Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying Pop Up Warning


  • Please log in to reply
6 replies to this topic

#1 babuffalo

babuffalo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 01 June 2008 - 09:54 AM

I'm getting a pop up everytime I click on something. The pop-up says:

"Your system is infected with dangerous virus!"
Note: Strongly recommend to install antispyware to clean your system and avoid total crash of your computer!
Click OK to download the antispyware. (Recommended)

Now, of course, I don't download anything.

I have run Kaspersky Online Scanner and DSS. They are in the response below.

Any help is greatly appreciated!!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 31, 2008 8:49:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/05/2008
Kaspersky Anti-Virus database records: 818345
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:
D:

Scan Statistics:
Total number of scanned objects: 180735
Number of viruses found: 4
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 06:44:38

Infected Object Name / Virus Name / Last Action
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat Object is locked skipped
C:Documents and SettingsAll UsersApplication DataNeroNero8Nero BackItUpCacheNeroBackItUpScheduler3.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon ClientConfid.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon ClientContent.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon ClientPrivacy.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon ClientRestrict.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon Clientsettings.dat Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon ClientWebHist.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSymantec AntiVirus Corporate Edition7.5Quarantine0A540000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.qvh skipped
C:Documents and SettingsAll UsersApplication DataSymantecSymantec Client FirewallSystem.log Object is locked skipped
C:Documents and Settingshx32804Application Data$_hpcst$.hpc Object is locked skipped
C:Documents and Settingshx32804Application DataRoxioMediaManager8Album.ldb Object is locked skipped
C:Documents and Settingshx32804Application DataRoxioMediaManager8Album.psod Object is locked skipped
C:Documents and Settingshx32804Cookiesindex.dat Object is locked skipped
C:Documents and Settingshx32804Local SettingsApplication DataAheadNero Homebl.db Object is locked skipped
C:Documents and Settingshx32804Local SettingsApplication DataAheadNero Homeis2.db Object is locked skipped
C:Documents and Settingshx32804Local SettingsApplication DataMicrosoftFeeds Cacheindex.dat Object is locked skipped
C:Documents and Settingshx32804Local SettingsApplication DataMicrosoftWindowsUsrClass.dat Object is locked skipped
C:Documents and Settingshx32804Local SettingsApplication DataMicrosoftWindowsUsrClass.dat.LOG Object is locked skipped
C:Documents and Settingshx32804Local SettingsHistoryHistory.IE5index.dat Object is locked skipped
C:Documents and Settingshx32804Local SettingsHistoryHistory.IE5MSHist012008053120080601index.dat Object is locked skipped
C:Documents and Settingshx32804Local SettingsTempA210-tmp.exe Infected: Trojan-Downloader.Win32.Delf.ijk skipped
C:Documents and Settingshx32804Local SettingsTempWCESLog.log Object is locked skipped
C:Documents and Settingshx32804Local SettingsTemporary Internet FilesAntiPhishingB3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:Documents and Settingshx32804Local SettingsTemporary Internet FilesContent.IE5index.dat Object is locked skipped
C:Documents and Settingshx32804My DocumentsinterwiseparticipantLogsPLLog7.log Object is locked skipped
C:Documents and Settingshx32804NTUSER.DAT Object is locked skipped
C:Documents and Settingshx32804ntuser.dat.LOG Object is locked skipped
C:Documents and SettingsLocalServiceCookiesindex.dat Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat.LOG Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsHistoryHistory.IE5index.dat Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat Object is locked skipped
C:Documents and SettingsLocalServiceNTUSER.DAT Object is locked skipped
C:Documents and SettingsLocalServicentuser.dat.LOG Object is locked skipped
C:Documents and SettingsNetworkServiceCookiesindex.dat Object is locked skipped
C:Documents and SettingsNetworkServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat Object is locked skipped
C:Documents and SettingsNetworkServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat.LOG Object is locked skipped
C:Documents and SettingsNetworkServiceLocal SettingsHistoryHistory.IE5index.dat Object is locked skipped
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat Object is locked skipped
C:Documents and SettingsNetworkServiceNTUSER.DAT Object is locked skipped
C:Documents and SettingsNetworkServicentuser.dat.LOG Object is locked skipped
C:Program FilesCommon FilesSymantec SharedEENGINEEPERSIST.DAT Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDALRT.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDCON.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDDBG.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDFW.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDIDS.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDSYS.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBConfig.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBDebug.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBDetect.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBNotify.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBRefr.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBSetCfg.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBSetDev.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBSetLoc.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBSetUsr.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBStHash.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBStMSI.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSBBValid.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSSPPolicy.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSSPStart.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSPBBCLOGSSPStop.log Object is locked skipped
C:Program FilesiPassiPassConnectlogAgent.log Object is locked skipped
C:Program FilesJuniper NetworksCommon FilesNCService.log Object is locked skipped
C:Program FilesMicrosoft SQL ServerMSSQLDatamaster.mdf Object is locked skipped
C:Program FilesMicrosoft SQL ServerMSSQLDatamastlog.ldf Object is locked skipped
C:Program FilesMicrosoft SQL ServerMSSQLDatamodel.mdf Object is locked skipped
C:Program FilesMicrosoft SQL ServerMSSQLDatamodellog.ldf Object is locked skipped
C:Program FilesMicrosoft SQL ServerMSSQLDatatempdb.mdf Object is locked skipped
C:Program FilesMicrosoft SQL ServerMSSQLDatatemplog.ldf Object is locked skipped
C:Program FilesMicrosoft SQL ServerMSSQLLOGERRORLOG Object is locked skipped
C:Program FilesNeroNero8Nero BackItUpBIU1.txt Object is locked skipped
C:Program FilesSymantec Client SecuritySymantec AntiVirusSAVRT0198NAV~.TMP Object is locked skipped
C:Program FilesSymantec Client SecuritySymantec AntiVirusSAVRT0329NAV~.TMP Object is locked skipped
C:RECYCLERS-1-5-21-8740799-2134930118-1361462980-550932Dc56.exe Infected: Trojan-Downloader.Win32.Delf.ijd skipped
C:System Volume InformationMountPointManagerRemoteDatabase Object is locked skipped
C:System Volume Information_restore{9EA4A9E5-9647-4B96-9331-5389BE1A264E}RP14change.log Object is locked skipped
C:WINNTCSC00000001 Object is locked skipped
C:WINNTDebugNetlogon.log Object is locked skipped
C:WINNTDebugPASSWD.LOG Object is locked skipped
C:WINNTDownloaded Program Filespopcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:WINNTInternet LogstvDebug.log Object is locked skipped
C:WINNTRegistration{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A5FD2BE0-8F16-40C0-88AD-34ED2887219A}.crmlog Object is locked skipped
C:WINNTSchedLgU.Txt Object is locked skipped
C:WINNTSoftwareDistributionEventCache{B9E38DCD-2FB8-4E3B-9781-5B05B90EE7EF}.bin Object is locked skipped
C:WINNTSoftwareDistributionReportingEvents.log Object is locked skipped
C:WINNTsystem32CCMLogsCAS.log Object is locked skipped
C:WINNTsystem32CCMLogsCcmExec.log Object is locked skipped
C:WINNTsystem32CCMLogsCertificateMaintenance.log Object is locked skipped
C:WINNTsystem32CCMLogsCIAgent.log Object is locked skipped
C:WINNTsystem32CCMLogsInternetProxy.log Object is locked skipped
C:WINNTsystem32CCMLogsLocationServices.log Object is locked skipped
C:WINNTsystem32CCMLogsmtrmgr.log Object is locked skipped
C:WINNTsystem32CCMLogsoobmgmt.log Object is locked skipped
C:WINNTsystem32CCMLogsPolicyAgent.log Object is locked skipped
C:WINNTsystem32CCMLogsPolicyAgentProvider.log Object is locked skipped
C:WINNTsystem32CCMLogsPolicyEvaluator.log Object is locked skipped
C:WINNTsystem32CCMLogsRebootCoordinator.log Object is locked skipped
C:WINNTsystem32CCMLogsScanAgent.log Object is locked skipped
C:WINNTsystem32CCMLogsScheduler.log Object is locked skipped
C:WINNTsystem32CCMLogsStateMessage.log Object is locked skipped
C:WINNTsystem32CCMLogsStatusAgent.log Object is locked skipped
C:WINNTsystem32CCMLogsUpdatesDeployment.log Object is locked skipped
C:WINNTsystem32CCMLogsUpdatesHandler.log Object is locked skipped
C:WINNTsystem32CCMLogsWUAHandler.log Object is locked skipped
C:WINNTsystem32CCMLogsXmlStore.log Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesCertificateMaintenanceEndpoint0000002D.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesCertificateMaintenanceEndpoint0000002D.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesCIAgentDtsReply00000002.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesCIAgentDtsReply00000002.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesClientRegistration00000001.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesClientRegistration00000001.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesCTMDTSReply0000000H.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesCTMDTSReply0000000H.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesDCMAgent00000004.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesDCMAgent00000004.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesexecmgr0000000O.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesexecmgr0000000O.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesInventoryAgent0000000O.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesInventoryAgent0000000O.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesLS_ReplyLocations0000002F.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesLS_ReplyLocations0000002F.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesLS_ScheduledCleanup00000036.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesLS_ScheduledCleanup00000036.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesMtrMgr00000001.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesMtrMgr00000001.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesOOBMgmt00000001.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesOOBMgmt00000001.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPeerDPManager0000000S.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPeerDPManager0000000S.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_Cleanup0000000W.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_Cleanup0000000W.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_PolicyDownload0000000S.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_PolicyDownload0000000S.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_PolicyEvaluator000000GE.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_PolicyEvaluator000000GE.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_ReplyAssignments0000000P.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_ReplyAssignments0000000P.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_RequestAssignments00000059.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_RequestAssignments00000059.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_ReRequestPolicy00000001.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesPolicyAgent_ReRequestPolicy00000001.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesProxyMaintenanceEndpoint00000004.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesProxyMaintenanceEndpoint00000004.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesRebootCoord00000001.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesRebootCoord00000001.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesRemoteToolsAgent00000001.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesRemoteToolsAgent00000001.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesScanAgent00000008.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesScanAgent00000008.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesSdmPkgLoaderDtsReply00000002.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesSdmPkgLoaderDtsReply00000002.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesSMSSHA00000001.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesSMSSHA00000001.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesSrcUpdateMgr00000001.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesSrcUpdateMgr00000001.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesSrvWinMgr00000001.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesSrvWinMgr00000001.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesStateMessageManager000000KB.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesStateMessageManager000000KB.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesSWMTRReportGen00000005.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesSWMTRReportGen00000005.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesUpdatesAgent00000001.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesUpdatesAgent00000001.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesUpdatesDeploymentAgent00000009.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesUpdatesDeploymentAgent00000009.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesUpdateStore00000002.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingEndpointQueuesUpdateStore00000002.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesamp_[http]mp_locationmanager0000003S.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesamp_[http]mp_locationmanager0000003S.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesdirect_housmsp004.corp.halliburton.com_mp_locationmanager00000002.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesdirect_housmsp004.corp.halliburton.com_mp_locationmanager00000002.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesdirect_housmsp005_uploadprotocol00000001.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesdirect_housmsp005_uploadprotocol00000001.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueueslmp_[http]mp_locationmanager0000000C.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueueslmp_[http]mp_locationmanager0000000C.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_mp_ddrendpoint00000002.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_mp_ddrendpoint00000002.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_mp_hinvendpoint00000003.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_mp_hinvendpoint00000003.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_mp_relayendpoint0000000H.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_mp_relayendpoint0000000H.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_mp_sinvendpoint00000003.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_mp_sinvendpoint00000003.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_statusreceiver00000013.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_statusreceiver00000013.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_statusreceiver00000014.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_statusreceiver00000014.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_[http]mp_locationmanager0000000Y.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_[http]mp_locationmanager0000000Y.que Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_[http]mp_policymanager0000004D.msg Object is locked skipped
C:WINNTsystem32CCMServiceDataMessagingOutgoingQueuesmp_[http]mp_policymanager0000004D.que Object is locked skipped
C:WINNTsystem32configAppEvent.Evt Object is locked skipped
C:WINNTsystem32configdefault Object is locked skipped
C:WINNTsystem32configdefault.LOG Object is locked skipped
C:WINNTsystem32configInternet.evt Object is locked skipped
C:WINNTsystem32configODiag.evt Object is locked skipped
C:WINNTsystem32configOSession.evt Object is locked skipped
C:WINNTsystem32configSAM Object is locked skipped
C:WINNTsystem32configSAM.LOG Object is locked skipped
C:WINNTsystem32configSecEvent.Evt Object is locked skipped
C:WINNTsystem32configSECURITY Object is locked skipped
C:WINNTsystem32configSECURITY.LOG Object is locked skipped
C:WINNTsystem32configsoftware Object is locked skipped
C:WINNTsystem32configsoftware.LOG Object is locked skipped
C:WINNTsystem32configSysEvent.Evt Object is locked skipped
C:WINNTsystem32configsystem Object is locked skipped
C:WINNTsystem32configsystem.LOG Object is locked skipped
C:WINNTsystem32h323log.txt Object is locked skipped
C:WINNTsystem32LogFilesW3SVC1ex080531.log Object is locked skipped
C:WINNTsystem32profile.dat Object is locked skipped
C:WINNTsystem32wbemRepositoryFSINDEX.BTR Object is locked skipped
C:WINNTsystem32wbemRepositoryFSINDEX.MAP Object is locked skipped
C:WINNTsystem32wbemRepositoryFSMAPPING.VER Object is locked skipped
C:WINNTsystem32wbemRepositoryFSMAPPING1.MAP Object is locked skipped
C:WINNTsystem32wbemRepositoryFSMAPPING2.MAP Object is locked skipped
C:WINNTsystem32wbemRepositoryFSOBJECTS.DATA Object is locked skipped
C:WINNTsystem32wbemRepositoryFSOBJECTS.MAP Object is locked skipped
C:WINNTtemphsperfdata_SYSTEM260 Object is locked skipped
C:WINNTtempJETC2B6.tmp Object is locked skipped
C:WINNTtempPerflib_Perfdata_2d0.dat Object is locked skipped
C:WINNTWindowsUpdate.log Object is locked skipped

