlba.dll -> %SystemRoot%\System32\gxyqwlba.dll
NY -> mVwHNqss.ini -> %SystemRoot%\System32\mVwHNqss.ini
NY -> mVwHNqss.ini2 -> %SystemRoot%\System32\mVwHNqss.ini2
NY -> plixsamy.dll -> %SystemRoot%\System32\plixsamy.dll
NY -> putumhgq.dll -> %SystemRoot%\System32\putumhgq.dll
NY -> pXFNonmp.ini -> %SystemRoot%\System32\pXFNonmp.ini
NY -> pXFNonmp.ini2 -> %SystemRoot%\System32\pXFNonmp.ini2
NY -> RuxxaGgh.ini -> %SystemRoot%\System32\RuxxaGgh.ini
NY -> RuxxaGgh.ini2 -> %SystemRoot%\System32\RuxxaGgh.ini2
NY -> ssqNHwVm.dll -> %SystemRoot%\System32\ssqNHwVm.dll
NY -> ssqPjihg.dll -> %SystemRoot%\System32\ssqPjihg.dll
NY -> stjwrmxa.dll -> %SystemRoot%\System32\stjwrmxa.dll
NY -> tptpgtgi.dll -> %SystemRoot%\System32\tptpgtgi.dll
NY -> tvrhunjq.dll -> %SystemRoot%\System32\tvrhunjq.dll
NY -> uCJQYFhk.ini -> %SystemRoot%\System32\uCJQYFhk.ini
NY -> uCJQYFhk.ini2 -> %SystemRoot%\System32\uCJQYFhk.ini2
NY -> Vxabacdd.ini -> %SystemRoot%\System32\Vxabacdd.ini
NY -> Vxabacdd.ini2 -> %SystemRoot%\System32\Vxabacdd.ini2
NY -> vyxxayxx.ini -> %SystemRoot%\System32\vyxxayxx.ini
NY -> vyxxayxx.ini2 -> %SystemRoot%\System32\vyxxayxx.ini2
NY -> XIQXHkkj.ini -> %SystemRoot%\System32\XIQXHkkj.ini
NY -> XIQXHkkj.ini2 -> %SystemRoot%\System32\XIQXHkkj.ini2
NY -> yJjmlnmp.ini -> %SystemRoot%\System32\yJjmlnmp.ini
NY -> yJjmlnmp.ini2 -> %SystemRoot%\System32\yJjmlnmp.ini2
NY -> BM5f7aa416.xml -> %SystemRoot%\BM5f7aa416.xml
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ?ystem32 -> %AppData%\ѕystem32
[Files/Folders - Modified Within 30 days]
NY -> ablwqyxg.ini -> %SystemRoot%\System32\ablwqyxg.ini
NY -> amklbblo.dll -> %SystemRoot%\System32\amklbblo.dll
NY -> ayomvvnx.exe -> %SystemRoot%\System32\ayomvvnx.exe
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> cbXNHXOg.dll.vir -> %SystemRoot%\System32\cbXNHXOg.dll.vir
NY -> chjfvlbt.exe -> %SystemRoot%\System32\chjfvlbt.exe
NY -> cijnxobq.dll -> %SystemRoot%\System32\cijnxobq.dll
NY -> cmavbxhk.dll -> %SystemRoot%\System32\cmavbxhk.dll
NY -> fmoglobb.ini -> %SystemRoot%\System32\fmoglobb.ini
NY -> fpyluyuy.dll -> %SystemRoot%\System32\fpyluyuy.dll
NY -> fsuccbga.exe -> %SystemRoot%\System32\fsuccbga.exe
NY -> gxyqwlba.dll -> %SystemRoot%\System32\gxyqwlba.dll
NY -> mVwHNqss.ini -> %SystemRoot%\System32\mVwHNqss.ini
NY -> mVwHNqss.ini2 -> %SystemRoot%\System32\mVwHNqss.ini2
NY -> plixsamy.dll -> %SystemRoot%\System32\plixsamy.dll
NY -> putumhgq.dll -> %SystemRoot%\System32\putumhgq.dll
NY -> pXFNonmp.ini -> %SystemRoot%\System32\pXFNonmp.ini
NY -> pXFNonmp.ini2 -> %SystemRoot%\System32\pXFNonmp.ini2
NY -> RuxxaGgh.ini -> %SystemRoot%\System32\RuxxaGgh.ini
NY -> RuxxaGgh.ini2 -> %SystemRoot%\System32\RuxxaGgh.ini2
NY -> ssqNHwVm.dll -> %SystemRoot%\System32\ssqNHwVm.dll
NY -> ssqPjihg.dll -> %SystemRoot%\System32\ssqPjihg.dll
NY -> stjwrmxa.dll -> %SystemRoot%\System32\stjwrmxa.dll
NY -> tmp.reg -> %SystemRoot%\System32\tmp.reg
NY -> tptpgtgi.dll -> %SystemRoot%\System32\tptpgtgi.dll
NY -> tvrhunjq.dll -> %SystemRoot%\System32\tvrhunjq.dll
NY -> uCJQYFhk.ini -> %SystemRoot%\System32\uCJQYFhk.ini
NY -> uCJQYFhk.ini2 -> %SystemRoot%\System32\uCJQYFhk.ini2
NY -> Vxabacdd.ini -> %SystemRoot%\System32\Vxabacdd.ini
NY -> Vxabacdd.ini2 -> %SystemRoot%\System32\Vxabacdd.ini2
NY -> vyxxayxx.ini -> %SystemRoot%\System32\vyxxayxx.ini
NY -> vyxxayxx.ini2 -> %SystemRoot%\System32\vyxxayxx.ini2
NY -> XIQXHkkj.ini -> %SystemRoot%\System32\XIQXHkkj.ini
NY -> XIQXHkkj.ini2 -> %SystemRoot%\System32\XIQXHkkj.ini2
NY -> yJjmlnmp.ini -> %SystemRoot%\System32\yJjmlnmp.ini
NY -> yJjmlnmp.ini2 -> %SystemRoot%\System32\yJjmlnmp.ini2
NY -> BM5f7aa416.xml -> %SystemRoot%\BM5f7aa416.xml
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 153 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
NY -> ?ystem32 -> %AppData%\ѕystem32
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Just use the default settings.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here by copy/pasting them into the reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in the reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 sheikhs

sheikhs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 16 May 2008 - 12:34 PM

Hi OT,

I have got as far as step two and have seen two error messages which i have attached as jpegs.

I thought it would be a good idea for you to see these before i carried on.

No log was created after the OTScanIt possibly due to the error message.

Attached Files

  • Attached File  OTC.JPG   7.51KB   14 downloads


#6 sheikhs

sheikhs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 16 May 2008 - 12:39 PM

The second Jpeg is here which was actually the first error after step one

Attached Files


Edited by sheikhs, 16 May 2008 - 12:40 PM.


#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:01 AM

Posted 16 May 2008 - 01:05 PM

Hi sheikhs. The message abou the file not being found is fine. It just means that Avenger did its job and removed the file.

The other message I'm not sure about. It usually means that some of the fix did not get copy/pasted correctly and is missing. Just continue with the rest of the steps and we'll see what 's in the log from the new scan.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 sheikhs

sheikhs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 16 May 2008 - 04:08 PM

That's all of the steps completed no. I managed to run the OTScanIT as in step 2 with no errors this time. I hope i have attached all of the text files for you in the right order.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "MS Common Service" deleted successfully.
File "C:\WINDOWS\bm5f7aa416.xml" deleted successfully.
File "C:\WINDOWS\system32\ablwqyxg.ini" deleted successfully.
File "C:\WINDOWS\system32\amklbblo.dll" deleted successfully.
File "C:\WINDOWS\system32\ayomvvnx.exe" deleted successfully.
File "C:\WINDOWS\system32\cbxnhxog.dll.vir" deleted successfully.
File "C:\WINDOWS\system32\chjfvlbt.exe" deleted successfully.
File "C:\WINDOWS\system32\cijnxobq.dll" deleted successfully.
File "C:\WINDOWS\system32\cmavbxhk.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\cmavbxhk.dll" not found!
Deletion of file "C:\WINDOWS\system32\cmavbxhk.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\fmoglobb.ini" deleted successfully.
File "C:\WINDOWS\system32\fpyluyuy.dll" deleted successfully.
File "C:\WINDOWS\system32\fsuccbga.exe" deleted successfully.
File "C:\WINDOWS\system32\gxyqwlba.dll" deleted successfully.
File "C:\WINDOWS\system32\mvwhnqss.ini" deleted successfully.
File "C:\WINDOWS\system32\mvwhnqss.ini2" deleted successfully.
File "C:\WINDOWS\system32\plixsamy.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\plixsamy.dll" not found!
Deletion of file "C:\WINDOWS\system32\plixsamy.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\putumhgq.dll" deleted successfully.
File "C:\WINDOWS\system32\pxfnonmp.ini" deleted successfully.
File "C:\WINDOWS\system32\pxfnonmp.ini2" deleted successfully.
File "C:\WINDOWS\system32\ruxxaggh.ini" deleted successfully.
File "C:\WINDOWS\system32\ruxxaggh.ini2" deleted successfully.
File "C:\WINDOWS\system32\ssqnhwvm.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\ssqnhwvm.dll" not found!
Deletion of file "C:\WINDOWS\system32\ssqnhwvm.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\ssqpjihg.dll" deleted successfully.
File "C:\WINDOWS\system32\stjwrmxa.dll" deleted successfully.
File "C:\WINDOWS\system32\tmp.reg" deleted successfully.
File "C:\WINDOWS\system32\tptpgtgi.dll" deleted successfully.
File "C:\WINDOWS\system32\tvrhunjq.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\tvrhunjq.dll" not found!
Deletion of file "C:\WINDOWS\system32\tvrhunjq.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\ucjqyfhk.ini" deleted successfully.
File "C:\WINDOWS\system32\ucjqyfhk.ini2" deleted successfully.
File "C:\WINDOWS\system32\vxabacdd.ini" deleted successfully.
File "C:\WINDOWS\system32\vxabacdd.ini2" deleted successfully.
File "C:\WINDOWS\system32\vyxxayxx.ini" deleted successfully.
File "C:\WINDOWS\system32\vyxxayxx.ini2" deleted successfully.
File "C:\WINDOWS\system32\xiqxhkkj.ini" deleted successfully.
File "C:\WINDOWS\system32\xiqxhkkj.ini2" deleted successfully.
File "C:\WINDOWS\system32\yjjmlnmp.ini" deleted successfully.
File "C:\WINDOWS\system32\yjjmlnmp.ini2" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

