Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help registry cannot run executable files


  • This topic is locked This topic is locked
19 replies to this topic

#1 GWE

GWE

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 18 November 2008 - 11:21 PM

The registry on this system was hacked by a virus so that .exe .com .lnk files will not work.

I found some help from Microsoft to get these to work again but I can not get AVG or AdAware to run.

I finally got Malwarebytes to run and was able to remove a bunch of stuff.

The system still has some kind of infection.



Here are the logs from Malwarebytes and HJT


Malwarebytes' Anti-Malware 1.30
Database version: 1410
Windows 5.1.2600 Service Pack 2

11/18/2008 2:14:41 PM
mbam-log-2008-11-18 (14-14-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 216482
Time elapsed: 1 hour(s), 8 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 41
Registry Values Infected: 9
Registry Data Items Infected: 2
Folders Infected: 65
Files Infected: 162

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\pmnkHaxW.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14600ec3-f0f8-456a-980a-d4846c0867bb} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{14600ec3-f0f8-456a-980a-d4846c0867bb} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7f86ee7-1ab7-4276-b0ea-27d6fcf5a043} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c7f86ee7-1ab7-4276-b0ea-27d6fcf5a043} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ab7fb623-7d43-b78d-f302-1523870b0828} (Adware.Rotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab7fb623-7d43-b78d-f302-1523870b0828} (Adware.Rotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d8bda90d-4819-ec62-771d-de19a98efa5e} (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8bda90d-4819-ec62-771d-de19a98efa5e} (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb386f54-8195-aa46-e570-288beba198d1} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{552b1856-1162-e1bb-ec3a-f5adc8f1dd79} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{552b1856-1162-e1bb-ec3a-f5adc8f1dd79} (Adware.BHO) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e4d672f7 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\trzkgltrkq (Adware.Rotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{eccba024-7f53-298d-5255-5c29ad04f82e} (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{67-72-25-58-dw} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnkhaxw -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnkhaxw -> No action taken.

Folders Infected:
C:\Program Files\InetGet2 (Trojan.Downloader) -> No action taken.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Webtools (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\' (Trojan.Agent) -> Files: 28341 -> No action taken.
C:\Program Files\GetPack (Trojan.Agent) -> No action taken.
C:\Program Files\iCheck (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343 (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\images (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343 (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\BrowserSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Configurator (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ErrorSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Games (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Games\images (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Games\images\active (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Games\images\default (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Layouts (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Manager (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Maps (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Movies (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Movies\images (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Movies\images\active (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Movies\images\default (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Reference (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\RelatedSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ScreensaversMarketingSitePager (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ScreensaversMarketingSitePager\images (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Toolbar (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ToolbarLogo (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ToolbarSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\TravelSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Weather (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343 (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\BrowserSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Configurator (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ErrorSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Games (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Games\images (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Games\images\active (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Games\images\default (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Layouts (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Manager (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Maps (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Movies (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Movies\images (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Movies\images\active (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Movies\images\default (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Reference (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\RelatedSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ScreensaversMarketingSitePager (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ScreensaversMarketingSitePager\images (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Toolbar (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ToolbarLogo (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ToolbarSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\TravelSearch (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Weather (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\gadcom (Trojan.Agent) -> No action taken.

Files Infected:
C:\WINDOWS\system32\vfcxnh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pmnkHaxW.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\WxaHknmp.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\WxaHknmp.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ihkkhkvi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ivkhkkhi.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mfggjjqu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\uqjjggfm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wmwiojfa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\afjoiwmw.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yugegknn.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nnkgeguy.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bubmwlmdrxkqwcvb.dll (Adware.Rotator) -> No action taken.
C:\WINDOWS\system32\clmwwjzstbrtdlor.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Webtools\webtools.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\X2D9AU3K\index[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\gadcom\gadcom.exe () -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Twain\Twain.exe (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Sandy Waller\Local Settings\Temp\__69.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Sandy Waller\Local Settings\Temp\__6A.tmp (Adware.SurfAccuracy) -> No action taken.
C:\Documents and Settings\Sandy Waller\Local Settings\Temp\__8B.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Sandy Waller\Local Settings\Temporary Internet Files\Content.IE5\2E5OH58D\kb600179[1] (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1235\A0075876.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1235\A0076901.dll (Trojan.Clicker) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1235\A0076902.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1238\A0079109.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1238\A0079113.dll (Adware.SurfAccuracy) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1238\A0079191.exe (Trojan.DNSChanger) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1238\A0079205.dll (Trojan.Clicker) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1238\A0079206.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\bymtbgxkixhpwrh.dll-uninst.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\nspsredj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wuupyefvvfryzefy.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\bit3\WMSen4LP.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pc\RSE21T16.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\wpd\amitg44.exe (Adware.ZenoSearch) -> No action taken.
C:\WINDOWS\U2FuZHkgV2FsbGVy\asappsrv.dll (Adware.CommAd) -> No action taken.
C:\WINDOWS\U2FuZHkgV2FsbGVy\command.exe (Adware.CommAd) -> No action taken.
C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> No action taken.
C:\Program Files\GetPack\GetPack24.exe (Trojan.Agent) -> No action taken.
C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> No action taken.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\FindIt.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\FindItHot.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\findithotxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\finditxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Highlight.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\HighlightHot.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\highlighthotxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\highlightxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\maps.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\maps_over.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Reference.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\ReferenceHot.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\referencehotxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\referencexp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Weather.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\weatherhotxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\weatherxp.png (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts\error.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts\related.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts\Travel.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\images\walertXP.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Configurator\Configurator.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Configurator\Configurator.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Games\GamesOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Games\GamesOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Games\images\active\Games0.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Layouts\ToolbarLayout.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Manager\ManagerOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Manager\ManagerOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Maps\MapsOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Maps\MapsOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Movies\MoviesOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Movies\MoviesOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Movies\images\active\Movies0.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Reference\ReferenceOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Toolbar\TBProductsOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Weather\AlertArchive.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Weather\WeatherOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Sandy Waller\Application Data\Starware343\Weather\WeatherOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Configurator\Configurator.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Configurator\Configurator.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Games\GamesOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Games\GamesOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Games\images\active\Games0.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Layouts\ToolbarLayout.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Manager\ManagerOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Manager\ManagerOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Maps\MapsOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Maps\MapsOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Movies\MoviesOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Movies\MoviesOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Movies\images\active\Movies0.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Reference\ReferenceOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Toolbar\TBProductsOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Weather\AlertArchive.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Weather\WeatherOptions.xml (Adware.Starware) -> No action taken.
C:\Documents and Settings\Robin Waller.DC11K091\Application Data\Starware343\Weather\WeatherOptions.xml.backup (Adware.Starware) -> No action taken.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\ocntltdl.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\Fonts\Setup.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Fonts\svchost.exe (Worm.IRCBot) -> No action taken.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> No action taken.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> No action taken.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Sandy Waller\Start Menu\Programs\Startup\DW_Start.lnk (Malware.Links) -> No action taken.
C:\Documents and Settings\Sandy Waller\Start Menu\Programs\Startup\Deewoo.lnk (Malware.Links) -> No action taken.
C:\WINDOWS\system32\bymtbgxkixhpwrh.dll (Adware.BHO) -> No action taken.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:45 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\The Print Shop 23\Remind.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://svca.solidworks.com/htdocs/pdownloa...elsStandard.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137106924015
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143672668500
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.cashcall.com/LoanStatus/x86/capicom.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.94.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab55579.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: karna.dat,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11384 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 24 November 2008 - 04:06 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files before we run OTScanIt. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use any other browsers, select them appropriately from the top and empty all items.
Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box at the top left.
  • Change the Drivers setting from "None" to Non-Microsoft.
  • Under the Additional Scans bar, check:
    *Reg - Disabled MS Config Items
    *Reg - File Associations
    *Reg - Uninstall List

  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.
Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

In your next reply include:
-the OTScanIt log (attached)
-the GMER log (pasted directly into your reply)

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 24 November 2008 - 06:40 PM

Thank you for the help.

No changes have been made to the system.

Here are the logs you requested.


GMER LOG

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-24 15:29:16
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A8FB2C8A

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@InprocServer32 ']gAVn-}f(ZXfeAR6.jiTranslationHidden>CFG$0D+!g(3?!!!_GX=b?
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ProgID@ Microsoft.ITSS.AssociationOrderedList

---- EOF - GMER 1.0.14 ----

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 24 November 2008 - 07:06 PM

Hello GWE.

That looks like a nasty infection :thumbsup: .

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run.

To disable AVG:
  • Please navigate to the system tray on the bottom right hand corner and look for this Posted Image sign.
  • Right click it-> select Quit Control Center.
  • A warning will pop up, click Yes
Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore when booted, navigate to C:\WINDOWS\erdnt (possibly WINNT), choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.
Run Fix with OTScanIt
We will run OTScanIt again, but the directions are slightly different. If you have lost your copy of OTScanIt, download it here and extract it like you did last time.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Kill Explorer]
    [Driver Services - Non-Microsoft Only]
    YY -> (TnIDriver) TnIDriver [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\SANDYW~1\LOCALS~1\Temp\tni1D1.tmp
    [Registry - Non-Microsoft Only]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YY -> e4d672f7 -> %SystemRoot%\system32\tyudjclb.dll [rundll32.exe "C:\WINDOWS\system32\tyudjclb.dll",b]
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> brastk -> %SystemRoot%\system32\brastk.exe [C:\WINDOWS\system32\brastk.exe]
    < Run [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> brastk -> %SystemRoot%\system32\brastk.exe [C:\WINDOWS\system32\brastk.exe]
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    YY -> {C81B3B86-175D-4659-AB67-1C59DC63AFE3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\opnlLDwx.dll []
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    YY -> opnlLDwx -> %SystemRoot%\system32\opnlLDwx.dll
    [Files/Folders - Created Within 30 days]
    NY -> awtqqopm.dll -> %SystemRoot%\System32\awtqqopm.dll
    NY -> bit3 -> %SystemRoot%\System32\bit3
    NY -> blcjduyt.ini -> %SystemRoot%\System32\blcjduyt.ini
    NY -> dom -> %SystemRoot%\System32\dom
    NY -> efcBqqnL.dll -> %SystemRoot%\System32\efcBqqnL.dll
    NY -> fccyvSKE.dll -> %SystemRoot%\System32\fccyvSKE.dll
    NY -> g7.exe -> %SystemRoot%\System32\g7.exe
    NY -> hgGwXqRJ.dll -> %SystemRoot%\System32\hgGwXqRJ.dll
    NY -> icx -> %SystemRoot%\System32\icx
    NY -> jkkKeeCS.dll -> %SystemRoot%\System32\jkkKeeCS.dll
    NY -> nupyoozgrf.exe -> %SystemRoot%\System32\nupyoozgrf.exe
    NY -> opnlLDwx.dll -> %SystemRoot%\System32\opnlLDwx.dll
    NY -> opnnklLd.dll -> %SystemRoot%\System32\opnnklLd.dll
    NY -> pc -> %SystemRoot%\System32\pc
    NY -> plcfrlaa.dll -> %SystemRoot%\System32\plcfrlaa.dll
    NY -> plfzvb.dll -> %SystemRoot%\System32\plfzvb.dll
    NY -> pmnMdDTJ.dll -> %SystemRoot%\System32\pmnMdDTJ.dll
    NY -> QsCJRXbc.ini -> %SystemRoot%\System32\QsCJRXbc.ini
    NY -> QsCJRXbc.ini2 -> %SystemRoot%\System32\QsCJRXbc.ini2
    NY -> qXFiOXyb.ini -> %SystemRoot%\System32\qXFiOXyb.ini
    NY -> qXFiOXyb.ini2 -> %SystemRoot%\System32\qXFiOXyb.ini2
    NY -> rjwnw64s.exe -> %SystemRoot%\System32\rjwnw64s.exe
    NY -> rqRHyyVn.dll -> %SystemRoot%\System32\rqRHyyVn.dll
    NY -> ssqPjGAR.dll -> %SystemRoot%\System32\ssqPjGAR.dll
    NY -> sX3i02 -> %SystemRoot%\System32\sX3i02
    NY -> tuvvVOfc.dll -> %SystemRoot%\System32\tuvvVOfc.dll
    NY -> tyudjclb.dll -> %SystemRoot%\System32\tyudjclb.dll
    NY -> wpd -> %SystemRoot%\System32\wpd
    NY -> xxyayWNF.dll -> %SystemRoot%\System32\xxyayWNF.dll
    NY -> U2FuZHkgV2FsbGVy -> %SystemRoot%\U2FuZHkgV2FsbGVy
    [Files/Folders - Modified Within 30 days]
    NY -> 6EEE15B595.sys -> %SystemRoot%\System32\6EEE15B595.sys
    NY -> 95B515EE6E.sys -> %SystemRoot%\System32\95B515EE6E.sys
    [Extra Registry Entries]
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs|reg_sz:avgrsstx.dll /e  -> 
    [Empty Temp Folders]
    [Reboot]
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Re-run scan with MalwareBytes Anti-Malware

Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.

Re-enable your protection at this point.