Scan process completed.

Deckard's System Scanner v20071014.68
Run by hx32804 on 2008-06-01 09:40:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2008-06-01 14:40:43 UTC - RP17 - Deckard's System Scanner Restore Point
16: 2008-06-01 10:14:59 UTC - RP16 - System Checkpoint
15: 2008-06-01 00:03:41 UTC - RP15 - System Checkpoint
14: 2008-05-31 08:01:05 UTC - RP14 - Software Distribution Service 3.0
13: 2008-05-30 16:15:39 UTC - RP13 - Installed Apache HTTP Server 2.2.8


-- First Restore Point --
1: 2008-05-28 17:38:37 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as hx32804.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:00 AM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32Ati2evxx.exe
C:WINNTsystem32svchost.exe
C:WINNTSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesIntelWirelessBinWLKeeper.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesSymantec Client SecuritySymantec Client FirewallISSVC.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:WINNTsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesCisco SystemsVPN Clientcvpnd.exe
C:Program FilesSymantec Client SecuritySymantec AntiVirusDefWatch.exe
C:Program FilesJuniper NetworksCommon FilesdsNcService.exe
C:WINNTsystem32inetsrvinetinfo.exe
C:Program FilesiPassiPassConnectiPCAgent.exe
C:LandmarkEDT_2003.21Common FilesJDKjrebinclientDSRegistryService.exe
C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlservr.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINNTsystem32HPZipm12.exe
C:WINNTsystem32PnkBstrA.exe
C:WINNTsystem32PSIService.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesCommon FilesRoxio SharedSharedCOM8RoxWatch.exe
C:Program FilesSymantec Client SecuritySymantec AntiVirusSavRoam.exe
C:Program FilesPhotodexProShowProducerScsiAccess.exe
C:Program FilesSeagateSyncSeaSyncServices.exe
C:Program FilesSymantec Client SecuritySymantec AntiVirusRtvscan.exe
C:Program FilesSymantec Client SecuritySymantec Client FirewallSymSPort.exe
C:WINNTsystem32CCMCcmExec.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:WINNTsystem32Ati2evxx.exe
C:WINNTExplorer.EXE
C:WINNTsystem32ctfmon.exe
C:program fileshalliburtonhalhelphalhelp.exe
C:Program FilesCommon FilesRoxio SharedSharedCOM8RoxWatchTray.exe
C:Program FilesiPassiPassConnectdownloaderipccheck.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1SYMANT~2VPTray.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:WINNTAGRSMMSG.exe
C:Program FilesCommon FilesRoxio SharedSharedCOM8RoxMediaDB.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
C:WINNTsystem32AccelerometerSt.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesJavajre1.6.0_05binjusched.exe
C:Program FilesCommon FilesRoxio SharedSharedCOM8CPSHelpRunner.exe
C:Program FilesSeagateSystemTrayStxMenuMgr.exe
C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe
C:WINNTsystem32dllhost.exe
C:Program FilesIntelWirelessBinDot1XCfg.exe
C:WINNTsystem32inetsrvDavCData.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:PROGRA~1MICROS~3rapimgr.exe
C:DOCUME~1hx32804LOCALS~1TempAutoDetect.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:WINNTSystem32svchost.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesApache Software FoundationApache2.2binApacheMonitor.exe
C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Program FilesInterwiseParticipantpull.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
F:dss.exe
C:PROGRA~1TRENDM~1HIJACK~1hx32804.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://halworld.corp.halliburton.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://halworld.corp.halliburton.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer provided by Halliburton Company
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = file://C:/Program Files/halliburton/PACFILES/proxy.pac
O2 - BHO: IE - {73AB9095-4904-4C64-83D8-01F9F7DDC41C} - C:WINNToddogy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O2 - BHO: (no name) - {BBDF68D2-9E56-43A8-B792-782B6269B988} - C:WINNTsystem32mllmj.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - C:PROGRA~1UE_TOO~1UE_TOO~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [DIRECT!] C:PROGRA~1COURIO~1IDENTI~1direct.exe
O4 - HKLM..Run: [HalHelp] c:program fileshalliburtonhalhelphalhelp.exe
O4 - HKLM..Run: [RoxWatchTray] "C:Program FilesCommon FilesRoxio SharedSharedCOM8RoxWatchTray.exe"
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~2VPTray.exe
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [SoundMAX] C:Program FilesAnalog DevicesSoundMAXSmax4.exe /tray
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [QlbCtrl] %ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [AccelerometerSysTrayApplet] C:WINNTsystem32AccelerometerSt.exe
O4 - HKLM..Run: [IntelZeroConfig] "C:Program FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [ProxyUpdate] C:WINNTHXPProxyUpdate.vbs
O4 - HKLM..Run: [SAPRUNHXP] C:WINNTsaplogoncheck.exe /s
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [StxTrayMenu] "C:Program FilesSeagateSystemTrayStxMenuMgr.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [NBKeyScan] "C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINNTsystem32ctfmon.exe
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm.exe"
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesNeroLibNMBgMonitor.exe"
O4 - HKCU..Run: [Ceedo AutoDetect] C:DOCUME~1hx32804LOCALS~1TempAutoDetect.exe /active
O4 - HKUSS-1-5-19..Run: [Communicator] "C:Program FilesMicrosoft Office CommunicatorCommunicator.exe" (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Communicator] "C:Program FilesMicrosoft Office CommunicatorCommunicator.exe" (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-21-8740799-2134930118-1361462980-527893..RunOnce: [NeroHomeFirstStart] "C:Program FilesCommon FilesNeroLibNMFirstStart.exe" (User '?')
O4 - HKUSS-1-5-18..Run: [Communicator] "C:Program FilesMicrosoft Office CommunicatorCommunicator.exe" (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [Communicator] "C:Program FilesMicrosoft Office CommunicatorCommunicator.exe" (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:Program FilesAdobeAcrobat 8.0AcrobatAdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:Program FilesCisco SystemsVPN Clientvpngui.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:Program FilesApache Software FoundationApache2.2binApacheMonitor.exe
O4 - Global Startup: Push Client.LNK = C:Program FilesInterwiseParticipantpull.exe
O4 - Global Startup: Service Manager.lnk = C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:Program FilesAltovaXMLSpy2006spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:Program FilesAltovaXMLSpy2006spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:Program FilesAltovaXMLSpy2006spy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINNTbdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINNTbdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://halworld.corp.halliburton.com
O15 - Trusted Zone: *.backup.knowledgepak.com
O15 - Trusted Zone: *.corp.halliburton.com
O15 - Trusted Zone: *.halliburton.com
O15 - Trusted Zone: *.halliburton.jobs
O15 - Trusted Zone: *.halnet.com
O15 - Trusted Zone: *.knowledgepak.com
O15 - Trusted Zone: *.lgc.com
O15 - Trusted Zone: *.myhalliburton.com
O15 - Trusted Zone: *.outcast.com
O15 - Trusted Zone: *.outtask.com
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205418456505
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c5/v21.123/qboax10.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://access.halliburton.com/dana-cached/...perSetupSP1.cab
O17 - HKLMSystemCCSServicesTcpipParameters: Domain = corp.halliburton.com
O17 - HKLMSoftware..Telephony: DomainName = corp.halliburton.com
O17 - HKLMSystemCS1ServicesTcpipParameters: Domain = corp.halliburton.com
O17 - HKLMSystemCS1ServicesTcpipParameters: SearchList = williams.com,williams.com,corp.halliburton.com,corp.halliburton.com,williams.com,williams.com,corp.halliburton.com,halliburton.com
O17 - HKLMSystemCS2ServicesTcpipParameters: Domain = corp.halliburton.com
O17 - HKLMSystemCS2ServicesTcpipParameters: SearchList = williams.com,williams.com,corp.halliburton.com,corp.halliburton.com,williams.com,williams.com,corp.halliburton.com,halliburton.com
O17 - HKLMSystemCS3ServicesTcpipParameters: Domain = corp.halliburton.com
O17 - HKLMSystemCS3ServicesTcpipParameters: SearchList = williams.com,williams.com,corp.halliburton.com,corp.halliburton.com,williams.com,williams.com,corp.halliburton.com,halliburton.com
O17 - HKLMSystemCCSServicesTcpipParameters: SearchList = williams.com,williams.com,corp.halliburton.com,corp.halliburton.com,williams.com,williams.com,corp.halliburton.com,halliburton.com
O23 - Service: Adobe LM Service - Unknown owner - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:Program FilesAdobeAdobe Version CueserviceVersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINNTsystem32Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:Program FilesCisco SystemsVPN Clientcvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec AntiVirusDefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:Program FilesJuniper NetworksCommon FilesdsNcService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:Program FilesHalliburton VPNExtranet_serv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: HalXP API Check (HXPAPIC) - Unknown owner - C:WINNTSystem32hxpapics.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:Program FilesiPassiPassConnectiPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:Program FilesiPassiPassConnectiPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec Client FirewallISSVC.exe
O23 - Service: LGC EDM Data Receiver (E-Mail) - - C:LandmarkEDT_2003.21Common FilesJDKjrebinclientMailService.exe
O23 - Service: LGC EDM Data Receiver (File System) - - C:LandmarkEDT_2003.21Common FilesJDKjrebinclientDSImpServ.exe
O23 - Service: LGC EDM Simultaneous Activity Monitor - - C:LandmarkEDT_2003.21Common FilesJDKjrebinclientDSRegistryService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:oracleora92binONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:WINNTsystem32HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINNTsystem32PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINNTsystem32PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:Program FilesCommon FilesRoxio SharedSharedCOM8RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:Program FilesCommon FilesRoxio SharedSharedCOM8RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:Program FilesCommon FilesRoxio SharedSharedCOM8RoxWatch.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec Client SecuritySymantec AntiVirusSavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:Program FilesPhotodexProShowProducerScsiAccess.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:Program FilesSeagateSyncSeaSyncServices.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec AntiVirusRtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec Client FirewallSymSPort.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:Program FilesIntelWirelessBinWLKeeper.exe
O24 - Desktop Component 0: (no name) - http://www.mikebonnell.com/pic2/2004_09_Surreal05_1600.jpg

