Your computer (IP: REMOVED) generates an attacking DOS requests at our servers caused by the spyware/virus named 'Troj/Rustok-N'

ALSO google keeps redirecting me to copy-book.com its annoying


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:44 PM, on 12/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\acs.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\ESET\ESET Smart Security\ekrn.exe
E:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\iolo\common\lib\ioloServiceManager.exe
E:\WINDOWS\system32\libusbd-nt.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Sandboxie\SbieSvc.exe
E:\WINDOWS\system32\spupdsvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\TVersity\Media Server\MediaServer.exe
E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
E:\WINDOWS\system32\vmnat.exe
E:\WINDOWS\system32\vmnetdhcp.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
E:\Program Files\VMware\VMware Player\vmware-authd.exe
E:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
E:\Program Files\ESET\ESET Smart Security\egui.exe
E:\WINDOWS\system32\RunDll32.exe
E:\Program Files\VMware\VMware Player\hqtray.exe
E:\Program Files\Unlocker\UnlockerAssistant.exe
E:\Program Files\Razer\Lachesis\razerhid.exe
E:\Program Files\Razer\Lachesis\OSD.exe
E:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
E:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
E:\Program Files\Razer\Diamondback\razerhid.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\Razer\Lachesis\razertra.exe
E:\Program Files\Sandboxie\SbieCtrl.exe
E:\Program Files\Razer\Diamondback\razerofa.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Razer\Lachesis\razerofa.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\NETGEAR\WPN311\wlancfg5.exe
E:\Program Files\UltraMon\UltraMon.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files\UltraMon\UltraMonTaskbar.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Program Files\iolo\System Mechanic\SMTrayNotify.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\iTunes\iTunes.exe
E:\Program Files\Ventrilo\Ventrilo.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\Program Files\Xfire\Xfire.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Free Download Manager\fdm.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://project-7.net/forum/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nTrayFw] E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VMware hqtray] "E:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "E:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Lachesis] E:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] E:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [amd_dc_opt] E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "E:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "E:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Diamondback] E:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SandboxieControl] "E:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Free Download Manager] "E:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Software Informer] "E:\Program Files\Free Download Manager\softinfo.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [12CFG94-z641-2SF-N31P-5M1ER6H6L1] E:\RECYCLER\S-1-5-21-5601479003-1218356361-213137255-7886\winigon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "E:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "E:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = E:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://E:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - E:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - E:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - E:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - E:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - E:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - E:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - E:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - E:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - E:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\WINDOWS\system32\vmnat.exe

--
End of file - 14447 bytes

OTScanIT log



OTScanIt logfile created on: 2008-12-01 17:35:25
OTScanIt by OldTimer - Version 1.0.19.0 Folder = E:\Documents and Settings\Simon.SIMON-PC\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092;

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 135.23 Gb Total Space | 7.22 Gb Free Space | 5.34% Space Free | Partition Type: NTFS
Drive D: | 40.23 Gb Total Space | 13.22 Gb Free Space | 32.86% Space Free | Partition Type: NTFS
Drive E: | 57.41 Gb Total Space | 7.07 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIMO
Current User Name: Simon
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

[Processes - Non-Microsoft Only]
acs.exe -> %SystemRoot%\system32\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2006-12-04 12:57:38 | Attr = ]
syncservicesbasics.exe -> %ProgramFiles%\Seagate\Basics\Service\SyncServicesBasics.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 124280 bytes | Modified Date = 2007-10-09 17:21:02 | Attr = ]
ekrn.exe -> %ProgramFiles%\ESET\ESET Smart Security\ekrn.exe -> ESET [Ver = 3.0.645 | Size = 468224 bytes | Modified Date = 2007-12-22 02:21:16 | Attr = ]
fbguard.exe -> %ProgramFiles%\Firebird\Firebird_2_1\bin\fbguard.exe -> FirebirdSQL Project [Ver = WI-T2.1.0.16780 | Size = 81920 bytes | Modified Date = 2007-10-16 11:08:08 | Attr = ]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 2005-09-24 05:04:38 | Attr = ]
ioloservicemanager.exe -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe -> [Ver = | Size = 592232 bytes | Modified Date = 2008-06-19 17:59:12 | Attr = ]