Post back with:
-the OTScanIt fix log
-a the MalwareBytes log
-a new OTScanIt scan log (default settings, attached)

With Regards,
The Panda

#5 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 25 November 2008 - 12:41 AM

I ran the tools as requested and here are the results


OTScanIt Fix Log

Explorer killed successfully
[Driver Services - Non-Microsoft Only]
Service TnIDriver stopped successfully.
Service TnIDriver deleted successfully.
File C:\DOCUME~1\SANDYW~1\LOCALS~1\Temp\tni1D1.tmp not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\e4d672f7 deleted successfully.
C:\WINDOWS\system32\tyudjclb.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\brastk deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\brastk not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{C81B3B86-175D-4659-AB67-1C59DC63AFE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C81B3B86-175D-4659-AB67-1C59DC63AFE3}\ deleted successfully.
File move failed. C:\WINDOWS\system32\opnlLDwx.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlLDwx\ deleted successfully.
File move failed. C:\WINDOWS\system32\opnlLDwx.dll scheduled to be moved on reboot.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\awtqqopm.dll moved successfully.
C:\WINDOWS\System32\bit3 folder moved successfully.
C:\WINDOWS\System32\blcjduyt.ini moved successfully.
C:\WINDOWS\System32\dom folder moved successfully.
C:\WINDOWS\System32\efcBqqnL.dll moved successfully.
C:\WINDOWS\System32\fccyvSKE.dll moved successfully.
C:\WINDOWS\System32\g7.exe moved successfully.
C:\WINDOWS\System32\hgGwXqRJ.dll moved successfully.
C:\WINDOWS\System32\icx folder moved successfully.
C:\WINDOWS\System32\jkkKeeCS.dll moved successfully.
C:\WINDOWS\System32\nupyoozgrf.exe moved successfully.
File move failed. C:\WINDOWS\System32\opnlLDwx.dll scheduled to be moved on reboot.
C:\WINDOWS\System32\opnnklLd.dll moved successfully.
C:\WINDOWS\System32\pc folder moved successfully.
C:\WINDOWS\System32\plcfrlaa.dll moved successfully.
C:\WINDOWS\System32\plfzvb.dll moved successfully.
C:\WINDOWS\System32\pmnMdDTJ.dll moved successfully.
C:\WINDOWS\System32\QsCJRXbc.ini moved successfully.
C:\WINDOWS\System32\QsCJRXbc.ini2 moved successfully.
C:\WINDOWS\System32\qXFiOXyb.ini moved successfully.
C:\WINDOWS\System32\qXFiOXyb.ini2 moved successfully.
C:\WINDOWS\System32\rjwnw64s.exe moved successfully.
C:\WINDOWS\System32\rqRHyyVn.dll moved successfully.
C:\WINDOWS\System32\ssqPjGAR.dll moved successfully.
C:\WINDOWS\System32\sX3i02 folder moved successfully.
C:\WINDOWS\System32\tuvvVOfc.dll moved successfully.
File C:\WINDOWS\System32\tyudjclb.dll not found!
C:\WINDOWS\System32\wpd folder moved successfully.
C:\WINDOWS\System32\xxyayWNF.dll moved successfully.
C:\WINDOWS\U2FuZHkgV2FsbGVy folder moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\System32\6EEE15B595.sys moved successfully.
C:\WINDOWS\System32\95B515EE6E.sys moved successfully.
[Extra Registry Entries]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs|reg_sz:avgrsstx.dll /e : value set successfully!
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11242008_205447

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\opnlLDwx.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.




Malwarebytes' Anti-Malware 1.30
Database version: 1410
Windows 5.1.2600 Service Pack 2

11/24/2008 9:16:19 PM
mbam-log-2008-11-24 (21-16-19).txt

Scan type: Quick Scan
Objects scanned: 63643
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\cbXRJCsQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\obyolytl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\oubmhpeu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c3ffef1-f72d-47b6-a889-94e05d673c75} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7c3ffef1-f72d-47b6-a889-94e05d673c75} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a83de320-e8bd-426d-a7c1-42da91e41f2c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a83de320-e8bd-426d-a7c1-42da91e41f2c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a83de320-e8bd-426d-a7c1-42da91e41f2c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c3ffef1-f72d-47b6-a889-94e05d673c75} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxrjcsq -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxrjcsq -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\cbXRJCsQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\QsCJRXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\QsCJRXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lyuhvp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fmotbndy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ydnbtomf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obyolytl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ltyloybo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oubmhpeu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cadeaodm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjwcmd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igjcyguc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandy Waller\Local Settings\Temporary Internet Files\Content.IE5\KZFC10HX\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandy Waller\Local Settings\Temporary Internet Files\Content.IE5\RA36V1WM\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

#6 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 25 November 2008 - 12:42 AM

OTScanIt logfile created on: 11/24/2008 9:31:18 PM

OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Sandy Waller\Desktop\OTScanIt

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale:  | Country:  | Language:  | Date Format: 

 

246.07 Mb Total Physical Memory | 51.26 Mb Available Physical Memory | 20.83% Memory free

603.00 Mb Paging File | 267.75 Mb Available in Paging File | 44.40% Paging File free

Paging file location(s): C:\pagefile.sys 372 744;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.82 Gb Total Space | 39.71 Gb Free Space | 56.87% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 7.46 Gb Total Space | 6.96 Gb Free Space | 93.30% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: BUSINESS

Current User Name: Sandy Waller

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On



[Processes - Non-Microsoft Only]

bgsvcgen.exe -> %SystemRoot%\system32\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 4/30/2005 5:02:26 PM | Attr =	]

crypserv.exe -> %SystemRoot%\system32\Crypserv.exe -> Kenonic Controls Ltd. [Ver = 5.4.0 | Size = 52224 bytes | Modified Date = 6/29/2000 12:45:10 AM | Attr =	]

hnm_svc.exe -> %ProgramFiles%\Dell Network Assistant\hnm_svc.exe -> SingleClick Systems [Ver = 1, 0, 4, 0 | Size = 111912 bytes | Modified Date = 8/27/2007 7:36:34 AM | Attr =	]

dlccmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 924\dlccmon.exe -> Dell [Ver = 2.6.65.15 | Size = 425984 bytes | Modified Date = 7/22/2005 5:03:00 AM | Attr =	]

ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 3/3/2006 2:18:10 PM | Attr =	]

dlcccoms.exe -> %SystemRoot%\system32\dlcccoms.exe ->  [Ver = 1.154.18.0 | Size = 491520 bytes | Modified Date = 6/21/2005 6:19:38 AM | Attr =	]

mediadetect.exe -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.3.3 (20060209.16) | Size = 106496 bytes | Modified Date = 2/9/2006 2:34:54 PM | Attr =	]

dvzincmsgr.exe -> %CommonProgramFiles%\DataViz\DvzIncMsgr.exe -> DataViz, Inc. [Ver = 6,0,1,723 | Size = 28672 bytes | Modified Date = 1/12/2006 4:44:48 PM | Attr =	]

quickdcf2.exe -> %ProgramFiles%\FinePixViewer\QuickDCF2.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 1, 0, 0, 1 | Size = 294912 bytes | Modified Date = 6/9/2006 7:38:00 PM | Attr =	]

hotsync.exe -> %ProgramFiles%\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:16:08 PM | Attr =	]

qbupdate.exe -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 12.0 R10 | Size = 663552 bytes | Modified Date = 2/24/2005 12:31:56 AM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(bgsvcgen) B's Recorder GOLD Library General Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 4/30/2005 5:02:26 PM | Attr =	]

(Crypkey License) Crypkey License [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Crypserv.exe -> Kenonic Controls Ltd. [Ver = 5.4.0 | Size = 52224 bytes | Modified Date = 6/29/2000 12:45:10 AM | Attr =	]

(dlcc_device) dlcc_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\dlcccoms.exe ->  [Ver = 1.154.18.0 | Size = 491520 bytes | Modified Date = 6/21/2005 6:19:38 AM | Attr =	]

(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr =	]

(hnmsvc) Advanced Networking Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Network Assistant\hnm_svc.exe -> SingleClick Systems [Ver = 1, 0, 4, 0 | Size = 111912 bytes | Modified Date = 8/27/2007 7:36:34 AM | Attr =	]

(SolidWorks Licensing Service) SolidWorks Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SolidWorks Shared\Service\SolidWorksLicensing.exe -> SolidWorks [Ver = 2.80.002 | Size = 79360 bytes | Modified Date = 6/10/2008 3:18:09 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(gmer) gmer [Kernel | System | Running] -> %SystemRoot%\system32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 11/24/2008 3:04:00 PM | Attr =	]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 11:52:12 AM | Attr =	]

(NetworkX) NetworkX [Kernel | System | Running] -> %SystemRoot%\system32\Ckldrv.sys ->  [Ver =  | Size = 24608 bytes | Modified Date = 2/3/2000 11:53:12 AM | Attr =	]

(Packet) Auto Internet Protocol [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\packet.sys -> SingleClick Systems [Ver = 1, 0, 1, 0 | Size = 12672 bytes | Modified Date = 12/18/2006 6:01:20 PM | Attr =	]

(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PalmUSBD.sys -> PalmSource, Inc. [Ver = 6, 0, 1, 0 | Size = 16694 bytes | Modified Date = 1/12/2006 4:26:43 PM | Attr =	]

(pavboot) pavboot [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0  | Size = 28544 bytes | Modified Date = 6/19/2008 5:24:30 PM | Attr =	]

(PCAMPR5) PCAMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\PCAMPR5.SYS -> File not found

(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr =	]

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys -> File not found



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 10:09:58 AM | Attr =	]

Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr =	]

AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 2, 0, 2116 | Size = 111936 bytes | Modified Date = 10/1/2008 11:57:42 AM | Attr =	]

AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.172 | Size = 1234712 bytes | Modified Date = 11/18/2008 2:27:50 PM | Attr =	]

Corel Photo Downloader -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe [C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe] -> Corel, Inc. [Ver = 6.3.3 (20060209.16) | Size = 106496 bytes | Modified Date = 2/9/2006 2:34:54 PM | Attr =	]

DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.1117.0 | Size = 206064 bytes | Modified Date = 8/13/2008 5:32:40 PM | Attr =	]

DLCCCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\dlcctime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16] ->  [Ver = 0.1.11.5 | Size = 69632 bytes | Modified Date = 6/7/2005 4:38:10 AM | Attr =	]

dlccmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 924\dlccmon.exe ["C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"] -> Dell [Ver = 2.6.65.15 | Size = 425984 bytes | Modified Date = 7/22/2005 5:03:00 AM | Attr =	]

dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] ->   [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 11/15/2007 9:24:00 AM | Attr =	]

e4d672f7 -> %SystemRoot%\system32\vssymjwx.dll [rundll32.exe "C:\WINDOWS\system32\vssymjwx.dll",b] ->  [Ver =  | Size = 75776 bytes | Modified Date = 11/24/2008 9:30:15 PM | Attr =	]

igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4363 | Size = 77824 bytes | Modified Date = 7/19/2005 9:06:12 PM | Attr =	]

igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4363 | Size = 114688 bytes | Modified Date = 7/19/2005 9:10:06 PM | Attr =	]

IntelMeM -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe [C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe] -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 6:12:44 PM | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.1.11 | Size = 289576 bytes | Modified Date = 10/1/2008 5:57:12 PM | Attr =	]

REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE [C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN] -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2/4/2002 10:32:10 PM | Attr =	]

YBrowser -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe [C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe] -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 7/21/2006 4:19:46 PM | Attr =	]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/30/2007 1:38:03 PM | Attr =	]

< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] ->  [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 12:32:54 PM | Attr =	]

swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> File not found

< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] ->  [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 12:32:54 PM | Attr =	]

swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> File not found

< Run [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/30/2007 1:38:03 PM | Attr =	]

< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk -> %CommonProgramFiles%\DataViz\DvzIncMsgr.exe -> DataViz, Inc. [Ver = 6,0,1,723 | Size = 28672 bytes | Modified Date = 1/12/2006 4:44:48 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Dell Network Assistant.lnk -> %SystemRoot%\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ->  [Ver =  | Size = 7168 bytes | Modified Date = 11/24/2008 9:25:33 PM | Attr = R  ]

%AllUsersProfile%\Start Menu\Programs\Startup\Event Reminder.lnk -> %ProgramFiles%\The Print Shop 23\Remind.exe -> Broderbund Properties LLC [Ver = 23, 0, 0, 0000 | Size = 344064 bytes | Modified Date = 7/16/2008 8:50:16 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Exif Launcher 2.lnk -> %ProgramFiles%\FinePixViewer\QuickDCF2.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 1, 0, 0, 1 | Size = 294912 bytes | Modified Date = 6/9/2006 7:38:00 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\HotSync Manager.lnk -> %ProgramFiles%\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:16:08 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 12.0 R10 | Size = 663552 bytes | Modified Date = 2/24/2005 12:31:56 AM | Attr =	]

< Bill Waller.DC11K091 Startup Folder > -> C:\Documents and Settings\Bill Waller.DC11K091\Start Menu\Programs\Startup -> 

< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 

< Robin Waller.DC11K091 Startup Folder > -> C:\Documents and Settings\Robin Waller.DC11K091\Start Menu\Programs\Startup -> 

< Sandy Waller Startup Folder > -> C:\Documents and Settings\Sandy Waller\Start Menu\Programs\Startup -> 

%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE ->  [Ver =  | Size = 38912 bytes | Modified Date = 10/20/2005 12:04:08 PM | Attr =	]

< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 

*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 

avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 11/18/2008 2:28:12 PM | Attr =	]

lyuhvp.dll ->  -> File not found

*MultiFile Done* -> -> 

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{C81B3B86-175D-4659-AB67-1C59DC63AFE3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\opnlLDwx.dll [] ->  [Ver =  | Size = 32768 bytes | Modified Date = 11/13/2008 8:55:54 AM | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:07 AM | Attr =	]

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 

logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:01 PM | Attr =	]

Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4363 | Size = 135168 bytes | Modified Date = 7/19/2005 9:05:16 PM | Attr =	]

opnlLDwx -> %SystemRoot%\system32\opnlLDwx.dll ->  [Ver =  | Size = 32768 bytes | Modified Date = 11/13/2008 8:55:54 AM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> 

Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> 

Reg Error: Key HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->

*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 

SCSI miniport ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 

*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 

NEC	 MBR-7	->  -> File not found

NEC	 MBR-7.4  ->  -> File not found

PIONEER CHANGR DRM-1804X ->  -> File not found

PIONEER CD-ROM DRM-6324X ->  -> File not found

PIONEER CD-ROM DRM-624X  ->  -> File not found

TORiSAN CD-ROM CDR_C36 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 

< Drives with AutoRun files > ->  -> 

AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/16/2005 2:43:04 AM | Attr =	]

< HOSTS File > (287955 bytes and 9968 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

First 25 entries...