--
End of file - 22200 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:Program FilesAptanaAptana StudioIconsstandardaptana_file_js.ico
.js - JSFile - shellopencommand - "C:Program FilesAptanaAptana StudioAptanaStudio.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:winntsystem32driversaegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 DS1410D - c:winntsystem32driversds1410d.sys
R2 MDC80211 (iPass Protocol (IEEE 802.1x) v2.3.1.9) - c:winntsystem32driversmdc80211.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 s24trans (WLAN Transport) - c:winntsystem32driverss24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 Sentinel - c:winntsystem32driverssentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 Eacfilt (Eacfilt Miniport) - c:winntsystem32driverseacfilt.sys <Not Verified; Nortel Networks; Filter Driver for CVC>
R3 IPSECSHM (Nortel IPSECSHM Adapter) - c:winntsystem32driversipsecw2k.sys <Not Verified; Nortel Networks NA, Inc.; Contivity VPN Client>

S3 catchme - c:docume~1hx32804locals~1tempcatchme.sys (file missing)
S3 idisw2km - c:winntsystem32driversidisw2km.sys (file missing)
S3 IPSECEXT (Nortel Extranet Access Protocol) - c:winntsystem32driversipsecw2k.sys <Not Verified; Nortel Networks NA, Inc.; Contivity VPN Client>
S3 kbstuff (SMS Virtual Keyboard) - c:winntsystem32driverskbstuff5.sys (file missing)
S3 Sntnlusb (Rainbow USB SuperPro) - c:winntsystem32driverssntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:program filescommon filesapplemobile device supportbinapplemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 iPCAgent - c:program filesipassipassconnectipcagent.exe <Not Verified; iPass, Inc.; iPCAgent Module>
R2 LGC EDM Simultaneous Activity Monitor - "c:landmarkedt_2003.21common filesjdkjrebinclientdsregistryservice.exe"
R2 Nero BackItUp Scheduler 3 - c:program filesneronero8nero backitupnbservice.exe
R2 ProtexisLicensing - c:winntsystem32psiservice.exe <Not Verified; ; PSIService>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:program filesintelwirelessbinregsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 ScsiAccess - c:program filesphotodexproshowproducerscsiaccess.exe
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:program filesintelwirelessbinwlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>
R3 FLEXnet Licensing Service - "c:program filescommon filesmacrovision sharedflexnet publisherfnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 HXPAPIC (HalXP API Check) - c:winntsystem32hxpapics.exe
S3 AdobeVersionCue - c:program filesadobeadobe version cueserviceversioncue.exe <Not Verified; Adobe Sytems; Adobe Version Cue™>
S3 ExtranetAccess (Contivity VPN Service) - "c:program fileshalliburton vpnextranet_serv.exe" <Not Verified; Nortel Networks NA, Inc.; Nortel Networks Contivity VPN Client>
S3 iPassConnectEngine - c:program filesipassipassconnectipassconnectengine.exe <Not Verified; iPass; iPassConnectEngine Module>
S3 LGC EDM Data Receiver (E-Mail) - "c:landmarkedt_2003.21common filesjdkjrebinclientmailservice.exe"
S3 LGC EDM Data Receiver (File System) - "c:landmarkedt_2003.21common filesjdkjrebinclientdsimpserv.exe"
S3 OracleOraHome92ClientCache - c:oracleora92binonrsd.exe
S4 Apache2.2 - "c:program filesapache software foundationapache2.2binhttpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:program filesbonjourmdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S4 LGC_EDM_FileMover_Multi - c:program fileslgclgc_edm_filemovermultilgc_edm_filemover_multi.exe <Not Verified; LGC; LGC_EDM_FileMover_Multi>
S4 LGC_EDM_FileMoverDomain - c:program fileslgclgc_edm_filemover_domainlgc_edm_filemoverdomain.exe <Not Verified; LGC; LGC_EDM_FileMoverDomain>
S4 Sprint PCS v3 Utility Service - c:program filessprintsprint pcs connection managercmspcsutilsvc.exe <Not Verified; Sprint Spectrum, L.L.C; Sprint PCS Connection Manager Service Utility>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOTNET0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOTNET0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-04-04 17:10:03 284 --a------ C:WINNTTasksAppleSoftwareUpdate.job
2007-05-15 16:43:09 416 --a------ C:WINNTTasksRegistry Repair4.job
2006-08-15 14:45:05 366 --a------ C:WINNTTasksSymantec NetDetect.job


-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-05-31 20:53:51 0 d-------- C:Program FilesTrend Micro
2008-05-30 16:21:14 253440 --a------ C:WINNToddogy.dll
2008-05-30 14:49:19 0 d-------- C:Program FilesMicrosoft Visual Studio 8
2008-05-30 14:49:19 0 d-------- C:Program FilesCommon FilesMerge Modules
2008-05-30 13:49:52 0 d-------- C:Documents and Settingshx32804Application Datacom.StudioCloud.WebsiteDesigner.8AC2E5115FA71A7E7B2D71B1AE975C4ABEFA01F6.1
2008-05-30 13:30:17 51616 --ah----- C:WINNTsystem32mlfcache.dat
2008-05-30 11:15:42 0 d-------- C:Program FilesApache Software Foundation
2008-05-30 09:36:35 0 d-------- C:Documents and Settingshx32804Application DataAptana
2008-05-30 09:30:05 0 d-------- C:Program FilesAptana
2008-05-29 16:14:11 0 d-------- C:Documents and Settingshx32804Application DataSiteBuilder.1092AF29A5D2D6F129EC9E969ADB342C4F09EC7B.1
2008-05-29 16:09:17 0 d-------- C:Program FilesCommon FilesAdobe AIR
2008-05-29 11:49:11 0 d-------- C:Documents and SettingsAll UsersApplication DataPopCap
2008-05-28 16:35:06 0 d-------- C:Program FilesCommon FilesAltova
2008-05-28 16:35:05 0 d-------- C:Program FilesAltova
2008-05-28 13:11:40 0 d-------- C:~QTWTMP.TMP
2008-05-28 12:21:39 0 d-------- C:MyS2GApp
2008-05-28 10:51:27 0 d-------- C:Program FilesPage Galleryv3.5
2008-05-28 09:47:48 196908 --a------ C:WINNTPage Gallery Uninstaller.exe
2008-05-28 09:47:42 0 d-------- C:Program FilesPage Gallery
2008-05-20 10:05:59 0 d-------- C:Documents and Settingshx32804Application DataSchlumberger
2008-05-19 13:43:11 0 d-------- C:Documents and Settingshx32804.SimplyCanvas
2008-05-15 15:15:02 299008 --a------ C:WINNTuninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-05-14 12:45:16 0 d-------- C:WINNTms
2008-05-13 17:13:11 0 d-------- C:Program FilesGraphis
2008-05-13 17:13:11 0 d-------- C:Documents and Settingshx32804Application DataKylebank
2008-05-13 17:13:11 0 d-------- C:Documents and SettingsAll UsersApplication DataKylebank


-- Find3M Report ---------------------------------------------------------------

2008-05-31 03:09:47 40 --a------ C:WINNTsystem32profile.dat
2008-05-31 01:04:10 0 d-------- C:Program FilesCommon FilesSymantec Shared
2008-05-30 14:49:19 0 d-------- C:Program FilesCommon Files
2008-05-30 14:22:38 0 d-------- C:Documents and Settingshx32804Application DataMozilla
2008-05-29 16:09:23 0 d-------- C:Documents and Settingshx32804Application DataAdobe
2008-05-29 15:24:17 0 d-------- C:Program FilesPlaxo
2008-05-28 10:56:51 791 --a------ C:Documents and Settingshx32804Application DataPageGalleryPrefs.ini
2008-05-22 15:11:31 0 d-------- C:Documents and Settingshx32804Application DataLandmark
2008-05-22 12:29:46 1231 --a------ C:WINNTsystem32SetEDTEnvVars_2003_21.bat
2008-05-05 16:26:07 0 d-------- C:Documents and Settingshx32804Application DataU3
2008-04-28 16:47:45 41228 --ahs---- C:WINNTsystem32jmllm.ini2
2008-04-15 10:05:17 0 d-------- C:Program FilesCitrix
2008-04-08 15:48:18 117760 --a------ C:WINNTsystem32bcdsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-08 15:48:18 48128 --a------ C:WINNTsystem32bcdprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-04 18:03:27 0 d-------- C:Program FilesSafari
2008-04-04 18:01:56 0 d-------- C:Program FilesiTunes
2008-04-04 18:01:42 0 d-------- C:Program FilesiPod
2008-04-04 18:00:05 0 d-------- C:Program FilesQuickTime
2008-03-27 10:47:09 8 --a------ C:WINNTsystem32success
2008-03-13 18:21:06 1264 --ahs---- C:WINNTsystem32KGyGaAvL.sys
2008-03-12 10:17:20 161364436 --a------ C:SYM_REGISTRY_BACKUP.reg
2008-03-11 21:01:25 8 -r-hs---- C:WINNTsystem32E65D665280.sys
2008-03-07 15:30:09 268 -r-h----- C:Documents and Settingshx32804Application DataRadio Sounds
2008-03-07 15:28:19 268 -r-h----- C:Documents and Settingshx32804Application DataProject Templates
2008-03-07 15:19:10 268 -r-h----- C:Documents and Settingshx32804Application Datafilter


