Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde + Win32/bho.nfh Trojan


  • This topic is locked This topic is locked
25 replies to this topic

#1 TheCat

TheCat

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 29 July 2008 - 03:53 AM

was using kaspersky, but as it wasnt removing the nasties I am now using nod32 (although it isnt showing in taskbar, but says its running)


Deckard's System Scanner v20071014.68
Run by Alex on 2008-07-29 09:45:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Alex.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:45:54, on 29/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Alex\Desktop\dss.exe
C:\Users\Alex\DOWNLO~1\Tools\Alex.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=6071203
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=6071203
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=6071203
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0457F452-2C2E-4EFF-A478-95D4B1F36E83} - C:\Windows\system32\xxyVOFwX.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {263ce8fe-aea4-0faa-7fe4-ebcb3229ac59} - {95ca9223-bcbe-4ef7-aaf0-4aeaef8ec362} - (no file)
O2 - BHO: (no name) - {9BD9E4A4-0DE0-4417-8CBE-B3094F15EB66} - C:\Windows\system32\ljjhifed.dll (file missing)
O2 - BHO: (no name) - {F000C640-5DA4-4B69-9392-9B0D850E6CE1} - C:\Windows\system32\yaywUomJ.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yaywUomJ.dll,#1
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BMb9b60a71] Rundll32.exe "C:\Windows\system32\tdugpwne.dll",s
O4 - HKLM\..\Run: [ba8539ed] rundll32.exe "C:\Windows\system32\jbwmcind.dll",b
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{501D03E3-5406-4340-A37C-D2F94C24A038}
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 12547 bytes

-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 09:46:08 321536 --a------ C:\Windows\system32\urqPjICs.dll
2008-07-29 09:41:04 33664 --a------ C:\Windows\system32\yaywUomJ.dll
2008-07-28 16:43:49 0 d-------- C:\CNNANT2009
2008-07-28 16:31:03 0 d-------- C:\Program Files\Garmin1
2008-07-26 09:24:07 95360 --a------ C:\Windows\system32\jbwmcind.dll
2008-07-26 09:21:07 116864 --a------ C:\Windows\system32\kdeokf.dll
2008-07-26 09:21:06 116864 --a------ C:\Windows\system32\gqunqkmb.dll
2008-07-25 09:23:42 116352 --a------ C:\Windows\system32\yjeewn.dll
2008-07-25 09:23:41 116352 --a------ C:\Windows\system32\aqjmgaew.dll
2008-07-24 09:17:46 472265 --ahs---- C:\Windows\system32\XwFOVyxx.ini2
2008-07-23 15:21:55 0 d-------- C:\Program Files\GPS Utility
2008-07-23 13:46:09 116864 --a------ C:\Windows\system32\rghtkcan.dll
2008-07-23 13:46:09 116864 --a------ C:\Windows\system32\cyngmk.dll
2008-07-23 13:41:23 116864 --a------ C:\Windows\system32\mwwestqt.dll
2008-07-23 13:41:23 116864 --a------ C:\Windows\system32\avkehr.dll
2008-07-23 09:53:10 116864 --a------ C:\Windows\system32\cxpjek.dll
2008-07-23 09:53:00 116864 --a------ C:\Windows\system32\welogfvb.dll
2008-07-23 09:21:48 600624 --ahs---- C:\Windows\system32\ponWyyay.ini2
2008-07-22 14:15:47 0 d-------- C:\Program Files\Spyware Doctor
2008-07-22 14:13:39 0 d-------- C:\Program Files\SpywareBlaster
2008-07-22 14:09:36 0 d-------- C:\Users\All Users\Prevx
2008-07-22 10:30:08 0 d-------- C:\Windows\pss
2008-07-22 09:28:51 116352 --a------ C:\Windows\system32\imjhwk.dll
2008-07-22 09:28:41 116352 --a------ C:\Windows\system32\ahrliakk.dll
2008-07-21 15:34:24 0 d-------- C:\Program Files\iPod
2008-07-21 15:34:22 0 d-------- C:\Program Files\iTunes
2008-07-21 15:32:09 0 d-------- C:\Program Files\Apple Software Update
2008-07-21 15:31:31 0 d-------- C:\Users\All Users\Apple
2008-07-21 15:31:31 0 d-------- C:\Program Files\Common Files\Apple
2008-07-21 10:01:47 696352 --ahs---- C:\Windows\system32\drivers\fidbox2.dat
2008-07-21 09:26:46 466947 --ahs---- C:\Windows\system32\defihjjl.ini2
2008-07-21 09:21:42 33664 --a------ C:\Windows\system32\jkKEXrRj.dll
2008-07-10 03:01:07 0 d-------- C:\Windows\SQL9_KB948109_ENU


-- Find3M Report ---------------------------------------------------------------

2008-07-29 09:07:03 12 --a------ C:\Windows\bthservsdp.dat
2008-07-28 17:29:35 0 d-------- C:\Program Files\Hitman Pro
2008-07-28 16:31:07 0 d-------- C:\Program Files\Garmin
2008-07-28 14:43:30 0 d-------- C:\Users\Alex\AppData\Roaming\Skype
2008-07-28 11:50:38 0 d-------- C:\Users\Alex\AppData\Roaming\Adobe
2008-07-28 09:43:36 0 d-------- C:\Users\Alex\AppData\Roaming\skypePM
2008-07-23 15:43:31 0 d-------- C:\Users\Alex\AppData\Roaming\GPS Utility
2008-07-22 14:15:47 0 d-------- C:\Users\Alex\AppData\Roaming\PC Tools
2008-07-22 10:34:41 0 d-------- C:\Users\Alex\AppData\Roaming\DNA
2008-07-22 10:11:19 0 d-------- C:\Program Files\Java
2008-07-21 15:35:28 0 d-------- C:\Users\Alex\AppData\Roaming\Apple Computer
2008-07-21 15:33:57 0 d-------- C:\Program Files\Bonjour
2008-07-21 15:31:31 0 d-------- C:\Program Files\Common Files
2008-07-21 10:07:55 0 d-------- C:\Program Files\BitComet
2008-07-21 09:38:47 0 d-------- C:\Program Files\Kaspersky Lab
2008-07-10 03:13:01 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 03:01:48 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-10 03:00:42 0 d-------- C:\Program Files\Windows Mail
2008-07-07 10:59:07 9315 --a------ C:\Users\Alex\AppData\Roaming\Microsoft Excel 97-2003.EML
2008-07-07 10:59:07 9330 --a------ C:\Users\Alex\AppData\Roaming\Comma Separated Values (Windows).EML
2008-06-30 11:49:47 0 d-------- C:\Users\Alex\AppData\Roaming\Real
2008-06-18 10:33:53 0 d-------- C:\Users\Alex\AppData\Roaming\Mozilla
2008-06-11 09:24:15 0 d-------- C:\Program Files\Tourpoint Editor3
2008-06-11 09:24:00 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-09 17:15:12 0 d-------- C:\Users\Alex\AppData\Roaming\JGsoft
2008-06-09 12:11:52 0 d-------- C:\Program Files\ARTIS
2008-06-09 11:49:03 0 d-------- C:\Program Files\JGsoft
2008-06-02 15:41:02 0 d-------- C:\Program Files\DYMO Label
2008-05-20 15:24:48 2 --a------ C:\Windows\system32\krx260.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0457F452-2C2E-4EFF-A478-95D4B1F36E83}]
C:\Windows\system32\xxyVOFwX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95ca9223-bcbe-4ef7-aaf0-4aeaef8ec362}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BD9E4A4-0DE0-4417-8CBE-B3094F15EB66}]
C:\Windows\system32\ljjhifed.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F000C640-5DA4-4B69-9392-9B0D850E6CE1}]
21/07/2008 09:21 33664 --a------ C:\Windows\system32\yaywUomJ.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [23/07/2007 07:27 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21/03/2007 14:00]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [21/09/2007 04:10 C:\Windows\KHALMNPR.Exe]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 13:17]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [25/03/2008 10:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"OLP-Tray"="C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE" [17/07/2006 16:45]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [27/05/2008 10:50]
"MSServer"="C:\Windows\system32\yaywUomJ.dll" [21/07/2008 09:21]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [09/10/2007 19:56]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [16/07/2008 09:16]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [01/07/2008 09:01]
"BMb9b60a71"="C:\Windows\system32\tdugpwne.dll" []
"ba8539ed"="C:\Windows\system32\jbwmcind.dll" [26/07/2008 09:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [02/11/2006 10:45]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F000C640-5DA4-4B69-9392-9B0D850E6CE1}"= C:\Windows\system32\yaywUomJ.dll [21/07/2008 09:21 33664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 31/01/2005 16:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\xxyVOFwX