OTScanIt fix log from the moved folder

Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Unable to stop service MS Common Service .
Unable to delete service MS Common Service .
File not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM5f7aa416 not found.
File C:\WINDOWS\system32\tvrhunjq.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08677173-6747-4DAE-AF40-764A6FF60FF7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08677173-6747-4DAE-AF40-764A6FF60FF7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E0B17A0-EE67-497A-9218-8FE180623AA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E0B17A0-EE67-497A-9218-8FE180623AA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}\ not found.
File C:\WINDOWS\system32\plixsamy.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ED692F3-9010-48F9-8C39-175E8C08D654}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ED692F3-9010-48F9-8C39-175E8C08D654}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{615BA769-D61B-4343-A78F-1DBE49EA3308}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{615BA769-D61B-4343-A78F-1DBE49EA3308}\ not found.
File C:\WINDOWS\system32\ssqNHwVm.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68121C02-BE37-47D9-8CEE-D34BD9E91444}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68121C02-BE37-47D9-8CEE-D34BD9E91444}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CBE5A8B-441C-4948-9209-FFA464D19E74}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CBE5A8B-441C-4948-9209-FFA464D19E74}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{928ff386-d9b0-40eb-9aca-4d3dc6277009}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{928ff386-d9b0-40eb-9aca-4d3dc6277009}\ not found.
File C:\WINDOWS\system32\cmavbxhk.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCDB4511-36CD-451D-A969-6CBF1111A03D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCDB4511-36CD-451D-A969-6CBF1111A03D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA797DC9-AA47-44DF-A5FA-74AABB5D9F13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA797DC9-AA47-44DF-A5FA-74AABB5D9F13}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{3A56EF1B-B8B8-45f6-9F79-1CC1778B9091} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A56EF1B-B8B8-45f6-9F79-1CC1778B9091}\ not found.
Starting removal of ActiveX control {BDEE1959-AB6B-4745-A29B-F492861102CC}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BDEE1959-AB6B-4745-A29B-F492861102CC}\Contains\Files\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BDEE1959-AB6B-4745-A29B-F492861102CC}\DownloadInformation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BDEE1959-AB6B-4745-A29B-F492861102CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDEE1959-AB6B-4745-A29B-F492861102CC}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Unable to delete registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\ssqNHwVm .
File C:\WINDOWS\system32\ssqNHwVm.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\BitTorrent\bittorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AOL 9.0\waol.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\My Documents\Downloads\Applications\utorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\ablwqyxg.ini not found!
File C:\WINDOWS\System32\amklbblo.dll not found!
File C:\WINDOWS\System32\ayomvvnx.exe not found!
File C:\WINDOWS\System32\cbXNHXOg.dll.vir not found!
File C:\WINDOWS\System32\chjfvlbt.exe not found!
File C:\WINDOWS\System32\cijnxobq.dll not found!
File C:\WINDOWS\System32\cmavbxhk.dll not found!
File C:\WINDOWS\System32\fmoglobb.ini not found!
File C:\WINDOWS\System32\fpyluyuy.dll not found!
File C:\WINDOWS\System32\fsuccbga.exe not found!
File C:\WINDOWS\System32\gxyqwlba.dll not found!
File C:\WINDOWS\System32\mVwHNqss.ini not found!
File C:\WINDOWS\System32\mVwHNqss.ini2 not found!
File C:\WINDOWS\System32\plixsamy.dll not found!
File C:\WINDOWS\System32\putumhgq.dll not found!
File C:\WINDOWS\System32\pXFNonmp.ini not found!
File C:\WINDOWS\System32\pXFNonmp.ini2 not found!
File C:\WINDOWS\System32\RuxxaGgh.ini not found!
File C:\WINDOWS\System32\RuxxaGgh.ini2 not found!
File C:\WINDOWS\System32\ssqNHwVm.dll not found!
File C:\WINDOWS\System32\ssqPjihg.dll not found!
File C:\WINDOWS\System32\stjwrmxa.dll not found!
File C:\WINDOWS\System32\tptpgtgi.dll not found!
File C:\WINDOWS\System32\tvrhunjq.dll not found!
File C:\WINDOWS\System32\uCJQYFhk.ini not found!
File C:\WINDOWS\System32\uCJQYFhk.ini2 not found!
File C:\WINDOWS\System32\Vxabacdd.ini not found!
File C:\WINDOWS\System32\Vxabacdd.ini2 not found!
File C:\WINDOWS\System32\vyxxayxx.ini not found!
File C:\WINDOWS\System32\vyxxayxx.ini2 not found!
File C:\WINDOWS\System32\XIQXHkkj.ini not found!
File C:\WINDOWS\System32\XIQXHkkj.ini2 not found!
File C:\WINDOWS\System32\yJjmlnmp.ini not found!
File C:\WINDOWS\System32\yJjmlnmp.ini2 not found!
File C:\WINDOWS\BM5f7aa416.xml not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\Sheikh\Application Data\ѕystem32 not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\ablwqyxg.ini not found!
File C:\WINDOWS\System32\amklbblo.dll not found!
File C:\WINDOWS\System32\ayomvvnx.exe not found!
File C:\WINDOWS\System32\cbXNHXOg.dll.vir not found!
File C:\WINDOWS\System32\chjfvlbt.exe not found!
File C:\WINDOWS\System32\cijnxobq.dll not found!
File C:\WINDOWS\System32\cmavbxhk.dll not found!
File C:\WINDOWS\System32\fmoglobb.ini not found!
File C:\WINDOWS\System32\fpyluyuy.dll not found!
File C:\WINDOWS\System32\fsuccbga.exe not found!
File C:\WINDOWS\System32\gxyqwlba.dll not found!
File C:\WINDOWS\System32\mVwHNqss.ini not found!
File C:\WINDOWS\System32\mVwHNqss.ini2 not found!
File C:\WINDOWS\System32\plixsamy.dll not found!
File C:\WINDOWS\System32\putumhgq.dll not found!
File C:\WINDOWS\System32\pXFNonmp.ini not found!
File C:\WINDOWS\System32\pXFNonmp.ini2 not found!
File C:\WINDOWS\System32\RuxxaGgh.ini not found!
File C:\WINDOWS\System32\RuxxaGgh.ini2 not found!
File C:\WINDOWS\System32\ssqNHwVm.dll not found!
File C:\WINDOWS\System32\ssqPjihg.dll not found!
File C:\WINDOWS\System32\stjwrmxa.dll not found!
File C:\WINDOWS\System32\tmp.reg not found!
File C:\WINDOWS\System32\tptpgtgi.dll not found!
File C:\WINDOWS\System32\tvrhunjq.dll not found!
File C:\WINDOWS\System32\uCJQYFhk.ini not found!
File C:\WINDOWS\System32\uCJQYFhk.ini2 not found!
File C:\WINDOWS\System32\Vxabacdd.ini not found!
File C:\WINDOWS\System32\Vxabacdd.ini2 not found!
File C:\WINDOWS\System32\vyxxayxx.ini not found!
File C:\WINDOWS\System32\vyxxayxx.ini2 not found!
File C:\WINDOWS\System32\XIQXHkkj.ini not found!
File C:\WINDOWS\System32\XIQXHkkj.ini2 not found!
File C:\WINDOWS\System32\yJjmlnmp.ini not found!
File C:\WINDOWS\System32\yJjmlnmp.ini2 not found!
File C:\WINDOWS\BM5f7aa416.xml not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
File C:\Documents and Settings\Sheikh\Application Data\ѕystem32 not found!
[Extra Files]
< Purity >
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.14.0 fix logfile created on 05162008_192612


F-Secure - I was absolutely amazed that 72 viruses were found as i regularly Run Norton Antivirus and keep it up to date.

Scanning Report
Friday, May 16, 2008 19:31:35 - 21:52:04
Computer name: DELL
Scanning type: Scan system for malware, rootkits
Target: C:\ F:\


--------------------------------------------------------------------------------

Result: 72 malware found
RiskTool.Win32.Reboot (spyware)
System
Suspicious_F.gen (virus)
F:\PROGRAM FILES\ERRORKILLER\KEYGEN.EXE (Submitted)
F:\MY DOCUMENTS\MY PROGRAMS\SPYWARE\ERROR.KILLER.V2.6.WINALL.KEYGEN.ONLY-BRD\KEYGEN.EXE (Submitted)
Trojan-Downloader.Win32.Agent (virus)
System
Trojan.Win32.KillAV.rf (virus)
C:\DOCUMENTS AND SETTINGS\SHEIKH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\UG1SDMS7\MOORATE[1] (Renamed)
Vundo.gen175 (virus)
C:\WINDOWS\SYSTEM32\SBSIJMBF.DLL (Submitted)
Vundo.gen177 (virus)
C:\WINDOWS\SYSTEM32\FCVGMMVV.DLL (Submitted)
W32/Suspicious_U.gen (virus)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\CAREYSNAKE.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\CUBEDELIC.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\EVILCUBE.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\GRIDLOCK.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\HEXXAGON.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\LIGHTSOUT.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\LYCKYBALL.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\MAHJONGG.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\MAZE.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\NBLOX.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\PEARL.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\PEARL2.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\PEARL3.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\PLUMBER.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\PLUMBER2.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\QUICKBRICK.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\RUSHHOURROADRAGE.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SECURITY.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SHOCOBAN.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SIMON.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SLOYD.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SOLITAIR.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SUDOKU.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\TETRIS.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\TICTACTOE.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\UNFOLDING.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\WACKYWORDSEARCH.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\SKILL\GYROBALL.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\SKILL\MAGNETISM.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\SKILL\PIXELFIELD.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\SKILL\STRINGAVOIDER.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\GOLF\GOLFMASTER.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\GOLF\MINIGOLF.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\GOLF\MINIGOLF2.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\GOLF\MINIGOLF3.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\CLASSICS\ASTEROIDS.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\CLASSICS\FROGGER.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\CLASSICS\PACMAN.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\CLASSICS\SNAKE.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\CLASSICS\SPACEINVADERS.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\3DTUNNEL.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\ALPHAFORCE.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BATTLEPONG.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BLOBLANDER.EXE
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BOUBLETROUBLE.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BOWMAN.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BREAKIT.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BULLETTIMEFIGHT.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\CHOPER.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\CIRCLEBREAKER.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\CURVEBALL.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\FIREBALLS.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\FISHY.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\MOONLANDER.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\PACXON.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\PARACHUTERETRO.EXE
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\QBEART.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\RAIDENX.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\RONG.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\SONIC.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\STARBALL.EXE (Submitted)
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\TANKS.EXE
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\TANKWARS.EXE (Submitted)
F:\MY DOCUMENTS\MY PROGRAMS\UTILITIES\XILISOFT DVD RIPPER PLATINUM 4.0.62.12 + KEY GEN\XILISOFT DVD RIPPER PLATINUM 4.0.62.12 + KEY GEN\KEY GEN CHOOSE & ANYNAME\KEYGEN.EXE (Submitted)
F:\MY DOCUMENTS\MY PROGRAMS\UTILITIES\KEY GEN CHOOSE & ANYNAME\KEYGEN.EXE

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 81554
System: 4721
Not scanned: 7
Actions:
Disinfected: 0
Renamed: 1
Deleted: 0
None: 71
Submitted: 65
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-05-16
F-Secure AVP: 7.0.171, 2008-05-16
F-Secure Pegasus: 1.20.0, 2008-04-15
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


OTScanIt log file after F-secure was run.