127.0.0.1	   localhost

127.0.0.1	www.007guard.com

127.0.0.1	007guard.com

127.0.0.1	008i.com

127.0.0.1	www.008k.com

127.0.0.1	008k.com

127.0.0.1	www.00hq.com

127.0.0.1	00hq.com

127.0.0.1	010402.com

127.0.0.1	www.032439.com

127.0.0.1	032439.com

127.0.0.1	www.0scan.com

127.0.0.1	0scan.com

127.0.0.1	1000gratisproben.com

127.0.0.1	www.1000gratisproben.com

127.0.0.1	www.1001namen.com

127.0.0.1	1001namen.com

127.0.0.1	100888290cs.com

127.0.0.1	www.100888290cs.com

127.0.0.1	100sexlinks.com

127.0.0.1	www.100sexlinks.com

127.0.0.1	10sek.com

127.0.0.1	www.10sek.com

127.0.0.1	www.123haustiereundmehr.com

127.0.0.1	123haustiereundmehr.com

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Search Bar -> http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 

HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell4me.com/myway -> 

HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE -> 

HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.dell4me.com/myway -> 

HKEY_USERS\.DEFAULT\: URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 

HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell4me.com/myway -> 

HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE -> 

HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.dell4me.com/myway -> 

HKEY_USERS\S-1-5-18\: URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> -> 

HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\: Main\\Search Bar -> http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE -> 

HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5191 domain(s) found. -> 

online_musicmatch.com [https] -> Trusted sites -> 

51 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5189 domain(s) found. -> 

49 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5200 domain(s) found. -> 

50 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 55 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5200 domain(s) found. -> 

50 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 55 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1234 domain(s) found. -> 

73 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 30 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1234 domain(s) found. -> 

73 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 30 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5189 domain(s) found. -> 

49 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 2:37:04 PM | Attr =	]

{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\alot\bin\alot.dll [ALOT Toolbar] -> Miva [Ver = 1.1.0.171 | Size = 622376 bytes | Modified Date = 11/30/2007 1:52:30 PM | Attr =	]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr =	]

{5CAB59B4-55A3-4737-9FD5-B93C6430BF77} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\plcfrlaa.dll [Reg Error: Value  does not exist or could not be read.] -> File not found

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr =	]

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 7/30/2007 1:38:01 PM | Attr =	]

{C81B3B86-175D-4659-AB67-1C59DC63AFE3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\opnlLDwx.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 32768 bytes | Modified Date = 11/13/2008 8:55:54 AM | Attr =	]

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr =	]

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\ysidebarIE.dll [AT&&T Yahoo! Sidebar] -> Yahoo! Inc. [Ver = 2006, 8, 9, 1 | Size = 124448 bytes | Modified Date = 8/9/2006 3:21:32 PM | Attr =	]

< Internet Explorer Bars [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\ysidebarIE.dll [AT&&T Yahoo! Sidebar] -> Yahoo! Inc. [Ver = 2006, 8, 9, 1 | Size = 124448 bytes | Modified Date = 8/9/2006 3:21:32 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]

{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\alot\bin\alot.dll [ALOT Toolbar] -> Miva [Ver = 1.1.0.171 | Size = 622376 bytes | Modified Date = 11/30/2007 1:52:30 PM | Attr =	]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 2:37:04 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]

< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 2:37:04 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 2:37:04 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr =	]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [AT&T Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{BF18F2A6-9B48-4FC0-A0CE-E70C46BEF861} ->	(Intel(R) PRO/100 VE Network Connection) -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 8/29/2008 8:53:50 AM | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver =  | Size = 79128 bytes | Modified Date = 11/18/2008 2:28:00 PM | Attr =	]

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab[Office Genuine Advantage Validation Tool] -> 

{05D44720-58E3-49E6-BDF6-D00330E511D3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab[StagingUI Object] -> 

{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 

{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 

{22945A69-1191-4DCF-9E6F-409BDE94D101}[HKEY_LOCAL_MACHINE] -> http://svca.solidworks.com/htdocs/pdownload/edrawings/e2008sp03/cab/eModelsStandard.cab[EModelNonVersionSpecificViewControl Class] -> 

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> 

{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> 

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 

{3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab[MSN Games – Buddy Invite] -> 

{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www1.snapfish.com/SnapfishActivia.cab[Snapfish Activia] -> 

{5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab[ZonePAChat Object] -> 

{639658F3-B141-4D6B-B936-226F75A5EAC3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab[CPlayFirstDinerDash2Control Object] -> 

{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137106924015[WUWebControl Class] -> 

{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143672668500[MUWebControl Class] -> 

{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab[UnoCtrl Class] -> 

{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}[HKEY_LOCAL_MACHINE] -> http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab[Verizon Wireless Media Upload] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 

{95B5D20C-BD31-4489-8ABF-F8C8BE748463}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab[ZPA_HRTZ Object] -> 

{9BDF4724-10AA-43D5-BD15-AEA0D2287303}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab[MSN Games – Texas Holdem Poker] -> 

{A4110378-789B-455F-AE86-3A1BFC402853}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab[ZPA_SHVL Object] -> 

{A996E48C-D3DC-4244-89F7-AFA33EC60679}[HKEY_LOCAL_MACHINE] -> https://www.cashcall.com/LoanStatus/x86/capicom.dll[Settings Class] -> 

{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> 

{BE319D04-18BD-4B34-AECC-EE7CB610FCA9}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab[BewitchedGameClass Control] -> 

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 

{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe[Virtools WebPlayer Class] -> 

{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/StProxy.cab55579.cab[MSN Games – Game Communicator] -> 

{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.94.cab[CPlayFirstDinerDashControl Object] -> 

{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab55579.cab[ZPA_Backgammon Object] -> 

{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}[HKEY_LOCAL_MACHINE] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab[DownloadManager Control] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.dat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.dat\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.dat\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.xml\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.xml\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.xml\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BewitchedGameClass.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BewitchedGameClass.ocx\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BewitchedGameClass.ocx\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/capicom.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/capicom.dll\\.Owner -> {A996E48C-D3DC-4244-89F7-AFA33EC60679} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/capicom.dll\\{A996E48C-D3DC-4244-89F7-AFA33EC60679} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash.1.0.0.94.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash.1.0.0.94.dll\\.Owner -> {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash.1.0.0.94.dll\\{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash2.1.0.0.68.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash2.1.0.0.68.dll\\.Owner -> {639658F3-B141-4D6B-B936-226F75A5EAC3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash2.1.0.0.68.dll\\{639658F3-B141-4D6B-B936-226F75A5EAC3} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\\.Owner -> {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\\{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/game_uno1.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/game_uno1.dll\\.Owner -> {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/game_uno1.dll\\{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\.Owner -> {05D44720-58E3-49E6-BDF6-D00330E511D3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\{05D44720-58E3-49E6-BDF6-D00330E511D3} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\.Owner -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\\.Owner -> {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\\{8A0019EB-51FA-4AE5-A40B-C0496BBFC739} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\.Owner -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\{3BB54395-5982-4788-8AF4-B5388FFDD0D8} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\.Owner -> {5736C456-EA94-4AAC-BB08-917ABDD035B3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\{5736C456-EA94-4AAC-BB08-917ABDD035B3} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Backgammon.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Backgammon.ocx\\.Owner -> {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Backgammon.ocx\\{FF3C5A9F-5A99-4930-80E8-4709194C2AD3} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_hrtz.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_hrtz.ocx\\.Owner -> {95B5D20C-BD31-4489-8ABF-F8C8BE748463} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_hrtz.ocx\\{95B5D20C-BD31-4489-8ABF-F8C8BE748463} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_shvl.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_shvl.ocx\\.Owner -> {A4110378-789B-455F-AE86-3A1BFC402853} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_shvl.ocx\\{A4110378-789B-455F-AE86-3A1BFC402853} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_txhe.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_txhe.ocx\\.Owner -> {9BDF4724-10AA-43D5-BD15-AEA0D2287303} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_txhe.ocx\\{9BDF4724-10AA-43D5-BD15-AEA0D2287303} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/fmod.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/fmod.dll\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/fmod.dll\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MFC71.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MFC71.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MFC71.dll\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 





[Registry - Additional Scans - Non-Microsoft Only]

< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 

CTFMON.EXE hkey= key= ->  -> File not found

DVDLauncher hkey= key= ->  -> File not found

IgfxTray hkey= key= ->  -> File not found

ISUSPM Startup hkey= key= ->  -> File not found

ISUSScheduler hkey= key= ->  -> File not found

NeroFilterCheck hkey= key= ->  -> File not found

QuickTime Task hkey= key= ->  -> File not found

SunJavaUpdateSched hkey= key= ->  -> File not found

TkBellExe hkey= key= ->  -> File not found

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 

.bat [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found

.chm [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found

.cmd [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found

.com [@ = exefile] -> "%1" %* -> 

.cpl [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found

.exe [@ = exefile] -> "%1" %* -> 

.hlp [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found

.hta [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found

.inf [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found

.ini [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found

.js [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found

.jse [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found

.pif [@ = piffile] -> "%1" %* -> 

.scr [@ = scrfile] -> "%1" /S -> 

< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 

{00000409-78E1-11D2-B60F-006097C998E7} -> Microsoft Office 2000 Premium

{0240BDFB-2995-4A3F-8C96-18D41282B716} -> Dell Network Assistant

{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} -> OpenOffice.org Installer 1.0

{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} -> Microsoft Plus! Photo Story 2 LE

{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} -> Security Update for CAPICOM (KB931906)

{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D} -> The Print Shop 23

{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> Multimedia Launcher

{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer

{237a4b21-78c1-11d6-a394-00104bd190b1} -> QuickBooks Basic Edition 2003

{24ED4D80-8294-11D5-96CD-0040266301AD} -> FinePixViewer Ver.5.2

{2604C0F9-BFD3-4BA0-9EB5-22537C648F03} -> MobileMe Control Panel

{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6

{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3

{3248F0A8-6813-11D6-A77B-00B0D0160050} -> Java(TM) 6 Update 5

{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7

{33BB4982-DC52-4886-A03B-F4C5C80BEE89} -> Windows Media Player 10

{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP

{35BDEFF1-A610-4956-A00D-15453C116395} -> Internet Explorer Default Page

{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978)

{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> Modem On Hold

{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B} -> Google Earth

{4192EAC0-6B36-4723-B216-D0E86E7757AC} -> Jasc Paint Shop Photo Album 5

{48FEB597-0410-4A17-B134-0DEF3083B944} -> eMusic Download Manager

{5490882C-6961-11D5-BAE5-00E0188E010B} -> FUJIFILM USB Driver

{5864B49E-03FC-481E-89B7-A6664CC2ACB4} -> eDrawings 2008

{5905F42D-3F5F-4916-ADA6-94A3646AEE76} -> Dell Driver Reset Tool

{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} -> AOLIcon

{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0

{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD 5.5

{6846389C-BAC0-4374-808E-B120F86AF5D7} -> Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update

{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} -> Digital Content Portal

{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} -> Microsoft Plus! Digital Media Edition Installer

{7148F0A8-6813-11D6-A77B-00B0D0142030} -> Java 2 Runtime Environment, SE v1.4.2_03

{74F7662C-B1DB-489E-A8AC-07A06B24978B} -> Dell System Restore

{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68} -> Modem Event Monitor

{7A3F0566-5E05-4919-9C98-456F6B5CF831} -> Get High Speed Internet!

{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} -> DellSupport

{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper

{83CD5BE6-C4DC-416E-BE6B-691AEB8C07DF} -> My Tattoo

{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA} -> Intel(R) PROSet for Wired Connections

{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} -> MSXML 4.0 SP2 (KB954430)

{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} -> Bonjour

{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel(R) Graphics Media Accelerator Driver

{8A9B8148-DDD7-448F-BD6C-358386D32354} -> Corel Photo Album 6

{8DC42D05-680B-41B0-8878-6C14D24602DB} -> QuickTime

{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003

{94721EA3-7EA6-43EA-B99C-A5D0E3C66240} -> 924PLC32

{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} -> Apple Mobile Device Support

{9941F0AA-B903-4AF4-A055-83A9815CC011} -> Sonic Encoders

{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} -> Windows Defender Signatures

{A654A805-41D9-40C7-AA46-4AF04F044D61} -> Adobe® Photoshop® Album Starter Edition 3.2

{A683A2C0-821C-486F-858C-FA634DB5E864} -> EducateU

{A9CF9052-F4A0-475D-A00F-A8388C62DD63} -> MSXML 4.0 SP2 (KB925672)

{AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2

{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2 -> Adobe Reader 8.1.2 Security Update 1 (KB403742)

{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} -> ABBYY FineReader 6.0 Sprint

{AF06CAE4-C134-44B1-B699-14FBDB63BD37} -> Dell Picture Studio v3.0

{AF19F291-F22F-4798-9662-525305AE9E48} -> WordPerfect Office 12

{B093990A-AAF2-44AC-9216-14BB7A2189B6} -> ImageMixer VCD2 LE for FinePix

{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9} -> Windows Defender

{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy

{B44529FF-501E-47CD-A06D-223C161BE058} -> FinePixViewer Resource

{B7A0CE06-068E-11D6-97FD-0050BACBF861} -> PowerProducer

{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A} -> Dell Support Center

{B97CF5C3-0487-11D8-A36E-0050BAE317E1} -> DVD Solution

{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181)

{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} -> Safari

{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1

{D680C913-5955-469D-9D88-C1940F7506D6} -> RAW FILE CONVERTER LE

{D6FFC3B5-0CE1-4566-801D-3F9D8F000652} -> Documents To Go

{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843} -> iTunes

{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware

{E3BFEE55-39E2-4BE0-B966-89FE583822C1} -> Dell Support Center (Support Software)

{E434580A-2D4A-4433-A81E-4BCAE86AD148} -> palmOne

{E7559288-223B-453C-9F06-340E3BE21E39} -> MyWay Search Assistant

12133444-BF36-4d4e-B7FB-A3424C645DE4 -> GemMaster Mystic

ActiveScan 2.0 -> Panda ActiveScan 2.0

Adobe Flash Player Plugin -> Adobe Flash Player Plugin

Adobe Shockwave Player -> Adobe Shockwave Player

Adobe® Photoshop® Album Starter Edition 3.2 -> Adobe® Photoshop® Album Starter Edition 3.2

alotToolbar -> ALOT Toolbar

AVG8Uninstall -> AVG Free 8.0

B3EE3001-DC24-4cd1-8743-5692C716659F -> Otto

CleanUp! -> CleanUp!