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeamYourScreen]
"C:\Program Files\BeamYourScreen\BeamYourScreen.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"C:\Program Files\BitComet\BitComet.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb9b60a71]
Rundll32.exe "C:\Windows\system32\mvjbxjdc.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Windows\system32\awtusqNe.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore 2.0]
"C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunSpySweeperScheduleAtStartup]
"C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{501D03E3-5406-4340-A37C-D2F94C24A038}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME 2\HOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Setup\Common\Autorun\AUTI386.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{456086ca-a1a2-11dc-9fcd-806e6f6e6963}]
AutoRun\command- G:\Windows\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ac117a5-c030-11dc-a276-001aa096b200}]
AutoRun\command- Q:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{17EF733F-75AD-46A6-B542-E21C1FC84445}]
C:\Windows\system32\msiexec.exe /qn /fpu {17EF733F-75AD-46A6-B542-E21C1FC84445}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2866BB71-FB23-43F5-BB2A-84622FF79E2C}]
C:\Windows\system32\msiexec.exe /qn /fpu {2866BB71-FB23-43F5-BB2A-84622FF79E2C}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
C:\Windows\system32\msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-29 09:46:42 ------------

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:34 AM

Posted 29 July 2008 - 05:33 PM

Hello TheCat,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh DSS Main.txt log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 29 July 2008 - 05:33 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 TheCat

TheCat
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 30 July 2008 - 04:13 AM

Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 6.0.6000

10:11:40 30/07/2008
mbam-log-7-30-2008 (10-11-40).txt

Scan type: Quick Scan
Objects scanned: 45924
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 14
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\ljJYRkJy.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f000c640-5da4-4b69-9392-9b0d850e6ce1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f000c640-5da4-4b69-9392-9b0d850e6ce1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{514a5c49-0c7d-42c3-a71b-38864a269b7a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bawr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f000c640-5da4-4b69-9392-9b0d850e6ce1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bfb5f154-9212-46f3-b547-ac6106030a54} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f501c2ab-834a-4b9d-a86b-a1eada760b00} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\ljjhifed.dll__DELETE_ON_REBOOT (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\defihjjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\defihjjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJYRkJy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ahrliakk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aqjmgaew.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\avkehr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cxpjek.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cyngmk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gqunqkmb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hgGaxYoL.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\imjhwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkKEXrRj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mwwestqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rghtkcan.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ssqNGwTn.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\welogfvb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yjeewn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\kdeokf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp00039f79 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drmgs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\BMb9b60a71.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

RESTARTING: then will post DSS

Deckard's System Scanner v20071014.68
Run by Alex on 2008-07-30 10:17:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Alex.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:30, on 30/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Alex\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alex\DOWNLO~1\Tools\Alex.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=6071203
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=6071203
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=6071203
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0457F452-2C2E-4EFF-A478-95D4B1F36E83} - C:\Windows\system32\xxyVOFwX.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {263ce8fe-aea4-0faa-7fe4-ebcb3229ac59} - {95ca9223-bcbe-4ef7-aaf0-4aeaef8ec362} - (no file)
O2 - BHO: (no name) - {9BD9E4A4-0DE0-4417-8CBE-B3094F15EB66} - C:\Windows\system32\ljjhifed.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BMb9b60a71] Rundll32.exe "C:\Windows\system32\tdugpwne.dll",s
O4 - HKLM\..\Run: [ba8539ed] rundll32.exe "C:\Windows\system32\jbwmcind.dll",b
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{501D03E3-5406-4340-A37C-D2F94C24A038}
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 12223 bytes

-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-30 09:27:34 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-30 09:27:34 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 10:42:10 0 d-------- C:\Program Files\Uniblue
2008-07-28 16:43:49 0 d-------- C:\CNNANT2009
2008-07-28 16:31:03 0 d-------- C:\Program Files\Garmin1
2008-07-24 09:17:46 472265 --ahs---- C:\Windows\system32\XwFOVyxx.ini2
2008-07-23 15:21:55 0 d-------- C:\Program Files\GPS Utility
2008-07-23 09:21:48 600624 --ahs---- C:\Windows\system32\ponWyyay.ini2
2008-07-22 14:15:47 0 d-------- C:\Program Files\Spyware Doctor
2008-07-22 14:13:39 0 d-------- C:\Program Files\SpywareBlaster
2008-07-22 14:09:36 0 d-------- C:\Users\All Users\Prevx
2008-07-22 10:30:08 0 d-------- C:\Windows\pss
2008-07-21 15:34:24 0 d-------- C:\Program Files\iPod
2008-07-21 15:34:22 0 d-------- C:\Program Files\iTunes
2008-07-21 15:32:09 0 d-------- C:\Program Files\Apple Software Update
2008-07-21 15:31:31 0 d-------- C:\Users\All Users\Apple
2008-07-21 15:31:31 0 d-------- C:\Program Files\Common Files\Apple
2008-07-21 10:01:47 696352 --ahs---- C:\Windows\system32\drivers\fidbox2.dat
2008-07-10 03:01:07 0 d-------- C:\Windows\SQL9_KB948109_ENU


-- Find3M Report ---------------------------------------------------------------

2008-07-30 10:13:53 12 --a------ C:\Windows\bthservsdp.dat
2008-07-30 10:10:44 0 d-------- C:\Users\Alex\AppData\Roaming\Adobe
2008-07-30 09:27:37 0 d-------- C:\Users\Alex\AppData\Roaming\Malwarebytes
2008-07-29 10:56:59 0 d-------- C:\Program Files\DNA
2008-07-29 10:56:58 0 d-------- C:\Program Files\BitTorrent
2008-07-29 10:56:58 0 d-------- C:\Program Files\BitComet
2008-07-29 10:56:40 0 d-------- C:\Users\Alex\AppData\Roaming\DNA
2008-07-29 10:56:40 0 d-------- C:\Users\Alex\AppData\Roaming\BitTorrent
2008-07-29 10:42:42 0 d-------- C:\Users\Alex\AppData\Roaming\Uniblue
2008-07-28 17:29:35 0 d-------- C:\Program Files\Hitman Pro
2008-07-28 16:31:07 0 d-------- C:\Program Files\Garmin
2008-07-28 14:43:30 0 d-------- C:\Users\Alex\AppData\Roaming\Skype
2008-07-28 09:43:36 0 d-------- C:\Users\Alex\AppData\Roaming\skypePM
2008-07-23 15:43:31 0 d-------- C:\Users\Alex\AppData\Roaming\GPS Utility
2008-07-22 14:15:47 0 d-------- C:\Users\Alex\AppData\Roaming\PC Tools
2008-07-22 10:11:19 0 d-------- C:\Program Files\Java
2008-07-21 15:35:28 0 d-------- C:\Users\Alex\AppData\Roaming\Apple Computer
2008-07-21 15:33:57 0 d-------- C:\Program Files\Bonjour
2008-07-21 15:31:31 0 d-------- C:\Program Files\Common Files
2008-07-21 09:38:47 0 d-------- C:\Program Files\Kaspersky Lab
2008-07-10 03:13:01 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 03:01:48 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-10 03:00:42 0 d-------- C:\Program Files\Windows Mail
2008-07-07 10:59:07 9315 --a------ C:\Users\Alex\AppData\Roaming\Microsoft Excel 97-2003.EML
2008-07-07 10:59:07 9330 --a------ C:\Users\Alex\AppData\Roaming\Comma Separated Values (Windows).EML
2008-06-30 11:49:47 0 d-------- C:\Users\Alex\AppData\Roaming\Real
2008-06-18 10:33:53 0 d-------- C:\Users\Alex\AppData\Roaming\Mozilla
2008-06-11 09:24:15 0 d-------- C:\Program Files\Tourpoint Editor3
2008-06-11 09:24:00 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-09 17:15:12 0 d-------- C:\Users\Alex\AppData\Roaming\JGsoft
2008-06-09 12:11:52 0 d-------- C:\Program Files\ARTIS
2008-06-09 11:49:03 0 d-------- C:\Program Files\JGsoft
2008-06-02 15:41:02 0 d-------- C:\Program Files\DYMO Label
2008-05-20 15:24:48 2 --a------ C:\Windows\system32\krx260.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0457F452-2C2E-4EFF-A478-95D4B1F36E83}]
C:\Windows\system32\xxyVOFwX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95ca9223-bcbe-4ef7-aaf0-4aeaef8ec362}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BD9E4A4-0DE0-4417-8CBE-B3094F15EB66}]
C:\Windows\system32\ljjhifed.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [23/07/2007 07:27 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21/03/2007 14:00]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [21/09/2007 04:10 C:\Windows\KHALMNPR.Exe]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 13:17]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [25/03/2008 10:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"OLP-Tray"="C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE" [17/07/2006 16:45]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [27/05/2008 10:50]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [09/10/2007 19:56]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [16/07/2008 09:16]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [01/07/2008 09:01]
"BMb9b60a71"="C:\Windows\system32\tdugpwne.dll" []
"ba8539ed"="C:\Windows\system32\jbwmcind.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [02/11/2006 10:45]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:36]
"Uniblue SpeedUpMyPC"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 31/01/2005 16:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\xxyVOFwX

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeamYourScreen]
"C:\Program Files\BeamYourScreen\BeamYourScreen.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"C:\Program Files\BitComet\BitComet.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb9b60a71]
Rundll32.exe "C:\Windows\system32\mvjbxjdc.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Windows\system32\awtusqNe.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore 2.0]
"C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunSpySweeperScheduleAtStartup]
"C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{501D03E3-5406-4340-A37C-D2F94C24A038}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME 2\HOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Setup\Common\Autorun\AUTI386.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{456086ca-a1a2-11dc-9fcd-806e6f6e6963}]
AutoRun\command- G:\Windows\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ac117a5-c030-11dc-a276-001aa096b200}]
AutoRun\command- Q:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{17EF733F-75AD-46A6-B542-E21C1FC84445}]
C:\Windows\system32\msiexec.exe /qn /fpu {17EF733F-75AD-46A6-B542-E21C1FC84445}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2866BB71-FB23-43F5-BB2A-84622FF79E2C}]
C:\Windows\system32\msiexec.exe /qn /fpu {2866BB71-FB23-43F5-BB2A-84622FF79E2C}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
C:\Windows\system32\msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-30 10:18:29 ------------

Edited by TheCat, 30 July 2008 - 04:21 AM.