OTScanIt logfile created on: 16 May 2008 21:58:36
OTScanIt by OldTimer - Version 1.0.14.0	 Folder = C:\Documents and Settings\Sheikh\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd MMM yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 4000;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 56.64 Gb Free Space | 50.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 279.47 Gb Total Space | 40.98 Gb Free Space | 14.66% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Sheikh
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user

[Processes - Non-Microsoft Only]
vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 30 Jul 2002 12:35:04 | Attr =	]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 11 Jan 2008 20:54:31 | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 09 May 2008 21:51:12 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 15 Jan 2008 03:40:04 | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24 Jul 2007 16:17:08 | Attr =	]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13 Dec 1999 02:01:00 | Attr =	]
(DefWatch) DefWatch [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 30 Jul 2002 12:36:00 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04 Aug 2004 00:56:50 | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 19 Mar 2008 22:11:12 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04 Apr 2005 01:41:10 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 30 Mar 2008 10:36:30 | Attr =	]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.0.1084 | Size = 187168 bytes | Modified Date = 11 May 2007 17:28:56 | Attr =	]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.0.0.1217 | Size = 133920 bytes | Modified Date = 11 May 2007 17:30:50 | Attr =	]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.0.0.1217 | Size = 142112 bytes | Modified Date = 11 May 2007 17:32:22 | Attr =	]
(Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 573440 bytes | Modified Date = 30 Jul 2002 12:40:44 | Attr =	]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 77824 bytes | Modified Date = 28 Jul 2003 15:19:00 | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29 Sep 2004 12:14:36 | Attr =	]
(spkrmon) spkrmon [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Analog Devices\SoundMAX\spkrmon.exe ->  [Ver = 1, 0, 0, 4 | Size = 61440 bytes | Modified Date = 16 Jun 2003 18:02:24 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
5c49978a -> %SystemRoot%\system32\fcvgmmvv.dll [rundll32.exe "C:\WINDOWS\system32\fcvgmmvv.dll",b] ->  [Ver =  | Size = 90688 bytes | Modified Date = 16 May 2008 17:43:57 | Attr =	]
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 11 Jan 2008 20:54:31 | Attr =	]
vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 30 Jul 2002 12:35:04 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Magentic -> %ProgramFiles%\Magentic\bin\Magentic.exe [C:\PROGRA~1\Magentic\bin\Magentic.exe /c] ->  [Ver = 1, 3, 1, 0595 | Size = 475180 bytes | Modified Date = 17 Jan 2008 11:46:12 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23 Sep 2005 23:05:26 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\SnagIt 8.lnk -> %ProgramFiles%\TechSmith\SnagIt 8\SnagIt32.exe -> TechSmith Corporation [Ver = 8.2.3.14 | Size = 6395464 bytes | Modified Date = 01 May 2007 11:11:48 | Attr =	]
< Sheikh Startup Folder > -> C:\Documents and Settings\Sheikh\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{93994DE8-8239-4655-B1D1-5F4E91300429} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\DVD Region-Free\DVDShell.dll [] -> Fengtao Software [Ver = 3, 2, 0, 8 | Size = 49152 bytes | Modified Date = 29 Oct 2003 17:18:02 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
NavLogon -> %SystemRoot%\system32\NavLogon.dll ->  [Ver =  | Size = 45056 bytes | Modified Date = 30 Jul 2002 12:33:00 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{450D8FBA-AD25-11D0-98A8-0800361B1103} -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetHood -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoManageMyComputerVerb -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuPinnedList -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartmenuLogoff -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuSubFolders -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCommonGroups -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPrinterTabs -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDeletePrinter -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAddPrinter -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPrinters -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetworkConnections -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetFolders -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeStartMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoShellSearchButton -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeAnimation -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeKeyboardNavigationIndicators -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03 Aug 2004 22:59:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\SOFTWARE\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\SOFTWARE\Classes\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\SOFTWARE\Classes\AudioCD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\SOFTWARE\Classes\AudioCD\Shell\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRom_NEC_DVD+RW_ND-2100AD___________________103D____\5&3a22a7d4&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomLITE-ON_DVDRW_SOHW-1613S________________AS04____\5&3a22a7d4&0&0.1.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> SCSI\CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0\2&12b1de20&0&000 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 12 Sep 2005 10:37:05 | Attr =	]
< HOSTS File > (239846 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
*.windowsupdate_microsoft.com [http] -> Trusted sites -> 
windowsupdate.com .[http] -> Trusted sites -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{00C6482D-C502-44C8-8409-FCE54AD9C208} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItBHO.dll [SnagIt Toolbar Loader] -> TechSmith Corporation [Ver = 8.2.3.14 | Size = 63048 bytes | Modified Date = 01 May 2007 11:11:48 | Attr =	]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 09 Aug 2006 16:54:14 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10 Nov 2005 13:22:12 | Attr =	]
{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TweakMASTER\TweakBHO.dll [TweakMASTER PRO Component] -> Hagel Technologies Ltd [Ver = 2.50 Build R2822 | Size = 133672 bytes | Modified Date = 27 Nov 2006 16:26:30 | Attr =	]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 09 Aug 2006 16:54:07 | Attr =	]
{ba8667c9-4899-445a-b5d6-f584d9dfba1b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\sbsijmbf.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 102464 bytes | Modified Date = 16 May 2008 17:43:58 | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItIEAddin.dll [SnagIt] -> TechSmith Corporation [Ver = 8.2.3.14 | Size = 161352 bytes | Modified Date = 01 May 2007 11:12:00 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10 Nov 2005 13:22:12 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10 Nov 2005 13:22:12 | Attr =	]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}:{A1EDC4A1-940F-48E0-8DFD-E38F1D501021} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 09 Aug 2006 16:54:07 | Attr =	]
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Phone\IEPlugin\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 75 | Size = 751144 bytes | Modified Date = 16 Mar 2007 19:22:12 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 09 Aug 2006 16:54:07 | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Windows Live Search -> Reg Error: Value  does not exist or could not be read. -> File not found
Add to &LinkFox -> Reg Error: Value  does not exist or could not be read. -> File not found
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
E&xport to Microsoft Excel -> Reg Error: Value  does not exist or could not be read. -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0232F7F5-1196-470C-A3FD-09F698DF144F} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 
{35EF8569-41BF-450A-9270-DAF712EDA637} ->	(Intel(R) PRO/100 VE Network Connection) -> 
{656510FA-138D-46FB-805A-92F149141047} ->	(1394 Net Adapter) -> 
{65CDDA72-5B08-4D0F-B658-DE2EA74F38C6} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 
{6A22D8A5-5ECF-4FCE-B49A-DFFD6FFDD042} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 
{8039DDF8-EC44-4580-BDFD-0986104FD386} ->	(Belkin Wireless 54Mbps Desktop Adapter) -> 
{B25BC961-4F32-4F00-9CA2-21B353E70648} ->	() -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24 Jul 2007 16:17:08 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 12 Jan 2007 12:50:48 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15026/CTSUEng.cab[Reg Error: Key does not exist or could not be opened.] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> 
{4E62C4DE-627D-4604-B157-4B7D6B09F02E}[HKEY_LOCAL_MACHINE] -> https://moneymanager.egg.com/Pinsafe/accounttracking.cab[AccountTracking Profile Manager Class] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126606003911[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143624147109[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38805.0795023148[Reg Error: Key does not exist or could not be opened.] -> 
{A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://www.crucial.com/controls/cpcScanner.cab[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}[HKEY_LOCAL_MACHINE] -> http://game06.zylom.com/activex/zylomgamesplayer.cab[Zylom Games Player] -> 
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{D821DC4A-0814-435E-9820-661C543A4679}[HKEY_LOCAL_MACHINE] -> http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx[CRLDownloadWrapper Class] -> 
{EB387D2F-E27B-4D36-979E-847D1036C65D}[HKEY_LOCAL_MACHINE] -> http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326[QDiagHUpdateObj Class] -> 
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15028/CTPID.cab[Creative Software AutoUpdate Support Package] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\\.Owner -> {4E62C4DE-627D-4604-B157-4B7D6B09F02E} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\\{4E62C4DE-627D-4604-B157-4B7D6B09F02E} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\\.Owner -> {A90A5822-F108-45AD-8482-9BC8B12DD539} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\\{A90A5822-F108-45AD-8482-9BC8B12DD539} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\\.Owner -> {D821DC4A-0814-435E-9820-661C543A4679} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\\{D821DC4A-0814-435E-9820-661C543A4679} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\.Owner -> {F6ACF75C-C32C-447B-9BEF-46B766368D29} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\.Owner -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\\.Owner -> {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\\{EB387D2F-E27B-4D36-979E-847D1036C65D} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\\{EB387D2F-E27B-4D36-979E-847D1036C65D} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.sys\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.sys\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.sys\\{EB387D2F-E27B-4D36-979E-847D1036C65D} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.VXD\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.VXD\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.VXD\\{EB387D2F-E27B-4D36-979E-847D1036C65D} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\\.Owner -> {9F1C11AA-197B-4942-BA54-47A8489BB47F} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagh.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagh.ocx\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagh.ocx\\{EB387D2F-E27B-4D36-979E-847D1036C65D} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 16 May 2008 18:22:18 | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 16 May 2008 10:57:59 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 16 May 2008 19:28:51 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 3891335168 bytes | Created Date = 16 May 2008 10:06:31 | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 15 May 2008 15:25:14 | Attr =	]
fcvgmmvv.dll -> %SystemRoot%\System32\fcvgmmvv.dll ->  [Ver =  | Size = 90688 bytes | Created Date = 16 May 2008 17:43:56 | Attr =	]
gtraxbkr.exe -> %SystemRoot%\System32\gtraxbkr.exe ->  [Ver =  | Size = 2112 bytes | Created Date = 16 May 2008 17:46:56 | Attr =	]
sbsijmbf.dll -> %SystemRoot%\System32\sbsijmbf.dll ->  [Ver =  | Size = 102464 bytes | Created Date = 16 May 2008 17:43:58 | Attr =	]
vvmmgvcf.ini -> %SystemRoot%\System32\vvmmgvcf.ini ->  [Ver =  | Size = 1466888 bytes | Created Date = 16 May 2008 17:44:07 | Attr =  HS]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 15 May 2008 15:47:34 | Attr =  H ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 16 May 2008 10:58:15 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 15 May 2008 20:55:38 | Attr =	]
pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Created Date = 08 May 2008 10:31:43 | Attr =	]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 15 May 2008 20:57:32 | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 16 May 2008 18:23:27 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 15 May 2008 21:00:17 | Attr =  H ]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 16 May 2008 10:57:59 | Attr =	]
DELL -> %SystemDrive%\DELL ->  [Folder | Modified Date = 08 May 2008 22:27:52 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 16 May 2008 19:28:51 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 3891335168 bytes | Modified Date = 16 May 2008 18:22:32 | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 16 May 2008 11:08:16 | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 08 May 2008 20:57:59 | Attr =  HS]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:45:47 | Attr =  H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:46:32 | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:54:09 | Attr =  H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:34:51 | Attr =  H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:38:12 | Attr =  H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:39:44 | Attr =  H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:40:49 | Attr =  H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:44:53 | Attr =  H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:45:06 | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:45:47 | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:46:32 | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:54:09 | Attr =  H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:34:50 | Attr =  H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:38:12 | Attr =  H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:39:44 | Attr =  H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:40:49 | Attr =  H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:44:53 | Attr =  H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:45:06 | Attr =  H ]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 09 May 2008 10:14:11 | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 15 May 2008 15:49:05 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 16 May 2008 19:28:31 | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 15 May 2008 20:50:47 | Attr =	]
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS ->  [Ver =  | Size = 239846 bytes | Modified Date = 15 May 2008 14:36:11 | Attr =	]
hosts.20080509-095737.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080509-095737.backup ->  [Ver =  | Size = 239846 bytes | Modified Date = 09 May 2008 09:52:23 | Attr =	]
lvuvc.hs -> %SystemRoot%\System32\drivers\lvuvc.hs ->  [Ver =  | Size = 0 bytes | Modified Date = 16 May 2008 18:22:29 | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 16 May 2008 19:28:31 | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 15 May 2008 21:43:40 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 16 May 2008 18:22:18 | Attr =	]
fcvgmmvv.dll -> %SystemRoot%\System32\fcvgmmvv.dll ->  [Ver =  | Size = 90688 bytes | Modified Date = 16 May 2008 17:43:57 | Attr =	]
gtraxbkr.exe -> %SystemRoot%\System32\gtraxbkr.exe ->  [Ver =  | Size = 2112 bytes | Modified Date = 16 May 2008 17:46:56 | Attr =	]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 15 May 2008 20:50:45 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 72152 bytes | Modified Date = 15 May 2008 20:08:01 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 444528 bytes | Modified Date = 15 May 2008 20:08:01 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 525676 bytes | Modified Date = 15 May 2008 20:08:01 | Attr =	]
sbsijmbf.dll -> %SystemRoot%\System32\sbsijmbf.dll ->  [Ver =  | Size = 102464 bytes | Modified Date = 16 May 2008 17:43:58 | Attr =	]
vvmmgvcf.ini -> %SystemRoot%\System32\vvmmgvcf.ini ->  [Ver =  | Size = 1466888 bytes | Modified Date = 16 May 2008 19:26:24 | Attr =  HS]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 16 May 2008 18:23:16 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 15 May 2008 15:47:34 | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 16 May 2008 18:22:38 | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 16 May 2008 19:31:33 | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 16 May 2008 10:58:15 | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 15 May 2008 20:50:43 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 15 May 2008 20:50:44 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 15 May 2008 21:01:07 | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 16 May 2008 17:38:31 | Attr =	]
pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Modified Date = 16 May 2008 17:41:05 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 15 May 2008 20:12:21 | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 15 May 2008 20:08:31 | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 16 May 2008 21:20:28 | Attr =	]
@Alternate Data Stream - 14049 bytes -> %SystemRoot%\system32:svchost
@Alternate Data Stream - 20480 bytes -> %SystemRoot%\system32:svchost.exe
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 15 May 2008 15:02:29 | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 16 May 2008 19:34:05 | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 08 May 2008 22:27:52 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 711 bytes | Modified Date = 15 May 2008 20:19:38 | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 1772 bytes | Modified Date = 13 May 2008 20:54:33 | Attr =	]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job ->  [Ver =  | Size = 256 bytes | Modified Date = 15 May 2008 21:33:01 | Attr =	]
HPpromotions journeysoftware.job -> %SystemRoot%\tasks\HPpromotions journeysoftware.job ->  [Ver =  | Size = 368 bytes | Modified Date = 15 May 2008 20:00:00 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 16 May 2008 09:23:05 | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 13 Sep 2005 11:09:25 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 8026 bytes | Modified Date = 16 May 2008 08:59:40 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 8026 bytes | Modified Date = 16 May 2008 08:59:41 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 20 Sep 2005 09:24:29 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 20 Sep 2005 09:24:29 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 16 May 2008 19:47:54 | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
fssm32.exe -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 16 May 2008 19:31:25 | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
fssm32.exe -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 16 May 2008 19:47:54 | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
daas_s.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 27 Feb 2008 15:59:28 | Attr =	]
fm4av.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
fpinor.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
fsbl.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
fsbld.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 16 May 2008 19:31:06 | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
fsmart.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 16 May 2008 19:31:19 | Attr =	]
fspe32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 16 May 2008 19:31:08 | Attr =	]
fsup32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll ->  [Ver =  | Size = 126976 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14193 | Size = 884736 bytes | Modified Date = 16 May 2008 19:31:19 | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 16 May 2008 19:31:05 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 16 May 2008 19:31:25 | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
fm4av.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
fpinor.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
fsbl.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fspe32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsup32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll ->  [Ver =  | Size = 126976 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 16 May 2008 19:31:20 | Attr =	]
fsmart.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 16 May 2008 19:31:19 | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14193 | Size = 884736 bytes | Modified Date = 16 May 2008 19:31:19 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 16 May 2008 19:31:05 | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 16 May 2008 19:31:05 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 16 May 2008 19:31:08 | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 16 May 2008 19:31:08 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 16 May 2008 19:31:06 | Attr =	]
fsblu.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 16 May 2008 19:31:06 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 16 May 2008 19:47:54 | Attr =	]
ext.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 16 May 2008 19:30:56 | Attr =	]
fsedb.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 821114 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
perf.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 16 May 2008 21:57:37 | Attr =	]
sae.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 16 May 2008 19:30:56 | Attr =	]
sai.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 16 May 2008 19:30:56 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 16 May 2008 19:30:56 | Attr =	]
ext.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 16 May 2008 19:30:56 | Attr =	]
sae.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 16 May 2008 19:30:56 | Attr =	]
sai.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 16 May 2008 19:30:56 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsedb.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 821114 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 16 May 2008 19:47:54 | Attr =	]
FS@av.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 16 May 2008 19:30:56 | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 16 May 2008 19:30:49 | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 16 May 2008 19:31:06 | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 16 May 2008 19:31:19 | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 16 May 2008 19:31:08 | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 16 May 2008 19:31:05 | Attr =	]
verdicts.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 16 May 2008 19:30:50 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 16 May 2008 19:30:56 | Attr =	]
FS@av.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 16 May 2008 19:30:56 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avpe\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 16 May 2008 19:30:56 | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 16 May 2008 19:30:49 | Attr =	]
verdicts.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 16 May 2008 19:30:50 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 16 May 2008 19:31:25 | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 16 May 2008 19:31:24 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 16 May 2008 19:31:17 | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 16 May 2008 19:31:17 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 16 May 2008 19:31:20 | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 16 May 2008 19:31:19 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 16 May 2008 19:31:05 | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 16 May 2008 19:31:05 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 16 May 2008 19:31:08 | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 16 May 2008 19:31:08 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 16 May 2008 19:31:06 | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 16 May 2008 19:31:06 | Attr =	]