Dell Digital Jukebox Driver -> Dell Digital Jukebox Driver

Dell Game Console -> Dell Game Console

Dell Photo AIO Printer 924 -> Dell Photo AIO Printer 924

EmeraldQFE2 -> Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]

ERUNT_is1 -> ERUNT 1.1j

ESPNMotion -> ESPNMotion

Foxit Reader -> Foxit Reader

GoogleVideoPlayer -> Google Video Player

HijackThis -> HijackThis 2.0.2

IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs

ie7 -> Windows Internet Explorer 7

Intel(R) 537EP V9x DF PCI Modem -> Intel(R) 537EP V9x DF PCI Modem

Jasc Paint Shop Pro Studio GDI+ Patch -> Jasc Paint Shop Pro Studio GDI+ Patch

Jasc Paint Shop Pro Studio.01 , Dell Edition Patch -> Jasc Paint Shop Pro Studio.01 , Dell Edition Patch

Jasc Paint Shop Pro Studio.01 Patch -> Jasc Paint Shop Pro Studio.01 Patch

KB835221WXP -> High Definition Audio Driver Package - KB835221

KB873339 -> Windows XP Hotfix - KB873339

KB885250 -> Windows XP Hotfix - KB885250

KB885835 -> Windows XP Hotfix - KB885835

KB885836 -> Windows XP Hotfix - KB885836

KB886185 -> Windows XP Hotfix - KB886185

KB887472 -> Windows XP Hotfix - KB887472

KB887742 -> Windows XP Hotfix - KB887742

KB887998 -> Microsoft .NET Framework 1.0 Hotfix (KB887998)

KB888113 -> Windows XP Hotfix - KB888113

KB888302 -> Windows XP Hotfix - KB888302

KB888310 -> Windows XP Hotfix - KB888310

KB888795 -> Hotfix for Windows XP (KB888795)

KB890046 -> Security Update for Windows XP (KB890046)

KB890175 -> Windows XP Hotfix - KB890175

KB890859 -> Windows XP Hotfix - KB890859

KB890927 -> Windows XP Hotfix - KB890927

KB891593 -> Hotfix for Windows XP (KB891593)

KB891781 -> Windows XP Hotfix - KB891781

KB892130 -> Windows Genuine Advantage Validation Tool (KB892130)

KB893066 -> Security Update for Windows XP (KB893066)

KB893756 -> Security Update for Windows XP (KB893756)

KB893803v2 -> Windows Installer 3.1 (KB893803)

KB894391 -> Update for Windows XP (KB894391)

KB895316 -> Windows Media Player 10 Hotfix - KB895316

KB895961 -> Hotfix for Windows XP (KB895961)

KB896358 -> Security Update for Windows XP (KB896358)

KB896422 -> Security Update for Windows XP (KB896422)

KB896423 -> Security Update for Windows XP (KB896423)

KB896424 -> Security Update for Windows XP (KB896424)

KB896428 -> Security Update for Windows XP (KB896428)

KB896727 -> Update for Windows XP (KB896727)

KB898461 -> Update for Windows XP (KB898461)

KB899337 -> Hotfix for Windows XP (KB899337)

KB899510 -> Hotfix for Windows XP (KB899510)

KB899587 -> Security Update for Windows XP (KB899587)

KB899588 -> Security Update for Windows XP (KB899588)

KB899589 -> Security Update for Windows XP (KB899589)

KB899591 -> Security Update for Windows XP (KB899591)

KB900325 -> Update Rollup 2 for Windows XP Media Center Edition 2005

KB900485 -> Update for Windows XP (KB900485)

KB900725 -> Security Update for Windows XP (KB900725)

KB901017 -> Security Update for Windows XP (KB901017)

KB901214 -> Security Update for Windows XP (KB901214)

KB902400 -> Security Update for Windows XP (KB902400)

KB902841 -> Hotfix for Windows XP (KB902841)

KB903157 -> Hotfix for Windows Media Player 10 (KB903157)

KB904706 -> Security Update for Windows XP (KB904706)

KB904942 -> Update for Windows XP (KB904942)

KB905414 -> Security Update for Windows XP (KB905414)

KB905749 -> Security Update for Windows XP (KB905749)

KB905915 -> Security Update for Windows XP (KB905915)

KB906569 -> Hotfix for Windows XP (KB906569)

KB908246 -> Windows XP Media Center Edition 2005 KB908246

KB908250 -> Windows XP Media Center Edition 2005 KB908250

KB908519 -> Security Update for Windows XP (KB908519)

KB908531 -> Security Update for Windows XP (KB908531)

KB910393 -> Update for Windows Media Player 10 (KB910393)

KB910437 -> Update for Windows XP (KB910437)

KB911280 -> Security Update for Windows XP (KB911280)

KB911562 -> Security Update for Windows XP (KB911562)

KB911565 -> Security Update for Windows Media Player 10 (KB911565)

KB911567 -> Security Update for Windows XP (KB911567)

KB911927 -> Security Update for Windows XP (KB911927)

KB912812 -> Security Update for Windows XP (KB912812)

KB912919 -> Security Update for Windows XP (KB912919)

KB913446 -> Security Update for Windows XP (KB913446)

KB913580 -> Security Update for Windows XP (KB913580)

KB913800 -> Update for Windows Media Player 10 (KB913800)

KB914388 -> Security Update for Windows XP (KB914388)

KB914389 -> Security Update for Windows XP (KB914389)

KB914440 -> Hotfix for Windows XP (KB914440)

KB915865 -> Hotfix for Windows XP (KB915865)

KB916281 -> Security Update for Windows XP (KB916281)

KB916595 -> Update for Windows XP (KB916595)

KB917159 -> Security Update for Windows XP (KB917159)

KB917344 -> Security Update for Windows XP (KB917344)

KB917422 -> Security Update for Windows XP (KB917422)

KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734)

KB917953 -> Security Update for Windows XP (KB917953)

KB918118 -> Security Update for Windows XP (KB918118)

KB918439 -> Security Update for Windows XP (KB918439)

KB918899 -> Security Update for Windows XP (KB918899)

KB919007 -> Security Update for Windows XP (KB919007)

KB920213 -> Security Update for Windows XP (KB920213)

KB920214 -> Security Update for Windows XP (KB920214)

KB920670 -> Security Update for Windows XP (KB920670)

KB920683 -> Security Update for Windows XP (KB920683)

KB920685 -> Security Update for Windows XP (KB920685)

KB920872 -> Update for Windows XP (KB920872)

KB921398 -> Security Update for Windows XP (KB921398)

KB921503 -> Security Update for Windows XP (KB921503)

KB921883 -> Security Update for Windows XP (KB921883)

KB922582 -> Update for Windows XP (KB922582)

KB922616 -> Security Update for Windows XP (KB922616)

KB922760 -> Security Update for Windows XP (KB922760)

KB922819 -> Security Update for Windows XP (KB922819)

KB923191 -> Security Update for Windows XP (KB923191)

KB923414 -> Security Update for Windows XP (KB923414)

KB923689 -> Security Update for Windows XP (KB923689)

KB923694 -> Security Update for Windows XP (KB923694)

KB923980 -> Security Update for Windows XP (KB923980)

KB924191 -> Security Update for Windows XP (KB924191)

KB924270 -> Security Update for Windows XP (KB924270)

KB924496 -> Security Update for Windows XP (KB924496)

KB924667 -> Security Update for Windows XP (KB924667)

KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398)

KB925454 -> Security Update for Windows XP (KB925454)

KB925486 -> Security Update for Windows XP (KB925486)

KB925902 -> Security Update for Windows XP (KB925902)

KB926239 -> Hotfix for Windows XP (KB926239)

KB926251 -> Update for Windows Media Player 10 (KB926251)

KB926255 -> Security Update for Windows XP (KB926255)

KB926436 -> Security Update for Windows XP (KB926436)

KB927779 -> Security Update for Windows XP (KB927779)

KB927802 -> Security Update for Windows XP (KB927802)

KB927891 -> Update for Windows XP (KB927891)

KB928255 -> Security Update for Windows XP (KB928255)

KB928843 -> Security Update for Windows XP (KB928843)

KB929123 -> Security Update for Windows XP (KB929123)

KB929338 -> Update for Windows XP (KB929338)

KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399)

KB930178 -> Security Update for Windows XP (KB930178)

KB930494 -> Microsoft .NET Framework 1.0 Hotfix (KB930494)

KB930916 -> Update for Windows XP (KB930916)

KB931261 -> Security Update for Windows XP (KB931261)

KB931784 -> Security Update for Windows XP (KB931784)

KB931836 -> Update for Windows XP (KB931836)

KB931906 -> Security Update for CAPICOM (KB931906)

KB932168 -> Security Update for Windows XP (KB932168)

KB932823-v3 -> Update for Windows XP (KB932823-v3)

KB933360 -> Update for Windows XP (KB933360)

KB933729 -> Security Update for Windows XP (KB933729)

KB935839 -> Security Update for Windows XP (KB935839)

KB935840 -> Security Update for Windows XP (KB935840)

KB936021 -> Security Update for Windows XP (KB936021)

KB936357 -> Update for Windows XP (KB936357)

KB936782_WMP10 -> Security Update for Windows Media Player 10 (KB936782)

KB937143 -> Security Update for Windows XP (KB937143)

KB937894 -> Security Update for Windows XP (KB937894)

KB938127 -> Security Update for Windows XP (KB938127)

KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127)

KB938464 -> Security Update for Windows XP (KB938464)

KB938828 -> Update for Windows XP (KB938828)

KB938829 -> Security Update for Windows XP (KB938829)

KB939653 -> Security Update for Windows XP (KB939653)

KB941202 -> Security Update for Windows XP (KB941202)

KB941568 -> Security Update for Windows XP (KB941568)

KB941569 -> Security Update for Windows XP (KB941569)

KB941644 -> Security Update for Windows XP (KB941644)

KB941693 -> Security Update for Windows XP (KB941693)

KB942615-IE7 -> Security Update for Windows Internet Explorer 7 (KB942615)

KB942763 -> Update for Windows XP (KB942763)

KB942840 -> Update for Windows XP (KB942840)

KB943055 -> Security Update for Windows XP (KB943055)

KB943460 -> Security Update for Windows XP (KB943460)

KB943485 -> Security Update for Windows XP (KB943485)

KB944533 -> Security Update for Windows XP (KB944533)

KB944653 -> Security Update for Windows XP (KB944653)

KB945553 -> Security Update for Windows XP (KB945553)

KB946026 -> Security Update for Windows XP (KB946026)

KB946648 -> Security Update for Windows XP (KB946648)

KB947864-IE7 -> Hotfix for Windows Internet Explorer 7 (KB947864)

KB948590 -> Security Update for Windows XP (KB948590)

KB948881 -> Security Update for Windows XP (KB948881)

KB950749 -> Security Update for Windows XP (KB950749)

KB950759-IE7 -> Security Update for Windows Internet Explorer 7 (KB950759)

KB950760 -> Security Update for Windows XP (KB950760)

KB950762 -> Security Update for Windows XP (KB950762)

KB950974 -> Security Update for Windows XP (KB950974)

KB951066 -> Security Update for Windows XP (KB951066)

KB951072-v2 -> Update for Windows XP (KB951072-v2)

KB951376 -> Security Update for Windows XP (KB951376)

KB951376-v2 -> Security Update for Windows XP (KB951376-v2)

KB951698 -> Security Update for Windows XP (KB951698)

KB951748 -> Security Update for Windows XP (KB951748)

KB952287 -> Hotfix for Windows XP (KB952287)

KB952954 -> Security Update for Windows XP (KB952954)

KB953838-IE7 -> Security Update for Windows Internet Explorer 7 (KB953838)

KB953839 -> Security Update for Windows XP (KB953839)

KB954211 -> Security Update for Windows XP (KB954211)

KB955069 -> Security Update for Windows XP (KB955069)

KB956390-IE7 -> Security Update for Windows Internet Explorer 7 (KB956390)

KB956391 -> Security Update for Windows XP (KB956391)

KB956803 -> Security Update for Windows XP (KB956803)

KB956841 -> Security Update for Windows XP (KB956841)

KB957095 -> Security Update for Windows XP (KB957095)

KB957097 -> Security Update for Windows XP (KB957097)

KB958644 -> Security Update for Windows XP (KB958644)

M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366)

Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1

Monopoly -> Monopoly

Mozilla Firefox (2.0.0.18) -> Mozilla Firefox (2.0.0.18)

MSNINST -> MSN

MySpaceIM -> MySpaceIM

Nero - Burning Rom!UninstallKey -> Nero OEM

NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs

nupyoozgrf -> RON Tool Netupbanner

PROSet -> Intel(R) PRO Network Connections Drivers

RealPlayer 6.0 -> RealPlayer

Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4

The Logo Creator v5 -> The Logo Creator v5

ViewpointMediaPlayer -> Viewpoint Media Player

WebCyberCoach_wtrb -> WebCyberCoach 3.2 Dell

WebPost -> Microsoft Web Publishing Wizard 1.52

WGA -> Windows Genuine Advantage Validation Tool (KB892130)