#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:34 AM

Posted 30 July 2008 - 07:23 AM

Hi TheCat,

Your log looks much better but you still have some items to remove. :thumbsup:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then it is too big to post.
If too big to post then you can upload the new scan log to me here.
Let me know when you upload the report file.

Edited by SifuMike, 30 July 2008 - 07:27 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 TheCat

TheCat
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 04 August 2008 - 06:28 AM

Hi, sorry for the delayed reply, I got stuck downloading OTScanIt.exe, it says the download cant complete, could you verify the link ?

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:34 AM

Posted 04 August 2008 - 10:52 AM

Hi TheCat,

Just tried the link and it is OK.
Try downloading it again. If you still have problems downloading it, then disable your Antivirus program and download it.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 TheCat

TheCat
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 06 August 2008 - 06:41 AM

OK I found out my nod32 was stopping the download and disabled it. I ran the program to your instructions but the report was too large to reply with so I attached it as a file.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:34 AM

Posted 06 August 2008 - 01:41 PM

Hi TheCat,

Step #1

You may need to disable your Nod32 antivirus before running the following.

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%allusersprofile%\bmb9b60a71.xml
%allusersprofile%\pskt.ini
%systemroot%\system32\bayqsbkw.ini
%systemroot%\system32\dnicmwbj.ini
%systemroot%\system32\fqxdtbay.ini
%systemroot%\system32\hdlmxmax.ini
%systemroot%\system32\ktowwhty.ini
%systemroot%\system32\mffakucg.ini
%systemroot%\system32\ponwyyay.ini
%systemroot%\system32\ponwyyay.ini2
%systemroot%\system32\vyebfcpu.ini
%systemroot%\system32\xbrmctem.ini
%systemroot%\system32\xwfovyxx.ini
%systemroot%\system32\xwfovyxx.ini2


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Files/Folders - Created Within 30 days]
NY -> bayqsbkw.ini -> %SystemRoot%\System32\bayqsbkw.ini
NY -> dnicmwbj.ini -> %SystemRoot%\System32\dnicmwbj.ini
NY -> fqxdtbay.ini -> %SystemRoot%\System32\fqxdtbay.ini
NY -> hdlmxmax.ini -> %SystemRoot%\System32\hdlmxmax.ini
NY -> ktowwhty.ini -> %SystemRoot%\System32\ktowwhty.ini
NY -> mffakucg.ini -> %SystemRoot%\System32\mffakucg.ini
NY -> ponWyyay.ini -> %SystemRoot%\System32\ponWyyay.ini
NY -> ponWyyay.ini2 -> %SystemRoot%\System32\ponWyyay.ini2
NY -> vyebfcpu.ini -> %SystemRoot%\System32\vyebfcpu.ini
NY -> xbrmctem.ini -> %SystemRoot%\System32\xbrmctem.ini
NY -> XwFOVyxx.ini -> %SystemRoot%\System32\XwFOVyxx.ini
NY -> XwFOVyxx.ini2 -> %SystemRoot%\System32\XwFOVyxx.ini2
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> BMb9b60a71.xml -> %AllUsersProfile%\BMb9b60a71.xml
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
[Files/Folders - Modified Within 30 days]
NY -> bayqsbkw.ini -> %SystemRoot%\System32\bayqsbkw.ini
NY -> dnicmwbj.ini -> %SystemRoot%\System32\dnicmwbj.ini
NY -> fqxdtbay.ini -> %SystemRoot%\System32\fqxdtbay.ini
NY -> hdlmxmax.ini -> %SystemRoot%\System32\hdlmxmax.ini
NY -> ktowwhty.ini -> %SystemRoot%\System32\ktowwhty.ini
NY -> mffakucg.ini -> %SystemRoot%\System32\mffakucg.ini
NY -> ponWyyay.ini -> %SystemRoot%\System32\ponWyyay.ini
NY -> ponWyyay.ini2 -> %SystemRoot%\System32\ponWyyay.ini2
NY -> vyebfcpu.ini -> %SystemRoot%\System32\vyebfcpu.ini
NY -> xbrmctem.ini -> %SystemRoot%\System32\xbrmctem.ini
NY -> XwFOVyxx.ini -> %SystemRoot%\System32\XwFOVyxx.ini
NY -> XwFOVyxx.ini2 -> %SystemRoot%\System32\XwFOVyxx.ini2
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> BMb9b60a71.xml -> %AllUsersProfile%\BMb9b60a71.xml
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:


    • File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:
1. The Avenger report (c:\Avenger.txt)

2. The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )

3. The new OTScanIt scan log.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 TheCat

TheCat
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 07 August 2008 - 09:01 AM

the F-Secure Online Scanner crashes my pc (to a black screen) so I have just done the rest of the instructions and attached the results.

#10 TheCat

TheCat
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 07 August 2008 - 09:05 AM

first ost scan

Edited by TheCat, 07 August 2008 - 09:06 AM.


#11 TheCat

TheCat
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 07 August 2008 - 09:11 AM

I dont have any space left to upload the last ost scan...

Attachment space used 503.45k of 512k

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:34 AM

Posted 07 August 2008 - 11:56 AM

Hi TheCat,

I dont have any space left to upload the last ost scan...
Attachment space used 503.45k of 512k


Go to My Controls> Options> Manage you Attachements and delete all the attachments. Than you will have space to post the OTScanIt log. You are limited to 512k in attachments.l

I still need to see the OTScanIt fix log and a fresh OTScanit log. Do not zip them.


Attached File(s)
first_ost_scan.zip ( 38.11k ) Number of downloads: 0

Please post this scan rather than attaching it.


If you still can post it, then you can upload the new OTScanIt log to me here.

Let me know when you do that. :thumbsup:

Edited by SifuMike, 08 August 2008 - 08:25 PM.
edited for clarity

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:34 AM

Posted 08 August 2008 - 08:27 PM

I still need to see the OTScanIt fix log and a fresh OTScanit log. Do not zip them.

Refer to my previous post on the way to Manage you attachments.
Then you should be able to post them.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 TheCat

TheCat
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 12 August 2008 - 03:31 AM

ok first ost scan attached

Attached Files


Edited by TheCat, 12 August 2008 - 03:33 AM.


#15 TheCat

TheCat
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 12 August 2008 - 03:33 AM

the fresh ots scan

OTScanIt logfile created on: 07/08/2008 14:59:03
OTScanIt by OldTimer - Version 1.0.16.2	 Folder = C:\Users\Alex\Desktop\OTScanIt
Windows Vista   (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16681)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.27% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 342.00 Gb Total Space | 123.60 Gb Free Space | 36.14% Space Free | Partition Type: NTFS
Drive D: | 113.70 Gb Total Space | 13.45 Gb Free Space | 11.83% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.71 Gb Free Space | 57.09% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 966.99 Mb Total Space | 546.55 Mb Free Space | 56.52% Space Free | Partition Type: FAT32