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{73AB9095-4904-4C64-83D8-01F9F7DDC41C}]
05/30/2008 04:21 PM 253440 --a------ C:WINNToddogy.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{BBDF68D2-9E56-43A8-B792-782B6269B988}]
C:WINNTsystem32mllmj.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"DIRECT!"="C:PROGRA~1COURIO~1IDENTI~1direct.exe" [03/24/2003 10:57 AM]
"HalHelp"="c:program fileshalliburtonhalhelphalhelp.exe" [11/05/2003 11:45 AM]
"RoxWatchTray"="C:Program FilesCommon FilesRoxio SharedSharedCOM8RoxWatchTray.exe" [12/07/2005 04:24 AM]
"ccApp"="C:Program FilesCommon FilesSymantec SharedccApp.exe" [12/21/2005 11:33 AM]
"vptray"="C:PROGRA~1SYMANT~1SYMANT~2VPTray.exe" [05/27/2006 03:06 PM]
"SoundMAXPnP"="C:Program FilesAnalog DevicesCoresmax4pnp.exe" [05/20/2005 09:11 AM]
"SoundMAX"="C:Program FilesAnalog DevicesSoundMAXSmax4.exe" [05/06/2005 04:06 PM]
"AGRSMMSG"="AGRSMMSG.exe" [12/12/2005 04:00 PM C:WINNTAGRSMMSG.exe]
"SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [03/31/2006 04:01 PM]
"QlbCtrl"="C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" [03/07/2006 03:38 PM]
"AccelerometerSysTrayApplet"="C:WINNTsystem32AccelerometerSt.exe" [01/16/2006 11:01 PM]
"IntelZeroConfig"="C:Program FilesIntelWirelessbinZCfgSvc.exe" [08/02/2006 01:38 AM]
"IntelWireless"="C:Program FilesIntelWirelessBinifrmewrk.exe" [08/02/2006 01:32 AM]
"ProxyUpdate"="C:WINNTHXPProxyUpdate.vbs" [05/18/2008 08:34 AM]
"SAPRUNHXP"="C:WINNTsaplogoncheck.exe" [08/17/2004 10:18 AM]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_05binjusched.exe" [02/22/2008 04:25 AM]
"StxTrayMenu"="C:Program FilesSeagateSystemTrayStxMenuMgr.exe" [01/18/2007 01:20 PM]
"Acrobat Assistant 8.0"="C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe" [10/22/2006 11:24 PM]
"NeroFilterCheck"="C:Program FilesCommon FilesNeroLibNeroCheck.exe" [03/01/2007 03:57 PM]
"NBKeyScan"="C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe" [09/20/2007 09:51 AM]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [10/10/2007 08:51 PM]
"!AVG Anti-Spyware"="C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" [06/11/2007 04:25 AM]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINNTsystem32ctfmon.exe" [08/04/2004 12:56 AM]
"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [09/15/2007 07:09 PM]
"H/PC Connection Agent"="C:Program FilesMicrosoft ActiveSyncwcescomm.exe" [06/20/2006 11:36 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:Program FilesCommon FilesNeroLibNMBgMonitor.exe" [10/23/2007 03:18 PM]
"Ceedo AutoDetect"="C:DOCUME~1hx32804LOCALS~1TempAutoDetect.exe" []

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"Communicator"="C:Program FilesMicrosoft Office CommunicatorCommunicator.exe"

C:Documents and Settingshx32804Start MenuProgramsStartup
Nikon Monitor.lnk - C:Program FilesCommon FilesNikonMonitorNkMonitor.exe [6/14/2007 8:39:18 PM]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Acrobat Speed Launcher.lnk - C:WINNTInstaller{AC76BA86-1033-0000-7760-000000000003}_SC_Acrobat.exe [7/24/2007 9:29:56 AM]
Adobe Acrobat Synchronizer.lnk - C:Program FilesAdobeAcrobat 8.0AcrobatAdobeCollabSync.exe [10/23/2006 12:01:50 AM]
Adobe Gamma Loader.lnk - C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2/15/2007 10:49:37 PM]
Bluetooth.lnk - C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe [2/15/2006 5:16:02 PM]
Cisco Systems VPN Client.lnk - C:Program FilesCisco SystemsVPN Clientvpngui.exe [3/27/2008 10:46:31 AM]
Monitor Apache Servers.lnk - C:Program FilesApache Software FoundationApache2.2binApacheMonitor.exe [1/18/2008 12:38:50 AM]
Push Client.LNK - C:Program FilesInterwiseParticipantpull.exe [7/17/2006 12:54:24 PM]
Service Manager.lnk - C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe [12/17/2002 5:23:32 PM]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"DisableRegistryTools"=0 (0x0)
"HideLogonScripts"=1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoAutoUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyckpNotify]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINNTsystem32mllmj.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversiongroup policystateS-1-5-21-8740799-2134930118-1361462980-527893ScriptsLogon00]
"Script"=corp.halliburton.comsysvolcorp.halliburton.comscriptsSMSRunSMSLogon.cmd

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversiongroup policystateS-1-5-21-8740799-2134930118-1361462980-527893ScriptsLogon10]
"Script"=corp.halliburton.comsysvolcorp.halliburton.comscriptsPROXYrunpxy.cmd

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversiongroup policystateS-1-5-21-8740799-2134930118-1361462980-550932ScriptsLogon00]
"Script"=corp.halliburton.comsysvolcorp.halliburton.comscriptsSMSRunSMSLogon.cmd

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversiongroup policystateS-1-5-21-8740799-2134930118-1361462980-550932ScriptsLogon10]
"Script"=corp.halliburton.comsysvolcorp.halliburton.comscriptsPROXYrunpxy.cmd

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHXPAPIC]
@="Service"


[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCommunicator]
"C:Program FilesMicrosoft Office CommunicatorCommunicator.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRoxWatchTray]
"C:Program FilesCommon FilesRoxio SharedSharedCOM8RoxWatchTray.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program FilesJavajre1.5.0_06binjusched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
"RoxWatch"=2 (0x2)
"RoxMediaDB"=3 (0x3)
"RoxLiveShare"=2 (0x2)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"H/PC Connection Agent"="C:PROGRA~1MICROS~3wcescomm.exe"
"PlaxoUpdate"=C:Program FilesPlaxo2.13.0.12PlaxoHelper.exe -a
"swg"=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"Avvenu Update"=C:Program FilesAvvenuAvvenu_updater.exe
"AdobeVersionCue"=C:Program FilesAdobeAdobe Version CueControlPanelVersionCueTray.exe
"Avvenu Access n Share Update"="C:Program FilesAvvenuAvvenu_updater.exe"


[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2f34a1cb-1ac3-11dd-a9ef-001560c710ea}]
AutoRuncommand- E:LaunchU3.exe -a

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{39be74f2-a1c3-11dc-a8e5-0016417bd362}]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4d6bc4e8-4035-11dc-9d5e-001560c710ea}]
- .RECYCLERRECYCLER.exe
- C:WINNTsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .RECYCLERRECYCLER.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{55b36b74-07fa-11dc-9cec-0016417bd362}]
- G:Autorun.exe /run
- G:Autorun.exe /action
- G:Autorun.exe /uninstall

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f60ea290-a68f-11db-9c32-444553544200}]




-- End of Deckard's System Scanner: finished at 2008-06-01 09:43:47 ------------
Merged posts. ~ OB

Edited by Orange Blossom, 01 June 2008 - 02:41 PM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:47 PM

Posted 02 June 2008 - 11:21 PM

Hello babuffalo and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 babuffalo

babuffalo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 03 June 2008 - 10:17 AM

OT, Thanks for helping me.

I have attached the OTScanIT notepad file.

Attached Files


Edited by babuffalo, 03 June 2008 - 10:18 AM.


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:47 PM

Posted 03 June 2008 - 10:57 AM

Hi babuffalo. Let's see what we can do. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%systemroot%\oddogy.dll
%systemroot%\system32\mllmj.dll
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
Folders to delete:
%systemdrive%\~qtwtmp.tmp

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Ceedo AutoDetect -> %SystemDrive%\DOCUME~1\hx32804\LOCALS~1\Temp\AutoDetect.exe [C:\DOCUME~1\hx32804\LOCALS~1\Temp\AutoDetect.exe /active]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {E9383002-FC55-4330-B9C9-67E03BC5C840} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> ckpNotify -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoUpdate -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\\DisableWindowsUpdateAccess -> 1
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {73AB9095-4904-4C64-83D8-01F9F7DDC41C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\oddogy.dll [IE]
YN -> {BBDF68D2-9E56-43A8-B792-782B6269B988} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mllmj.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {2222EF56-F49E-4d07-A14E-8D2B08766958}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Edit with Altova X&MLSpy]
YN -> {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINNT\system32\mllmj.dll -> %SystemRoot%\system32\mllmj.dll
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\E:\Ceedo\Program Files\Skype\Phone\Skype.exe -> E:\Ceedo\Program Files\Skype\Phone\Skype.exe [E:\Ceedo\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Symantec AntiVirus\Rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe [C:\Program Files\Symantec AntiVirus\Rtvscan.exe:*:Enabled:SAVRTVSCAN]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\ceedo\Program Files\BitTorrent\bittorrent.exe -> E:\ceedo\Program Files\BitTorrent\bittorrent.exe [E:\ceedo\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Ceedo\Program Files\Skype\Phone\Skype.exe -> E:\Ceedo\Program Files\Skype\Phone\Skype.exe [E:\Ceedo\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype]
[Files/Folders - Created Within 30 days]
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> ~QTWTMP.TMP -> %SystemDrive%\~QTWTMP.TMP
NY -> 1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp
NY -> oddogy.dll -> %SystemRoot%\oddogy.dll
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> 2 C:\Documents and Settings\hx32804\Desktop\*.tmp files -> C:\Documents and Settings\hx32804\Desktop\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> 1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp
NY -> 1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp
NY -> oddogy.dll -> %SystemRoot%\oddogy.dll
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> 2 C:\Documents and Settings\hx32804\Desktop\*.tmp files -> C:\Documents and Settings\hx32804\Desktop\*.tmp
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Just use the default settings.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here by copy/pasting them into the reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in the reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 babuffalo

babuffalo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 03 June 2008 - 02:33 PM

OT,

I ran Avenger, but could not get a copy of the report. It came up, but forgot to save it elsewhere. I see it in the Avenger folder, but it's a password-protected zip file. Do you know how I can access it?

The good thing is the "Annoying Pop-up" is gone.