WgaNotify -> Windows Genuine Advantage Notifications (KB905474)

Windows Media Format Runtime -> Windows Media Format 11 runtime

Windows Media Player -> Windows Media Player 10

WMFDist11 -> Windows Media Format 11 runtime

Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0

Yahoo! Applications -> AT&T Yahoo! Applications

Yahoo! IE Suggest -> Yahoo! Search Suggest Add-on for IE7





[Files/Folders - Created Within 30 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 258101248 bytes | Created Date = 11/24/2008 2:25:13 PM | Attr =  HS]

_OTScanIt -> %SystemDrive%\_OTScanIt ->  [Folder | Created Date = 11/24/2008 8:54:47 PM | Attr =	]

1 C:\*.tmp files -> C:\*.tmp -> 

fpencode.dll -> %SystemRoot%\System32\dllcache\fpencode.dll ->  [Ver =  | Size = 94208 bytes | Created Date = 11/14/2008 11:27:36 PM | Attr =	]

Avg -> %SystemRoot%\System32\drivers\Avg ->  [Folder | Created Date = 11/18/2008 2:28:04 PM | Attr =	]

avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg ->  [Ver =  | Size = 6061540 bytes | Created Date = 11/18/2008 2:28:04 PM | Attr =	]

incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 27321964 bytes | Created Date = 11/18/2008 2:28:05 PM | Attr =	]

microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 106501 bytes | Created Date = 11/18/2008 2:28:05 PM | Attr =	]

miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 211986 bytes | Created Date = 11/18/2008 2:28:05 PM | Attr =	]

gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Created Date = 11/24/2008 3:04:00 PM | Attr =	]

pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0  | Size = 28544 bytes | Created Date = 11/17/2008 3:06:37 PM | Attr =	]

cdintf300.dll -> %SystemRoot%\System32\cdintf300.dll -> Amyuni Technologies

http://www.amyuni.com [Ver = 3.02 | Size = 3715072 bytes | Created Date = 11/6/2008 8:04:59 PM | Attr =	]

opnlLDwx.dll -> %SystemRoot%\System32\opnlLDwx.dll ->  [Ver =  | Size = 32768 bytes | Created Date = 11/13/2008 8:55:54 AM | Attr =	]

pVxEeMoq.ini -> %SystemRoot%\System32\pVxEeMoq.ini ->  [Ver =  | Size = 879866 bytes | Created Date = 11/24/2008 9:27:05 PM | Attr =  HS]

pVxEeMoq.ini2 -> %SystemRoot%\System32\pVxEeMoq.ini2 ->  [Ver =  | Size = 879866 bytes | Created Date = 11/24/2008 9:27:07 PM | Attr =  HS]

vbzip10.dll -> %SystemRoot%\System32\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Created Date = 11/13/2008 9:00:04 AM | Attr =	]

vssymjwx.dll -> %SystemRoot%\System32\vssymjwx.dll ->  [Ver =  | Size = 75776 bytes | Created Date = 11/24/2008 9:30:14 PM | Attr =	]

xwjmyssv.ini -> %SystemRoot%\System32\xwjmyssv.ini ->  [Ver =  | Size = 120 bytes | Created Date = 11/24/2008 9:30:20 PM | Attr =  HS]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 11/24/2008 8:51:33 PM | Attr =	]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Created Date = 11/24/2008 3:04:00 PM | Attr =	]

gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Created Date = 11/24/2008 3:04:00 PM | Attr =	]

gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 345 bytes | Created Date = 11/24/2008 3:04:06 PM | Attr =	]

gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Created Date = 11/24/2008 3:04:00 PM | Attr =	]

unvise32.exe -> %SystemRoot%\unvise32.exe -> MindVision Software [Ver = 3.6.1 | Size = 90112 bytes | Created Date = 11/6/2008 8:09:38 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 258101248 bytes | Modified Date = 11/24/2008 9:18:33 PM | Attr =  HS]

1 C:\*.tmp files -> C:\*.tmp -> 

avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg ->  [Ver =  | Size = 6061540 bytes | Modified Date = 11/18/2008 2:28:05 PM | Attr =	]

incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 27321964 bytes | Modified Date = 11/18/2008 2:28:10 PM | Attr =	]

microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 106501 bytes | Modified Date = 11/18/2008 2:28:05 PM | Attr =	]

miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 211986 bytes | Modified Date = 11/18/2008 2:28:05 PM | Attr =	]

hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 287955 bytes | Modified Date = 11/18/2008 4:04:41 PM | Attr = R  ]

gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 11/24/2008 3:04:00 PM | Attr =	]

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1347176 bytes | Modified Date = 11/15/2008 7:35:49 AM | Attr =	]

KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys ->  [Ver =  | Size = 5018 bytes | Modified Date = 11/19/2008 9:15:55 AM | Attr =  HS]

null -> %SystemRoot%\System32\null ->  [Ver =  | Size = 0 bytes | Modified Date = 11/13/2008 2:09:55 AM | Attr =	]

opnlLDwx.dll -> %SystemRoot%\System32\opnlLDwx.dll ->  [Ver =  | Size = 32768 bytes | Modified Date = 11/13/2008 8:55:54 AM | Attr =	]

perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 54280 bytes | Modified Date = 11/8/2008 7:36:05 AM | Attr =	]

perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 384596 bytes | Modified Date = 11/8/2008 7:36:05 AM | Attr =	]

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 445630 bytes | Modified Date = 11/8/2008 7:36:05 AM | Attr =	]

pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 11/3/2008 10:15:28 AM | Attr =	]

pVxEeMoq.ini -> %SystemRoot%\System32\pVxEeMoq.ini ->  [Ver =  | Size = 879866 bytes | Modified Date = 11/24/2008 9:32:37 PM | Attr =  HS]

pVxEeMoq.ini2 -> %SystemRoot%\System32\pVxEeMoq.ini2 ->  [Ver =  | Size = 879866 bytes | Modified Date = 11/24/2008 9:30:18 PM | Attr =  HS]

vbzip10.dll -> %SystemRoot%\System32\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Modified Date = 11/13/2008 9:00:04 AM | Attr =	]

vssymjwx.dll -> %SystemRoot%\System32\vssymjwx.dll ->  [Ver =  | Size = 75776 bytes | Modified Date = 11/24/2008 9:30:15 PM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 11/24/2008 9:21:31 PM | Attr =	]

xwjmyssv.ini -> %SystemRoot%\System32\xwjmyssv.ini ->  [Ver =  | Size = 120 bytes | Modified Date = 11/24/2008 9:30:20 PM | Attr =  HS]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 11/24/2008 9:18:36 PM | Attr =   S]

gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Modified Date = 11/24/2008 3:04:00 PM | Attr =	]

gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 345 bytes | Modified Date = 11/24/2008 3:16:20 PM | Attr =	]

gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 11/24/2008 3:04:00 PM | Attr =	]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 11/14/2008 4:52:22 PM | Attr =	]

ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 11/14/2008 11:37:44 PM | Attr =	]

vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 59 bytes | Modified Date = 11/14/2008 11:35:02 PM | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 573 bytes | Modified Date = 11/14/2008 11:30:15 PM | Attr =	]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 11/13/2008 6:45:28 PM | Attr =	]

MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 11/17/2008 1:49:03 AM | Attr =  H ]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 11/24/2008 9:19:07 PM | Attr =  H ]

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 12/15/2005 4:40:02 AM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6060 bytes | Modified Date = 11/15/2008 2:12:53 AM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 11/15/2008 2:13:04 AM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 12/29/2005 12:40:07 PM | Attr =	]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 12/29/2005 12:40:07 PM | Attr =	]



< End of report >


#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 25 November 2008 - 11:53 AM

Hello GWE.

Looks like one part of the infection is being tough..

Please disable your protection once again before we begin.

Download The Avenger and Run Script
Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Right click and extract avenger.exe to your desktop
  • Start the Avenger by clicking on its icon on your desktop.
  • Copy all the text contained in the qoute box below to your Clipboard by highlighting it, right clicking and selecting Copy:
    Registry keys to delete:
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlLDwx
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CAB59B4-55A3-4737-9FD5-B93C6430BF77}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C81B3B86-175D-4659-AB67-1C59DC63AFE3}
    
    Registry values to delete:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|e4d672f7
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{C81B3B86-175D-4659-AB67-1C59DC63AFE3}
    
    Files to delete:
    %systemroot%\system32\opnlldwx.dll
    %systemroot%\system32\pvxeemoq.ini
    %systemroot%\system32\pvxeemoq.ini2
    %systemroot%\system32\vssymjwx.dll
    %systemroot%\system32\xwjmyssv.ini
    
    Programs to launch on reboot:
    cmd /c ECHO Windows Registry Editor Version 5.00 >c:\tempreg.reg
    cmd /c ECHO. >>c:\tempreg.reg
    cmd /c ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] >>c:\tempreg.reg
    cmd /c ECHO "AppInit_DLLs"="avgrsstx.dll" >>c:\tempreg.reg
    regedit /s c:\tempreg.reg

    cmd /c del c:\tempreg.reg
  • Click Posted Image to paste the script from the clipboard.
  • Click the Execute button
  • Answer Yes twice when prompted.
The process is completely automatic. Do not touch your computer until a log file opens.

The Avenger will do the following:
  • It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", the Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt (considering your operating drive is C:). Post back with it in your next reply.
Run MBAM again.

Post back with:
-the Avenger log
-the MBAM log
-a new OTScanIt scan log

With Regards,
The Panda

Edited by PropagandaPanda, 25 November 2008 - 11:54 AM.


#8 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 25 November 2008 - 05:25 PM

Here are the newest logs


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Nov 25 13:19:12 2008

13:19:01: Error: Could not execute registry backup. (error 1155: no application is associated with the specified file for this operation.)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\opnlldwx.dll" deleted successfully.
File "C:\WINDOWS\system32\pvxeemoq.ini" deleted successfully.
File "C:\WINDOWS\system32\pvxeemoq.ini2" deleted successfully.
File "C:\WINDOWS\system32\vssymjwx.dll" deleted successfully.
File "C:\WINDOWS\system32\xwjmyssv.ini" deleted successfully.
Registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlLDwx" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CAB59B4-55A3-4737-9FD5-B93C6430BF77}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C81B3B86-175D-4659-AB67-1C59DC63AFE3}" deleted successfully.
Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|e4d672f7" deleted successfully.
Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{C81B3B86-175D-4659-AB67-1C59DC63AFE3}" deleted successfully.
Program "cmd /c ECHO Windows Registry Editor Version 5.00 >c:\tempreg.reg" successfully queued to run on reboot.
Program "cmd /c ECHO. >>c:\tempreg.reg" successfully queued to run on reboot.
Program "cmd /c ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] >>c:\tempreg.reg" successfully queued to run on reboot.
Program "cmd /c ECHO "AppInit_DLLs"="avgrsstx.dll" >>c:\tempreg.reg" successfully queued to run on reboot.
Program "regedit /s c:\tempreg.reg" successfully queued to run on reboot.
Program "cmd /c del c:\tempreg.reg" successfully queued to run on reboot.

Completed script processing.

*******************

Finished! Terminate.



Malwarebytes' Anti-Malware 1.30
Database version: 1410
Windows 5.1.2600 Service Pack 2

11/25/2008 1:45:18 PM
mbam-log-2008-11-25 (13-45-18).txt

Scan type: Quick Scan
Objects scanned: 63826
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\qoMeExVp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\esatjniy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bflswi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zkwtar.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e17fc8c-5c7f-4f70-a2ac-23f9d2984a6e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3e17fc8c-5c7f-4f70-a2ac-23f9d2984a6e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b75429ef-b9e8-4007-8083-6ad76bc8b3a6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b75429ef-b9e8-4007-8083-6ad76bc8b3a6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e17fc8c-5c7f-4f70-a2ac-23f9d2984a6e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0db8cb90-e608-4c1e-9b57-da0886cea2ee} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomeexvp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomeexvp -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\qoMeExVp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pVxEeMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pVxEeMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zkwtar.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qsbxpfay.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yafpxbsq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kotayhrq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\esatjniy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bflswi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Sandy Waller\Local Settings\Temporary Internet Files\Content.IE5\KZFC10HX\zc113432[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandy Waller\Local Settings\Temporary Internet Files\Content.IE5\RA36V1WM\index[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.