Computer Name: ALEX-PC
Current User Name: Alex
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4190 | Size = 655360 bytes | Modified Date = 26/02/2008 04:08:14 | Attr =	]
ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4190 | Size = 655360 bytes | Modified Date = 26/02/2008 04:08:14 | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 10/07/2008 09:47:18 | Attr =	]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.26 | Size = 194240 bytes | Modified Date = 31/10/2006 11:32:09 | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 15:17:08 | Attr =	]
ekrn.exe -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\ekrn.exe -> ESET [Ver = 3.0.669  | Size = 468224 bytes | Modified Date = 01/07/2008 09:02:28 | Attr =	]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 31/07/2008 10:05:46 | Attr =	]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.5.0.1017 | Size = 355096 bytes | Modified Date = 21/03/2007 14:00:04 | Attr =	]
kservice.exe -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.12.707.160 | Size = 3072184 bytes | Modified Date = 27/02/2008 17:56:54 | Attr =	]
nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 20/09/2007 10:51:46 | Attr =	]
vprosvc.exe -> %ProgramFiles%\Norton Save and Restore\Agent\VProSvc.exe -> Symantec Corporation [Ver = 2.0.4.23034 | Size = 3372384 bytes | Modified Date = 05/10/2007 13:33:10 | Attr =	]
oodag.exe -> %SystemRoot%\System32\oodag.exe -> O&O Software GmbH [Ver = 10.0.1634 | Size = 1050120 bytes | Modified Date = 11/05/2007 03:09:48 | Attr =	]
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 19:56:30 | Attr =	]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 57 | Size = 4452352 bytes | Modified Date = 23/07/2007 07:27:00 | Attr =	]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.5.0.1017 | Size = 174872 bytes | Modified Date = 21/03/2007 14:00:00 | Attr =	]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.802.22438 | Size = 29744 bytes | Modified Date = 25/03/2008 10:55:21 | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 04:27:04 | Attr =	]
stray.exe -> %ProgramFiles%\Royal Mail\SmartStamp\BINARY\STRAY.EXE ->  [Ver = 1, 3, 0, 0 | Size = 40960 bytes | Modified Date = 17/07/2006 16:45:26 | Attr =	]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> Advanced Micro Devices Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 12:13:56 | Attr =	]
sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 19:56:24 | Attr =	]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 6.0.0.10 | Size = 1166216 bytes | Modified Date = 16/07/2008 09:16:20 | Attr =	]
egui.exe -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\egui.exe -> ESET [Ver = 3.0.669  | Size = 1447168 bytes | Modified Date = 01/07/2008 09:01:04 | Attr =	]
imgtask.exe -> %SystemRoot%\Imgtask.exe ->  [Ver =  | Size = 20480 bytes | Modified Date = 13/12/2006 04:26:42 | Attr = R  ]
bitcomet.exe -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.99 | Size = 2194744 bytes | Modified Date = 01/02/2008 08:20:14 | Attr =	]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.802.22438 | Size = 29744 bytes | Modified Date = 25/03/2008 10:55:21 | Attr =	]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 12:13:34 | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 21/07/2008 08:52:50 | Attr =	]
gpi_creator.exe -> %ProgramFiles%\Garmin\GPI_Creator\GPI_Creator.exe -> GARMIN International [Ver = 3.0.0.0 | Size = 1842264 bytes | Modified Date = 15/05/2008 16:06:16 | Attr =	]
textpad.exe -> %ProgramFiles%\TextPad 5\TextPad.exe -> Helios Software Solutions [Ver = 5.1.0 | Size = 2999296 bytes | Modified Date = 10/01/2008 15:59:18 | Attr =	]
winamp.exe -> %ProgramFiles%\Winamp\winamp.exe -> Nullsoft [Ver = 5,5,0,1640 | Size = 1250816 bytes | Modified Date = 10/10/2007 06:29:14 | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 09:29:54 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(AcronisOSSReinstallSvc) Acronis OS Selector Reinstall Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Acronis\Acronis Disk Director\oss_reinstall_svc.exe ->  [Ver =  | Size = 2217416 bytes | Modified Date = 26/02/2007 15:03:56 | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 10/07/2008 09:47:18 | Attr =	]
(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4190 | Size = 655360 bytes | Modified Date = 26/02/2008 04:08:14 | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.26 | Size = 194240 bytes | Modified Date = 31/10/2006 11:32:09 | Attr =	]
(avp) Kaspersky Internet Security [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 201992 bytes | Modified Date = 25/04/2008 18:21:30 | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 15:17:08 | Attr =	]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(EhttpSrv) Eset HTTP Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> ESET [Ver = 3.0.669  | Size = 19200 bytes | Modified Date = 01/07/2008 09:08:00 | Attr =	]
(ekrn) Eset Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\ekrn.exe -> ESET [Ver = 3.0.669  | Size = 468224 bytes | Modified Date = 01/07/2008 09:02:28 | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 07/12/2007 15:18:23 | Attr =	]
(GoogleDesktopManager-022208-143751) Google Desktop Manager 5.7.802.22438 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.802.22438 | Size = 29744 bytes | Modified Date = 25/03/2008 10:55:21 | Attr =	]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 31/07/2008 10:05:46 | Attr =	]
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.5.0.1017 | Size = 355096 bytes | Modified Date = 21/03/2007 14:00:04 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 01:41:10 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 532264 bytes | Modified Date = 10/07/2008 10:51:22 | Attr =	]
(KService) KService [Win32_Own | Auto | Running] -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.12.707.160 | Size = 3072184 bytes | Modified Date = 27/02/2008 17:56:54 | Attr =	]
(LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Logishrd\Bluetooth\LBTServ.exe -> Logitech, Inc. [Ver = 4.24.99 | Size = 121360 bytes | Modified Date = 15/11/2007 11:09:42 | Attr =	]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.26 | Size = 2541248 bytes | Modified Date = 31/10/2006 11:32:09 | Attr =	]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 20/09/2007 10:51:46 | Attr =	]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.1.0.0 | Size = 382248 bytes | Modified Date = 20/09/2007 16:35:38 | Attr =	]
(Norton Save and Restore) Norton Save and Restore [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Save and Restore\Agent\VProSvc.exe -> Symantec Corporation [Ver = 2.0.4.23034 | Size = 3372384 bytes | Modified Date = 05/10/2007 13:33:10 | Attr =	]
(O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %SystemRoot%\System32\oodag.exe -> O&O Software GmbH [Ver = 10.0.1634 | Size = 1050120 bytes | Modified Date = 11/05/2007 03:09:48 | Attr =	]
(SandraDataSrv) SiSoftware Database Agent Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe -> SiSoftware [Ver = 12.34.2008.1 | Size = 184504 bytes | Modified Date = 11/09/2007 18:10:18 | Attr =	]
(SandraTheSrv) SiSoftware Sandra Agent Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe -> SiSoftware [Ver = 12.34.2008.1 | Size = 1265856 bytes | Modified Date = 11/09/2007 18:10:08 | Attr =	]
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 13/06/2008 15:29:14 | Attr =	]
(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 6.0.0.14 | Size = 1073544 bytes | Modified Date = 03/07/2008 18:07:18 | Attr =	]
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 19:56:30 | Attr =	]
(stllssvr) stllssvr [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(VundoFixSvc) VundoFix Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Modified Date = 11/03/2008 15:31:15 | Attr =	]
(wampapache) wampapache [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\wamp\bin\apache\apache2.2.6\bin\httpd.exe -> Apache Software Foundation [Ver = 2.2.6 | Size = 24635 bytes | Modified Date = 05/09/2007 09:59:02 | Attr =	]
(wampmysqld) wampmysqld [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe ->  [Ver =  | Size = 5730304 bytes | Modified Date = 06/07/2007 14:14:02 | Attr =	]
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 22:16:38 | Attr =	]
ba8539ed -> %SystemRoot%\system32\jbwmcind.DLL [rundll32.exe "C:\Windows\system32\jbwmcind.dll",b] -> File not found
BMb9b60a71 -> %SystemRoot%\system32\tdugpwne.DLL [Rundll32.exe "C:\Windows\system32\tdugpwne.dll",s] -> File not found
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 09/10/2007 19:56:24 | Attr =	]
egui -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> ESET [Ver = 3.0.669  | Size = 1447168 bytes | Modified Date = 01/07/2008 09:01:04 | Attr =	]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.7.802.22438 | Size = 29744 bytes | Modified Date = 25/03/2008 10:55:21 | Attr =	]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe ["C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"] -> Intel Corporation [Ver = 7.5.0.1017 | Size = 174872 bytes | Modified Date = 21/03/2007 14:00:00 | Attr =	]
ImgTask -> %SystemRoot%\Imgtask.exe [C:\Windows\Imgtask.exe] ->  [Ver =  | Size = 20480 bytes | Modified Date = 13/12/2006 04:26:42 | Attr = R  ]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> PC Tools [Ver = 6.0.0.10 | Size = 1166216 bytes | Modified Date = 16/07/2008 09:16:20 | Attr =	]
Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech, Inc. [Ver = 4.24.28 | Size = 55824 bytes | Modified Date = 21/09/2007 04:10:12 | Attr =	]