Here are the other reports.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Ceedo AutoDetect deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E9383002-FC55-4330-B9C9-67E03BC5C840} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9383002-FC55-4330-B9C9-67E03BC5C840}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoUpdate deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\\DisableWindowsUpdateAccess deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73AB9095-4904-4C64-83D8-01F9F7DDC41C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73AB9095-4904-4C64-83D8-01F9F7DDC41C}\ deleted successfully.
File C:\WINNT\oddogy.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBDF68D2-9E56-43A8-B792-782B6269B988}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBDF68D2-9E56-43A8-B792-782B6269B988}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2222EF56-F49E-4d07-A14E-8D2B08766958}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2222EF56-F49E-4d07-A14E-8D2B08766958}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINNT\system32\mllmj.dll deleted successfully.
File C:\WINNT\system32\mllmj.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\E:\Ceedo\Program Files\Skype\Phone\Skype.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Symantec AntiVirus\Rtvscan.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\ceedo\Program Files\BitTorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Ceedo\Program Files\Skype\Phone\Skype.exe deleted successfully.
[Files/Folders - Created Within 30 days]
File C:\~QTWTMP.TMP not found!
C:\WINNT\B6F0BE9B41D745A29A76D3DB1A89EC6A.TMP folder deleted successfully.
File C:\WINNT\oddogy.dll not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
[Files/Folders - Modified Within 30 days]
File C:\WINNT\oddogy.dll not found!
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\hx32804\Local Settings\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINNT\temp\hsperfdata_SYSTEM\772 scheduled to be deleted on reboot.
File delete failed. C:\WINNT\temp\JET9A42.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.10 fix logfile created on 06032008_112052

Files moved on Reboot...
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
C:\Documents and Settings\hx32804\Local Settings\Temp\WCESLog.log moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINNT\temp\hsperfdata_SYSTEM\772 not found!
C:\WINNT\temp\JET9A42.tmp moved successfully.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scanning Report
Tuesday, June 03, 2008 11:43:10 - 14:21:50
Computer name: LG14650
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 8 malware found
Suspicious_M.gen (virus)
C:\WINNT\HXP\1\000168\NONAV\ESUGREG.EXE (Submitted)
C:\WINNT\HAL\SMS\SCS\2005\MSISETUP\NONAV\ESUGREGEX.EXE (Submitted)
C:\WINNT\HAL\SMS\SCS\2005\MSISETUP\MANDATORY\NONAV\ESUGREGEX.EXE (Submitted)
Tracking Cookie (spyware)
System
Trojan-Downloader.Win32.Delf.ijk (virus)
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\HX32804\LOCALS~1\TEMP\A210-TMP.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.FraudLoad.ate (virus)
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\HX32804\LOCALS~1\TEMP\A210-TMPAASI.EXE (Renamed & Submitted)
W32/Suspicious_U.gen (virus)
C:\PROGRAM FILES\ACE UTILITIES\AU.EXE (Submitted)
C:\DOWNLOADS\ACE UTILITIES\CRACK\AU.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 110357
System: 6253
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 2
Deleted: 0
None: 6
Submitted: 7
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINNT\TEMP\HSPERFDATA_SYSTEM\576
C:\WINNT\SYSTEM32\CONFIG\DEFAULT
C:\WINNT\SYSTEM32\CONFIG\SAM
C:\WINNT\SYSTEM32\CONFIG\SECURITY
C:\WINNT\SYSTEM32\CONFIG\SOFTWARE
C:\WINNT\SYSTEM32\CONFIG\SYSTEM
C:\WINNT\SOFTWAREDISTRIBUTION\EVENTCACHE\{BA83F7CA-C21C-4546-A4C7-8CEB66E4820C}.BIN

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-06-03
F-Secure AVP: 7.0.171, 2008-06-03
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Edited by babuffalo, 03 June 2008 - 02:34 PM.


#6 babuffalo

babuffalo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 03 June 2008 - 02:37 PM

OT,

I think I maxed out the attachment file space. It won't allow me to upload the OTScanIt file.
I have copied and pasted here. Let me know if I need to do anything else.