OTScanIt logfile created on: 11/25/2008 2:16:43 PM
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Sandy Waller\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale:  | Country:  | Language:  | Date Format: 
 
246.07 Mb Total Physical Memory | 126.30 Mb Available Physical Memory | 51.32% Memory free
603.05 Mb Paging File | 335.26 Mb Available in Paging File | 55.59% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 39.60 Gb Free Space | 56.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.46 Gb Total Space | 6.96 Gb Free Space | 93.29% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUSINESS
Current User Name: Sandy Waller
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

[Processes - Non-Microsoft Only]
bgsvcgen.exe -> %SystemRoot%\system32\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 4/30/2005 5:02:26 PM | Attr =	]
crypserv.exe -> %SystemRoot%\system32\Crypserv.exe -> Kenonic Controls Ltd. [Ver = 5.4.0 | Size = 52224 bytes | Modified Date = 6/29/2000 12:45:10 AM | Attr =	]
hnm_svc.exe -> %ProgramFiles%\Dell Network Assistant\hnm_svc.exe -> SingleClick Systems [Ver = 1, 0, 4, 0 | Size = 111912 bytes | Modified Date = 8/27/2007 7:36:34 AM | Attr =	]
dlccmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 924\dlccmon.exe -> Dell [Ver = 2.6.65.15 | Size = 425984 bytes | Modified Date = 7/22/2005 5:03:00 AM | Attr =	]
mediadetect.exe -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.3.3 (20060209.16) | Size = 106496 bytes | Modified Date = 2/9/2006 2:34:54 PM | Attr =	]
ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 3/3/2006 2:18:10 PM | Attr =	]
dvzincmsgr.exe -> %CommonProgramFiles%\DataViz\DvzIncMsgr.exe -> DataViz, Inc. [Ver = 6,0,1,723 | Size = 28672 bytes | Modified Date = 1/12/2006 4:44:48 PM | Attr =	]
dlcccoms.exe -> %SystemRoot%\system32\dlcccoms.exe ->  [Ver = 1.154.18.0 | Size = 491520 bytes | Modified Date = 6/21/2005 6:19:38 AM | Attr =	]
ezi_hnm2.exe -> %ProgramFiles%\Dell Network Assistant\ezi_hnm2.exe -> SingleClick Systems [Ver = 1, 0, 9, 0 | Size = 1082664 bytes | Modified Date = 8/27/2007 9:12:28 AM | Attr =	]
quickdcf2.exe -> %ProgramFiles%\FinePixViewer\QuickDCF2.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 1, 0, 0, 1 | Size = 294912 bytes | Modified Date = 6/9/2006 7:38:00 PM | Attr =	]
hotsync.exe -> %ProgramFiles%\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:16:08 PM | Attr =	]
qbupdate.exe -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 12.0 R10 | Size = 663552 bytes | Modified Date = 2/24/2005 12:31:56 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(bgsvcgen) B's Recorder GOLD Library General Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 4/30/2005 5:02:26 PM | Attr =	]
(Crypkey License) Crypkey License [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Crypserv.exe -> Kenonic Controls Ltd. [Ver = 5.4.0 | Size = 52224 bytes | Modified Date = 6/29/2000 12:45:10 AM | Attr =	]
(dlcc_device) dlcc_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\dlcccoms.exe ->  [Ver = 1.154.18.0 | Size = 491520 bytes | Modified Date = 6/21/2005 6:19:38 AM | Attr =	]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr =	]
(hnmsvc) Advanced Networking Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Network Assistant\hnm_svc.exe -> SingleClick Systems [Ver = 1, 0, 4, 0 | Size = 111912 bytes | Modified Date = 8/27/2007 7:36:34 AM | Attr =	]
(SolidWorks Licensing Service) SolidWorks Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SolidWorks Shared\Service\SolidWorksLicensing.exe -> SolidWorks [Ver = 2.80.002 | Size = 79360 bytes | Modified Date = 6/10/2008 3:18:09 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(gmer) gmer [Kernel | System | Running] -> %SystemRoot%\system32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 11/24/2008 3:04:00 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 11:52:12 AM | Attr =	]
(NetworkX) NetworkX [Kernel | System | Running] -> %SystemRoot%\system32\Ckldrv.sys ->  [Ver =  | Size = 24608 bytes | Modified Date = 2/3/2000 11:53:12 AM | Attr =	]
(Packet) Auto Internet Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\packet.sys -> SingleClick Systems [Ver = 1, 0, 1, 0 | Size = 12672 bytes | Modified Date = 12/18/2006 6:01:20 PM | Attr =	]
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PalmUSBD.sys -> PalmSource, Inc. [Ver = 6, 0, 1, 0 | Size = 16694 bytes | Modified Date = 1/12/2006 4:26:43 PM | Attr =	]
(pavboot) pavboot [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0  | Size = 28544 bytes | Modified Date = 6/19/2008 5:24:30 PM | Attr =	]
(PCAMPR5) PCAMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\PCAMPR5.SYS -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 10:09:58 AM | Attr =	]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr =	]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 2, 0, 2116 | Size = 111936 bytes | Modified Date = 10/1/2008 11:57:42 AM | Attr =	]
Corel Photo Downloader -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe [C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe] -> Corel, Inc. [Ver = 6.3.3 (20060209.16) | Size = 106496 bytes | Modified Date = 2/9/2006 2:34:54 PM | Attr =	]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.1117.0 | Size = 206064 bytes | Modified Date = 8/13/2008 5:32:40 PM | Attr =	]
DLCCCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\dlcctime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16] ->  [Ver = 0.1.11.5 | Size = 69632 bytes | Modified Date = 6/7/2005 4:38:10 AM | Attr =	]
dlccmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 924\dlccmon.exe ["C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"] -> Dell [Ver = 2.6.65.15 | Size = 425984 bytes | Modified Date = 7/22/2005 5:03:00 AM | Attr =	]
dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] ->   [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 11/15/2007 9:24:00 AM | Attr =	]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4363 | Size = 77824 bytes | Modified Date = 7/19/2005 9:06:12 PM | Attr =	]
igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4363 | Size = 114688 bytes | Modified Date = 7/19/2005 9:10:06 PM | Attr =	]
IntelMeM -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe [C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe] -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 6:12:44 PM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.1.11 | Size = 289576 bytes | Modified Date = 10/1/2008 5:57:12 PM | Attr =	]
REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE [C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN] -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2/4/2002 10:32:10 PM | Attr =	]
YBrowser -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe [C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe] -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 7/21/2006 4:19:46 PM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/30/2007 1:38:03 PM | Attr =	]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] ->  [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 12:32:54 PM | Attr =	]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> File not found
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] ->  [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 12:32:54 PM | Attr =	]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/30/2007 1:38:03 PM | Attr =	]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk -> %CommonProgramFiles%\DataViz\DvzIncMsgr.exe -> DataViz, Inc. [Ver = 6,0,1,723 | Size = 28672 bytes | Modified Date = 1/12/2006 4:44:48 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Dell Network Assistant.lnk -> %SystemRoot%\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ->  [Ver =  | Size = 7168 bytes | Modified Date = 11/24/2008 9:25:33 PM | Attr = R  ]
%AllUsersProfile%\Start Menu\Programs\Startup\Event Reminder.lnk -> %ProgramFiles%\The Print Shop 23\Remind.exe -> Broderbund Properties LLC [Ver = 23, 0, 0, 0000 | Size = 344064 bytes | Modified Date = 7/16/2008 8:50:16 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Exif Launcher 2.lnk -> %ProgramFiles%\FinePixViewer\QuickDCF2.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 1, 0, 0, 1 | Size = 294912 bytes | Modified Date = 6/9/2006 7:38:00 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HotSync Manager.lnk -> %ProgramFiles%\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:16:08 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 12.0 R10 | Size = 663552 bytes | Modified Date = 2/24/2005 12:31:56 AM | Attr =	]
< Bill Waller.DC11K091 Startup Folder > -> C:\Documents and Settings\Bill Waller.DC11K091\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Robin Waller.DC11K091 Startup Folder > -> C:\Documents and Settings\Robin Waller.DC11K091\Start Menu\Programs\Startup -> 
< Sandy Waller Startup Folder > -> C:\Documents and Settings\Sandy Waller\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE ->  [Ver =  | Size = 38912 bytes | Modified Date = 10/20/2005 12:04:08 PM | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
lyuhvp.dll ->  -> File not found
zkwtar.dll ->  -> File not found
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:07 AM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:01 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4363 | Size = 135168 bytes | Modified Date = 7/19/2005 9:05:16 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> 
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> 
Reg Error: Key HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/16/2005 2:43:04 AM | Attr =	]
< HOSTS File > (287955 bytes and 9968 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1	   localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123haustiereundmehr.com
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell4me.com/myway -> 
HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE -> 
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.dell4me.com/myway -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell4me.com/myway -> 
HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE -> 
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.dell4me.com/myway -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> -> 
HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\: Main\\Search Bar -> http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE -> 
HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5191 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
51 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5189 domain(s) found. -> 
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5200 domain(s) found. -> 
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 55 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5200 domain(s) found. -> 
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 55 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1234 domain(s) found. -> 
73 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 30 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1234 domain(s) found. -> 
73 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 30 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5189 domain(s) found. -> 
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 2:37:04 PM | Attr =	]
{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\alot\bin\alot.dll [ALOT Toolbar] -> Miva [Ver = 1.1.0.171 | Size = 622376 bytes | Modified Date = 11/30/2007 1:52:30 PM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 7/30/2007 1:38:01 PM | Attr =	]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr =	]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\ysidebarIE.dll [AT&&T Yahoo! Sidebar] -> Yahoo! Inc. [Ver = 2006, 8, 9, 1 | Size = 124448 bytes | Modified Date = 8/9/2006 3:21:32 PM | Attr =	]
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\ysidebarIE.dll [AT&&T Yahoo! Sidebar] -> Yahoo! Inc. [Ver = 2006, 8, 9, 1 | Size = 124448 bytes | Modified Date = 8/9/2006 3:21:32 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\alot\bin\alot.dll [ALOT Toolbar] -> Miva [Ver = 1.1.0.171 | Size = 622376 bytes | Modified Date = 11/30/2007 1:52:30 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 2:37:04 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 2:37:04 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 2:37:04 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\] > -> HKEY_USERS\S-1-5-21-1402218487-403991794-2291061-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [AT&T Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{BF18F2A6-9B48-4FC0-A0CE-E70C46BEF861} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 8/29/2008 8:53:50 AM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab[Office Genuine Advantage Validation Tool] -> 
{05D44720-58E3-49E6-BDF6-D00330E511D3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab[StagingUI Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{22945A69-1191-4DCF-9E6F-409BDE94D101}[HKEY_LOCAL_MACHINE] -> http://svca.solidworks.com/htdocs/pdownload/edrawings/e2008sp03/cab/eModelsStandard.cab[EModelNonVersionSpecificViewControl Class] -> 
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> 
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab[MSN Games – Buddy Invite] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www1.snapfish.com/SnapfishActivia.cab[Snapfish Activia] -> 
{5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab[ZonePAChat Object] -> 
{639658F3-B141-4D6B-B936-226F75A5EAC3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab[CPlayFirstDinerDash2Control Object] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137106924015[WUWebControl Class] -> 
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143672668500[MUWebControl Class] -> 
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab[UnoCtrl Class] -> 
{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}[HKEY_LOCAL_MACHINE] -> http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab[Verizon Wireless Media Upload] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{95B5D20C-BD31-4489-8ABF-F8C8BE748463}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab[ZPA_HRTZ Object] -> 
{9BDF4724-10AA-43D5-BD15-AEA0D2287303}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab[MSN Games – Texas Holdem Poker] -> 
{A4110378-789B-455F-AE86-3A1BFC402853}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab[ZPA_SHVL Object] -> 
{A996E48C-D3DC-4244-89F7-AFA33EC60679}[HKEY_LOCAL_MACHINE] -> https://www.cashcall.com/LoanStatus/x86/capicom.dll[Settings Class] -> 
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> 
{BE319D04-18BD-4B34-AECC-EE7CB610FCA9}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab[BewitchedGameClass Control] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe[Virtools WebPlayer Class] -> 
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/StProxy.cab55579.cab[MSN Games – Game Communicator] -> 
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.94.cab[CPlayFirstDinerDashControl Object] -> 
{FF3C5A9F-5A99-4930-80E8-4709194C2AD3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab55579.cab[ZPA_Backgammon Object] -> 
{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}[HKEY_LOCAL_MACHINE] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab[DownloadManager Control] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.dat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.dat\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.dat\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.xml\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.xml\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.xml\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BewitchedGameClass.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BewitchedGameClass.ocx\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BewitchedGameClass.ocx\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/capicom.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/capicom.dll\\.Owner -> {A996E48C-D3DC-4244-89F7-AFA33EC60679} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/capicom.dll\\{A996E48C-D3DC-4244-89F7-AFA33EC60679} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash.1.0.0.94.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash.1.0.0.94.dll\\.Owner -> {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash.1.0.0.94.dll\\{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash2.1.0.0.68.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash2.1.0.0.68.dll\\.Owner -> {639658F3-B141-4D6B-B936-226F75A5EAC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DinerDash2.1.0.0.68.dll\\{639658F3-B141-4D6B-B936-226F75A5EAC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\\.Owner -> {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\\{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/game_uno1.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/game_uno1.dll\\.Owner -> {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/game_uno1.dll\\{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\.Owner -> {05D44720-58E3-49E6-BDF6-D00330E511D3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\{05D44720-58E3-49E6-BDF6-D00330E511D3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\.Owner -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\\.Owner -> {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\\{8A0019EB-51FA-4AE5-A40B-C0496BBFC739} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\.Owner -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\{3BB54395-5982-4788-8AF4-B5388FFDD0D8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\.Owner -> {5736C456-EA94-4AAC-BB08-917ABDD035B3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\{5736C456-EA94-4AAC-BB08-917ABDD035B3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Backgammon.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Backgammon.ocx\\.Owner -> {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Backgammon.ocx\\{FF3C5A9F-5A99-4930-80E8-4709194C2AD3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_hrtz.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_hrtz.ocx\\.Owner -> {95B5D20C-BD31-4489-8ABF-F8C8BE748463} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_hrtz.ocx\\{95B5D20C-BD31-4489-8ABF-F8C8BE748463} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_shvl.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_shvl.ocx\\.Owner -> {A4110378-789B-455F-AE86-3A1BFC402853} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_shvl.ocx\\{A4110378-789B-455F-AE86-3A1BFC402853} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_txhe.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_txhe.ocx\\.Owner -> {9BDF4724-10AA-43D5-BD15-AEA0D2287303} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zpa_txhe.ocx\\{9BDF4724-10AA-43D5-BD15-AEA0D2287303} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/fmod.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/fmod.dll\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/fmod.dll\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MFC71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MFC71.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MFC71.dll\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