OLP-Tray -> %ProgramFiles%\Royal Mail\SmartStamp\BINARY\STRAY.EXE [C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE] ->  [Ver = 1, 3, 0, 0 | Size = 40960 bytes | Modified Date = 17/07/2006 16:45:26 | Attr =	]
QuickTime Task -> %ProgramFiles%\VistaCodecPack\QT\QTTask.exe ["C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 27/05/2008 10:50:30 | Attr =	]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1, 0, 0, 57 | Size = 4452352 bytes | Modified Date = 23/07/2007 07:27:00 | Attr =	]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] -> Advanced Micro Devices, Inc. [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 21/01/2008 13:17:18 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 04:27:04 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BitComet -> %ProgramFiles%\BitComet\BitComet.exe ["C:\Program Files\BitComet\BitComet.exe" /tray] -> www.BitComet.com [Ver = 0.99 | Size = 2194744 bytes | Modified Date = 01/02/2008 08:20:14 | Attr =	]
Uniblue SpeedUpMyPC ->  [] -> File not found
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.7.802.22438 | Size = 112128 bytes | Modified Date = 25/03/2008 10:56:21 | Attr =	]
C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll -> Kaspersky Lab [Ver = 8.0.0.370 | Size = 83208 bytes | Modified Date = 21/07/2008 17:30:52 | Attr =	]
C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 83208 bytes | Modified Date = 25/04/2008 18:21:50 | Attr =	]
C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 11016 bytes | Modified Date = 25/04/2008 18:22:22 | Attr =	]
*MultiFile Done* -> -> 
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\stardock\MCPCore.dll [0aMCPClient] -> Stardock [Ver = 0, 0, 5, 4 | Size = 86016 bytes | Modified Date = 10/05/2005 14:31:20 | Attr =	]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{00212521-4FEF-4AD3-B3AA-E05CDA254123} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2923520 bytes | Modified Date = 05/12/2007 12:16:39 | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 24576 bytes | Modified Date = 02/11/2006 10:45:50 | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 11315712 bytes | Modified Date = 24/04/2008 05:51:39 | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 238080 bytes | Modified Date = 02/11/2006 10:44:42 | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
klogon -> %SystemRoot%\System32\klogon.dll -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 206088 bytes | Modified Date = 25/04/2008 18:22:24 | Attr =	]
MCPClient -> %CommonProgramFiles%\stardock\MCPStub.dll -> Stardock [Ver = 0, 0, 5, 2 | Size = 49152 bytes | Modified Date = 31/01/2005 16:13:38 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
TORiSAN CD-ROM CDR_C36 ->  -> File not found
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 67072 bytes | Modified Date = 02/11/2006 09:51:44 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDRWDVD_TS-H493B_______________D200____\4&d08c4fc&0&0.1.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomPBDS_DVD+-RW_DH-16W1S___________________2D14____\4&d08c4fc&0&0.2.0 -> 
< Drives - Autoruns > ->  -> 
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] ->  [Ver =  | Size = 24 bytes | Modified Date = 18/09/2006 22:43:36 | Attr =	]
autorun.inf [[autorun] | open=Windows\Setup.exe | icon=Windows\Setup.exe | ] -> G:\autorun.inf [ CDFS ] ->  [Ver =  | Size = 59 bytes | Modified Date = 03/11/2006 22:23:00 | Attr = R  ]
< HOSTS File > (228342 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> 
::1			 localhost -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=6071203 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=6071203 -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=6071203 -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5660 domain(s) found. -> 
47 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{0457F452-2C2E-4EFF-A478-95D4B1F36E83} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\xxyVOFwX.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr =	]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.336 | Size = 296312 bytes | Modified Date = 05/12/2007 17:51:30 | Attr =	]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.1.2.dll [BitComet Helper] -> BitComet [Ver = 20080116 | Size = 496952 bytes | Modified Date = 25/01/2008 11:06:28 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value  does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 04:27:02 | Attr =	]
{95ca9223-bcbe-4ef7-aaf0-4aeaef8ec362} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.] -> File not found
{9BD9E4A4-0DE0-4417-8CBE-B3094F15EB66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ljjhifed.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 31/07/2008 10:05:48 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10/06/2008 04:27:02 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 04:27:02 | Attr =	]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 222472 bytes | Modified Date = 25/04/2008 18:22:54 | Attr =	]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 145 | Size = 1372160 bytes | Modified Date = 16/11/2007 13:36:48 | Attr =	]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 09/01/2008 16:01:48 | Attr =	]
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [BitComet] -> File not found
{E19ADC6E-3909-43E4-9A89-B7B676377EE3}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sothink SWF Catcher] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.99 | Size = 2194744 bytes | Modified Date = 01/02/2008 08:20:14 | Attr =	]
&D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.99 | Size = 2194744 bytes | Modified Date = 01/02/2008 08:20:14 | Attr =	]
&D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.99 | Size = 2194744 bytes | Modified Date = 01/02/2008 08:20:14 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{04FEE054-28AE-4DE7-AC02-96FC63DE99DB} ->	(Microsoft Windows Mobile Remote Adapter) -> 
{10783CFB-42B6-4E9A-A1D9-F0EE9A55AB2A} ->	(Microsoft Windows Mobile Remote Adapter) -> 
{23D5DAE8-C490-41AD-9E5F-90550FA1C782} ->	(Microsoft Windows Mobile Remote Adapter) -> 
{4E65AD3E-A81A-43ED-8B46-0FE44BFDFA94} ->	(Microsoft Windows Mobile Remote Adapter) -> 
{561E13B4-3854-42D1-BE67-93B5FE10A986} ->	(Microsoft Windows Mobile Remote Adapter) -> 
{E20BA690-2364-48C0-AAB5-9C31D30039AC} ->	(Broadcom 802.11g Network Adapter) -> 
{E6E9FB81-E56D-4FD3-BCE3-760B620AD50D} ->	(Intel(R) 82562V-2 10/100 Network Connection) -> 
{EB2F2B79-E8EB-46DF-B7A9-E6B0BAB23A86} ->	(Remote NDIS based Internet Sharing Device) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24/07/2007 15:17:08 | Attr =	]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
ldap -> 4 = Restricted sites (Not a Default Protocol) -> 
news -> 4 = Restricted sites (Not a Default Protocol) -> 
nntp -> 4 = Restricted sites (Not a Default Protocol) -> 
oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 
snews -> 4 = Restricted sites (Not a Default Protocol) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 16/11/2007 13:36:48 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{E8F628B5-259A-4734-97EE-BA914D7BE941}[HKEY_LOCAL_MACHINE] -> http://plugin.driveragent.com/files/driveragent.cab[Driver Agent ActiveX Control] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/bdoscandel.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/bdoscandel.exe\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/bdoscandel.exe\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/bdoscandellang.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/bdoscandellang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/bdoscandellang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/bdcore.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/bdcore.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/bdcore.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/bdupd.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/bdupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/bdupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/driveragent.inf\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/driveragent.inf\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/driveragent.inf\\{E8F628B5-259A-4734-97EE-BA914D7BE941} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/driveragent.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/driveragent.ocx\\.Owner -> {E8F628B5-259A-4734-97EE-BA914D7BE941} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/driveragent.ocx\\{E8F628B5-259A-4734-97EE-BA914D7BE941} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ipsupd.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ipsupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ipsupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/lang.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/lang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/lang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libfn.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libfn.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libfn.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/live.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/live.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/live.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/oscan82.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/oscan82.ocx\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/oscan82.ocx\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/scanoptions.tsi\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/scanoptions.tsi\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/scanoptions.tsi\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 