libusbd-nt.exe -> %SystemRoot%\system32\libusbd-nt.exe -> http://libusb-win32.sourceforge.net [Ver = 0.1.10.1 | Size = 18944 bytes | Modified Date = 2005-03-09 21:50:18 | Attr = ]
nsvcip.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA [Ver = 2, 2, 0, 464 | Size = 118843 bytes | Modified Date = 2005-10-01 07:59:46 | Attr = ]
nsvclog.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA [Ver = 2, 2, 0, 464 | Size = 61503 bytes | Modified Date = 2005-10-01 07:59:30 | Attr = ]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 2005-09-24 05:04:38 | Attr = ]
ioctlsvc.exe -> %SystemRoot%\system32\IoctlSvc.exe -> Prolific Technology Inc. [Ver = 1, 6, 0, 0 | Size = 81920 bytes | Modified Date = 2006-12-19 11:30:26 | Attr = ]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 2008-11-13 18:13:07 | Attr = ]
pnkbstrb.exe -> %SystemRoot%\system32\PnkBstrB.exe -> [Ver = | Size = 202040 bytes | Modified Date = 2008-12-01 16:36:38 | Attr = ]
sbiesvc.exe -> %ProgramFiles%\Sandboxie\SbieSvc.exe -> tzuk [Ver = 3.28 | Size = 49664 bytes | Modified Date = 2008-07-01 08:19:00 | Attr = ]
mediaserver.exe -> %ProgramFiles%\TVersity\Media Server\MediaServer.exe -> [Ver = | Size = 794624 bytes | Modified Date = 2008-07-23 03:59:42 | Attr = ]
vmount2.exe -> %CommonProgramFiles%\VMware\VMware Virtual Image Editing\vmount2.exe -> VMware, Inc. [Ver = 1.5.2 build-42958 | Size = 269104 bytes | Modified Date = 2007-03-23 11:02:52 | Attr = ]
vmnat.exe -> %SystemRoot%\system32\vmnat.exe -> VMware, Inc. [Ver = 6.0.3 build-80004 | Size = 150064 bytes | Modified Date = 2008-03-03 21:06:12 | Attr = ]
vmnetdhcp.exe -> %SystemRoot%\system32\vmnetdhcp.exe -> VMware, Inc. [Ver = 6.0.3 build-80004 | Size = 121392 bytes | Modified Date = 2008-03-03 21:06:26 | Attr = ]
nsvcappflt.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [Ver = 1, 0, 1, 0 | Size = 139264 bytes | Modified Date = 2005-10-01 08:02:40 | Attr = ]
vmware-authd.exe -> %ProgramFiles%\VMware\VMware Player\vmware-authd.exe -> VMware, Inc. [Ver = 6.0.3 build-80004 | Size = 109104 bytes | Modified Date = 2008-03-03 21:06:10 | Attr = ]
fbserver.exe -> %ProgramFiles%\Firebird\Firebird_2_1\bin\fbserver.exe -> FirebirdSQL Project [Ver = WI-T2.1.0.16780 | Size = 2711552 bytes | Modified Date = 2007-10-16 11:07:38 | Attr = ]
egui.exe -> %ProgramFiles%\ESET\ESET Smart Security\egui.exe -> ESET [Ver = 3.0.645 | Size = 1443072 bytes | Modified Date = 2008-03-01 22:54:52 | Attr = ]
hqtray.exe -> %ProgramFiles%\VMware\VMware Player\hqtray.exe -> VMware, Inc. [Ver = 6.0.3 build-80004 | Size = 55856 bytes | Modified Date = 2008-03-03 21:05:22 | Attr = ]
unlockerassistant.exe -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe -> [Ver = | Size = 15872 bytes | Modified Date = 2008-05-02 15:15:46 | Attr = ]
razerhid.exe -> %ProgramFiles%\Razer\Lachesis\razerhid.exe -> [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 2007-09-12 12:52:18 | Attr = ]
osd.exe -> %ProgramFiles%\Razer\Lachesis\OSD.exe -> razercfg MFC Application [Ver = 1, 0, 0, 0 | Size = 274432 bytes | Modified Date = 2007-08-16 18:05:16 | Attr = ]
lcdmon.exe -> %CommonProgramFiles%\Logitech\LCD Manager\LCDMon.exe -> Logitech Inc. [Ver = 1.04.153 | Size = 774168 bytes | Modified Date = 2007-04-26 17:54:30 | Attr = ]
lgdcore.exe -> %CommonProgramFiles%\Logitech\G-series Software\LGDCore.exe -> Logitech Inc. [Ver = 1.04.153 | Size = 1132056 bytes | Modified Date = 2007-04-26 18:22:32 | Attr = ]
razertra.exe -> %ProgramFiles%\Razer\Lachesis\razertra.exe -> [Ver = 1, 0, 0, 1 | Size = 143360 bytes | Modified Date = 2007-10-15 16:59:14 | Attr = ]
razerofa.exe -> %ProgramFiles%\Razer\Lachesis\razerofa.exe -> Razer Inc. [Ver = 4.0.0.4 | Size = 163840 bytes | Modified Date = 2007-06-05 11:37:12 | Attr = ]
lcdclock.exe -> %CommonProgramFiles%\Logitech\LCD Manager\Applets\LCDClock.exe -> Logitech Inc. [Ver = 1.04.153 | Size = 203288 bytes | Modified Date = 2007-04-26 17:53:24 | Attr = ]
lcdcountdown.exe -> %CommonProgramFiles%\Logitech\LCD Manager\Applets\LCDCountdown.exe -> Logitech Inc. [Ver = 1.04.153 | Size = 388120 bytes | Modified Date = 2007-04-26 17:53:48 | Attr = ]
lcdmedia.exe -> %CommonProgramFiles%\Logitech\LCD Manager\Applets\LCDMedia.exe -> Logitech Inc. [Ver = 1.04.153 | Size = 374296 bytes | Modified Date = 2007-04-26 17:54:18 | Attr = ]
lcdpop3.exe -> %CommonProgramFiles%\Logitech\LCD Manager\Applets\LCDPOP3.exe -> Logitech Inc. [Ver = 1.04.153 | Size = 321048 bytes | Modified Date = 2007-04-26 17:54:56 | Attr = ]
razerhid.exe -> %ProgramFiles%\Razer\Diamondback\razerhid.exe -> [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 2007-02-14 11:15:04 | Attr = ]
daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.30.0.0 | Size = 490952 bytes | Modified Date = 2008-07-17 23:20:34 | Attr = ]
sbiectrl.exe -> %ProgramFiles%\Sandboxie\SbieCtrl.exe -> tzuk [Ver = 3.28 | Size = 738816 bytes | Modified Date = 2008-07-01 08:19:06 | Attr = ]
razerofa.exe -> %ProgramFiles%\Razer\Diamondback\razerofa.exe -> Razer Inc. [Ver = 4.0.0.4 | Size = 163840 bytes | Modified Date = 2007-02-14 11:11:18 | Attr = ]
wlancfg5.exe -> %ProgramFiles%\NETGEAR\WPN311\wlancfg5.exe -> [Ver = 1, 4, 1, 306 | Size = 1503232 bytes | Modified Date = 2006-12-04 12:57:38 | Attr = ]
ultramon.exe -> %ProgramFiles%\UltraMon\UltraMon.exe -> Realtime Soft Ltd [Ver = 3.0.2.0 | Size = 694040 bytes | Modified Date = 2008-01-15 20:42:02 | Attr = ]
ultramontaskbar.exe -> %ProgramFiles%\UltraMon\UltraMonTaskbar.exe -> Realtime Soft Ltd [Ver = 3.0.2.0 | Size = 283136 bytes | Modified Date = 2008-01-15 13:24:46 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.4 | Size = 307712 bytes | Modified Date = 2008-11-14 12:24:15 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ACS) Atheros Configuration Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2006-12-04 12:57:38 | Attr = ]