< End of report >


#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:01 AM

Posted 16 May 2008 - 06:08 PM

Hi sheikhs. It's not really surprising all of the files that were found. They come from downloading cracked software from file-sharing programs. I would highly recommend that that activity stops and any software ovtained be removed or keep the link to a malware removal forum handy.

Now let's go through it again. Follow the steps below in order:

Step #1

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%systemroot%\system32\drivers\lvuvc.hs
%systemroot%\system32\fcvgmmvv.dll
%systemroot%\system32\fcvgmmvv.dll 
%systemroot%\system32\gtraxbkr.exe
%systemroot%\system32\sbsijmbf.dll
%systemroot%\system32\sbsijmbf.dll 
%systemroot%\system32\vvmmgvcf.ini

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> 5c49978a -> %SystemRoot%\system32\fcvgmmvv.dll [rundll32.exe "C:\WINDOWS\system32\fcvgmmvv.dll",b]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {ba8667c9-4899-445a-b5d6-f584d9dfba1b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\sbsijmbf.dll [Reg Error: Value  does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
NY -> fcvgmmvv.dll -> %SystemRoot%\System32\fcvgmmvv.dll
NY -> gtraxbkr.exe -> %SystemRoot%\System32\gtraxbkr.exe
NY -> sbsijmbf.dll -> %SystemRoot%\System32\sbsijmbf.dll
NY -> vvmmgvcf.ini -> %SystemRoot%\System32\vvmmgvcf.ini
[Files/Folders - Modified Within 30 days]
NY -> lvuvc.hs -> %SystemRoot%\System32\drivers\lvuvc.hs
NY -> fcvgmmvv.dll -> %SystemRoot%\System32\fcvgmmvv.dll
NY -> gtraxbkr.exe -> %SystemRoot%\System32\gtraxbkr.exe
NY -> sbsijmbf.dll -> %SystemRoot%\System32\sbsijmbf.dll
NY -> vvmmgvcf.ini -> %SystemRoot%\System32\vvmmgvcf.ini
NY -> @Alternate Data Stream - 14049 bytes -> %SystemRoot%\system32:svchost
NY -> @Alternate Data Stream - 20480 bytes -> %SystemRoot%\system32:svchost.exe
[Extra Files]
F:\PROGRAM FILES\ERRORKILLER\
F:\MY DOCUMENTS\MY PROGRAMS\SPYWARE\ERROR.KILLER.V2.6.WINALL.KEYGEN.ONLY-BRD\
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\
F:\MY DOCUMENTS\MY PROGRAMS\UTILITIES\XILISOFT DVD RIPPER PLATINUM 4.0.62.12 + KEY GEN\
F:\MY DOCUMENTS\MY PROGRAMS\UTILITIES\KEY GEN CHOOSE & ANYNAME\
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Step #5

Post the following back here by copy/pasting them into the reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in the reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 sheikhs

sheikhs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 17 May 2008 - 08:08 AM

Hi OT. You are very right. Once we have managed to get my computer back to normal i am going to save all of my music, pictures and documents and then format the F:drive.


Attached are the text files that you have requested.

Avenger Log


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\drivers\lvuvc.hs" deleted successfully.
File "C:\WINDOWS\system32\fcvgmmvv.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\fcvgmmvv.dll" not found!
Deletion of file "C:\WINDOWS\system32\fcvgmmvv.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\gtraxbkr.exe" deleted successfully.
File "C:\WINDOWS\system32\sbsijmbf.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\sbsijmbf.dll" not found!
Deletion of file "C:\WINDOWS\system32\sbsijmbf.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\vvmmgvcf.ini" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


OTScanIt (moved)