[Files/Folders - Created Within 30 days]
CNNANT2009 -> %SystemDrive%\CNNANT2009 ->  [Folder | Created Date = 28/07/2008 16:43:49 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 07/08/2008 10:18:02 | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 29/07/2008 09:23:15 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 07/08/2008 11:40:46 | Attr =	]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 696352 bytes | Created Date = 21/07/2008 10:01:47 | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 3460 bytes | Created Date = 21/07/2008 10:01:47 | Attr =  HS]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1042 built by: WinDDK | Size = 42376 bytes | Created Date = 22/07/2008 14:15:51 | Attr =	]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 22/07/2008 14:15:51 | Attr =	]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1033 | Size = 81288 bytes | Created Date = 22/07/2008 14:15:51 | Attr =	]
kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 22/07/2008 14:15:51 | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 30/07/2008 09:27:36 | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 30/07/2008 09:27:35 | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 22/07/2008 10:11:25 | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 22/07/2008 10:11:25 | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 22/07/2008 10:11:25 | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 29/07/2008 09:24:20 | Attr =	]
Imgtask.exe -> %SystemRoot%\Imgtask.exe ->  [Ver =  | Size = 20480 bytes | Created Date = 31/07/2008 16:05:22 | Attr = R  ]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 22/07/2008 10:30:08 | Attr =	]
SQL9_KB948109_ENU -> %SystemRoot%\SQL9_KB948109_ENU ->  [Folder | Created Date = 10/07/2008 03:01:07 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Apple -> %AllUsersProfile%\Apple ->  [Folder | Created Date = 21/07/2008 15:31:31 | Attr =	]
Google Updater -> %AllUsersProfile%\Google Updater ->  [Folder | Created Date = 31/07/2008 10:05:47 | Attr =	]
Malwarebytes -> %AllUsersProfile%\Malwarebytes ->  [Folder | Created Date = 30/07/2008 09:27:34 | Attr =	]
Prevx -> %AllUsersProfile%\Prevx ->  [Folder | Created Date = 22/07/2008 14:09:36 | Attr =	]
Apple Computer -> %AppData%\Apple Computer ->  [Folder | Created Date = 21/07/2008 15:35:28 | Attr =	]
GPS Utility -> %AppData%\GPS Utility ->  [Folder | Created Date = 23/07/2008 15:43:31 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 30/07/2008 09:27:37 | Attr =	]
PC Tools -> %AppData%\PC Tools ->  [Folder | Created Date = 22/07/2008 14:15:47 | Attr =	]
Uniblue -> %AppData%\Uniblue ->  [Folder | Created Date = 29/07/2008 10:42:42 | Attr =	]
Adobe -> %UserProfile%\AppData\Local\Adobe ->  [Folder | Created Date = 07/08/2008 10:01:02 | Attr =	]
Downloaded Installations -> %UserProfile%\AppData\Local\Downloaded Installations ->  [Folder | Created Date = 04/08/2008 12:29:25 | Attr =	]
mortgage.xps -> %UserProfile%\Documents\mortgage.xps ->  [Ver =  | Size = 299982 bytes | Created Date = 05/08/2008 16:39:52 | Attr =	]
My GPSU -> %UserProfile%\Documents\My GPSU ->  [Folder | Created Date = 23/07/2008 15:21:56 | Attr =	]
toothbrush -> %UserProfile%\Documents\toothbrush ->  [Folder | Created Date = 01/08/2008 13:11:12 | Attr =	]
Top 1000 POI's -> %UserProfile%\Documents\Top 1000 POI's ->  [Folder | Created Date = 21/07/2008 11:14:56 | Attr =	]
MapInstall.lnk -> %SystemDrive%\Users\Public\Desktop\MapInstall.lnk ->  [Ver =  | Size = 1642 bytes | Created Date = 28/07/2008 16:45:39 | Attr =	]
080108.mp3 -> %UserProfile%\Desktop\080108.mp3 ->  [Ver =  | Size = 54604923 bytes | Created Date = 04/08/2008 16:15:43 | Attr =	]
avenger.exe -> %UserProfile%\Desktop\avenger.exe ->  [Ver =  | Size = 731136 bytes | Created Date = 07/08/2008 11:21:06 | Attr =	]
Google Earth.lnk -> %UserProfile%\Desktop\Google Earth.lnk ->  [Ver =  | Size = 1994 bytes | Created Date = 23/07/2008 10:37:54 | Attr =	]
GPI Creator.lnk -> %UserProfile%\Desktop\GPI Creator.lnk ->  [Ver =  | Size = 1991 bytes | Created Date = 01/08/2008 11:43:41 | Attr =	]
GPI Viewer.lnk -> %UserProfile%\Desktop\GPI Viewer.lnk ->  [Ver =  | Size = 1976 bytes | Created Date = 01/08/2008 11:43:50 | Attr =	]
gpsbabel -> %UserProfile%\Desktop\gpsbabel ->  [Folder | Created Date = 23/07/2008 15:22:04 | Attr =	]
GPSBabelGUI.exe - Shortcut.lnk -> %UserProfile%\Desktop\GPSBabelGUI.exe - Shortcut.lnk ->  [Ver =  | Size = 573 bytes | Created Date = 04/08/2008 15:34:54 | Attr =	]
MapSource.lnk -> %UserProfile%\Desktop\MapSource.lnk ->  [Ver =  | Size = 1693 bytes | Created Date = 22/07/2008 17:18:10 | Attr =	]
MM -> %UserProfile%\Desktop\MM ->  [Folder | Created Date = 23/07/2008 11:41:50 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 06/08/2008 12:11:54 | Attr =	]
Removable Disk (Q) - Shortcut.lnk -> %UserProfile%\Desktop\Removable Disk (Q) - Shortcut.lnk ->  [Ver =  | Size = 179 bytes | Created Date = 21/07/2008 17:06:50 | Attr =	]
Tutorial -> %UserProfile%\Desktop\Tutorial ->  [Folder | Created Date = 04/08/2008 09:42:25 | Attr =	]
Apple -> %CommonProgramFiles%\Apple ->  [Folder | Created Date = 21/07/2008 15:31:31 | Attr =	]
Apple Software Update -> %ProgramFiles%\Apple Software Update ->  [Folder | Created Date = 21/07/2008 15:32:09 | Attr =	]
EasyGPS -> %ProgramFiles%\EasyGPS ->  [Folder | Created Date = 04/08/2008 12:30:04 | Attr =	]
Garmin1 -> %ProgramFiles%\Garmin1 ->  [Folder | Created Date = 28/07/2008 16:31:03 | Attr =	]
GPS Utility -> %ProgramFiles%\GPS Utility ->  [Folder | Created Date = 23/07/2008 15:21:55 | Attr =	]
iPod -> %ProgramFiles%\iPod ->  [Folder | Created Date = 21/07/2008 15:34:24 | Attr =	]
iTunes -> %ProgramFiles%\iTunes ->  [Folder | Created Date = 21/07/2008 15:34:22 | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 30/07/2008 09:27:34 | Attr =	]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor ->  [Folder | Created Date = 22/07/2008 14:15:47 | Attr =	]
SpywareBlaster -> %ProgramFiles%\SpywareBlaster ->  [Folder | Created Date = 22/07/2008 14:13:39 | Attr =	]
TrackMaker -> %ProgramFiles%\TrackMaker ->  [Folder | Created Date = 04/08/2008 12:29:43 | Attr =	]
Uniblue -> %ProgramFiles%\Uniblue ->  [Folder | Created Date = 29/07/2008 10:42:10 | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 07/08/2008 11:27:52 | Attr =	]
CNNANT2009 -> %SystemDrive%\CNNANT2009 ->  [Folder | Modified Date = 28/07/2008 16:45:38 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 07/08/2008 11:27:20 | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 29/07/2008 09:23:15 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 07/08/2008 11:40:46 | Attr =	]
Garmin -> %SystemDrive%\Garmin ->  [Folder | Modified Date = 28/07/2008 16:45:19 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 3219292160 bytes | Modified Date = 07/08/2008 11:47:33 | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 04/08/2008 12:30:04 | Attr = R  ]
ProgramData -> %AllUsersProfile% ->  [Folder | Modified Date = 07/08/2008 11:27:11 | Attr =  H ]
RoadTour Office Space -> %SystemDrive%\RoadTour Office Space ->  [Folder | Modified Date = 04/08/2008 17:23:38 | Attr =	]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 19/07/2008 03:07:53 | Attr =  H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 21/07/2008 09:05:51 | Attr =  H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 05/08/2008 10:01:44 | Attr =  H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 19/07/2008 03:07:53 | Attr =  H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 21/07/2008 09:05:51 | Attr =  H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 05/08/2008 10:01:44 | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 07/08/2008 14:03:54 | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 24/07/2008 08:56:29 | Attr =	]
walkitalki -> %SystemDrive%\walkitalki ->  [Folder | Modified Date = 30/07/2008 09:26:25 | Attr =	]
Windows -> %SystemRoot% ->  [Folder | Modified Date = 31/07/2008 16:05:22 | Attr =	]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 354893088 bytes | Modified Date = 07/08/2008 11:30:59 | Attr =	]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 4743236 bytes | Modified Date = 07/08/2008 11:30:59 | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 696352 bytes | Modified Date = 07/08/2008 11:30:59 | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 3460 bytes | Modified Date = 07/08/2008 11:30:59 | Attr =  HS]
klick.dat -> %SystemRoot%\System32\drivers\klick.dat ->  [Ver =  | Size = 88774 bytes | Modified Date = 21/07/2008 17:30:51 | Attr =	]
klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 8.0.0.190 | Size = 190992 bytes | Modified Date = 21/07/2008 17:30:52 | Attr =	]
klin.dat -> %SystemRoot%\System32\drivers\klin.dat ->  [Ver =  | Size = 96966 bytes | Modified Date = 21/07/2008 17:30:51 | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 23/07/2008 20:09:38 | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 23/07/2008 20:09:44 | Attr =	]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3584 bytes | Modified Date = 07/08/2008 14:48:15 | Attr =  H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3584 bytes | Modified Date = 07/08/2008 14:48:15 | Attr =  H ]
BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll ->  [Ver =  | Size = 9728 bytes | Modified Date = 29/07/2008 10:42:28 | Attr =	]
catroot -> %SystemRoot%\System32\catroot ->  [Folder | Modified Date = 22/07/2008 08:51:45 | Attr =	]
catroot2 -> %SystemRoot%\System32\catroot2 ->  [Folder | Modified Date = 03/08/2008 00:00:07 | Attr =	]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 07/08/2008 11:27:11 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1710432 bytes | Modified Date = 28/07/2008 09:23:17 | Attr =	]
oodag -> %SystemRoot%\System32\oodag ->  [Folder | Modified Date = 24/07/2008 17:12:32 | Attr =	]