(Basics Service) Basics Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Seagate\Basics\Service\SyncServicesBasics.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 124280 bytes | Modified Date = 2007-10-09 17:21:02 | Attr = ]
(EhttpSrv) Eset HTTP Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ESET\ESET Smart Security\EHttpSrv.exe -> ESET [Ver = 3.0.645 | Size = 19200 bytes | Modified Date = 2008-03-01 22:58:08 | Attr = ]
(ekrn) Eset Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\ESET Smart Security\ekrn.exe -> ESET [Ver = 3.0.645 | Size = 468224 bytes | Modified Date = 2007-12-22 02:21:16 | Attr = ]
(FirebirdGuardianDefaultInstance) Firebird Guardian - DefaultInstance [Win32_Own | Auto | Running] -> %ProgramFiles%\Firebird\Firebird_2_1\bin\fbguard.exe -> FirebirdSQL Project [Ver = WI-T2.1.0.16780 | Size = 81920 bytes | Modified Date = 2007-10-16 11:08:08 | Attr = ]
(FirebirdServerDefaultInstance) Firebird Server - DefaultInstance [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Firebird\Firebird_2_1\bin\fbserver.exe -> FirebirdSQL Project [Ver = WI-T2.1.0.16780 | Size = 2711552 bytes | Modified Date = 2007-10-16 11:07:38 | Attr = ]
(ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [Ver = 1, 0, 1, 0 | Size = 139264 bytes | Modified Date = 2005-10-01 08:02:40 | Attr = ]
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 2005-09-24 05:04:38 | Attr = ]
(ioloFileInfoList) iolo FileInfoList Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe -> [Ver = | Size = 592232 bytes | Modified Date = 2008-06-19 17:59:12 | Attr = ]
(ioloSystemService) iolo System Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe -> [Ver = | Size = 592232 bytes | Modified Date = 2008-06-19 17:59:12 | Attr = ]
(libusbd) LibUsb-Win32 - Daemon, Version 0.1.10.1 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\libusbd-nt.exe -> http://libusb-win32.sourceforge.net [Ver = 0.1.10.1 | Size = 18944 bytes | Modified Date = 2005-03-09 21:50:18 | Attr = ]
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA [Ver = 2, 2, 0, 464 | Size = 118843 bytes | Modified Date = 2005-10-01 07:59:46 | Attr = ]
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA [Ver = 2, 2, 0, 464 | Size = 61503 bytes | Modified Date = 2005-10-01 07:59:30 | Attr = ]
(PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\IoctlSvc.exe -> Prolific Technology Inc. [Ver = 1, 6, 0, 0 | Size = 81920 bytes | Modified Date = 2006-12-19 11:30:26 | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 2008-11-13 18:13:07 | Attr = ]
(PnkBstrB) PnkBstrB [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrB.exe -> [Ver = | Size = 202040 bytes | Modified Date = 2008-12-01 16:36:38 | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 4.0.0.1040 | Size = 92792 bytes | Modified Date = 2007-11-07 07:22:26 | Attr = ]
(SbieSvc) Sandboxie Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sandboxie\SbieSvc.exe -> tzuk [Ver = 3.28 | Size = 49664 bytes | Modified Date = 2008-07-01 08:19:00 | Attr = ]
(TVersityMediaServer) TVersityMediaServer [Win32_Own | Auto | Running] -> %ProgramFiles%\TVersity\Media Server\MediaServer.exe -> [Ver = | Size = 794624 bytes | Modified Date = 2008-07-23 03:59:42 | Attr = ]
(VMAuthdService) VMware Authorization Service [Win32_Own | Auto | Running] -> %ProgramFiles%\VMware\VMware Player\vmware-authd.exe -> VMware, Inc. [Ver = 6.0.3 build-80004 | Size = 109104 bytes | Modified Date = 2008-03-03 21:06:10 | Attr = ]
(VMnetDHCP) VMware DHCP Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\vmnetdhcp.exe -> VMware, Inc. [Ver = 6.0.3 build-80004 | Size = 121392 bytes | Modified Date = 2008-03-03 21:06:26 | Attr = ]
(vmount2) VMware Virtual Mount Manager Extended [Win32_Own | Auto | Running] -> %CommonProgramFiles%\VMware\VMware Virtual Image Editing\vmount2.exe -> VMware, Inc. [Ver = 1.5.2 build-42958 | Size = 269104 bytes | Modified Date = 2007-03-23 11:02:52 | Attr = ]
(VMware NAT Service) VMware NAT Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\vmnat.exe -> VMware, Inc. [Ver = 6.0.3 build-80004 | Size = 150064 bytes | Modified Date = 2008-03-03 21:06:12 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
amd_dc_opt -> %ProgramFiles%\AMD\Dual-Core Optimizer\amd_dc_opt.exe [E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe] -> AMD [Ver = 1, 1, 3, 0 | Size = 77824 bytes | Modified Date = 2007-07-23 12:06:28 | Attr = ]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 2, 0, 2116 | Size = 111936 bytes | Modified Date = 2008-10-01 12:57:42 | Attr = ]
basicsmssmenu -> %ProgramFiles%\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe ["E:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"] -> Maxtor Corporation [Ver = 2, 2, 0, 6 | Size = 169328 bytes | Modified Date = 2007-10-09 17:21:06 | Attr = ]
CM106Sound -> [RunDll32 CM106.cpl,CMICtrlWnd] -> File not found
Diamondback -> %ProgramFiles%\Razer\Diamondback\razerhid.exe [E:\Program Files\Razer\Diamondback\razerhid.exe] -> [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 2007-02-14 11:15:04 | Attr = ]
egui -> %ProgramFiles%\ESET\ESET Smart Security\egui.exe ["E:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice] -> ESET [Ver = 3.0.645 | Size = 1443072 bytes | Modified Date = 2008-03-01 22:54:52 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["E:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.1.11 | Size = 289576 bytes | Modified Date = 2008-10-01 18:57:12 | Attr = ]