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\5c49978a deleted successfully.
File C:\WINDOWS\system32\fcvgmmvv.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba8667c9-4899-445a-b5d6-f584d9dfba1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba8667c9-4899-445a-b5d6-f584d9dfba1b}\ deleted successfully.
File C:\WINDOWS\system32\sbsijmbf.dll not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\fcvgmmvv.dll not found!
File C:\WINDOWS\System32\gtraxbkr.exe not found!
File C:\WINDOWS\System32\sbsijmbf.dll not found!
File C:\WINDOWS\System32\vvmmgvcf.ini not found!
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\System32\drivers\lvuvc.hs moved successfully.
File C:\WINDOWS\System32\fcvgmmvv.dll not found!
File C:\WINDOWS\System32\gtraxbkr.exe not found!
File C:\WINDOWS\System32\sbsijmbf.dll not found!
File C:\WINDOWS\System32\vvmmgvcf.ini not found!
ADS C:\WINDOWS\system32:svchost deleted successfully.
Unable to delete ADS C:\WINDOWS\system32:svchost.exe .
[Extra Files]
< F:\PROGRAM FILES\ERRORKILLER\ >
F:\PROGRAM FILES\ErrorKiller\Registry Backups folder moved successfully.
F:\PROGRAM FILES\ErrorKiller\Log folder moved successfully.
F:\PROGRAM FILES\ErrorKiller\Full Backups\FULL 2007-01-03_14-39-00.reg folder moved successfully.
F:\PROGRAM FILES\ErrorKiller\Full Backups\FULL 2006-08-05_11-36-50.reg folder moved successfully.
F:\PROGRAM FILES\ErrorKiller\Full Backups\FULL 2006-05-17_09-54-24.reg folder moved successfully.
F:\PROGRAM FILES\ErrorKiller\Full Backups\FULL 2006-05-17_09-54-08.reg folder moved successfully.
F:\PROGRAM FILES\ErrorKiller\Full Backups\FULL 2006-03-28_20-09-34.reg folder moved successfully.
F:\PROGRAM FILES\ErrorKiller\Full Backups\FULL 2006-03-28_20-03-55.reg folder moved successfully.
F:\PROGRAM FILES\ErrorKiller\Full Backups\FULL 2006-03-28_19-57-42.reg folder moved successfully.
F:\PROGRAM FILES\ErrorKiller\Full Backups folder moved successfully.
F:\PROGRAM FILES\ErrorKiller folder moved successfully.
< F:\MY DOCUMENTS\MY PROGRAMS\SPYWARE\ERROR.KILLER.V2.6.WINALL.KEYGEN.ONLY-BRD\ >
F:\MY DOCUMENTS\MY PROGRAMS\SPYWARE\Error.Killer.v2.6.WinALL.Keygen.Only-BRD folder moved successfully.
< F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ >
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\Flash Games\Thinking Games folder moved successfully.
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\Flash Games\Skill folder moved successfully.
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\Flash Games\Golf folder moved successfully.
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\Flash Games\Classics folder moved successfully.
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\Flash Games\Arcade folder moved successfully.
F:\MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\Flash Games folder moved successfully.
< F:\MY DOCUMENTS\MY PROGRAMS\UTILITIES\XILISOFT DVD RIPPER PLATINUM 4.0.62.12 + KEY GEN\ >
F:\MY DOCUMENTS\MY PROGRAMS\UTILITIES\Xilisoft DVD Ripper Platinum 4.0.62.12 + key gen\Xilisoft DVD Ripper Platinum 4.0.62.12 + key gen\key gen choose & anyname folder moved successfully.
F:\MY DOCUMENTS\MY PROGRAMS\UTILITIES\Xilisoft DVD Ripper Platinum 4.0.62.12 + key gen\Xilisoft DVD Ripper Platinum 4.0.62.12 + key gen folder moved successfully.
F:\MY DOCUMENTS\MY PROGRAMS\UTILITIES\Xilisoft DVD Ripper Platinum 4.0.62.12 + key gen folder moved successfully.
< F:\MY DOCUMENTS\MY PROGRAMS\UTILITIES\KEY GEN CHOOSE & ANYNAME\ >
F:\MY DOCUMENTS\MY PROGRAMS\UTILITIES\key gen choose & anyname folder moved successfully.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.14.0 fix logfile created on 05172008_095125


F-secure

Scanning Report
Saturday, May 17, 2008 09:57:16 - 12:39:10
Computer name: DELL
Scanning type: Scan system for malware, rootkits
Target: C:\ F:\


--------------------------------------------------------------------------------

Result: 67 malware found
Suspicious_F.gen (virus)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_PROGRAM FILES\ERRORKILLER\KEYGEN.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\MY PROGRAMS\SPYWARE\ERROR.KILLER.V2.6.WINALL.KEYGEN.ONLY-BRD\KEYGEN.EXE (Submitted)
W32/Suspicious_U.gen (virus)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\CAREYSNAKE.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\CUBEDELIC.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\EVILCUBE.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\GRIDLOCK.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\HEXXAGON.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\LIGHTSOUT.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\LYCKYBALL.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\MAHJONGG.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\MAZE.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\NBLOX.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\PEARL.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\PEARL2.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\PEARL3.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\PLUMBER.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\PLUMBER2.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\QUICKBRICK.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\RUSHHOURROADRAGE.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SECURITY.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SHOCOBAN.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SIMON.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SLOYD.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SOLITAIR.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\SUDOKU.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\TETRIS.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\TICTACTOE.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\UNFOLDING.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\THINKING GAMES\WACKYWORDSEARCH.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\SKILL\GYROBALL.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\SKILL\MAGNETISM.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\SKILL\PIXELFIELD.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\SKILL\STRINGAVOIDER.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\GOLF\GOLFMASTER.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\GOLF\MINIGOLF.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\GOLF\MINIGOLF2.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\GOLF\MINIGOLF3.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\CLASSICS\ASTEROIDS.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\CLASSICS\FROGGER.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\CLASSICS\PACMAN.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\CLASSICS\SNAKE.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\CLASSICS\SPACEINVADERS.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\3DTUNNEL.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\ALPHAFORCE.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BATTLEPONG.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BLOBLANDER.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BOUBLETROUBLE.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BOWMAN.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BREAKIT.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\BULLETTIMEFIGHT.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\CHOPER.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\CIRCLEBREAKER.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\CURVEBALL.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\FIREBALLS.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\FISHY.EXE
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\MOONLANDER.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\PACXON.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\PARACHUTERETRO.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\QBEART.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\RAIDENX.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\RONG.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\SONIC.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\STARBALL.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\TANKS.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\USB TEMP\ZEN JAN 07\PROGS\FLASH GAMES\FLASH GAMES\ARCADE\TANKWARS.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\MY PROGRAMS\UTILITIES\XILISOFT DVD RIPPER PLATINUM 4.0.62.12 + KEY GEN\XILISOFT DVD RIPPER PLATINUM 4.0.62.12 + KEY GEN\KEY GEN CHOOSE & ANYNAME\KEYGEN.EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\SHEIKH\DESKTOP\OTSCANIT\MOVEDFILES\05172008_095125\F_MY DOCUMENTS\MY PROGRAMS\UTILITIES\KEY GEN CHOOSE & ANYNAME\KEYGEN.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 81463
System: 4717
Not scanned: 7
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 67
Submitted: 66
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-05-16
F-Secure AVP: 7.0.171, 2008-05-16
F-Secure Pegasus: 1.20.0, 2008-04-15
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


OTScanIt after F-secure had done it's business


OTScanIt logfile created on: 17 May 2008 14:00:21
OTScanIt by OldTimer - Version 1.0.14.0	 Folder = C:\Documents and Settings\Sheikh\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd MMM yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 4000;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 56.46 Gb Free Space | 50.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 279.47 Gb Total Space | 41.15 Gb Free Space | 14.73% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Sheikh
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user

[Processes - Non-Microsoft Only]
vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 30 Jul 2002 12:35:04 | Attr =	]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 11 Jan 2008 20:54:31 | Attr =	]
snagit32.exe -> %ProgramFiles%\TechSmith\SnagIt 8\SnagIt32.exe -> TechSmith Corporation [Ver = 8.2.3.14 | Size = 6395464 bytes | Modified Date = 01 May 2007 11:11:48 | Attr =	]
mgapp.exe -> %ProgramFiles%\Magentic\bin\MgApp.exe ->  [Ver = 1, 3, 1, 0595 | Size = 106537 bytes | Modified Date = 17 Jan 2008 11:45:32 | Attr =	]
tschelp.exe -> %ProgramFiles%\TechSmith\SnagIt 8\TscHelp.exe -> TechSmith Corporation [Ver = 8.2.3.14 | Size = 58952 bytes | Modified Date = 01 May 2007 11:12:10 | Attr =	]
snagpriv.exe -> %ProgramFiles%\TechSmith\SnagIt 8\SnagPriv.exe -> TechSmith Corporation [Ver = 8.2.3.14 | Size = 75336 bytes | Modified Date = 01 May 2007 11:12:10 | Attr =	]
safari.exe -> %ProgramFiles%\Safari\Safari.exe -> Apple Inc. [Ver = 3.1 (525.13) | Size = 3447080 bytes | Modified Date = 14 Mar 2008 16:05:24 | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 09 May 2008 21:51:12 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 15 Jan 2008 03:40:04 | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24 Jul 2007 16:17:08 | Attr =	]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13 Dec 1999 02:01:00 | Attr =	]
(DefWatch) DefWatch [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 30 Jul 2002 12:36:00 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04 Aug 2004 00:56:50 | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 19 Mar 2008 22:11:12 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04 Apr 2005 01:41:10 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 30 Mar 2008 10:36:30 | Attr =	]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.0.1084 | Size = 187168 bytes | Modified Date = 11 May 2007 17:28:56 | Attr =	]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.0.0.1217 | Size = 133920 bytes | Modified Date = 11 May 2007 17:30:50 | Attr =	]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.0.0.1217 | Size = 142112 bytes | Modified Date = 11 May 2007 17:32:22 | Attr =	]
(Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 573440 bytes | Modified Date = 30 Jul 2002 12:40:44 | Attr =	]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 77824 bytes | Modified Date = 28 Jul 2003 15:19:00 | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29 Sep 2004 12:14:36 | Attr =	]
(spkrmon) spkrmon [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Analog Devices\SoundMAX\spkrmon.exe ->  [Ver = 1, 0, 0, 4 | Size = 61440 bytes | Modified Date = 16 Jun 2003 18:02:24 | Attr =	]