oodbs.lor -> %SystemRoot%\System32\oodbs.lor ->  [Ver =  | Size = 169841 bytes | Modified Date = 07/08/2008 11:47:29 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 130178 bytes | Modified Date = 07/08/2008 11:21:01 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 680846 bytes | Modified Date = 07/08/2008 11:21:01 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 799124 bytes | Modified Date = 07/08/2008 11:21:01 | Attr =	]
Tasks -> %SystemRoot%\System32\Tasks ->  [Folder | Modified Date = 28/07/2008 16:31:11 | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 21/07/2008 09:02:29 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 67584 bytes | Modified Date = 07/08/2008 11:48:08 | Attr =   S]
bthservsdp.dat -> %SystemRoot%\bthservsdp.dat ->  [Ver =  | Size = 12 bytes | Modified Date = 07/08/2008 11:30:39 | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 29/07/2008 10:41:34 | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 07/08/2008 11:43:45 | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 29/07/2008 09:24:20 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 07/08/2008 11:21:00 | Attr =	]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 07/08/2008 10:18:47 | Attr =  HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 07/08/2008 10:30:57 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 07/08/2008 14:55:26 | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 22/07/2008 10:30:09 | Attr =	]
SQL9_KB948109_ENU -> %SystemRoot%\SQL9_KB948109_ENU ->  [Folder | Modified Date = 10/07/2008 03:01:10 | Attr =	]
System32 -> %SystemRoot%\System32 ->  [Folder | Modified Date = 07/08/2008 11:27:11 | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 07/08/2008 14:59:16 | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 10/07/2008 03:13:01 | Attr = RH ]
winsxs -> %SystemRoot%\winsxs ->  [Folder | Modified Date = 19/07/2008 03:02:27 | Attr =	]
WORDPAD.INI -> %SystemRoot%\WORDPAD.INI ->  [Ver =  | Size = 510 bytes | Modified Date = 04/08/2008 12:32:34 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 07/08/2008 11:48:14 | Attr =  H ]
User_Feed_Synchronization-{501D03E3-5406-4340-A37C-D2F94C24A038}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{501D03E3-5406-4340-A37C-D2F94C24A038}.job ->  [Ver =  | Size = 416 bytes | Modified Date = 07/08/2008 05:28:10 | Attr =  H ]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys ->  [Folder | Modified Date = 07/08/2008 11:55:16 | Attr =	]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat ->  [Ver =  | Size = 8 bytes | Modified Date = 03/12/2007 22:13:57 | Attr =	]
C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader ->  [Folder | Modified Date = 02/11/2006 14:04:24 | Attr =	]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 07/08/2008 11:41:13 | Attr =	]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5710 bytes | Modified Date = 07/08/2008 11:41:13 | Attr =	]
C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 05/12/2007 14:37:21 | Attr =	]
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8418 bytes | Modified Date = 05/12/2007 14:37:21 | Attr =	]
C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData ->  [Folder | Modified Date = 06/12/2007 01:19:56 | Attr =	]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT ->  [Ver =  | Size = 75348 bytes | Modified Date = 07/08/2008 00:15:59 | Attr =	]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 07/08/2008 00:15:59 | Attr =	]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 07/08/2008 00:15:59 | Attr =	]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT ->  [Ver =  | Size = 5904 bytes | Modified Date = 07/08/2008 00:15:59 | Attr =	]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT ->  [Ver =  | Size = 9660 bytes | Modified Date = 07/08/2008 00:15:59 | Attr =	]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT ->  [Ver =  | Size = 4098404 bytes | Modified Date = 07/08/2008 00:15:59 | Attr =	]
C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures ->  [Folder | Modified Date = 05/03/2008 17:26:50 | Attr =	]
Alex.dat -> C:\ProgramData\Microsoft\User Account Pictures\Alex.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 05/12/2007 12:08:49 | Attr =	]
Daniel Taylor.dat -> C:\ProgramData\Microsoft\User Account Pictures\Daniel Taylor.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 01/02/2008 12:44:35 | Attr =	]
Gemma.dat -> C:\ProgramData\Microsoft\User Account Pictures\Gemma.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 15/02/2008 18:14:53 | Attr =	]
roadtour.dat -> C:\ProgramData\Microsoft\User Account Pictures\roadtour.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 16/01/2008 10:07:18 | Attr =	]
Samsung.dat -> C:\ProgramData\Microsoft\User Account Pictures\Samsung.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 05/03/2008 17:26:50 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\ -> C:\Users\Alex\AppData\Local\Temp ->  [Folder | Modified Date = 07/08/2008 14:53:48 | Attr =	]
fsgk32.exe -> C:\Users\Alex\AppData\Local\Temp\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fssm32.exe -> C:\Users\Alex\AppData\Local\Temp\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
11 C:\Users\Alex\AppData\Local\Temp\*.tmp files -> C:\Users\Alex\AppData\Local\Temp\*.tmp -> 
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 07/08/2008 11:43:49 | Attr =	]
fsgk32.exe -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fssm32.exe -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fsgk32.exe -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fssm32.exe -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\ -> C:\Users\Alex\AppData\Local\Temp ->  [Folder | Modified Date = 07/08/2008 14:53:48 | Attr =	]
daas_s.dll -> C:\Users\Alex\AppData\Local\Temp\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 07/08/2008 11:43:47 | Attr =	]
fm4av.dll -> C:\Users\Alex\AppData\Local\Temp\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
11 C:\Users\Alex\AppData\Local\Temp\*.tmp files -> C:\Users\Alex\AppData\Local\Temp\*.tmp -> 
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 07/08/2008 11:43:49 | Attr =	]
AVPFPI0.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
avpproxy.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
daas_s.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 27/02/2008 15:59:28 | Attr =	]
fm4av.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fpinor.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fsbl.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fsblu.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 07/08/2008 11:43:00 | Attr =	]
fsecr32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsgkiapi.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fsmart.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 07/08/2008 11:43:07 | Attr =	]
fspe32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fssubmit.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 07/08/2008 11:43:03 | Attr =	]
fsup32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupcx32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupfg32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupmw32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupnp32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupux32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupwu32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsusscr.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14271 | Size = 888832 bytes | Modified Date = 07/08/2008 11:43:07 | Attr =	]
Nse_w32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 07/08/2008 11:43:02 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 07/08/2008 11:43:10 | Attr =	]
AVPFPI0.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
avpproxy.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fm4av.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fpinor.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fsbl.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
fsgkiapi.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsecr32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fspe32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsup32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupcx32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupfg32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupmw32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupnp32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupux32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupwu32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 07/08/2008 11:43:07 | Attr =	]
fsmart.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 07/08/2008 11:43:07 | Attr =	]
fsusscr.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14271 | Size = 888832 bytes | Modified Date = 07/08/2008 11:43:07 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 07/08/2008 11:43:02 | Attr =	]
Nse_w32.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 07/08/2008 11:43:02 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 07/08/2008 11:43:03 | Attr =	]
fssubmit.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 07/08/2008 11:43:03 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 07/08/2008 11:43:00 | Attr =	]
fsblu.dll -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 07/08/2008 11:43:00 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 07/08/2008 11:43:49 | Attr =	]
ext.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 07/08/2008 11:42:59 | Attr =	]
fsedb.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 1104674 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupdllb.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupplgn.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsuptmpl.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
perf.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 07/08/2008 11:43:49 | Attr =	]
sae.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 07/08/2008 11:42:59 | Attr =	]
sai.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 07/08/2008 11:42:59 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 07/08/2008 11:42:59 | Attr =	]