Lachesis -> %ProgramFiles%\Razer\Lachesis\razerhid.exe [E:\Program Files\Razer\Lachesis\razerhid.exe] -> [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 2007-09-12 12:52:18 | Attr = ]
Launch LCDMon -> %CommonProgramFiles%\Logitech\LCD Manager\LCDMon.exe ["E:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"] -> Logitech Inc. [Ver = 1.04.153 | Size = 774168 bytes | Modified Date = 2007-04-26 17:54:30 | Attr = ]
Launch LGDCore -> %CommonProgramFiles%\Logitech\G-series Software\LGDCore.exe ["E:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE] -> Logitech Inc. [Ver = 1.04.153 | Size = 1132056 bytes | Modified Date = 2007-04-26 18:22:32 | Attr = ]
NBKeyScan -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ["E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"] -> Nero AG [Ver = 3, 5, 3, 0 | Size = 2221352 bytes | Modified Date = 2008-06-08 10:31:04 | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe [E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 7 | Size = 570664 bytes | Modified Date = 2008-06-19 10:53:28 | Attr = ]
nTrayFw -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe] -> NVIDIA Corporation [Ver = 2, 2, 0, 489 | Size = 270336 bytes | Modified Date = 2005-10-01 08:04:16 | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.8043 | Size = 13672448 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.8043 | Size = 86016 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1630208 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
OSSelectorReinstall -> %CommonProgramFiles%\Acronis\Acronis Disk Director\oss_reinstall.exe [E:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe] -> [Ver = | Size = 1261475 bytes | Modified Date = 2006-04-12 16:15:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["E:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 2008-09-06 15:09:14 | Attr = ]
TrojanScanner -> %ProgramFiles%\Trojan Remover\Trjscan.exe [E:\Program Files\Trojan Remover\Trjscan.exe /boot] -> Simply Super Software [Ver = 6.7.4.1281 | Size = 1233800 bytes | Modified Date = 2008-11-08 17:34:42 | Attr = ]
UnlockerAssistant -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe ["E:\Program Files\Unlocker\UnlockerAssistant.exe"] -> [Ver = | Size = 15872 bytes | Modified Date = 2008-05-02 15:15:46 | Attr = ]
VMware hqtray -> %ProgramFiles%\VMware\VMware Player\hqtray.exe ["E:\Program Files\VMware\VMware Player\hqtray.exe"] -> VMware, Inc. [Ver = 6.0.3 build-80004 | Size = 55856 bytes | Modified Date = 2008-03-03 21:05:22 | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
12CFG94-z641-2SF-N31P-5M1ER6H6L1 -> %SystemDrive%\RECYCLER\S-1-5-21-5601479003-1218356361-213137255-7886\winigon.exe [E:\RECYCLER\S-1-5-21-5601479003-1218356361-213137255-7886\winigon.exe] -> [Ver = | Size = 72704 bytes | Modified Date = 2008-11-17 20:48:52 | Attr = RHS]
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.30.0.0 | Size = 490952 bytes | Modified Date = 2008-07-17 23:20:34 | Attr = ]
Free Download Manager -> %ProgramFiles%\Free Download Manager\fdm.exe ["E:\Program Files\Free Download Manager\fdm.exe" -autorun] -> FreeDownloadManager.ORG [Ver = 2, 5, 758, 0 | Size = 2474031 bytes | Modified Date = 2008-05-20 18:27:22 | Attr = ]
fsm -> [] -> File not found
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMIndexStoreSvr.exe ["E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020] -> Nero AG [Ver = 3.3.8.0 | Size = 1840424 bytes | Modified Date = 2008-06-24 17:06:06 | Attr = ]
SandboxieControl -> %ProgramFiles%\Sandboxie\SbieCtrl.exe ["E:\Program Files\Sandboxie\SbieCtrl.exe"] -> tzuk [Ver = 3.28 | Size = 738816 bytes | Modified Date = 2008-07-01 08:19:06 | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 2008-08-12 19:19:02 | Attr = R ]
Software Informer -> %ProgramFiles%\Free Download Manager\softinfo.exe ["E:\Program Files\Free Download Manager\softinfo.exe" -autorun] -> File not found
< Run [HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
12CFG94-z641-2SF-N31P-5M1ER6H6L1 -> %SystemDrive%\RECYCLER\S-1-5-21-5601479003-1218356361-213137255-7886\winigon.exe [E:\RECYCLER\S-1-5-21-5601479003-1218356361-213137255-7886\winigon.exe] -> [Ver = | Size = 72704 bytes | Modified Date = 2008-11-17 20:48:52 | Attr = RHS]
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.30.0.0 | Size = 490952 bytes | Modified Date = 2008-07-17 23:20:34 | Attr = ]
Free Download Manager -> %ProgramFiles%\Free Download Manager\fdm.exe ["E:\Program Files\Free Download Manager\fdm.exe" -autorun] -> FreeDownloadManager.ORG [Ver = 2, 5, 758, 0 | Size = 2474031 bytes | Modified Date = 2008-05-20 18:27:22 | Attr = ]
fsm -> [] -> File not found
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMIndexStoreSvr.exe ["E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020] -> Nero AG [Ver = 3.3.8.0 | Size = 1840424 bytes | Modified Date = 2008-06-24 17:06:06 | Attr = ]
SandboxieControl -> %ProgramFiles%\Sandboxie\SbieCtrl.exe ["E:\Program Files\Sandboxie\SbieCtrl.exe"] -> tzuk [Ver = 3.28 | Size = 738816 bytes | Modified Date = 2008-07-01 08:19:06 | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 2008-08-12 19:19:02 | Attr = R ]
Software Informer -> %ProgramFiles%\Free Download Manager\softinfo.exe ["E:\Program Files\Free Download Manager\softinfo.exe" -autorun] -> File not found
< All Users.WINDOWS Startup Folder > -> E:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WPN311 Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WPN311\wlancfg5.exe -> [Ver = 1, 4, 1, 306 | Size = 1503232 bytes | Modified Date = 2006-12-04 12:57:38 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\UltraMon.lnk -> %SystemRoot%\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico -> [Ver = | Size = 29310 bytes | Modified Date = 2008-07-07 21:34:15 | Attr = R ]