[Driver Services - Non-Microsoft Only]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 01 Apr 2002 14:15:00 | Attr =	]
(Aspi32) Aspi32 [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Modified Date = 21 Nov 2005 06:48:21 | Attr =	]
(BCM43XX) BCM 802.11g Network Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.30.15.0 | Size = 265728 bytes | Modified Date = 18 Jul 2003 00:40:06 | Attr = R  ]
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 9336 bytes | Modified Date = 20 Oct 2007 01:56:10 | Attr =	]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 9464 bytes | Modified Date = 20 Oct 2007 01:56:12 | Attr =	]
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %SystemRoot%\system32\drivers\Cdudf_xp.sys -> Roxio [Ver = 7.0.1.41  | Size = 285824 bytes | Modified Date = 14 Apr 2004 01:37:56 | Attr =	]
(d347bus) d347bus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\d347bus.sys ->   [Ver = 3.47.0.0 built by: WinDDK | Size = 155136 bytes | Modified Date = 22 Aug 2004 16:31:10 | Attr =	]
(d347prt) d347prt [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\d347prt.sys ->   [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 22 Aug 2004 16:31:48 | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 03 Aug 2004 23:07:18 | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 03 Aug 2004 23:07:18 | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 16 Jul 2003 21:27:04 | Attr =	]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.65a | Size = 84576 bytes | Modified Date = 31 Jul 2003 03:21:00 | Attr =	]
(drvnddm) drvnddm [File_System | Auto | Stopped] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.38a | Size = 40448 bytes | Modified Date = 20 Jun 2003 02:56:00 | Attr =	]
(DVDVRRdr_xp) DVDVRRdr_xp [File_System | System | Running] -> %SystemRoot%\system32\drivers\DVDVRRdr_xp.sys -> Windows (R) 2000 DDK provider [Ver = 7.0.1.41  | Size = 140416 bytes | Modified Date = 14 Apr 2004 01:32:50 | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dvd_2k.sys -> Roxio [Ver = 7.0.1.41  | Size = 23680 bytes | Modified Date = 14 Apr 2004 01:37:30 | Attr =	]
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.21.0 built by: WinDDK | Size = 162816 bytes | Modified Date = 13 Jun 2005 12:58:04 | Attr =	]
(FilterService) UVC Filter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lvuvcflt.sys -> Logitech Inc. [Ver = 11.0.0.1217 | Size = 22560 bytes | Modified Date = 11 May 2007 17:31:48 | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 29 Jan 2008 12:01:28 | Attr =	]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 08 Mar 2005 06:52:26 | Attr = R  ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 08 Mar 2005 06:52:27 | Attr = R  ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 08 Mar 2005 06:52:28 | Attr = R  ]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 6.02.09.01 | Size = 202368 bytes | Modified Date = 02 Jul 2003 16:26:20 | Attr = R  ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 6.02.09.01 | Size = 1063936 bytes | Modified Date = 02 Jul 2003 16:24:16 | Attr = R  ]
(ikhfile) File Security Kernel Anti-Spyware Driver [File_System | System | Running] -> %SystemRoot%\system32\drivers\ikhfile.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Modified Date = 26 Jul 2006 15:25:28 | Attr =	]
(ikhlayer) Kernel Anti-Spyware Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Modified Date = 03 Oct 2006 11:21:42 | Attr =	]
(LVcKap) Logitech AEC Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Lvckap.sys ->  [Ver =  | Size = 2107808 bytes | Modified Date = 11 May 2007 17:27:58 | Attr =	]
(LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVMVdrv.sys -> Logitech Inc. [Ver = 11.0.0.1217 | Size = 2142752 bytes | Modified Date = 11 May 2007 17:29:54 | Attr =	]
(lvpopflt) Logitech POP Suppression Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lvpopflt.sys -> Logitech Inc. [Ver = 11.0.0.1217 | Size = 1921184 bytes | Modified Date = 11 May 2007 17:30:04 | Attr =	]
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVPr2Mon.sys ->  [Ver =  | Size = 25888 bytes | Modified Date = 11 May 2007 17:30:16 | Attr =	]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 11.0.0.1217 | Size = 41888 bytes | Modified Date = 11 May 2007 17:31:22 | Attr =	]
(LVUVC) Logitech QuickCam Pro 5000(UVC) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lvuvc.sys -> Logitech Inc. [Ver = 11.0.0.1217 | Size = 3580832 bytes | Modified Date = 11 May 2007 17:31:36 | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 09 Apr 2003 19:48:08 | Attr = R  ]
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mmc_2k.sys -> Roxio [Ver = 7.0.1.41  | Size = 23680 bytes | Modified Date = 14 Apr 2004 01:29:22 | Attr =	]
(NAVAP) NAVAP [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -> Symantec Corporation [Ver = 9.0.0.14 | Size = 218112 bytes | Modified Date = 19 Jun 2002 21:57:12 | Attr =	]
(NAVAPEL) NAVAPEL [Kernel | Auto | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -> Symantec Corporation [Ver = 9.0.0.14 | Size = 29184 bytes | Modified Date = 19 Jun 2002 21:57:14 | Attr =	]
(NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080507.008\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 82256 bytes | Modified Date = 07 May 2008 09:00:00 | Attr =	]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080507.008\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 895408 bytes | Modified Date = 07 May 2008 09:00:00 | Attr =	]
(NETGEAR_MA111) NETGEAR 802.11b MA111 Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MA111nd5.sys -> NETGEAR, Inc. [Ver = 3.00.08 | Size = 644608 bytes | Modified Date = 26 Feb 2004 10:25:32 | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 1341339 bytes | Modified Date = 28 Jul 2003 15:19:00 | Attr =	]
(OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 22 Aug 2001 08:42:58 | Attr =	]
(PCANDIS5) PCANDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\PCANDIS5.SYS -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.00.13.50 | Size = 16292 bytes | Modified Date = 26 Feb 2004 10:25:30 | Attr =	]
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 26 Feb 2007 13:49:24 | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 16 Jul 2003 21:42:18 | Attr =	]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Pwd_2k.sys -> Roxio [Ver = 7.0.1.41  | Size = 117248 bytes | Modified Date = 14 Apr 2004 01:23:58 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 20 Oct 2007 01:56:10 | Attr =	]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\system32\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 2, 0, 0 | Size = 30556 bytes | Modified Date = 05 Jun 2006 15:08:33 | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13 Nov 2007 11:25:53 | Attr = R  ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3650 | Size = 578176 bytes | Modified Date = 18 Jun 2003 14:52:18 | Attr =	]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 5621 bytes | Modified Date = 14 Jul 2003 11:28:40 | Attr =	]
(ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ssm_bus.sys -> MCCI [Ver = V4.34 | Size = 58320 bytes | Modified Date = 30 Aug 2005 01:47:38 | Attr =	]
(ssm_mdfl) SAMSUNG Mobile USB Modem II 1.0 Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ssm_mdfl.sys -> MCCI [Ver = V4.34 | Size = 8336 bytes | Modified Date = 30 Aug 2005 01:49:34 | Attr =	]
(ssm_mdm) SAMSUNG Mobile USB Modem II 1.0 Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ssm_mdm.sys -> MCCI [Ver = V4.34 | Size = 94000 bytes | Modified Date = 30 Aug 2005 01:49:38 | Attr =	]
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 23219 bytes | Modified Date = 14 Jul 2003 11:28:22 | Attr =	]
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.0.0.13 | Size = 73224 bytes | Modified Date = 30 Nov 2005 11:32:11 | Attr =	]
(tfsnboio) tfsnboio [File_System | Auto | Stopped] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 25685 bytes | Modified Date = 06 Aug 2003 01:04:00 | Attr =	]
(tfsncofs) tfsncofs [File_System | Auto | Stopped] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 34837 bytes | Modified Date = 06 Aug 2003 01:04:00 | Attr =	]
(tfsndrct) tfsndrct [File_System | Auto | Stopped] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 4117 bytes | Modified Date = 06 Aug 2003 01:04:00 | Attr =	]
(tfsndres) tfsndres [File_System | Auto | Stopped] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 2233 bytes | Modified Date = 06 Aug 2003 01:04:00 | Attr =	]
(tfsnifs) tfsnifs [File_System | Auto | Stopped] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 83284 bytes | Modified Date = 06 Aug 2003 01:04:00 | Attr =	]
(tfsnopio) tfsnopio [File_System | Auto | Stopped] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 14229 bytes | Modified Date = 06 Aug 2003 01:04:00 | Attr =	]
(tfsnpool) tfsnpool [File_System | Auto | Stopped] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 6357 bytes | Modified Date = 06 Aug 2003 01:04:00 | Attr =	]
(tfsnudf) tfsnudf [File_System | Auto | Stopped] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 98068 bytes | Modified Date = 06 Aug 2003 01:04:00 | Attr =	]
(tfsnudfa) tfsnudfa [File_System | Auto | Stopped] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 100373 bytes | Modified Date = 06 Aug 2003 01:04:00 | Attr =	]
(UDFReadr) UDFReadr [File_System | System | Running] -> %SystemRoot%\system32\drivers\Udfreadr.sys -> Roxio [Ver = 7.0.1.41  | Size = 198528 bytes | Modified Date = 14 Apr 2004 01:29:44 | Attr =	]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 6.02.09.01 built by: WinDDK | Size = 631680 bytes | Modified Date = 02 Jul 2003 16:25:24 | Attr = R  ]
(WlanUIB) NETGEAR 802.11b USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MA111nd5.sys -> NETGEAR, Inc. [Ver = 3.00.08 | Size = 644608 bytes | Modified Date = 26 Feb 2004 10:25:32 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 11 Jan 2008 20:54:31 | Attr =	]
vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 30 Jul 2002 12:35:04 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Magentic -> %ProgramFiles%\Magentic\bin\Magentic.exe [C:\PROGRA~1\Magentic\bin\Magentic.exe /c] ->  [Ver = 1, 3, 1, 0595 | Size = 475180 bytes | Modified Date = 17 Jan 2008 11:46:12 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23 Sep 2005 23:05:26 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\SnagIt 8.lnk -> %ProgramFiles%\TechSmith\SnagIt 8\SnagIt32.exe -> TechSmith Corporation [Ver = 8.2.3.14 | Size = 6395464 bytes | Modified Date = 01 May 2007 11:11:48 | Attr =	]
< Sheikh Startup Folder > -> C:\Documents and Settings\Sheikh\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{93994DE8-8239-4655-B1D1-5F4E91300429} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\DVD Region-Free\DVDShell.dll [] -> Fengtao Software [Ver = 3, 2, 0, 8 | Size = 49152 bytes | Modified Date = 29 Oct 2003 17:18:02 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
NavLogon -> %SystemRoot%\system32\NavLogon.dll ->  [Ver =  | Size = 45056 bytes | Modified Date = 30 Jul 2002 12:33:00 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{450D8FBA-AD25-11D0-98A8-0800361B1103} -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetHood -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoManageMyComputerVerb -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuPinnedList -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartmenuLogoff -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuSubFolders -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCommonGroups -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPrinterTabs -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDeletePrinter -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAddPrinter -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPrinters -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetworkConnections -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetFolders -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeStartMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoShellSearchButton -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeAnimation -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeKeyboardNavigationIndicators -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03 Aug 2004 22:59:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\SOFTWARE\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\SOFTWARE\Classes\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\SOFTWARE\Classes\AudioCD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\SOFTWARE\Classes\AudioCD\Shell\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRom_NEC_DVD+RW_ND-2100AD___________________103D____\5&3a22a7d4&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomLITE-ON_DVDRW_SOHW-1613S________________AS04____\5&3a22a7d4&0&0.1.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> SCSI\CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0\2&12b1de20&0&000 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 12 Sep 2005 10:37:05 | Attr =	]
< HOSTS File > (239846 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
*.windowsupdate_microsoft.com [http] -> Trusted sites -> 
windowsupdate.com .[http] -> Trusted sites -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{00C6482D-C502-44C8-8409-FCE54AD9C208} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItBHO.dll [SnagIt Toolbar Loader] -> TechSmith Corporation [Ver = 8.2.3.14 | Size = 63048 bytes | Modified Date = 01 May 2007 11:11:48 | Attr =	]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 09 Aug 2006 16:54:14 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10 Nov 2005 13:22:12 | Attr =	]
{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TweakMASTER\TweakBHO.dll [TweakMASTER PRO Component] -> Hagel Technologies Ltd [Ver = 2.50 Build R2822 | Size = 133672 bytes | Modified Date = 27 Nov 2006 16:26:30 | Attr =	]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 09 Aug 2006 16:54:07 | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItIEAddin.dll [SnagIt] -> TechSmith Corporation [Ver = 8.2.3.14 | Size = 161352 bytes | Modified Date = 01 May 2007 11:12:00 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10 Nov 2005 13:22:12 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10 Nov 2005 13:22:12 | Attr =	]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}:{A1EDC4A1-940F-48E0-8DFD-E38F1D501021} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 09 Aug 2006 16:54:07 | Attr =	]
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Phone\IEPlugin\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 75 | Size = 751144 bytes | Modified Date = 16 Mar 2007 19:22:12 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 09 Aug 2006 16:54:07 | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Windows Live Search -> Reg Error: Value  does not exist or could not be read. -> File not found
Add to &LinkFox -> Reg Error: Value  does not exist or could not be read. -> File not found
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10 May 2007 23:47:03 | Attr =	]
E&xport to Microsoft Excel -> Reg Error: Value  does not exist or could not be read. -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0232F7F5-1196-470C-A3FD-09F698DF144F} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 
{35EF8569-41BF-450A-9270-DAF712EDA637} ->	(Intel(R) PRO/100 VE Network Connection) -> 
{656510FA-138D-46FB-805A-92F149141047} ->	(1394 Net Adapter) -> 
{65CDDA72-5B08-4D0F-B658-DE2EA74F38C6} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 
{6A22D8A5-5ECF-4FCE-B49A-DFFD6FFDD042} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 
{8039DDF8-EC44-4580-BDFD-0986104FD386} ->	(Belkin Wireless 54Mbps Desktop Adapter) -> 
{B25BC961-4F32-4F00-9CA2-21B353E70648} ->	() -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24 Jul 2007 16:17:08 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 12 Jan 2007 12:50:48 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15026/CTSUEng.cab[Reg Error: Key does not exist or could not be opened.] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> 
{4E62C4DE-627D-4604-B157-4B7D6B09F02E}[HKEY_LOCAL_MACHINE] -> https://moneymanager.egg.com/Pinsafe/accounttracking.cab[AccountTracking Profile Manager Class] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126606003911[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143624147109[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38805.0795023148[Reg Error: Key does not exist or could not be opened.] -> 
{A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://www.crucial.com/controls/cpcScanner.cab[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}[HKEY_LOCAL_MACHINE] -> http://game06.zylom.com/activex/zylomgamesplayer.cab[Zylom Games Player] -> 
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{D821DC4A-0814-435E-9820-661C543A4679}[HKEY_LOCAL_MACHINE] -> http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx[CRLDownloadWrapper Class] -> 
{EB387D2F-E27B-4D36-979E-847D1036C65D}[HKEY_LOCAL_MACHINE] -> http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326[QDiagHUpdateObj Class] -> 
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15028/CTPID.cab[Creative Software AutoUpdate Support Package] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\\.Owner -> {4E62C4DE-627D-4604-B157-4B7D6B09F02E} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\\{4E62C4DE-627D-4604-B157-4B7D6B09F02E} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\\.Owner -> {A90A5822-F108-45AD-8482-9BC8B12DD539} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\\{A90A5822-F108-45AD-8482-9BC8B12DD539} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\\.Owner -> {D821DC4A-0814-435E-9820-661C543A4679} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\\{D821DC4A-0814-435E-9820-661C543A4679} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\.Owner -> {F6ACF75C-C32C-447B-9BEF-46B766368D29} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\.Owner -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\\.Owner -> {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\\{EB387D2F-E27B-4D36-979E-847D1036C65D} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\\{EB387D2F-E27B-4D36-979E-847D1036C65D} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.sys\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.sys\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.sys\\{EB387D2F-E27B-4D36-979E-847D1036C65D} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.VXD\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.VXD\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.VXD\\{EB387D2F-E27B-4D36-979E-847D1036C65D} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\\.Owner -> {9F1C11AA-197B-4942-BA54-47A8489BB47F} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagh.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagh.ocx\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagh.ocx\\{EB387D2F-E27B-4D36-979E-847D1036C65D} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04 Aug 2004 00:56:44 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15 Jun 2005 18:49:30 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04 Aug 2004 00:56:44 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25 Apr 2007 15:21:15 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24 Mar 2006 05:37:50 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1076 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04 Aug 2004 00:56:46 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04 Aug 2004 00:56:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 69 75 BC 68 B5 B1 E5 E1 7B 00 4F ED CD A4 50 17 61 30 62 62 34 33 61 63 00 68 07 00 01 00 00 00 D8 00 00 00 DC 00 00 00 48 FA 06 00 D6 48 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 6D C0 86 78  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 8A D2 D8 51 7F F6 27 91 57  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 27 ED 59 B5 E3 56  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 44 92 18 A0 A4 C9 75 06 6F FF DE 58 9F 1A 4E AB  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> E2 E4 22 B6 3A B8 C5 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C6 58 87 B5 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04 Aug 2004 00:56:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 3493 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2508 (xpsp.040806-1825) | Size = 330752 bytes | Modified Date = 02 Sep 2004 00:34:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04 Aug 2004 00:56:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10 Oct 2006 13:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19 Jan 2007 13:54:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04 Jan 2007 17:10:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\PopCap Games\Diamond Mine Deluxe\WinDM.exe -> F:\Program Files\PopCap Games\Diamond Mine Deluxe\WinDM.exe [F:\Program Files\PopCap Games\Diamond Mine Deluxe\WinDM.exe:*:Enabled:Bejeweled] -> PopCap.com [Ver = 1, 8, 1, 0 | Size = 1195521 bytes | Modified Date = 20 Jun 2003 13:55:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe] -> Hewlett-Packard [Ver = 2.4 | Size = 151635 bytes | Modified Date = 10 May 2005 22:34:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 57344 bytes | Modified Date = 03 Jun 2005 10:06:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 225280 bytes | Modified Date = 03 Jun 2005 09:50:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 40960 bytes | Modified Date = 03 Jun 2005 09:50:14 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 81920 bytes | Modified Date = 03 Jun 2005 09:45:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 172032 bytes | Modified Date = 03 Jun 2005 10:12:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe] ->   [Ver = 5.0.0.247 | Size = 704512 bytes | Modified Date = 15 Mar 2005 16:17:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 5.1.0.940 | Size = 1081344 bytes | Modified Date = 10 May 2005 21:07:26 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe] ->  [Ver = 5.0.0.247 | Size = 417792 bytes | Modified Date = 15 Mar 2005 16:12:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Disabled:hpqscnvw.exe] ->  [Ver = 3, 2, 0,940 | Size = 200704 bytes | Modified Date = 10 May 2005 21:50:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 12 May 2005 01:40:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 12 May 2005 00:23:26 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 458752 bytes | Modified Date = 03 Jun 2005 09:51:06 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10 Oct 2006 13:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04 Aug 2004 00:56:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype] -> Skype Technologies S.A. [Ver = 3.1.0.147 | Size = 25268264 bytes | Modified Date = 16 Mar 2007 19:25:16 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19 Jan 2007 13:54:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04 Jan 2007 17:10:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Magentic\bin\MgImp.exe -> C:\Program Files\Magentic\bin\MgImp.exe [C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic] -> IncrediMail, Ltd. [Ver = 1, 3, 1, 0595 | Size = 69673 bytes | Modified Date = 17 Jan 2008 11:45:22 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Magentic\bin\Magentic.exe -> C:\Program Files\Magentic\bin\Magentic.exe [C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic] ->  [Ver = 1, 3, 1, 0595 | Size = 475180 bytes | Modified Date = 17 Jan 2008 11:46:12 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Magentic\bin\MgApp.exe -> C:\Program Files\Magentic\bin\MgApp.exe [C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic] ->  [Ver = 1, 3, 1, 0595 | Size = 106537 bytes | Modified Date = 17 Jan 2008 11:45:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 768512 bytes | Modified Date = 04 Aug 2004 00:56:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24 Jul 2007 16:17:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 30 Mar 2008 10:36:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04 Aug 2004 00:56:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04 Aug 2004 00:56:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 16 May 2008 18:22:18 | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 16 May 2008 10:57:59 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 16 May 2008 19:28:51 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 3891335168 bytes | Created Date = 16 May 2008 10:06:31 | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 15 May 2008 15:25:14 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 15 May 2008 15:47:34 | Attr =  H ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 16 May 2008 10:58:15 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 15 May 2008 20:55:38 | Attr =	]
pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Created Date = 08 May 2008 10:31:43 | Attr =	]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 15 May 2008 20:57:32 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Google SketchUp.lnk -> %AllUsersProfile%\Desktop\Google SketchUp.lnk ->  [Ver =  | Size = 569 bytes | Created Date = 07 May 2008 22:25:49 | Attr =	]
LayOut.lnk -> %AllUsersProfile%\Desktop\LayOut.lnk ->  [Ver =  | Size = 631 bytes | Created Date = 07 May 2008 22:26:57 | Attr =	]
SpyHunter.lnk -> %AllUsersProfile%\Desktop\SpyHunter.lnk ->  [Ver =  | Size = 899 bytes | Created Date = 09 May 2008 18:03:58 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 16 May 2008 17:38:07 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
ATF-Cleaner.lnk -> %UserProfile%\Desktop\ATF-Cleaner.lnk ->  [Ver =  | Size = 636 bytes | Created Date = 13 May 2008 18:23:37 | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Created Date = 17 May 2008 09:28:11 | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Created Date = 16 May 2008 18:14:13 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 16 May 2008 10:57:38 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 838 bytes | Created Date = 16 May 2008 11:08:16 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 16 May 2008 17:39:51 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 543023 bytes | Created Date = 16 May 2008 17:39:20 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Rundll after avenger reboot.jpg -> %UserProfile%\Desktop\Rundll after avenger reboot.jpg ->  [Ver =  | Size = 8484 bytes | Created Date = 17 May 2008 09:49:05 | Attr =	]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix ->  [Folder | Created Date = 13 May 2008 18:26:44 | Attr =	]
VirtumundoBeGone.exe -> %UserProfile%\Desktop\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 15 May 2008 17:09:14 | Attr =	]
VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0003 | Size = 147456 bytes | Created Date = 15 May 2008 17:09:14 | Attr =	]
Enigma Software Group -> %ProgramFiles%\Enigma Software Group ->  [Folder | Created Date = 09 May 2008 17:34:15 | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 16 May 2008 11:08:16 | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 17 May 2008 09:34:23 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 15 May 2008 21:00:17 | Attr =  H ]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 16 May 2008 10:57:59 | Attr =	]
DELL -> %SystemDrive%\DELL ->  [Folder | Modified Date = 08 May 2008 22:27:52 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 16 May 2008 19:28:51 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 3891335168 bytes | Modified Date = 17 May 2008 09:33:11 | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 16 May 2008 11:08:16 | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 08 May 2008 20:57:59 | Attr =  HS]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:45:47 | Attr =  H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:46:32 | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:54:09 | Attr =  H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:34:51 | Attr =  H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:38:12 | Attr =  H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:39:44 | Attr =  H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:40:49 | Attr =  H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:44:53 | Attr =  H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 03 May 2008 10:45:06 | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:45:47 | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:46:32 | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:54:09 | Attr =  H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:34:50 | Attr =  H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:38:12 | Attr =  H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:39:44 | Attr =  H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:40:49 | Attr =  H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:44:53 | Attr =  H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 03 May 2008 10:45:06 | Attr =  H ]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 09 May 2008 10:14:11 | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 15 May 2008 15:49:05 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 17 May 2008 09:32:58 | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 15 May 2008 20:50:47 | Attr =	]
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS ->  [Ver =  | Size = 239846 bytes | Modified Date = 15 May 2008 14:36:11 | Attr =	]
hosts.20080509-095737.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080509-095737.backup ->  [Ver =  | Size = 239846 bytes | Modified Date = 09 May 2008 09:52:23 | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 16 May 2008 19:28:31 | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 15 May 2008 21:43:40 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 17 May 2008 09:51:25 | Attr =	]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 15 May 2008 20:50:45 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 72152 bytes | Modified Date = 15 May 2008 20:08:01 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 444528 bytes | Modified Date = 15 May 2008 20:08:01 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 525676 bytes | Modified Date = 15 May 2008 20:08:01 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 17 May 2008 09:34:17 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 15 May 2008 15:47:34 | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 17 May 2008 09:33:17 | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 16 May 2008 19:31:33 | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 16 May 2008 10:58:15 | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 15 May 2008 20:50:43 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 15 May 2008 20:50:44 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 15 May 2008 21:01:07 | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 16 May 2008 17:38:31 | Attr =	]
pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Modified Date = 16 May 2008 17:41:05 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 15 May 2008 20:12:21 | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 15 May 2008 20:08:31 | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 17 May 2008 09:32:58 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 15 May 2008 15:02:29 | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 17 May 2008 10:05:43 | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 08 May 2008 22:27:52 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 711 bytes | Modified Date = 15 May 2008 20:19:38 | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 1772 bytes | Modified Date = 13 May 2008 20:54:33 | Attr =	]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job ->  [Ver =  | Size = 256 bytes | Modified Date = 15 May 2008 21:33:01 | Attr =	]
HPpromotions journeysoftware.job -> %SystemRoot%\tasks\HPpromotions journeysoftware.job ->  [Ver =  | Size = 368 bytes | Modified Date = 15 May 2008 20:00:00 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 16 May 2008 09:23:05 | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 13 Sep 2005 11:09:25 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 8026 bytes | Modified Date = 16 May 2008 08:59:40 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 8026 bytes | Modified Date = 16 May 2008 08:59:41 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 20 Sep 2005 09:24:29 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 20 Sep 2005 09:24:29 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 17 May 2008 10:13:05 | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
fssm32.exe -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 17 May 2008 09:57:06 | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
fssm32.exe -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 17 May 2008 10:13:05 | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
daas_s.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 27 Feb 2008 15:59:28 | Attr =	]
fm4av.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
fpinor.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
fsbl.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
fsbld.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 17 May 2008 09:56:49 | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
fsmart.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 17 May 2008 09:57:01 | Attr =	]
fspe32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 17 May 2008 09:56:51 | Attr =	]
fsup32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll ->  [Ver =  | Size = 126976 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14193 | Size = 884736 bytes | Modified Date = 17 May 2008 09:57:01 | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 17 May 2008 09:56:47 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 17 May 2008 09:57:06 | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
fm4av.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
fpinor.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
fsbl.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fspe32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsup32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll ->  [Ver =  | Size = 126976 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 17 May 2008 09:57:01 | Attr =	]
fsmart.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 17 May 2008 09:57:01 | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14193 | Size = 884736 bytes | Modified Date = 17 May 2008 09:57:01 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 17 May 2008 09:56:47 | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 17 May 2008 09:56:47 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 17 May 2008 09:56:51 | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 17 May 2008 09:56:51 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 17 May 2008 09:56:49 | Attr =	]
fsblu.dll -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 17 May 2008 09:56:49 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 17 May 2008 10:13:05 | Attr =	]
ext.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 17 May 2008 09:56:39 | Attr =	]
fsedb.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 823322 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
perf.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 17 May 2008 13:57:41 | Attr =	]
sae.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 17 May 2008 09:56:39 | Attr =	]
sai.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 17 May 2008 09:56:39 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 17 May 2008 09:56:39 | Attr =	]
ext.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 17 May 2008 09:56:39 | Attr =	]
sae.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 17 May 2008 09:56:39 | Attr =	]
sai.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 17 May 2008 09:56:39 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsedb.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 823322 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 17 May 2008 10:13:05 | Attr =	]
FS@av.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 17 May 2008 09:56:39 | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 17 May 2008 09:56:31 | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 17 May 2008 09:56:49 | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 17 May 2008 09:57:01 | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 17 May 2008 09:56:51 | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 17 May 2008 09:56:47 | Attr =	]
verdicts.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 17 May 2008 09:56:33 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 17 May 2008 09:56:39 | Attr =	]
FS@av.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 17 May 2008 09:56:39 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avpe\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 17 May 2008 09:56:38 | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 17 May 2008 09:56:31 | Attr =	]
verdicts.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 17 May 2008 09:56:33 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 17 May 2008 09:57:06 | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 17 May 2008 09:57:06 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 17 May 2008 09:56:59 | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 17 May 2008 09:56:59 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 17 May 2008 09:57:01 | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 17 May 2008 09:57:01 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 17 May 2008 09:56:47 | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 17 May 2008 09:56:47 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 17 May 2008 09:56:51 | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 17 May 2008 09:56:51 | Attr =	]
C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 17 May 2008 09:56:49 | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Sheikh\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 17 May 2008 09:56:49 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Google -> %AllUsersProfile%\Application Data\Google ->  [Folder | Modified Date = 07 May 2008 22:26:53 | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 11 May 2008 10:56:09 | Attr =	]
Azureus -> %AppData%\Azureus ->  [Folder | Modified Date = 15 May 2008 20:50:46 | Attr =	]
UseNeXT -> %AppData%\UseNeXT ->  [Folder | Modified Date = 15 May 2008 20:50:46 | Attr =	]
uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 15 May 2008 20:50:47 | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 08 May 2008 10:13:13 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 200704 bytes | Modified Date = 08 May 2008 09:16:57 | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3730662 bytes | Modified Date = 09 May 2008 09:11:00 | Attr =  H ]
ALI -> F:\My Documents\ALI ->  [Folder | Modified Date = 08 May 2008 22:27:53 | Attr =	]
Audio Books -> F:\My Documents\Audio Books ->  [Folder | Modified Date = 08 May 2008 22:27:53 | Attr =	]
Documents -> F:\My Documents\Documents ->  [Folder | Modified Date = 08 May 2008 22:27:53 | Attr =	]
Downloads -> F:\My Documents\Downloads ->  [Folder | Modified Date = 08 May 2008 22:27:53 | Attr =	]
Games -> F:\My Documents\Games ->  [Folder | Modified Date = 15 May 2008 20:50:51 | Attr =	]
Map Overlays -> F:\My Documents\Map Overlays ->  [Folder | Modified Date = 08 May 2008 22:27:53 | Attr =	]
My Jokes -> F:\My Documents\My Jokes ->  [Folder | Modified Date = 08 May 2008 22:27:53 | Attr =	]
My Pictures -> F:\My Documents\My Pictures ->  [Folder | Modified Date = 08 May 2008 22:27:53 | Attr = R  ]
My Recipies -> F:\My Documents\My Recipies ->  [Folder | Modified Date = 08 May 2008 22:27:53 | Attr =	]
My Scans -> F:\My Documents\My Scans ->  [Folder | Modified Date = 08 May 2008 10:11:38 | Attr =	]
My Sound Clips -> F:\My Documents\My Sound Clips ->  [Folder | Modified Date = 08 May 2008 22:27:53 | Attr =	]
SnagIt Catalog -> F:\My Documents\SnagIt Catalog ->  [Folder | Modified Date = 08 May 2008 22:27:53 | Attr =	]
Sophie -> F:\My Documents\Sophie ->  [Folder | Modified Date = 08 May 2008 22:27:53 | Attr =	]
Subsea7 -> F:\My Documents\Subsea7 ->  [Folder | Modified Date = 08 May 2008 22:27:52 | Attr =	]
Google SketchUp.lnk -> %AllUsersProfile%\Desktop\Google SketchUp.lnk ->  [Ver =  | Size = 569 bytes | Modified Date = 07 May 2008 22:25:49 | Attr =	]
LayOut.lnk -> %AllUsersProfile%\Desktop\LayOut.lnk ->  [Ver =  | Size = 631 bytes | Modified Date = 07 May 2008 22:26:57 | Attr =	]
Registry Mechanic.lnk -> %AllUsersProfile%\Desktop\Registry Mechanic.lnk ->  [Ver =  | Size = 738 bytes | Modified Date = 15 May 2008 17:11:15 | Attr =	]
Safari.lnk -> %AllUsersProfile%\Desktop\Safari.lnk ->  [Ver =  | Size = 2187 bytes | Modified Date = 17 May 2008 13:58:06 | Attr =	]
SpyHunter.lnk -> %AllUsersProfile%\Desktop\SpyHunter.lnk ->  [Ver =  | Size = 899 bytes | Modified Date = 09 May 2008 18:03:58 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 16 May 2008 17:37:27 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
ATF-Cleaner.lnk -> %UserProfile%\Desktop\ATF-Cleaner.lnk ->  [Ver =  | Size = 636 bytes | Modified Date = 13 May 2008 18:23:37 | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Modified Date = 17 May 2008 09:28:11 | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Modified Date = 16 May 2008 18:14:54 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 16 May 2008 10:57:43 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 838 bytes | Modified Date = 16 May 2008 11:08:16 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 17 May 2008 09:27:57 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 543023 bytes | Modified Date = 16 May 2008 17:39:17 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Rundll after avenger reboot.jpg -> %UserProfile%\Desktop\Rundll after avenger reboot.jpg ->  [Ver =  | Size = 8484 bytes | Modified Date = 17 May 2008 09:49:06 | Attr =	]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix ->  [Folder | Modified Date = 16 May 2008 21:20:23 | Attr =	]
VirtumundoBeGone.exe -> %UserProfile%\Desktop\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 15 May 2008 15:22:26 | Attr =	]
VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0003 | Size = 147456 bytes | Modified Date = 15 May 2008 15:22:14 | Attr =	]