ext.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 07/08/2008 11:42:59 | Attr =	]
sae.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 07/08/2008 11:42:59 | Attr =	]
sai.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 07/08/2008 11:42:59 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsedb.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 1104674 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupdllb.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsupplgn.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
fsuptmpl.dat -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 07/08/2008 11:43:49 | Attr =	]
FS@av.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 07/08/2008 11:42:59 | Attr =	]
FS@avpe.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 07/08/2008 11:42:57 | Attr =	]
FS@bleng.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 07/08/2008 11:43:00 | Attr =	]
FS@corp.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
FS@hydra.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
FS@mlc.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 07/08/2008 11:43:07 | Attr =	]
FS@ols.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 07/08/2008 11:43:03 | Attr =	]
FS@peg.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 07/08/2008 11:43:02 | Attr =	]
verdicts.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 07/08/2008 11:42:58 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 07/08/2008 11:42:59 | Attr =	]
FS@av.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 07/08/2008 11:42:59 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avpe\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 07/08/2008 11:42:58 | Attr =	]
FS@avpe.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 07/08/2008 11:42:57 | Attr =	]
verdicts.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 07/08/2008 11:42:58 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 07/08/2008 11:43:10 | Attr =	]
FS@corp.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 07/08/2008 11:43:10 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 07/08/2008 11:43:06 | Attr =	]
FS@hydra.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 07/08/2008 11:43:06 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 07/08/2008 11:43:07 | Attr =	]
FS@mlc.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 07/08/2008 11:43:07 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 07/08/2008 11:43:02 | Attr =	]
FS@peg.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 07/08/2008 11:43:02 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 07/08/2008 11:43:03 | Attr =	]
FS@ols.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 07/08/2008 11:43:03 | Attr =	]
C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 07/08/2008 11:43:00 | Attr =	]
FS@bleng.ini -> C:\Users\Alex\AppData\Local\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 07/08/2008 11:43:00 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Adobe ->  [Folder | Modified Date = 07/08/2008 10:18:26 | Attr =	]
Apple -> %AllUsersProfile%\Apple ->  [Folder | Modified Date = 21/07/2008 15:31:31 | Attr =	]
Apple Computer -> %AllUsersProfile%\Apple Computer ->  [Folder | Modified Date = 21/07/2008 15:34:22 | Attr =	]
Google Updater -> %AllUsersProfile%\Google Updater ->  [Folder | Modified Date = 06/08/2008 17:06:40 | Attr =	]
Kaspersky Lab -> %AllUsersProfile%\Kaspersky Lab ->  [Folder | Modified Date = 29/07/2008 10:57:00 | Attr =	]
Kaspersky Lab Setup Files -> %AllUsersProfile%\Kaspersky Lab Setup Files ->  [Folder | Modified Date = 21/07/2008 09:16:56 | Attr =	]
Kontiki -> %AllUsersProfile%\Kontiki ->  [Folder | Modified Date = 07/08/2008 14:59:16 | Attr =	]
Malwarebytes -> %AllUsersProfile%\Malwarebytes ->  [Folder | Modified Date = 30/07/2008 09:27:34 | Attr =	]
Microsoft Help -> %AllUsersProfile%\Microsoft Help ->  [Folder | Modified Date = 25/07/2008 12:51:22 | Attr =	]
Prevx -> %AllUsersProfile%\Prevx ->  [Folder | Modified Date = 22/07/2008 14:09:36 | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy ->  [Folder | Modified Date = 23/07/2008 17:31:15 | Attr =	]
TEMP -> %AllUsersProfile%\TEMP ->  [Folder | Modified Date = 07/08/2008 11:53:43 | Attr =	]
@Alternate Data Stream - 107 bytes -> %AllUsersProfile%\TEMP:B804E799
@Alternate Data Stream - 105 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 05/08/2008 14:39:31 | Attr =	]
Apple Computer -> %AppData%\Apple Computer ->  [Folder | Modified Date = 21/07/2008 15:35:28 | Attr =	]
BitTorrent -> %AppData%\BitTorrent ->  [Folder | Modified Date = 29/07/2008 10:56:40 | Attr =	]
DNA -> %AppData%\DNA ->  [Folder | Modified Date = 29/07/2008 10:56:40 | Attr =	]
GPS Utility -> %AppData%\GPS Utility ->  [Folder | Modified Date = 23/07/2008 15:43:31 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 30/07/2008 09:27:37 | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 25/07/2008 15:33:19 | Attr =   S]
PC Tools -> %AppData%\PC Tools ->  [Folder | Modified Date = 22/07/2008 14:15:47 | Attr =	]
Skype -> %AppData%\Skype ->  [Folder | Modified Date = 28/07/2008 14:43:30 | Attr =	]
skypePM -> %AppData%\skypePM ->  [Folder | Modified Date = 28/07/2008 09:43:36 | Attr =	]
Uniblue -> %AppData%\Uniblue ->  [Folder | Modified Date = 29/07/2008 10:42:42 | Attr =	]
Adobe -> %UserProfile%\AppData\Local\Adobe ->  [Folder | Modified Date = 07/08/2008 10:01:09 | Attr =	]
ApplicationHistory -> %UserProfile%\AppData\Local\ApplicationHistory ->  [Folder | Modified Date = 22/07/2008 10:25:52 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 80896 bytes | Modified Date = 07/08/2008 10:30:56 | Attr =	]
Downloaded Installations -> %UserProfile%\AppData\Local\Downloaded Installations ->  [Folder | Modified Date = 04/08/2008 12:29:25 | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 100664 bytes | Modified Date = 28/07/2008 09:25:20 | Attr =	]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db ->  [Ver =  | Size = 4305691 bytes | Modified Date = 07/08/2008 11:30:33 | Attr =  H ]
Temp -> %UserProfile%\AppData\Local\Temp ->  [Folder | Modified Date = 07/08/2008 14:53:48 | Attr =	]
TopoGrafix -> %UserProfile%\AppData\Local\TopoGrafix ->  [Folder | Modified Date = 04/08/2008 12:30:09 | Attr =	]
desktop.ini -> %SystemDrive%\Users\Public\Documents\desktop.ini ->  [Ver =  | Size = 280 bytes | Modified Date = 10/07/2008 03:13:01 | Attr =  HS]
1st Mass Mailer -> %UserProfile%\Documents\1st Mass Mailer ->  [Folder | Modified Date = 28/07/2008 16:20:22 | Attr =	]
amazon -> %UserProfile%\Documents\amazon ->  [Folder | Modified Date = 25/07/2008 11:09:22 | Attr =	]
data -> %UserProfile%\Documents\data ->  [Folder | Modified Date = 24/07/2008 15:00:01 | Attr =	]
Hardens London -> %UserProfile%\Documents\Hardens London ->  [Folder | Modified Date = 29/07/2008 10:56:43 | Attr =	]
Installers -> %UserProfile%\Documents\Installers ->  [Folder | Modified Date = 25/07/2008 16:08:53 | Attr =	]
mortgage.xps -> %UserProfile%\Documents\mortgage.xps ->  [Ver =  | Size = 299982 bytes | Modified Date = 05/08/2008 16:39:53 | Attr =	]
My GPSU -> %UserProfile%\Documents\My GPSU ->  [Folder | Modified Date = 23/07/2008 15:43:32 | Attr =	]
My Sharing Folders.lnk -> %UserProfile%\Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 516 bytes | Modified Date = 07/08/2008 11:54:44 | Attr =	]
toothbrush -> %UserProfile%\Documents\toothbrush ->  [Folder | Modified Date = 07/08/2008 11:02:42 | Attr =	]
Top 1000 POI's -> %UserProfile%\Documents\Top 1000 POI's ->  [Folder | Modified Date = 21/07/2008 11:15:07 | Attr =	]
wedding -> %UserProfile%\Documents\wedding ->  [Folder | Modified Date = 28/07/2008 13:04:25 | Attr =	]
desktop.ini -> %SystemDrive%\Users\Public\Desktop\desktop.ini ->  [Ver =  | Size = 174 bytes | Modified Date = 10/07/2008 03:13:01 | Attr =  HS]
MapInstall.lnk -> %SystemDrive%\Users\Public\Desktop\MapInstall.lnk ->  [Ver =  | Size = 1642 bytes | Modified Date = 28/07/2008 16:45:39 | Attr =	]
080108.mp3 -> %UserProfile%\Desktop\080108.mp3 ->  [Ver =  | Size = 54604923 bytes | Modified Date = 04/08/2008 14:21:56 | Attr =	]
ALL GPI Files -> %UserProfile%\Desktop\ALL GPI Files ->  [Folder | Modified Date = 30/07/2008 09:24:55 | Attr =	]
apps -> %UserProfile%\Desktop\apps ->  [Folder | Modified Date = 21/07/2008 16:16:42 | Attr =	]
Garmin GPX -> %UserProfile%\Desktop\Garmin GPX ->  [Folder | Modified Date = 01/08/2008 15:22:25 | Attr =	]
GPI Creator.lnk -> %UserProfile%\Desktop\GPI Creator.lnk ->  [Ver =  | Size = 1991 bytes | Modified Date = 01/08/2008 11:43:41 | Attr =	]
GPI Viewer.lnk -> %UserProfile%\Desktop\GPI Viewer.lnk ->  [Ver =  | Size = 1976 bytes | Modified Date = 01/08/2008 11:43:50 | Attr =	]
gpsbabel -> %UserProfile%\Desktop\gpsbabel ->  [Folder | Modified Date = 04/08/2008 15:49:31 | Attr =	]
GPSBabelGUI.exe - Shortcut.lnk -> %UserProfile%\Desktop\GPSBabelGUI.exe - Shortcut.lnk ->  [Ver =  | Size = 573 bytes | Modified Date = 04/08/2008 15:34:54 | Attr =	]
MM -> %UserProfile%\Desktop\MM ->  [Folder | Modified Date = 06/08/2008 14:51:29 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 07/08/2008 11:29:47 | Attr =	]
Removable Disk (Q) - Shortcut.lnk -> %UserProfile%\Desktop\Removable Disk (Q) - Shortcut.lnk ->  [Ver =  | Size = 179 bytes | Modified Date = 21/07/2008 17:06:50 | Attr =	]
Tutorial -> %UserProfile%\Desktop\Tutorial ->  [Folder | Modified Date = 05/08/2008 10:46:12 | Attr =	]
upload -> %UserProfile%\Desktop\upload ->  [Folder | Modified Date = 07/08/2008 14:30:23 | Attr =	]
vito -> %UserProfile%\Desktop\vito ->  [Folder | Modified Date = 22/07/2008 17:14:36 | Attr =	]
desktop.ini -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 174 bytes | Modified Date = 10/07/2008 03:13:01 | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 07/08/2008 10:18:27 | Attr =	]
Apple -> %CommonProgramFiles%\Apple ->  [Folder | Modified Date = 21/07/2008 15:31:31 | Attr =	]

< End of report >

Edited by TheCat, 12 August 2008 - 03:34 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users