OTScanIt logfile created on: 6/3/2008 2:24:15 PM
OTScanIt by OldTimer - Version 1.0.15.10	 Folder = C:\Program Files\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.77% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 80.05% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 16.58 Gb Free Space | 22.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LG14650
Current User Name: hx32804
NOT logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 405504 bytes | Modified Date = 5/10/2006 9:21:08 AM | Attr =	]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20   | Size = 434176 bytes | Modified Date = 8/2/2006 1:39:20 AM | Attr =	]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10.5.0.34   | Size = 937984 bytes | Modified Date = 8/2/2006 1:31:22 AM | Attr =	]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10.5.0.4   | Size = 290816 bytes | Modified Date = 8/2/2006 1:35:58 AM | Attr =	]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.7.3 | Size = 186016 bytes | Modified Date = 12/21/2005 11:33:30 AM | Attr =	]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 103.5.7.3 | Size = 239264 bytes | Modified Date = 12/21/2005 11:33:36 AM | Attr =	]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.7.3 | Size = 177824 bytes | Modified Date = 12/21/2005 11:33:40 AM | Attr =	]
issvc.exe -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -> Symantec Corporation [Ver = 8.6.2.136 | Size = 79536 bytes | Modified Date = 5/26/2006 9:52:06 AM | Attr =	]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.1.105 | Size = 214672 bytes | Modified Date = 10/19/2005 5:39:34 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =	]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 258103 bytes | Modified Date = 2/15/2006 5:09:20 PM | Attr =	]
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.8.01.0300 | Size = 1520688 bytes | Modified Date = 4/20/2006 8:34:26 AM | Attr =	]
defwatch.exe -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.2.2002 | Size = 20208 bytes | Modified Date = 5/27/2006 3:06:04 PM | Attr =	]
dsncservice.exe -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 6, 0, 0, 12507 | Size = 423280 bytes | Modified Date = 12/27/2007 10:14:48 PM | Attr =	]
ipcagent.exe -> %ProgramFiles%\iPass\iPassConnect\iPCAgent.exe -> iPass, Inc. [Ver = 3, 36, 0, 0 | Size = 90112 bytes | Modified Date = 8/25/2005 3:41:36 PM | Attr =	]
dsregistryservice.exe -> %SystemDrive%\Landmark\EDT_2003.21\Common Files\JDK\jre\bin\client\DSRegistryService.exe ->   [Ver = 1.0.2650.32675 | Size = 24576 bytes | Modified Date = 4/4/2007 8:09:12 PM | Attr =	]
nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 9/20/2007 9:51:46 AM | Attr =	]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 2 | Size = 69632 bytes | Modified Date = 3/14/2005 1:05:02 PM | Attr =	]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 2/19/2008 12:00:19 AM | Attr =	]
psiservice.exe -> %SystemRoot%\system32\PSIService.exe ->  [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 11/2/2006 8:40:12 PM | Attr =	]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4   | Size = 327680 bytes | Modified Date = 8/2/2006 1:24:22 AM | Attr =	]
roxwatch.exe -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatch.exe -> Sonic Solutions [Ver = 8.0.6.8 | Size = 155648 bytes | Modified Date = 12/7/2005 4:14:24 AM | Attr =	]
savroam.exe -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.2.2002 | Size = 169200 bytes | Modified Date = 5/27/2006 3:06:14 PM | Attr =	]
scsiaccess.exe -> %ProgramFiles%\Photodex\ProShowProducer\scsiaccess.exe ->  [Ver =  | Size = 181312 bytes | Modified Date = 3/10/2008 4:10:41 PM | Attr =	]
seasyncservices.exe -> %ProgramFiles%\Seagate\Sync\SeaSyncServices.exe -> Seagate Technology LLC [Ver = 2, 0, 0, 7 | Size = 24120 bytes | Modified Date = 1/18/2007 1:20:24 PM | Attr =	]
rtvscan.exe -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.2.2002 | Size = 1757936 bytes | Modified Date = 5/27/2006 3:06:12 PM | Attr =	]
symsport.exe -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -> Symantec Corporation [Ver = 8.6.2.136 | Size = 161456 bytes | Modified Date = 5/26/2006 9:52:34 AM | Attr =	]
hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 8 | Size = 135168 bytes | Modified Date = 3/15/2006 4:28:32 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 405504 bytes | Modified Date = 5/10/2006 9:21:08 AM | Attr =	]
halhelp.exe -> %ProgramFiles%\Halliburton\HalHelp\HalHelp.exe -> Halliburton [Ver = 1.5.1.1 | Size = 395776 bytes | Modified Date = 11/5/2003 11:45:22 AM | Attr =	]
roxwatchtray.exe -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatchTray.exe ->  [Ver = 8.0.6.8 | Size = 163840 bytes | Modified Date = 12/7/2005 4:24:30 AM | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.7.3 | Size = 48800 bytes | Modified Date = 12/21/2005 11:33:28 AM | Attr =	]
vptray.exe -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.2.2002 | Size = 85744 bytes | Modified Date = 5/27/2006 3:06:20 PM | Attr =	]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/20/2005 9:11:06 AM | Attr =	]
roxmediadb.exe -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxMediaDB.exe -> Sonic Solutions [Ver = 8.0.6.8 | Size = 864256 bytes | Modified Date = 12/7/2005 4:16:52 AM | Attr =	]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.59 2.1.59 08/24/2005 16:24:34 | Size = 88203 bytes | Modified Date = 12/12/2005 4:00:46 PM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.23 31Mar06 | Size = 761946 bytes | Modified Date = 3/31/2006 4:01:48 PM | Attr =	]
qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ->  Hewlett-Packard Development Company, L.P. [Ver = 6, 0, 5, 1 | Size = 131072 bytes | Modified Date = 3/7/2006 3:38:14 PM | Attr =	]
accelerometerst.exe -> %SystemRoot%\system32\accelerometerST.exe -> Hewlett-Packard Corporation [Ver = V1.0.2 | Size = 53248 bytes | Modified Date = 1/16/2006 11:01:46 PM | Attr =	]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.0.5   | Size = 802816 bytes | Modified Date = 8/2/2006 1:38:30 AM | Attr =	]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.0.1   | Size = 696320 bytes | Modified Date = 8/2/2006 1:32:44 AM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
stxmenumgr.exe -> %ProgramFiles%\Seagate\SystemTray\StxMenuMgr.exe -> Seagate LLC [Ver = 2, 1, 0, 0 | Size = 190008 bytes | Modified Date = 1/18/2007 1:20:26 PM | Attr =	]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 10/22/2006 11:24:02 PM | Attr =	]
cpshelprunner.exe -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\CPSHelpRunner.exe -> Sonic Solutions [Ver = 8.0.6.8 | Size = 10240 bytes | Modified Date = 12/7/2005 4:05:18 AM | Attr =	]
ipccheck.exe -> %ProgramFiles%\iPass\iPassConnect\downloader\ipccheck.exe -> iPass Inc [Ver = 3.36.0.0 | Size = 286720 bytes | Modified Date = 8/25/2005 3:53:32 PM | Attr =	]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10.5.0.3  | Size = 479232 bytes | Modified Date = 8/2/2006 1:27:54 AM | Attr =	]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 9/15/2007 7:09:29 PM | Attr =	]
nmbgmonitor.exe -> %CommonProgramFiles%\Nero\Lib\NMBgMonitor.exe -> Nero AG [Ver = 3.1.3.0 | Size = 202024 bytes | Modified Date = 10/23/2007 3:18:46 PM | Attr =	]
nmindexingservice.exe -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.1.3.0 | Size = 382248 bytes | Modified Date = 10/23/2007 3:19:06 PM | Attr =	]
fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 7/24/2007 9:30:14 AM | Attr =	]
nmindexstoresvr.exe -> %CommonProgramFiles%\Nero\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 3.1.3.0 | Size = 1410344 bytes | Modified Date = 10/23/2007 3:19:06 PM | Attr =	]
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 581693 bytes | Modified Date = 2/15/2006 5:16:02 PM | Attr =	]
btstac~1.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTStackServer.exe -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 1265748 bytes | Modified Date = 2/15/2006 5:14:44 PM | Attr =	]
apachemonitor.exe -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe -> Apache Software Foundation [Ver = 2.2.8 | Size = 41041 bytes | Modified Date = 1/18/2008 12:38:50 AM | Attr =	]
pull.exe -> %ProgramFiles%\Interwise\Participant\pull.exe -> Interwise Ltd [Ver = 6.0.06 | Size = 847872 bytes | Modified Date = 6/2/2005 11:39:50 AM | Attr =	]
nkmonitor.exe -> %CommonProgramFiles%\Nikon\Monitor\NkMonitor.exe -> Nikon Corporation [Ver = 1.0.1.3000 | Size = 479232 bytes | Modified Date = 6/14/2007 8:39:18 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 3/10/2008 10:44:30 AM | Attr =	]
otscanit.exe -> %ProgramFiles%\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.10 | Size = 373760 bytes | Modified Date = 6/2/2008 12:37:14 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe ->  [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 2/15/2007 11:00:30 PM | Attr =	]
(AdobeVersionCue) AdobeVersionCue [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Adobe\Adobe Version Cue\service\VersionCue.exe -> Adobe Sytems [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 10/13/2003 5:24:14 PM | Attr =	]
(Apache2.2) Apache2.2 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\httpd.exe -> Apache Software Foundation [Ver = 2.2.8 | Size = 24635 bytes | Modified Date = 1/18/2008 12:37:26 AM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 405504 bytes | Modified Date = 5/10/2006 9:21:08 AM | Attr =	]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 258103 bytes | Modified Date = 2/15/2006 5:09:20 PM | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.7.3 | Size = 186016 bytes | Modified Date = 12/21/2005 11:33:30 AM | Attr =	]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 103.5.7.3 | Size = 239264 bytes | Modified Date = 12/21/2005 11:33:36 AM | Attr =	]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.5.7.3 | Size = 83616 bytes | Modified Date = 12/21/2005 11:33:38 AM | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.7.3 | Size = 177824 bytes | Modified Date = 12/21/2005 11:33:40 AM | Attr =	]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.8.01.0300 | Size = 1520688 bytes | Modified Date = 4/20/2006 8:34:26 AM | Attr =	]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.2.2002 | Size = 20208 bytes | Modified Date = 5/27/2006 3:06:04 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr =	]
(dsNcService) Juniper Network Connect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 6, 0, 0, 12507 | Size = 423280 bytes | Modified Date = 12/27/2007 10:14:48 PM | Attr =	]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20   | Size = 434176 bytes | Modified Date = 8/2/2006 1:39:20 AM | Attr =	]
(ExtranetAccess) Contivity VPN Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Halliburton VPN\Extranet_serv.exe -> Nortel Networks NA, Inc. [Ver = 06,01,0,014 | Size = 811008 bytes | Modified Date = 9/6/2005 1:32:34 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 7/24/2007 9:30:14 AM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 9/14/2007 10:04:13 AM | Attr =	]
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 8 | Size = 135168 bytes | Modified Date = 3/15/2006 4:28:32 PM | Attr =	]
(HXPAPIC) HalXP API Check [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\Hxpapics.exe ->  [Ver =  | Size = 15872 bytes | Modified Date = 12/21/1999 7:59:08 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr =	]
(iPassConnectEngine) iPassConnectEngine [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPass\iPassConnect\iPassConnectEngine.exe -> iPass [Ver = 3, 36, 0, 0 | Size = 1064960 bytes | Modified Date = 8/25/2005 3:49:30 PM | Attr =	]
(iPCAgent) iPCAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\iPass\iPassConnect\iPCAgent.exe -> iPass, Inc. [Ver = 3, 36, 0, 0 | Size = 90112 bytes | Modified Date = 8/25/2005 3:41:36 PM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr =	]
(ISSVC) IS Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -> Symantec Corporation [Ver = 8.6.2.136 | Size = 79536 bytes | Modified Date = 5/26/2006 9:52:06 AM | Attr =	]
(LGC EDM Data Receiver (E-Mail)) LGC EDM Data Receiver (E-Mail) [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Landmark\EDT_2003.21\Common Files\JDK\jre\bin\client\MailService.exe ->   [Ver = 1.0.2650.32689 | Size = 24576 bytes | Modified Date = 4/4/2007 8:09:40 PM | Attr =	]
(LGC EDM Data Receiver (File System)) LGC EDM Data Receiver (File System) [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Landmark\EDT_2003.21\Common Files\JDK\jre\bin\client\DSImpServ.exe ->   [Ver = 1.0.2650.32684 | Size = 40960 bytes | Modified Date = 4/4/2007 8:09:30 PM | Attr =	]
(LGC EDM Simultaneous Activity Monitor) LGC EDM Simultaneous Activity Monitor [Win32_Own | Auto | Running] -> %SystemDrive%\Landmark\EDT_2003.21\Common Files\JDK\jre\bin\client\DSRegistryService.exe ->   [Ver = 1.0.2650.32675 | Size = 24576 bytes | Modified Date = 4/4/2007 8:09:12 PM | Attr =	]
(LGC_EDM_FileMoverDomain) LGC_EDM_FileMoverDomain [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\LGC\LGC_EDM_FileMover_Domain\LGC_EDM_FileMoverDomain.exe -> LGC [Ver = 1.5.2609.2668 | Size = 36864 bytes | Modified Date = 2/22/2007 2:30:54 AM | Attr =	]
(LGC_EDM_FileMover_Multi) LGC_EDM_FileMover_Multi [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\LGC\LGC_EDM_FileMoverMulti\LGC_EDM_FileMover_Multi.exe -> LGC [Ver = 1.5.2609.3106 | Size = 40960 bytes | Modified Date = 2/22/2007 2:47:12 AM | Attr =	]
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 9/20/2007 9:51:46 AM | Attr =	]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.1.3.0 | Size = 382248 bytes | Modified Date = 10/23/2007 3:19:06 PM | Attr =	]
(OracleOraHome92ClientCache) OracleOraHome92ClientCache [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\oracle\ora92\bin\ONRSD.EXE ->  [Ver =  | Size = 243196 bytes | Modified Date = 10/13/2004 11:55:42 AM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 2 | Size = 69632 bytes | Modified Date = 3/14/2005 1:05:02 PM | Attr =	]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 2/19/2008 12:00:19 AM | Attr =	]
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PSIService.exe ->  [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 11/2/2006 8:40:12 PM | Attr =	]
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4   | Size = 327680 bytes | Modified Date = 8/2/2006 1:24:22 AM | Attr =	]
(RoxLiveShare) LiveShare P2P Server [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxLiveShare.exe -> Sonic Solutions [Ver = 8.0.6.8 | Size = 233472 bytes | Modified Date = 12/7/2005 4:18:32 AM | Attr =	]
(RoxMediaDB) RoxMediaDB [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxMediaDB.exe -> Sonic Solutions [Ver = 8.0.6.8 | Size = 864256 bytes | Modified Date = 12/7/2005 4:16:52 AM | Attr =	]
(RoxWatch) Roxio Hard Drive Watcher [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatch.exe -> Sonic Solutions [Ver = 8.0.6.8 | Size = 155648 bytes | Modified Date = 12/7/2005 4:14:24 AM | Attr =	]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10.5.0.34   | Size = 937984 bytes | Modified Date = 8/2/2006 1:31:22 AM | Attr =	]
(SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.2.2002 | Size = 169200 bytes | Modified Date = 5/27/2006 3:06:14 PM | Attr =	]
(ScsiAccess) ScsiAccess [Win32_Own | Auto | Running] -> %ProgramFiles%\Photodex\ProShowProducer\scsiaccess.exe ->  [Ver =  | Size = 181312 bytes | Modified Date = 3/10/2008 4:10:41 PM | Attr =	]
(Seagate Sync Service) Seagate Sync Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Seagate\Sync\SeaSyncServices.exe -> Seagate Technology LLC [Ver = 2, 0, 0, 7 | Size = 24120 bytes | Modified Date = 1/18/2007 1:20:24 PM | Attr =	]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.1.105 | Size = 214672 bytes | Modified Date = 10/19/2005 5:39:34 PM | Attr =	]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,5,1,3 | Size = 992864 bytes | Modified Date = 3/30/2005 9:48:22 PM | Attr =	]