< Courtz Startup Folder > -> E:\Documents and Settings\Courtz\Start Menu\Programs\Startup ->
< Default User.WINDOWS Startup Folder > -> E:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup ->
< Simon.SIMON-PC Startup Folder > -> E:\Documents and Settings\Simon.SIMON-PC\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Xfire.lnk -> %ProgramFiles%\Xfire\xfire.exe -> Xfire Inc. [Ver = 13133 | Size = 2986320 bytes | Modified Date = 2008-11-21 07:44:24 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 2006-02-28 23:00:00 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
E:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 2006-02-28 23:00:00 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 2006-02-28 23:00:00 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 2006-02-28 23:00:00 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 2006-02-28 23:00:00 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003] > -> HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 227 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 323 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 323 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 323 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003] > -> HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 323 ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2006-02-28 23:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
< Drives with AutoRun files > -> ->
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 2006-09-19 08:43:36 | Attr = ]
< HOSTS File > (27 bytes and 1 lines) -> E:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> E:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://project-7.net/forum/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\] > -> ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\: Main\\Local Page -> E:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\: Main\\Start Page -> http://project-7.net/forum/ ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\: ProxyEnable -> 0 ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-23 00:08:42 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 2008-03-25 22:28:01 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [Ver = | Size = 94208 bytes | Modified Date = 2008-06-18 08:56:52 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 2008-03-25 22:28:01 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 2008-03-25 22:28:01 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 2008-03-25 22:28:01 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Download all with Free Download Manager -> -> File not found
Download selected with Free Download Manager -> -> File not found
Download video with Free Download Manager -> -> File not found
Download with Free Download Manager -> -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 2008-03-25 22:28:01 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1078081533-492894223-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
Download all with Free Download Manager -> -> File not found
Download selected with Free Download Manager -> -> File not found
Download video with Free Download Manager -> -> File not found
Download with Free Download Manager -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{41B550B4-D101-4923-BAA4-6F0A104241DA} -> () ->
{5E64D513-CBFD-49DE-9311-64CE95C6B08A} -> () ->
{7159831A-E3CD-45FE-8EE5-8D7639F69DA1} -> (WPN311 RangeMax(TM) Wireless PCI Adapter) ->
{87BD7FDF-631A-4347-B02A-8875ABC8CDDF} -> (1394 Net Adapter) ->
{8B472491-2EC7-406D-8962-77DD62A0B914} -> (NVIDIA nForce Networking Controller) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 2008-08-29 09:53:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000025 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000026 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000027 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000028 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000029 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000030 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000031 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000032 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000033 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000034 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000035 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000036 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000037 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000038 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000039 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000040 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000041 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000042 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000043 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000044 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000045 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000046 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000047 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2005-10-01 08:02:50 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 2008-08-12 19:19:02 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://go.divx.com/plugin/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[Minesweeper Flags Class] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/MineSweeper.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/MineSweeper.dll\\.Owner -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/MineSweeper.dll\\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> ->

Continue OTScanIT LOG