CTFMON.EXE hkey= key= ->  -> File not found
DVDLauncher hkey= key= ->  -> File not found
IgfxTray hkey= key= ->  -> File not found
ISUSPM Startup hkey= key= ->  -> File not found
ISUSScheduler hkey= key= ->  -> File not found
NeroFilterCheck hkey= key= ->  -> File not found
QuickTime Task hkey= key= ->  -> File not found
SunJavaUpdateSched hkey= key= ->  -> File not found
TkBellExe hkey= key= ->  -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found
.chm [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found
.cmd [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found
.com [@ = exefile] -> "%1" %* -> 
.cpl [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found
.exe [@ = exefile] -> "%1" %* -> 
.hlp [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found
.hta [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found
.inf [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found
.ini [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found
.js [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found
.jse [@ = Reg Error: Key does not exist or could not be opened.] -> Reg Error: Key does not exist or could not be opened. -> File not found
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{00000409-78E1-11D2-B60F-006097C998E7} -> Microsoft Office 2000 Premium
{0240BDFB-2995-4A3F-8C96-18D41282B716} -> Dell Network Assistant
{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} -> OpenOffice.org Installer 1.0
{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} -> Microsoft Plus! Photo Story 2 LE
{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} -> Security Update for CAPICOM (KB931906)
{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D} -> The Print Shop 23
{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> Multimedia Launcher
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{237a4b21-78c1-11d6-a394-00104bd190b1} -> QuickBooks Basic Edition 2003
{24ED4D80-8294-11D5-96CD-0040266301AD} -> FinePixViewer Ver.5.2
{2604C0F9-BFD3-4BA0-9EB5-22537C648F03} -> MobileMe Control Panel
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6
{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3
{3248F0A8-6813-11D6-A77B-00B0D0160050} -> Java(TM) 6 Update 5
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
{33BB4982-DC52-4886-A03B-F4C5C80BEE89} -> Windows Media Player 10
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{35BDEFF1-A610-4956-A00D-15453C116395} -> Internet Explorer Default Page
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978)
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> Modem On Hold
{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B} -> Google Earth
{4192EAC0-6B36-4723-B216-D0E86E7757AC} -> Jasc Paint Shop Photo Album 5
{48FEB597-0410-4A17-B134-0DEF3083B944} -> eMusic Download Manager
{5490882C-6961-11D5-BAE5-00E0188E010B} -> FUJIFILM USB Driver
{5864B49E-03FC-481E-89B7-A6664CC2ACB4} -> eDrawings 2008
{5905F42D-3F5F-4916-ADA6-94A3646AEE76} -> Dell Driver Reset Tool
{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} -> AOLIcon
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD 5.5
{6846389C-BAC0-4374-808E-B120F86AF5D7} -> Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} -> Digital Content Portal
{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} -> Microsoft Plus! Digital Media Edition Installer
{7148F0A8-6813-11D6-A77B-00B0D0142030} -> Java 2 Runtime Environment, SE v1.4.2_03
{74F7662C-B1DB-489E-A8AC-07A06B24978B} -> Dell System Restore
{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68} -> Modem Event Monitor
{7A3F0566-5E05-4919-9C98-456F6B5CF831} -> Get High Speed Internet!
{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} -> DellSupport
{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper
{83CD5BE6-C4DC-416E-BE6B-691AEB8C07DF} -> My Tattoo
{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA} -> Intel(R) PROSet for Wired Connections
{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} -> MSXML 4.0 SP2 (KB954430)
{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} -> Bonjour
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel(R) Graphics Media Accelerator Driver
{8A9B8148-DDD7-448F-BD6C-358386D32354} -> Corel Photo Album 6
{8DC42D05-680B-41B0-8878-6C14D24602DB} -> QuickTime
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{94721EA3-7EA6-43EA-B99C-A5D0E3C66240} -> 924PLC32
{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} -> Apple Mobile Device Support
{9941F0AA-B903-4AF4-A055-83A9815CC011} -> Sonic Encoders
{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} -> Windows Defender Signatures
{A654A805-41D9-40C7-AA46-4AF04F044D61} -> Adobe® Photoshop® Album Starter Edition 3.2
{A683A2C0-821C-486F-858C-FA634DB5E864} -> EducateU
{A9CF9052-F4A0-475D-A00F-A8388C62DD63} -> MSXML 4.0 SP2 (KB925672)
{AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2
{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2 -> Adobe Reader 8.1.2 Security Update 1 (KB403742)
{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} -> ABBYY FineReader 6.0 Sprint
{AF06CAE4-C134-44B1-B699-14FBDB63BD37} -> Dell Picture Studio v3.0
{AF19F291-F22F-4798-9662-525305AE9E48} -> WordPerfect Office 12
{B093990A-AAF2-44AC-9216-14BB7A2189B6} -> ImageMixer VCD2 LE for FinePix
{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9} -> Windows Defender
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B44529FF-501E-47CD-A06D-223C161BE058} -> FinePixViewer Resource
{B7A0CE06-068E-11D6-97FD-0050BACBF861} -> PowerProducer
{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A} -> Dell Support Center
{B97CF5C3-0487-11D8-A36E-0050BAE317E1} -> DVD Solution
{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181)
{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} -> Safari
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{D680C913-5955-469D-9D88-C1940F7506D6} -> RAW FILE CONVERTER LE
{D6FFC3B5-0CE1-4566-801D-3F9D8F000652} -> Documents To Go
{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843} -> iTunes
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
{E3BFEE55-39E2-4BE0-B966-89FE583822C1} -> Dell Support Center (Support Software)
{E434580A-2D4A-4433-A81E-4BCAE86AD148} -> palmOne
{E7559288-223B-453C-9F06-340E3BE21E39} -> MyWay Search Assistant
12133444-BF36-4d4e-B7FB-A3424C645DE4 -> GemMaster Mystic
ActiveScan 2.0 -> Panda ActiveScan 2.0
Adobe Flash Player Plugin -> Adobe Flash Player Plugin
Adobe Shockwave Player -> Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2 -> Adobe® Photoshop® Album Starter Edition 3.2
alotToolbar -> ALOT Toolbar
B3EE3001-DC24-4cd1-8743-5692C716659F -> Otto
CleanUp! -> CleanUp!
Dell Digital Jukebox Driver -> Dell Digital Jukebox Driver
Dell Game Console -> Dell Game Console
Dell Photo AIO Printer 924 -> Dell Photo AIO Printer 924
EmeraldQFE2 -> Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
ERUNT_is1 -> ERUNT 1.1j
ESPNMotion -> ESPNMotion
Foxit Reader -> Foxit Reader
GoogleVideoPlayer -> Google Video Player
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
Intel(R) 537EP V9x DF PCI Modem -> Intel(R) 537EP V9x DF PCI Modem
Jasc Paint Shop Pro Studio GDI+ Patch -> Jasc Paint Shop Pro Studio GDI+ Patch
Jasc Paint Shop Pro Studio.01 , Dell Edition Patch -> Jasc Paint Shop Pro Studio.01 , Dell Edition Patch
Jasc Paint Shop Pro Studio.01 Patch -> Jasc Paint Shop Pro Studio.01 Patch
KB835221WXP -> High Definition Audio Driver Package - KB835221
KB873339 -> Windows XP Hotfix - KB873339
KB885250 -> Windows XP Hotfix - KB885250
KB885835 -> Windows XP Hotfix - KB885835
KB885836 -> Windows XP Hotfix - KB885836
KB886185 -> Windows XP Hotfix - KB886185
KB887472 -> Windows XP Hotfix - KB887472
KB887742 -> Windows XP Hotfix - KB887742
KB887998 -> Microsoft .NET Framework 1.0 Hotfix (KB887998)
KB888113 -> Windows XP Hotfix - KB888113
KB888302 -> Windows XP Hotfix - KB888302
KB888310 -> Windows XP Hotfix - KB888310
KB888795 -> Hotfix for Windows XP (KB888795)
KB890046 -> Security Update for Windows XP (KB890046)
KB890175 -> Windows XP Hotfix - KB890175
KB890859 -> Windows XP Hotfix - KB890859
KB890927 -> Windows XP Hotfix - KB890927
KB891593 -> Hotfix for Windows XP (KB891593)
KB891781 -> Windows XP Hotfix - KB891781
KB892130 -> Windows Genuine Advantage Validation Tool (KB892130)
KB893066 -> Security Update for Windows XP (KB893066)
KB893756 -> Security Update for Windows XP (KB893756)
KB893803v2 -> Windows Installer 3.1 (KB893803)
KB894391 -> Update for Windows XP (KB894391)
KB895316 -> Windows Media Player 10 Hotfix - KB895316
KB895961 -> Hotfix for Windows XP (KB895961)
KB896358 -> Security Update for Windows XP (KB896358)
KB896422 -> Security Update for Windows XP (KB896422)
KB896423 -> Security Update for Windows XP (KB896423)
KB896424 -> Security Update for Windows XP (KB896424)
KB896428 -> Security Update for Windows XP (KB896428)
KB896727 -> Update for Windows XP (KB896727)
KB898461 -> Update for Windows XP (KB898461)
KB899337 -> Hotfix for Windows XP (KB899337)
KB899510 -> Hotfix for Windows XP (KB899510)
KB899587 -> Security Update for Windows XP (KB899587)
KB899588 -> Security Update for Windows XP (KB899588)
KB899589 -> Security Update for Windows XP (KB899589)
KB899591 -> Security Update for Windows XP (KB899591)
KB900325 -> Update Rollup 2 for Windows XP Media Center Edition 2005
KB900485 -> Update for Windows XP (KB900485)
KB900725 -> Security Update for Windows XP (KB900725)
KB901017 -> Security Update for Windows XP (KB901017)
KB901214 -> Security Update for Windows XP (KB901214)
KB902400 -> Security Update for Windows XP (KB902400)
KB902841 -> Hotfix for Windows XP (KB902841)
KB903157 -> Hotfix for Windows Media Player 10 (KB903157)
KB904706 -> Security Update for Windows XP (KB904706)
KB904942 -> Update for Windows XP (KB904942)
KB905414 -> Security Update for Windows XP (KB905414)
KB905749 -> Security Update for Windows XP (KB905749)
KB905915 -> Security Update for Windows XP (KB905915)
KB906569 -> Hotfix for Windows XP (KB906569)
KB908246 -> Windows XP Media Center Edition 2005 KB908246
KB908250 -> Windows XP Media Center Edition 2005 KB908250
KB908519 -> Security Update for Windows XP (KB908519)
KB908531 -> Security Update for Windows XP (KB908531)
KB910393 -> Update for Windows Media Player 10 (KB910393)
KB910437 -> Update for Windows XP (KB910437)
KB911280 -> Security Update for Windows XP (KB911280)
KB911562 -> Security Update for Windows XP (KB911562)
KB911565 -> Security Update for Windows Media Player 10 (KB911565)
KB911567 -> Security Update for Windows XP (KB911567)
KB911927 -> Security Update for Windows XP (KB911927)
KB912812 -> Security Update for Windows XP (KB912812)
KB912919 -> Security Update for Windows XP (KB912919)
KB913446 -> Security Update for Windows XP (KB913446)
KB913580 -> Security Update for Windows XP (KB913580)
KB913800 -> Update for Windows Media Player 10 (KB913800)
KB914388 -> Security Update for Windows XP (KB914388)
KB914389 -> Security Update for Windows XP (KB914389)
KB914440 -> Hotfix for Windows XP (KB914440)
KB915865 -> Hotfix for Windows XP (KB915865)
KB916281 -> Security Update for Windows XP (KB916281)
KB916595 -> Update for Windows XP (KB916595)
KB917159 -> Security Update for Windows XP (KB917159)
KB917344 -> Security Update for Windows XP (KB917344)
KB917422 -> Security Update for Windows XP (KB917422)
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734)
KB917953 -> Security Update for Windows XP (KB917953)
KB918118 -> Security Update for Windows XP (KB918118)
KB918439 -> Security Update for Windows XP (KB918439)
KB918899 -> Security Update for Windows XP (KB918899)
KB919007 -> Security Update for Windows XP (KB919007)
KB920213 -> Security Update for Windows XP (KB920213)
KB920214 -> Security Update for Windows XP (KB920214)
KB920670 -> Security Update for Windows XP (KB920670)
KB920683 -> Security Update for Windows XP (KB920683)
KB920685 -> Security Update for Windows XP (KB920685)
KB920872 -> Update for Windows XP (KB920872)
KB921398 -> Security Update for Windows XP (KB921398)
KB921503 -> Security Update for Windows XP (KB921503)
KB921883 -> Security Update for Windows XP (KB921883)
KB922582 -> Update for Windows XP (KB922582)
KB922616 -> Security Update for Windows XP (KB922616)
KB922760 -> Security Update for Windows XP (KB922760)
KB922819 -> Security Update for Windows XP (KB922819)
KB923191 -> Security Update for Windows XP (KB923191)
KB923414 -> Security Update for Windows XP (KB923414)
KB923689 -> Security Update for Windows XP (KB923689)
KB923694 -> Security Update for Windows XP (KB923694)
KB923980 -> Security Update for Windows XP (KB923980)
KB924191 -> Security Update for Windows XP (KB924191)
KB924270 -> Security Update for Windows XP (KB924270)
KB924496 -> Security Update for Windows XP (KB924496)
KB924667 -> Security Update for Windows XP (KB924667)
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398)
KB925454 -> Security Update for Windows XP (KB925454)
KB925486 -> Security Update for Windows XP (KB925486)
KB925902 -> Security Update for Windows XP (KB925902)
KB926239 -> Hotfix for Windows XP (KB926239)
KB926251 -> Update for Windows Media Player 10 (KB926251)
KB926255 -> Security Update for Windows XP (KB926255)
KB926436 -> Security Update for Windows XP (KB926436)
KB927779 -> Security Update for Windows XP (KB927779)
KB927802 -> Security Update for Windows XP (KB927802)
KB927891 -> Update for Windows XP (KB927891)
KB928255 -> Security Update for Windows XP (KB928255)
KB928843 -> Security Update for Windows XP (KB928843)
KB929123 -> Security Update for Windows XP (KB929123)
KB929338 -> Update for Windows XP (KB929338)
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399)
KB930178 -> Security Update for Windows XP (KB930178)
KB930494 -> Microsoft .NET Framework 1.0 Hotfix (KB930494)
KB930916 -> Update for Windows XP (KB930916)
KB931261 -> Security Update for Windows XP (KB931261)
KB931784 -> Security Update for Windows XP (KB931784)
KB931836 -> Update for Windows XP (KB931836)
KB931906 -> Security Update for CAPICOM (KB931906)
KB932168 -> Security Update for Windows XP (KB932168)
KB932823-v3 -> Update for Windows XP (KB932823-v3)
KB933360 -> Update for Windows XP (KB933360)
KB933729 -> Security Update for Windows XP (KB933729)
KB935839 -> Security Update for Windows XP (KB935839)
KB935840 -> Security Update for Windows XP (KB935840)
KB936021 -> Security Update for Windows XP (KB936021)
KB936357 -> Update for Windows XP (KB936357)
KB936782_WMP10 -> Security Update for Windows Media Player 10 (KB936782)
KB937143 -> Security Update for Windows XP (KB937143)
KB937894 -> Security Update for Windows XP (KB937894)
KB938127 -> Security Update for Windows XP (KB938127)
KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127)
KB938464 -> Security Update for Windows XP (KB938464)
KB938828 -> Update for Windows XP (KB938828)
KB938829 -> Security Update for Windows XP (KB938829)
KB939653 -> Security Update for Windows XP (KB939653)
KB941202 -> Security Update for Windows XP (KB941202)
KB941568 -> Security Update for Windows XP (KB941568)
KB941569 -> Security Update for Windows XP (KB941569)
KB941644 -> Security Update for Windows XP (KB941644)
KB941693 -> Security Update for Windows XP (KB941693)
KB942615-IE7 -> Security Update for Windows Internet Explorer 7 (KB942615)
KB942763 -> Update for Windows XP (KB942763)
KB942840 -> Update for Windows XP (KB942840)
KB943055 -> Security Update for Windows XP (KB943055)
KB943460 -> Security Update for Windows XP (KB943460)
KB943485 -> Security Update for Windows XP (KB943485)
KB944533 -> Security Update for Windows XP (KB944533)
KB944653 -> Security Update for Windows XP (KB944653)
KB945553 -> Security Update for Windows XP (KB945553)
KB946026 -> Security Update for Windows XP (KB946026)
KB946648 -> Security Update for Windows XP (KB946648)
KB947864-IE7 -> Hotfix for Windows Internet Explorer 7 (KB947864)
KB948590 -> Security Update for Windows XP (KB948590)
KB948881 -> Security Update for Windows XP (KB948881)
KB950749 -> Security Update for Windows XP (KB950749)
KB950759-IE7 -> Security Update for Windows Internet Explorer 7 (KB950759)
KB950760 -> Security Update for Windows XP (KB950760)
KB950762 -> Security Update for Windows XP (KB950762)
KB950974 -> Security Update for Windows XP (KB950974)
KB951066 -> Security Update for Windows XP (KB951066)
KB951072-v2 -> Update for Windows XP (KB951072-v2)
KB951376 -> Security Update for Windows XP (KB951376)
KB951376-v2 -> Security Update for Windows XP (KB951376-v2)
KB951698 -> Security Update for Windows XP (KB951698)
KB951748 -> Security Update for Windows XP (KB951748)
KB952287 -> Hotfix for Windows XP (KB952287)
KB952954 -> Security Update for Windows XP (KB952954)
KB953838-IE7 -> Security Update for Windows Internet Explorer 7 (KB953838)
KB953839 -> Security Update for Windows XP (KB953839)
KB954211 -> Security Update for Windows XP (KB954211)
KB955069 -> Security Update for Windows XP (KB955069)
KB956390-IE7 -> Security Update for Windows Internet Explorer 7 (KB956390)
KB956391 -> Security Update for Windows XP (KB956391)
KB956803 -> Security Update for Windows XP (KB956803)
KB956841 -> Security Update for Windows XP (KB956841)
KB957095 -> Security Update for Windows XP (KB957095)
KB957097 -> Security Update for Windows XP (KB957097)
KB958644 -> Security Update for Windows XP (KB958644)
M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Monopoly -> Monopoly
Mozilla Firefox (2.0.0.18) -> Mozilla Firefox (2.0.0.18)
MSNINST -> MSN
MySpaceIM -> MySpaceIM
Nero - Burning Rom!UninstallKey -> Nero OEM
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
nupyoozgrf -> RON Tool Netupbanner
PROSet -> Intel(R) PRO Network Connections Drivers
RealPlayer 6.0 -> RealPlayer
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4
The Logo Creator v5 -> The Logo Creator v5
ViewpointMediaPlayer -> Viewpoint Media Player
WebCyberCoach_wtrb -> WebCyberCoach 3.2 Dell
WebPost -> Microsoft Web Publishing Wizard 1.52
WGA -> Windows Genuine Advantage Validation Tool (KB892130)
WgaNotify -> Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 10
WMFDist11 -> Windows Media Format 11 runtime
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Applications -> AT&T Yahoo! Applications
Yahoo! IE Suggest -> Yahoo! Search Suggest Add-on for IE7