(Sprint PCS v3 Utility Service) Sprint PCS v3 Utility Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe -> Sprint Spectrum, L.L.C [Ver = 3, 1, 0, 20 | Size = 135168 bytes | Modified Date = 1/25/2006 12:17:04 PM | Attr =	]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.2.2002 | Size = 1757936 bytes | Modified Date = 5/27/2006 3:06:12 PM | Attr =	]
(SymSecurePort) Symantec SecurePort [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -> Symantec Corporation [Ver = 8.6.2.136 | Size = 161456 bytes | Modified Date = 5/26/2006 9:52:34 AM | Attr =	]
(WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10.5.0.4   | Size = 290816 bytes | Modified Date = 8/2/2006 1:35:58 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe ["C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =	]
AccelerometerSysTrayApplet -> %SystemRoot%\system32\accelerometerST.exe [C:\WINNT\system32\AccelerometerSt.exe] -> Hewlett-Packard Corporation [Ver = V1.0.2 | Size = 53248 bytes | Modified Date = 1/16/2006 11:01:46 PM | Attr =	]
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 10/22/2006 11:24:02 PM | Attr =	]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 8:51:56 PM | Attr =	]
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.59 2.1.59 08/24/2005 16:24:34 | Size = 88203 bytes | Modified Date = 12/12/2005 4:00:46 PM | Attr =	]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 103.5.7.3 | Size = 48800 bytes | Modified Date = 12/21/2005 11:33:28 AM | Attr =	]
DIRECT! -> %ProgramFiles%\Courion Corporation\Identity Management Suite DIRECT!\direct.exe [C:\PROGRA~1\COURIO~1\IDENTI~1\direct.exe] -> Courion Corporation [Ver = 6.00.00.88 | Size = 69697 bytes | Modified Date = 3/24/2003 10:57:04 AM | Attr =	]
HalHelp -> %ProgramFiles%\Halliburton\HalHelp\HalHelp.exe [c:\program files\halliburton\halhelp\halhelp.exe] -> Halliburton [Ver = 1.5.1.1 | Size = 395776 bytes | Modified Date = 11/5/2003 11:45:22 AM | Attr =	]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> Intel Corporation [Ver = 10.5.0.1   | Size = 696320 bytes | Modified Date = 8/2/2006 1:32:44 AM | Attr =	]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> Intel Corporation [Ver = 10.5.0.5   | Size = 802816 bytes | Modified Date = 8/2/2006 1:38:30 AM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr =	]
NBKeyScan -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ["C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"] -> Nero AG [Ver = 3, 1, 0, 0 | Size = 1836328 bytes | Modified Date = 9/20/2007 9:51:46 AM | Attr =	]
NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe [C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 3/1/2007 3:57:24 PM | Attr =	]
ProxyUpdate -> %SystemRoot%\HXP\ProxyUpdate.vbs [C:\WINNT\HXP\ProxyUpdate.vbs] ->  [Ver =  | Size = 23976 bytes | Modified Date = 5/18/2008 8:34:49 AM | Attr =	]
QlbCtrl -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] ->  Hewlett-Packard Development Company, L.P. [Ver = 6, 0, 5, 1 | Size = 131072 bytes | Modified Date = 3/7/2006 3:38:14 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 3/28/2008 11:37:20 PM | Attr =	]
RoxWatchTray -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatchTray.exe ["C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"] ->  [Ver = 8.0.6.8 | Size = 163840 bytes | Modified Date = 12/7/2005 4:24:30 AM | Attr =	]
SAPRUNHXP -> %SystemRoot%\SapLogoncheck.EXE [C:\WINNT\saplogoncheck.exe /s] ->  [Ver =  | Size = 114776 bytes | Modified Date = 8/17/2004 10:18:38 AM | Attr =	]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe [C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray] -> Analog Devices, Inc. [Ver = 5, 2, 0, 8 | Size = 716800 bytes | Modified Date = 5/6/2005 4:06:12 PM | Attr =	]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/20/2005 9:11:06 AM | Attr =	]
StxTrayMenu -> %ProgramFiles%\Seagate\SystemTray\StxMenuMgr.exe ["C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"] -> Seagate LLC [Ver = 2, 1, 0, 0 | Size = 190008 bytes | Modified Date = 1/18/2007 1:20:26 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.23 31Mar06 | Size = 761946 bytes | Modified Date = 3/31/2006 4:01:48 PM | Attr =	]
vptray -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe] -> Symantec Corporation [Ver = 10.0.2.2002 | Size = 85744 bytes | Modified Date = 5/27/2006 3:06:20 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 3.1.3.0 | Size = 202024 bytes | Modified Date = 10/23/2007 3:18:46 PM | Attr =	]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 9/15/2007 7:09:29 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ->  [Ver =  | Size = 295606 bytes | Modified Date = 3/6/2008 7:36:06 PM | Attr = R  ]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ->  [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 12:01:50 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 10/12/2003 8:00:10 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 581693 bytes | Modified Date = 2/15/2006 5:16:02 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk -> %ProgramFiles%\Cisco Systems\VPN Client\vpngui.exe -> Cisco Systems, Inc. [Ver = 4.8.01.0300 | Size = 1528880 bytes | Modified Date = 4/20/2006 8:34:30 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Monitor Apache Servers.lnk -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe -> Apache Software Foundation [Ver = 2.2.8 | Size = 41041 bytes | Modified Date = 1/18/2008 12:38:50 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Push Client.LNK -> %ProgramFiles%\Interwise\Participant\pull.exe -> Interwise Ltd [Ver = 6.0.06 | Size = 847872 bytes | Modified Date = 6/2/2005 11:39:50 AM | Attr =	]
< hx32804 Startup Folder > -> C:\Documents and Settings\hx32804\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Nikon Monitor.lnk -> %CommonProgramFiles%\Nikon\Monitor\NkMonitor.exe -> Nikon Corporation [Ver = 1.0.1.3000 | Size = 479232 bytes | Modified Date = 6/14/2007 8:39:18 PM | Attr =	]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL -> 
IWPDGINA.DLL -> %SystemRoot%\system32\IWPDGINA.dll -> Intel Corporation [Ver = 10.5.0.1   | Size = 229376 bytes | Modified Date = 8/2/2006 1:46:54 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 61440 bytes | Modified Date = 5/10/2006 9:22:10 AM | Attr =	]
NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 10.0.2.2002 | Size = 43760 bytes | Modified Date = 5/27/2006 3:06:28 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogonScripts -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:54 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________HQ04____\304b36315335344c343120392020202020202020 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 7/17/2006 12:06:58 PM | Attr =	]
< HOSTS File > (686 bytes) -> C:\WINNT\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://halworld.corp.halliburton.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 10 domain(s) found. -> 
backup.knowledgepak.com .[*] -> Trusted sites -> 
corp.halliburton.com .[*] -> Trusted sites -> 
halliburton.com .[*] -> Trusted sites -> 
halliburton.jobs .[*] -> Trusted sites -> 
halnet.com .[*] -> Trusted sites -> 
knowledgepak.com .[*] -> Trusted sites -> 
lgc.com .[*] -> Trusted sites -> 
myhalliburton.com .[*] -> Trusted sites -> 
outcast.com .[*] -> Trusted sites -> 
outtask.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 4/30/2008 10:28:35 AM | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 9/14/2007 10:04:12 AM | Attr = R  ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]
{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ue_toolbar\ue_toolbar.dll [UltraEdit Toolbar] -> IDM Computer Solutions Inc. [Ver = 5.0.0.20 | Size = 1927360 bytes | Modified Date = 11/27/2006 10:24:34 AM | Attr =	]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItIEAddin.dll [SnagIt] -> TechSmith Corporation [Ver = 8.2.3.14 | Size = 161352 bytes | Modified Date = 5/1/2007 11:12:00 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 9/14/2007 10:04:12 AM | Attr = R  ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]
WebBrowser\\{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ue_toolbar\ue_toolbar.dll [UltraEdit Toolbar] -> IDM Computer Solutions Inc. [Ver = 5.0.0.20 | Size = 1927360 bytes | Modified Date = 11/27/2006 10:24:34 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 1/9/2008 3:01:48 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]
Edit with Altova X&MLSpy -> %ProgramFiles%\Altova\XMLSpy2006\spy.htm ->  [Ver =  | Size = 801 bytes | Modified Date = 9/30/2005 2:20:26 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{2B26A012-DF97-4204-905A-695E7C8F7A72} ->	() -> 
{423D3448-472A-496E-9AC4-4244DE6E9373} ->	(Windows Mobile-based Device) -> 
{54AABD62-BBF4-4A89-B30F-EA985550244A} ->	(Broadcom NetXtreme Gigabit Ethernet) -> 
{74A675F0-655A-489B-AAC0-BA8F76960838} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{8CB34CFF-EE3A-4E5A-8465-11A331216B1C} ->	() -> 
{B195A425-E95D-4A30-BB6F-8E790BA6D8BA} ->	(Windows Mobile-based Device) -> 
{E60F8805-3956-4CD4-AE04-5CA8FBC9856A} ->	(1394 Net Adapter) -> 
{EFE54525-9B2A-4932-A9BA-71609F12CA9F} ->	() -> 
{F4C87F60-403C-424C-9E5B-AEB80196C945} ->	() -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
saphtmlp:{D1F8BD1E-7967-11D2-B43A-006094B9EADB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL[SAP HTML Pluggable Protocol] -> SAP AG, Walldorf [Ver = 7100.1.0.11 | Size = 69632 bytes | Modified Date = 12/29/2006 3:15:44 PM | Attr =	]
sapr3:{D1F8BD1E-7967-11D2-B43A-006094B9EADB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL[SAP HTML Pluggable Protocol] -> SAP AG, Walldorf [Ver = 7100.1.0.11 | Size = 69632 bytes | Modified Date = 12/29/2006 3:15:44 PM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{44990301-3C9D-426D-81DF-AAB636FA4345}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab[Symantec Script Runner Class] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205418456505[MUWebControl Class] -> 
{843EE768-3A97-455C-9076-741BA3AD7B62}[HKEY_LOCAL_MACHINE] -> https://accounting.quickbooks.com/c5/v21.123/qboax10.cab[QuickBooks Online Edition Utilities Class v10] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_06] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab[PopCapLoader Object] -> 
{E5F5D008-DD2C-4D32-977D-1A0ADF03058B}[HKEY_LOCAL_MACHINE] -> https://access.halliburton.com/dana-cached/setup/JuniperSetupSP1.cab[JuniperSetupSP1 Control] -> 
Web-Based Email Tools[HKEY_LOCAL_MACHINE] -> http://email.secureserver.net/Download.CAB[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/bdoscandel.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/bdoscandel.exe\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/bdoscandel.exe\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/bdoscandellang.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/bdoscandellang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/bdoscandellang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/bdcore.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/bdcore.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/bdcore.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/bdupd.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/bdupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/bdupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/JuniperSetup.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/JuniperSetup.ocx\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/JuniperSetup.ocx\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_de.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_de.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_de.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_en.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_en.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_en.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_es.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_es.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_es.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_fr.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_fr.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_fr.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_ja.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_ja.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_ja.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_ko.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_ko.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_ko.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_zh.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_zh.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_zh.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_zh_cn.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_zh_cn.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/string_zh_cn.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ipsupd.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ipsupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ipsupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/JuniperSetup.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/JuniperSetup.ocx\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/JuniperSetup.ocx\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/lang.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/lang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/lang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/libfn.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/libfn.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/libfn.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/live.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/live.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/live.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MsnPUpld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/oscan82.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/oscan82.ocx\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/oscan82.ocx\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/popcaploader.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/PURen-us.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/qboax10.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/qboax10.dll\\.Owner -> {843EE768-3A97-455C-9076-741BA3AD7B62} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/qboax10.dll\\{843EE768-3A97-455C-9076-741BA3AD7B62} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/scanoptions.tsi\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/scanoptions.tsi\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/scanoptions.tsi\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_de.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_de.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_de.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_en.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_en.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_en.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_es.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_es.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_es.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_fr.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_fr.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_fr.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_ja.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_ja.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_ja.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_ko.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_ko.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_ko.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_zh.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_zh.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_zh.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_zh_cn.properties\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_zh_cn.properties\\.Owner -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/string_zh_cn.properties\\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/tgctlsr.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/tgctlsr.dll\\.Owner -> {44990301-3C9D-426D-81DF-AAB636FA4345} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/tgctlsr.dll\\{44990301-3C9D-426D-81DF-AAB636FA4345} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WBEtoolsAX.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WBEtoolsAX.dll\\.Owner -> Web-Based Email Tools -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WBEtoolsAX.dll\\Web-Based Email Tools ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/atl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/atl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/shfolder.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/shfolder.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/unicows.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82/GdiPlus.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82/GdiPlus.dll\\.Owner -> Unknown Owner -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 6/3/2008 11:08:34 AM | Attr =	]