< End of report >


I have attached an error message that appeared after the avenger program had run.

Attached Files



#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:01 AM

Posted 17 May 2008 - 10:26 AM

Hi sheikhs. Yes, those error messages should come up. It means Avenger moved the file correctly.

Everything looks good. Go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues. If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 sheikhs

sheikhs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 21 May 2008 - 10:18 AM

Hi OT,

The computer has been behaving well for a while now. I did run Spybot a few days ago which found remnants of the Virtumonde virus. Whatever Spybot found it removed and has not come back since.

I have noticed however that a lot of processes do not seem to be starting up (Symantec and the printer spooler are a couple) which I'm hoping will be cured with your previous mention of the final clean up.

It does look like you have whipped the virus into oblivion. Thanks for that and I look forward to your next set of instructions.

Cheers

Sheikhs

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:01 AM

Posted 21 May 2008 - 01:08 PM

Hi sheikhs. All of the logs that were submitted were done from Safe Mode. There should not be many services starting up when in Safe Mode. Only the very minimal services to run the system. If the system is booted up normally and there are some srvices that are not starting correctly (like Symantec) then the application might need to be uninstalled and reinstalled. Many of these infections attack and disable any security programs found so that they can operate freely.

Let's go ahead and do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start OTScanIt
    Click the CleanUp button
  • OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users