[Files/Folders - Created Within 30 days]
avexport.bat -> %SystemDrive%\avexport.bat ->  [Ver =  | Size = 811 bytes | Created Date = 11/25/2008 1:18:52 PM | Attr =	]
cleanup.bat -> %SystemDrive%\cleanup.bat ->  [Ver =  | Size = 574 bytes | Created Date = 11/25/2008 1:18:50 PM | Attr =	]
cleanup.exe -> %SystemDrive%\cleanup.exe ->  [Ver =  | Size = 19286 bytes | Created Date = 11/25/2008 1:18:50 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 258101248 bytes | Created Date = 11/25/2008 2:04:43 PM | Attr =  HS]
zip.exe -> %SystemDrive%\zip.exe ->  [Ver =  | Size = 135168 bytes | Created Date = 11/25/2008 1:18:50 PM | Attr =	]
_OTScanIt -> %SystemDrive%\_OTScanIt ->  [Folder | Created Date = 11/24/2008 8:54:47 PM | Attr =	]
1 C:\*.tmp files -> C:\*.tmp -> 
fpencode.dll -> %SystemRoot%\System32\dllcache\fpencode.dll ->  [Ver =  | Size = 94208 bytes | Created Date = 11/14/2008 11:27:36 PM | Attr =	]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Created Date = 11/24/2008 3:04:00 PM | Attr =	]
pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0  | Size = 28544 bytes | Created Date = 11/17/2008 3:06:37 PM | Attr =	]
cdintf300.dll -> %SystemRoot%\System32\cdintf300.dll -> Amyuni Technologies
http://www.amyuni.com [Ver = 3.02 | Size = 3715072 bytes | Created Date = 11/6/2008 8:04:59 PM | Attr =	]
vbzip10.dll -> %SystemRoot%\System32\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Created Date = 11/13/2008 9:00:04 AM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 11/24/2008 8:51:33 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Created Date = 11/24/2008 3:04:00 PM | Attr =	]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Created Date = 11/24/2008 3:04:00 PM | Attr =	]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 345 bytes | Created Date = 11/24/2008 3:04:06 PM | Attr =	]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Created Date = 11/24/2008 3:04:00 PM | Attr =	]
unvise32.exe -> %SystemRoot%\unvise32.exe -> MindVision Software [Ver = 3.6.1 | Size = 90112 bytes | Created Date = 11/6/2008 8:09:38 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
avexport.bat -> %SystemDrive%\avexport.bat ->  [Ver =  | Size = 811 bytes | Modified Date = 11/25/2008 1:18:52 PM | Attr =	]
cleanup.bat -> %SystemDrive%\cleanup.bat ->  [Ver =  | Size = 574 bytes | Modified Date = 11/25/2008 1:18:50 PM | Attr =	]
cleanup.exe -> %SystemDrive%\cleanup.exe ->  [Ver =  | Size = 19286 bytes | Modified Date = 11/25/2008 1:18:50 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 258101248 bytes | Modified Date = 11/25/2008 2:04:43 PM | Attr =  HS]
1 C:\*.tmp files -> C:\*.tmp -> 
zip.exe -> %SystemDrive%\zip.exe ->  [Ver =  | Size = 135168 bytes | Modified Date = 11/25/2008 1:18:50 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 287955 bytes | Modified Date = 11/18/2008 4:04:41 PM | Attr = R  ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 11/24/2008 3:04:00 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1347176 bytes | Modified Date = 11/15/2008 7:35:49 AM | Attr =	]
KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys ->  [Ver =  | Size = 5018 bytes | Modified Date = 11/19/2008 9:15:55 AM | Attr =  HS]
null -> %SystemRoot%\System32\null ->  [Ver =  | Size = 0 bytes | Modified Date = 11/13/2008 2:09:55 AM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 54280 bytes | Modified Date = 11/8/2008 7:36:05 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 384596 bytes | Modified Date = 11/8/2008 7:36:05 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 445630 bytes | Modified Date = 11/8/2008 7:36:05 AM | Attr =	]
pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 11/3/2008 10:15:28 AM | Attr =	]
vbzip10.dll -> %SystemRoot%\System32\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Modified Date = 11/13/2008 9:00:04 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 11/25/2008 2:06:01 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 11/25/2008 2:04:44 PM | Attr =   S]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Modified Date = 11/24/2008 3:04:00 PM | Attr =	]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 345 bytes | Modified Date = 11/24/2008 3:16:20 PM | Attr =	]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 11/24/2008 3:04:00 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 11/14/2008 4:52:22 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 11/14/2008 11:37:44 PM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 59 bytes | Modified Date = 11/14/2008 11:35:02 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 573 bytes | Modified Date = 11/14/2008 11:30:15 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 11/13/2008 6:45:28 PM | Attr =	]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 11/17/2008 1:49:03 AM | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 11/25/2008 2:05:06 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 12/15/2005 4:40:02 AM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6060 bytes | Modified Date = 11/15/2008 2:12:53 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 11/15/2008 2:13:04 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 12/29/2005 12:40:07 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 12/29/2005 12:40:07 PM | Attr =	]
C:\Documents and Settings\Sandy Waller\Local Settings\Temp\Temporary Directory 1 for avenger.zip\ -> C:\Documents and Settings\Sandy Waller\Local Settings\Temp\Temporary Directory 1 for avenger.zip\ ->  [Folder | Modified Date = 11/25/2008 1:17:45 PM | Attr =  H ]
avenger.exe -> C:\Documents and Settings\Sandy Waller\Local Settings\Temp\Temporary Directory 1 for avenger.zip\avenger.exe ->  [Ver =  | Size = 731136 bytes | Modified Date = 5/30/2008 11:09:46 PM | Attr = R  ]

< End of report >


#9 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 25 November 2008 - 05:28 PM

I get two errors with the system I don't know is this is part of the same problem or something else.

At start up I get na error stating that WINDOWS DEFENTER failed to initialize

At shup dow I have to manually end SPRTCMD.exe before the system will shut down

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 25 November 2008 - 07:14 PM

Hello.

Looks much better.

Please uninstall these old versions of Java:
Java™ 6 Update 3
Java™ 6 Update 5
Java 2 Runtime Environment, SE v1.4.2_03

Run Fix with OTScanIt
We will run OTScanIt again, but the directions are slightly different. If you have lost your copy of OTScanIt, download it here and extract it like you did last time.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Registry - Non-Microsoft Only]
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
    YN -> lyuhvp.dll -> 
    YN -> zkwtar.dll -> 
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Install Antivirus
It doesn't look like you have an antivirus installed. Did you uninstall AVG?

Please install an antivirus if you do not have one right now.After installing, update the database, run a full system scan and remove any items found.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Please post back with:
-the OTScanIt fix log
-the Kaspersky log
-a new HijackThis log

How is your computer running now?

With Regards,
The Panda

#11 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 26 November 2008 - 04:54 AM

here is the OTScanIt Log

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:lyuhvp.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:zkwtar.dll deleted successfully.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11252008_185150


Here is the HiJackThis Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:17 PM, on 11/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Hotsync.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.agadoo.biz/bc/123kah.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\The Print Shop 23\Remind.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://svca.solidworks.com/htdocs/pdownloa...elsStandard.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137106924015
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143672668500
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.cashcall.com/LoanStatus/x86/capicom.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.94.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab55579.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 13977 bytes



The Kaspersky scan seem to get stuck while checking Quicktime.msi

I have left the scan running and if it does finish I will upload that log.

The machine is running failr well it does get sluggish at times but I think that is because of the low amount of internal memory.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 26 November 2008 - 08:19 AM

Hello.

Kaspersky may take several hours normally. If it takes too long, skip it.

With Regards,
The Panda

#13 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 26 November 2008 - 01:50 PM

The scan ran for over 8 hours and never got past 6%

I cancelled the scan.

How does the rest of the system look?

I am going to update to SP3 when we are done.

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 26 November 2008 - 05:42 PM

Hello.

Looks good to me.

Does AVG pick up anything other than tracking cookies?

Please install SP3 and post a new HJT log.

With Regards,
The Panda

#15 GWE

GWE
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 27 November 2008 - 06:12 AM

AVG only finds cookies

here is the HJT log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:24 AM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Hotsync.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.agadoo.biz/bc/123kah.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\The Print Shop 23\Remind.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://svca.solidworks.com/htdocs/pdownloa...elsStandard.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137106924015
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143672668500
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.cashcall.com/LoanStatus/x86/capicom.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.94.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab55579.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 14720 bytes



The system seem to running fine but a little slow when loading programs.


Do you have any ideas about the 'Windows Defender' error when starting the system and the 'SPRTCMD.exe' error when shutting the system down.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users