bar.emf -> %SystemDrive%\bar.emf ->  [Ver =  | Size = 1156 bytes | Created Date = 5/13/2008 2:33:16 PM | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 6/1/2008 9:40:16 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2146881536 bytes | Created Date = 5/30/2008 7:33:57 PM | Attr =  HS]
MyS2GApp -> %SystemDrive%\MyS2GApp ->  [Folder | Created Date = 5/28/2008 12:21:39 PM | Attr =	]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 5/30/2008 6:56:51 PM | Attr =	]
CcmFramework.h -> %SystemRoot%\System32\CcmFramework.h ->  [Ver =  | Size = 621 bytes | Created Date = 5/14/2008 12:46:26 PM | Attr =	]
CcmFramework.ini -> %SystemRoot%\System32\CcmFramework.ini ->  [Ver =  | Size = 4764 bytes | Created Date = 5/14/2008 12:46:26 PM | Attr =	]
mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat ->  [Ver =  | Size = 51616 bytes | Created Date = 5/30/2008 1:30:17 PM | Attr =  H ]
QTVRW32.QTC -> %SystemRoot%\System32\QTVRW32.QTC -> Apple Computer, Inc. [Ver = 1.0.3.9(beta) | Size = 225280 bytes | Created Date = 5/15/2008 3:18:43 PM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 6/1/2008 9:40:45 AM | Attr =	]
ms -> %SystemRoot%\ms ->  [Folder | Created Date = 5/14/2008 12:45:16 PM | Attr =	]
Page Gallery Uninstaller.exe -> %SystemRoot%\Page Gallery Uninstaller.exe ->  [Ver =  | Size = 196908 bytes | Created Date = 5/28/2008 9:47:48 AM | Attr =	]
QT$INST$.~32 -> %SystemRoot%\QT$INST$.~32 ->  [Ver =  | Size = 832 bytes | Created Date = 5/15/2008 3:15:19 PM | Attr =	]
REDBOOK2.INI -> %SystemRoot%\REDBOOK2.INI ->  [Ver =  | Size = 300 bytes | Created Date = 5/12/2008 5:09:46 PM | Attr =	]
RESULT.QTW -> %SystemRoot%\RESULT.QTW ->  [Ver =  | Size = 30 bytes | Created Date = 5/15/2008 3:15:19 PM | Attr =	]
uninst.exe -> %SystemRoot%\uninst.exe -> InstallShield Corporation, Inc. [Ver = 2.20.920.0 | Size = 299008 bytes | Created Date = 5/15/2008 3:15:02 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 6/3/2008 11:10:39 AM | Attr =	]
bar.emf -> %SystemDrive%\bar.emf ->  [Ver =  | Size = 1156 bytes | Modified Date = 5/13/2008 2:33:16 PM | Attr =	]
Clients -> %SystemDrive%\Clients ->  [Folder | Modified Date = 5/29/2008 2:54:15 PM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 5/30/2008 4:07:02 PM | Attr =  H ]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 6/1/2008 9:40:16 AM | Attr =	]
EDMDB.ldf -> %SystemDrive%\EDMDB.ldf ->  [Ver =  | Size = 1048576 bytes | Modified Date = 5/27/2008 10:42:13 AM | Attr =	]
EDMDB.mdf -> %SystemDrive%\EDMDB.mdf ->  [Ver =  | Size = 168558592 bytes | Modified Date = 5/27/2008 10:42:12 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2146881536 bytes | Modified Date = 6/3/2008 11:34:59 AM | Attr =  HS]
MyS2GApp -> %SystemDrive%\MyS2GApp ->  [Folder | Modified Date = 5/28/2008 12:21:39 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 6/3/2008 11:08:34 AM | Attr = R  ]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 5/30/2008 6:57:16 PM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 5/28/2008 12:37:15 PM | Attr =  HS]
WINNT -> %SystemRoot% ->  [Folder | Modified Date = 6/3/2008 11:35:29 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 5/30/2008 7:29:37 PM | Attr =	]
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 6/3/2008 10:07:07 AM | Attr =	]
Adobe -> %SystemRoot%\System32\Adobe ->  [Folder | Modified Date = 5/8/2008 9:50:24 AM | Attr =	]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Modified Date = 5/28/2008 4:23:04 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 5/30/2008 9:43:07 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 6/3/2008 11:30:23 AM | Attr =	]
CCM -> %SystemRoot%\System32\CCM ->  [Folder | Modified Date = 5/14/2008 12:46:40 PM | Attr =	]
CcmFramework.h -> %SystemRoot%\System32\CcmFramework.h ->  [Ver =  | Size = 621 bytes | Modified Date = 5/14/2008 12:46:26 PM | Attr =	]
CcmFramework.ini -> %SystemRoot%\System32\CcmFramework.ini ->  [Ver =  | Size = 4764 bytes | Modified Date = 5/14/2008 12:46:26 PM | Attr =	]
ccmsetup -> %SystemRoot%\System32\ccmsetup ->  [Folder | Modified Date = 5/14/2008 12:02:41 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 6/3/2008 9:22:25 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 6/3/2008 11:08:34 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1544576 bytes | Modified Date = 5/31/2008 3:11:46 AM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Modified Date = 6/3/2008 11:39:31 AM | Attr =	]
mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat ->  [Ver =  | Size = 51616 bytes | Modified Date = 5/30/2008 1:30:17 PM | Attr =  H ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 91182 bytes | Modified Date = 5/14/2008 12:46:26 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 480720 bytes | Modified Date = 5/14/2008 12:46:26 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 581964 bytes | Modified Date = 5/14/2008 12:46:26 PM | Attr =	]
profile.dat -> %SystemRoot%\System32\profile.dat ->  [Ver =  | Size = 40 bytes | Modified Date = 6/3/2008 11:22:22 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 5/28/2008 12:37:16 PM | Attr =	]
SetEDTEnvVars_2003_21.bat -> %SystemRoot%\System32\SetEDTEnvVars_2003_21.bat ->  [Ver =  | Size = 1231 bytes | Modified Date = 5/22/2008 12:29:46 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 5/14/2008 12:45:34 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 6/3/2008 9:21:47 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 5/31/2008 3:03:19 AM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 5/30/2008 7:42:09 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 6/3/2008 11:35:08 AM | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 6/3/2008 11:35:13 AM | Attr =  HS]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Modified Date = 5/28/2008 4:27:25 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 6/3/2008 11:30:24 AM | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 6/1/2008 9:40:45 AM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 6/2/2008 9:22:49 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 5/31/2008 3:03:17 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 6/2/2008 9:22:49 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 5/30/2008 4:07:02 PM | Attr =  HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 5/30/2008 7:42:09 PM | Attr =	]
ms -> %SystemRoot%\ms ->  [Folder | Modified Date = 5/14/2008 12:45:16 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 6/2/2008 2:01:15 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 2689 bytes | Modified Date = 5/22/2008 12:29:40 PM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4396 bytes | Modified Date = 5/22/2008 12:27:35 PM | Attr =	]
Page Gallery Uninstaller.exe -> %SystemRoot%\Page Gallery Uninstaller.exe ->  [Ver =  | Size = 196908 bytes | Modified Date = 5/28/2008 9:47:48 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 6/3/2008 11:32:33 AM | Attr =	]
QT$INST$.~32 -> %SystemRoot%\QT$INST$.~32 ->  [Ver =  | Size = 832 bytes | Modified Date = 5/16/2008 12:55:03 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 6/3/2008 11:38:05 AM | Attr =  H ]
REDBOOK2.INI -> %SystemRoot%\REDBOOK2.INI ->  [Ver =  | Size = 300 bytes | Modified Date = 5/20/2008 10:05:51 AM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 6/3/2008 11:37:47 AM | Attr =	]
RESULT.QTW -> %SystemRoot%\RESULT.QTW ->  [Ver =  | Size = 30 bytes | Modified Date = 5/28/2008 1:11:38 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 6/2/2008 9:28:41 AM | Attr =	]
smscfg.ini -> %SystemRoot%\smscfg.ini ->  [Ver =  | Size = 467 bytes | Modified Date = 6/3/2008 11:36:18 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 6/3/2008 11:20:52 AM | Attr =	]
temp -> %SystemRoot%\temp ->  [Folder | Modified Date = 6/3/2008 12:23:53 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 5/30/2008 2:49:20 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 6/3/2008 11:35:20 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 6/3/2008 11:09:27 AM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 6/3/2008 11:22:21 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 6/3/2008 11:22:21 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 3/23/2007 9:17:41 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 1/17/2007 11:14:25 AM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 3/23/2007 9:17:41 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0 ->  [Folder | Modified Date = 5/30/2008 2:51:54 PM | Attr =	]
VCExpress000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0\VCExpress000223.dat ->  [Ver =  | Size = 677178 bytes | Modified Date = 5/30/2008 2:51:24 PM | Attr =  H ]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 6/3/2008 12:35:55 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
fssm32.exe -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
fssm32.exe -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 6/3/2008 12:35:55 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
daas_s.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
fpinor.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
fsbl.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
fsbld.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 6/3/2008 11:32:01 AM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
fsmart.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 6/3/2008 11:32:08 AM | Attr =	]
fspe32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 6/3/2008 11:32:02 AM | Attr =	]
fsup32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14193 | Size = 884736 bytes | Modified Date = 6/3/2008 11:32:08 AM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 6/3/2008 11:31:59 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
fm4av.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
fpinor.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
fsbl.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fspe32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsup32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 6/3/2008 11:32:08 AM | Attr =	]
fsmart.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 6/3/2008 11:32:08 AM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14193 | Size = 884736 bytes | Modified Date = 6/3/2008 11:32:08 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 6/3/2008 11:31:59 AM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 6/3/2008 11:31:59 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 6/3/2008 11:32:02 AM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 6/3/2008 11:32:02 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 6/3/2008 11:32:01 AM | Attr =	]
fsblu.dll -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 6/3/2008 11:32:01 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\ -> C:\Documents and Settings\hx32804\Local Settings\Temp ->  [Folder | Modified Date = 6/3/2008 2:23:15 PM | Attr =	]
ExchangePerflog_8484fa3142795cebdcd6c672.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\ExchangePerflog_8484fa3142795cebdcd6c672.dat ->  [Ver =  | Size = 28 bytes | Modified Date = 6/3/2008 11:38:31 AM | Attr =	]
1 C:\Documents and Settings\hx32804\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\hx32804\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 6/3/2008 12:35:55 PM | Attr =	]
ext.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 6/3/2008 11:31:56 AM | Attr =	]
fsedb.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 861786 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
perf.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 6/3/2008 2:23:14 PM | Attr =	]
sae.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 6/3/2008 11:31:56 AM | Attr =	]
sai.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 6/3/2008 11:31:56 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 6/3/2008 11:31:56 AM | Attr =	]
ext.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 6/3/2008 11:31:56 AM | Attr =	]
sae.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 6/3/2008 11:31:56 AM | Attr =	]
sai.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 6/3/2008 11:31:56 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsedb.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 861786 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 6/3/2008 12:35:55 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 6/3/2008 11:31:56 AM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 6/3/2008 11:31:55 AM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 6/3/2008 11:32:01 AM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 6/3/2008 11:32:08 AM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 6/3/2008 11:32:02 AM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 6/3/2008 11:31:59 AM | Attr =	]
verdicts.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 6/3/2008 11:31:55 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 6/3/2008 11:31:56 AM | Attr =	]
FS@av.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 6/3/2008 11:31:56 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avpe\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 6/3/2008 11:31:55 AM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 6/3/2008 11:31:55 AM | Attr =	]
verdicts.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 6/3/2008 11:31:55 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 6/3/2008 11:32:10 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 6/3/2008 11:32:06 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 6/3/2008 11:32:08 AM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 6/3/2008 11:32:08 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 6/3/2008 11:31:59 AM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 6/3/2008 11:31:59 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 6/3/2008 11:32:02 AM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 6/3/2008 11:32:02 AM | Attr =	]
C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 6/3/2008 11:32:01 AM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\hx32804\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 6/3/2008 11:32:01 AM | Attr =	]
C:\WINNT\Temp\ -> C:\WINNT\temp ->  [Folder | Modified Date = 6/3/2008 2:23:57 PM | Attr =	]
Perflib_Perfdata_6d4.dat -> C:\WINNT\temp\Perflib_Perfdata_6d4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/3/2008 11:35:31 AM | Attr =	]
Perflib_Perfdata_734.dat -> C:\WINNT\temp\Perflib_Perfdata_734.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/3/2008 11:24:10 AM | Attr =	]
2 C:\WINNT\Temp\*.tmp files -> C:\WINNT\Temp\*.tmp -> 

< End of report >


#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:47 PM

Posted 03 June 2008 - 02:48 PM

Hi babuffalo. The Avenger log is at c:\Avenger.txt (see instructions). That's Ok. The files are all gon anyway so I con't need it.

Everything looks good. Go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues. If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users