[Files/Folders - Created Within 90 days]
123 -> %SystemDrive%\123 -> [Folder | Created Date = 2008-11-11 17:06:12 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2008-12-01 17:18:28 | Attr = ]
cygwin -> %SystemDrive%\cygwin -> [Folder | Created Date = 2008-10-29 00:30:06 | Attr = ]
Fraps -> %SystemDrive%\Fraps -> [Folder | Created Date = 2008-11-16 00:17:28 | Attr = ]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 2008-11-07 01:32:53 | Attr = RH ]
Qoobox -> %SystemDrive%\Qoobox -> [Folder | Created Date = 2008-12-01 17:18:32 | Attr = ]
AmdLLD.sys -> %SystemRoot%\System32\drivers\AmdLLD.sys -> AMD, Inc. [Ver = 1.0.1.0 | Size = 34304 bytes | Created Date = 2008-09-08 19:29:33 | Attr = ]
Razerlow.sys -> %SystemRoot%\System32\drivers\Razerlow.sys -> Razer (Asia-Pacific) Pte Ltd [Ver = 1.0.0.3.0.0 built by: WinDDK | Size = 13225 bytes | Created Date = 2008-11-19 16:49:21 | Attr = ]
AgCPanelFrench.dll -> %SystemRoot%\System32\AgCPanelFrench.dll -> [Ver = | Size = 58648 bytes | Created Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelGerman.dll -> %SystemRoot%\System32\AgCPanelGerman.dll -> [Ver = | Size = 58648 bytes | Created Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelJapanese.dll -> %SystemRoot%\System32\AgCPanelJapanese.dll -> [Ver = | Size = 58648 bytes | Created Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelKorean.dll -> %SystemRoot%\System32\AgCPanelKorean.dll -> [Ver = | Size = 58648 bytes | Created Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelPortugese.dll -> %SystemRoot%\System32\AgCPanelPortugese.dll -> [Ver = | Size = 58648 bytes | Created Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelSimplifiedChinese.dll -> %SystemRoot%\System32\AgCPanelSimplifiedChinese.dll -> [Ver = | Size = 58648 bytes | Created Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelSpanish.dll -> %SystemRoot%\System32\AgCPanelSpanish.dll -> [Ver = | Size = 58648 bytes | Created Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelSwedish.dll -> %SystemRoot%\System32\AgCPanelSwedish.dll -> [Ver = | Size = 58648 bytes | Created Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelTraditionalChinese.dll -> %SystemRoot%\System32\AgCPanelTraditionalChinese.dll -> [Ver = | Size = 58648 bytes | Created Date = 2008-10-07 09:13:22 | Attr = ]
AGEIA -> %SystemRoot%\System32\AGEIA -> [Folder | Created Date = 2008-11-04 04:29:55 | Attr = ]
5 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp ->
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,1,225,0 | Size = 107888 bytes | Created Date = 2008-10-19 15:44:50 | Attr = ]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 2008-09-23 09:08:27 | Attr = ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 2008-09-23 09:08:27 | Attr = ]
Diamondback.cpl -> %SystemRoot%\System32\Diamondback.cpl -> Razer Inc. [Ver = 4.0.0.4 | Size = 73728 bytes | Created Date = 2008-11-19 16:49:19 | Attr = ]
frapsvid.dll -> %SystemRoot%\System32\frapsvid.dll -> Beepa P/L [Ver = 2, 9, 5, 7472 | Size = 81920 bytes | Created Date = 2008-09-10 17:37:22 | Attr = ]
libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 2008-09-16 11:12:54 | Attr = ]
msvcrt2.dll -> %SystemRoot%\System32\msvcrt2.dll -> [Ver = | Size = 102439 bytes | Created Date = 2008-11-25 14:03:47 | Attr = ]
pbsvc.exe -> %SystemRoot%\System32\pbsvc.exe -> [Ver = | Size = 674600 bytes | Created Date = 2008-11-01 18:01:53 | Attr = ]
ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 2008-09-16 11:12:54 | Attr = ]
unacev2.dll -> %SystemRoot%\System32\unacev2.dll -> [Ver = | Size = 75264 bytes | Created Date = 2008-11-17 15:13:37 | Attr = ]
UNRAR3.dll -> %SystemRoot%\System32\UNRAR3.dll -> [Ver = | Size = 153088 bytes | Created Date = 2008-11-17 15:13:36 | Attr = ]
xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll -> [Ver = 35044 | Size = 42320 bytes | Created Date = 2008-11-21 07:44:26 | Attr = ]
xlive -> %SystemRoot%\System32\xlive -> [Folder | Created Date = 2008-10-29 21:26:58 | Attr = ]
ztvunace26.dll -> %SystemRoot%\System32\ztvunace26.dll -> [Ver = | Size = 77312 bytes | Created Date = 2008-11-17 15:13:37 | Attr = ]
ztvunrar36.dll -> %SystemRoot%\System32\ztvunrar36.dll -> [Ver = | Size = 162304 bytes | Created Date = 2008-11-17 15:13:37 | Attr = ]
d3dx.dat -> %SystemRoot%\d3dx.dat -> [Ver = | Size = 4096 bytes | Created Date = 2008-10-14 11:52:31 | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2008-12-01 17:18:32 | Attr = ]
9 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp ->
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 2008-12-01 17:18:41 | Attr = ]
grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 2008-12-01 17:18:41 | Attr = ]
hpoins14.dat -> %SystemRoot%\hpoins14.dat -> [Ver = | Size = 122771 bytes | Created Date = 2008-11-17 17:21:16 | Attr = ]
hpomdl14.dat -> %SystemRoot%\hpomdl14.dat -> [Ver = | Size = 1996 bytes | Created Date = 2008-11-17 17:21:16 | Attr = ]
Logs -> %SystemRoot%\Logs -> [Folder | Created Date = 2008-09-29 22:32:18 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 2008-09-23 02:41:34 | Attr = ]
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 2008-12-01 17:18:41 | Attr = ]
NV3885792.TMP -> %SystemRoot%\NV3885792.TMP -> [Folder | Created Date = 2008-11-04 04:29:34 | Attr = ]
NV48361836.TMP -> %SystemRoot%\NV48361836.TMP -> [Folder | Created Date = 2008-09-14 20:49:19 | Attr = ]
NV51364748.TMP -> %SystemRoot%\NV51364748.TMP -> [Folder | Created Date = 2008-11-11 22:37:46 | Attr = ]
NV58041684.TMP -> %SystemRoot%\NV58041684.TMP -> [Folder | Created Date = 2008-09-08 19:35:15 | Attr = ]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 2008-12-01 17:23:33 | Attr = ]
sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 2008-12-01 17:18:41 | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Created Date = 2008-10-31 18:34:04 | Attr = ]
SWREG.exe -> %SystemRoot%\SWREG.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008-12-01 17:18:41 | Attr = ]
SWSC.exe -> %SystemRoot%\SWSC.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-12-01 17:18:40 | Attr = ]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-12-01 17:18:40 | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7680 bytes | Created Date = 2008-11-25 14:08:45 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
unvise32.exe -> %SystemRoot%\unvise32.exe -> MindVision Software [Ver = 3.1.1 | Size = 86016 bytes | Created Date = 2008-10-03 17:00:28 | Attr = ]
VFIND.exe -> %SystemRoot%\VFIND.exe -> [Ver = | Size = 49152 bytes | Created Date = 2008-12-01 17:18:41 | Attr = ]
vidplaylist.ini -> %SystemRoot%\vidplaylist.ini -> [Ver = | Size = 35 bytes | Created Date = 2008-09-06 03:08:38 | Attr = ]
WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Created Date = 2008-10-21 02:44:20 | Attr = ]
XMailer.INI -> %SystemRoot%\XMailer.INI -> [Ver = | Size = 443 bytes | Created Date = 2008-10-31 04:16:25 | Attr = ]
zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 2008-12-01 17:18:41 | Attr = ]

[Files/Folders - Modified Within 90 days]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 2008-12-01 17:28:10 | Attr = ]
PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [Ver = | Size = 137688 bytes | Modified Date = 2008-12-01 16:36:48 | Attr = ]
AgCPanelFrench.dll -> %SystemRoot%\System32\AgCPanelFrench.dll -> [Ver = | Size = 58648 bytes | Modified Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelGerman.dll -> %SystemRoot%\System32\AgCPanelGerman.dll -> [Ver = | Size = 58648 bytes | Modified Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelJapanese.dll -> %SystemRoot%\System32\AgCPanelJapanese.dll -> [Ver = | Size = 58648 bytes | Modified Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelKorean.dll -> %SystemRoot%\System32\AgCPanelKorean.dll -> [Ver = | Size = 58648 bytes | Modified Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelPortugese.dll -> %SystemRoot%\System32\AgCPanelPortugese.dll -> [Ver = | Size = 58648 bytes | Modified Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelSimplifiedChinese.dll -> %SystemRoot%\System32\AgCPanelSimplifiedChinese.dll -> [Ver = | Size = 58648 bytes | Modified Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelSpanish.dll -> %SystemRoot%\System32\AgCPanelSpanish.dll -> [Ver = | Size = 58648 bytes | Modified Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelSwedish.dll -> %SystemRoot%\System32\AgCPanelSwedish.dll -> [Ver = | Size = 58648 bytes | Modified Date = 2008-10-07 09:13:20 | Attr = ]
AgCPanelTraditionalChinese.dll -> %SystemRoot%\System32\AgCPanelTraditionalChinese.dll -> [Ver = | Size = 58648 bytes | Modified Date = 2008-10-07 09:13:22 | Attr = ]
5 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp ->
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 2008-12-01 17:18:33 | Attr = ]
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,1,225,0 | Size = 107888 bytes | Modified Date = 2008-10-19 15:44:50 | Attr = ]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 2008-09-23 09:08:27 | Attr = ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 2008-09-23 09:08:27 | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 270984 bytes | Modified Date = 2008-11-10 18:15:02 | Attr = ]
frapsvid.dll -> %SystemRoot%\System32\frapsvid.dll -> Beepa P/L [Ver = 2, 9, 5, 7472 | Size = 81920 bytes | Modified Date = 2008-09-10 17:37:22 | Attr = ]
keystone.exe -> %SystemRoot%\System32\keystone.exe -> [Ver = | Size = 425984 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 2008-09-16 11:12:54 | Attr = ]
msvcrt2.dll -> %SystemRoot%\System32\msvcrt2.dll -> [Ver = | Size = 102439 bytes | Modified Date = 2008-11-25 14:03:47 | Attr = ]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 2008-12-01 17:18:32 | Attr = ]
nvappbar.exe -> %SystemRoot%\System32\nvappbar.exe -> [Ver = | Size = 442368 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
nvapps.nvb -> %SystemRoot%\System32\nvapps.nvb -> [Ver = | Size = 203146 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 197202 bytes | Modified Date = 2008-12-01 17:28:42 | Attr = ]
nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu -> [Ver = | Size = 18477 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
nvdspsch.exe -> %SystemRoot%\System32\nvdspsch.exe -> [Ver = | Size = 1339392 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
nview.dll -> %SystemRoot%\System32\nview.dll -> [Ver = | Size = 1486848 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
nvModes.dat -> %SystemRoot%\System32\nvModes.dat -> [Ver = | Size = 8 bytes | Modified Date = 2008-11-27 03:05:45 | Attr = ]
nvnt4cpl.dll -> %SystemRoot%\System32\nvnt4cpl.dll -> [Ver = | Size = 286720 bytes | Modified Date = 2008-10-07 13:33:00 | Attr = ]
nvshell.dll -> %SystemRoot%\System32\nvshell.dll -> [Ver = | Size = 466944 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
nvtuicpl.cpl -> %SystemRoot%\System32\nvtuicpl.cpl -> [Ver = | Size = 73728 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
nvwdmcpl.dll -> %SystemRoot%\System32\nvwdmcpl.dll -> [Ver = | Size = 1703936 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
nvwimg.dll -> %SystemRoot%\System32\nvwimg.dll -> [Ver = | Size = 1019904 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
nwiz.exe -> %SystemRoot%\System32\nwiz.exe -> [Ver = | Size = 1630208 bytes | Modified Date = 2008-10-23 07:42:00 | Attr = ]
pbsvc.exe -> %SystemRoot%\System32\pbsvc.exe -> [Ver = | Size = 674600 bytes | Modified Date = 2008-11-13 18:13:04 | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 114318 bytes | Modified Date = 2008-11-16 13:20:04 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 584992 bytes | Modified Date = 2008-11-16 13:20:05 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 711476 bytes | Modified Date = 2008-11-16 13:20:04 | Attr = ]
PnkBstrA.exe -> %SystemRoot%\System32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 2008-11-13 18:13:07 | Attr = ]
PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [Ver = | Size = 202040 bytes | Modified Date = 2008-12-01 16:36:38 | Attr = ]
ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 2008-09-16 11:12:54 | Attr = ]
wpa.bak -> %SystemRoot%\System32\wpa.bak -> [Ver = | Size = 12540 bytes | Modified Date = 2008-11-03 06:40:06 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 12598 bytes | Modified Date = 2008-12-01 17:28:04 | Attr = ]
xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll -> [Ver = 35044 | Size = 42320 bytes | Modified Date = 2008-11-21 07:44:26 | Attr = ]
9 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp ->
avisplitter.INI -> %SystemRoot%\avisplitter.INI -> [Ver = | Size = 38 bytes | Modified Date = 2008-11-25 14:06:30 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-12-01 17:25:46 | Attr = S]
d3dx.dat -> %SystemRoot%\d3dx.dat -> [Ver = | Size = 4096 bytes | Modified Date = 2008-10-14 11:52:31 | Attr = ]
hpoins14.dat -> %SystemRoot%\hpoins14.dat -> [Ver = | Size = 122771 bytes | Modified Date = 2008-11-17 17:28:03 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 2008-11-30 03:02:26 | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 450 bytes | Modified Date = 2008-11-07 02:22:11 | Attr = ]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-12-01 17:23:33 | Attr = ]
Sandboxie.ini -> %SystemRoot%\Sandboxie.ini -> [Ver = | Size = 1606 bytes | Modified Date = 2008-11-30 15:53:57 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 284 bytes | Modified Date = 2008-12-01 17:28:16 | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7680 bytes | Modified Date = 2008-11-25 14:08:45 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 63 bytes | Modified Date = 2008-11-07 02:23:06 | Attr = ]
vidplaylist.ini -> %SystemRoot%\vidplaylist.ini -> [Ver = | Size = 35 bytes | Modified Date = 2008-11-30 19:09:45 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 740 bytes | Modified Date = 2008-11-07 01:34:05 | Attr = ]
WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Modified Date = 2008-10-21 02:44:20 | Attr = ]
XMailer.INI -> %SystemRoot%\XMailer.INI -> [Ver = | Size = 443 bytes | Modified Date = 2008-11-26 02:03:42 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2008-11-29 14:11:00 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-12-01 17:25:54 | Attr = H ]
E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\ -> E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2008-07-07 21:24:52 | Attr = ]
qmgr0.dat -> E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 14300 bytes | Modified Date = 2008-12-01 17:27:53 | Attr = ]
qmgr1.dat -> E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 14300 bytes | Modified Date = 2008-12-01 17:27:53 | Attr = ]
E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\Data\ -> E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 2008-11-07 01:40:11 | Attr = ]
data.dat -> E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1388 bytes | Modified Date = 2008-08-19 10:25:13 | Attr = ]
opa12.dat -> E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\Data\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2008-11-07 01:40:11 | Attr = ]
E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VCExpress\9.0\ -> E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VCExpress\9.0 -> [Folder | Modified Date = 2008-08-27 19:30:33 | Attr = ]
VCExpress000223.dat -> E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VCExpress\9.0\VCExpress000223.dat -> [Ver = | Size = 677178 bytes | Modified Date = 2008-08-27 19:30:07 | Attr = H ]
E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\visualstudio\8.0\ -> E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\visualstudio\8.0 -> [Folder | Modified Date = 2008-07-08 16:29:38 | Attr = ]
vs000223.dat -> E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\visualstudio\8.0\vs000223.dat -> [Ver = | Size = 677178 bytes | Modified Date = 2008-07-26 14:07:39 | Attr = H ]
E:\WINDOWS\Temp\ -> E:\WINDOWS\Temp -> [Folder | Modified Date = 2008-12-01 17:35:25 | Attr = ]
Perflib_Perfdata_874.dat -> E:\WINDOWS\Temp\Perflib_Perfdata_874.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-12-01 17:26:26 | Attr = ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="E:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:82,1c,98,1e,08,83,a2,c2,1b,26,c5,94,59,9e,91,55,87,2e,c9,0f,42,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e4,cf,2c,38,84,4f,7e,99,cc,8f,75,d6,d8,23,7c,7f,aa,..
"khjeh"=hex:16,c7,22,ac,2f,b0,62,82,d8,92,b2,a6,4c,a6,61,75,35,bb,97,e6,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9c,91,57,dd,37,a3,f4,70,d4,1e,69,7b,39,4c,49,90,d5,ae,8c,f6,05,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:cb,11,c2,71,1c,f9,1e,64,59,3c,fe,8a,73,63,80,fc,56,1b,87,48,90,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="E:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:82,1c,98,1e,08,83,a2,c2,1b,26,c5,94,59,9e,91,55,87,2e,c9,0f,42,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e4,cf,2c,38,84,4f,7e,99,cc,8f,75,d6,d8,23,7c,7f,aa,..
"khjeh"=hex:16,c7,22,ac,2f,b0,62,82,d8,92,b2,a6,4c,a6,61,75,35,bb,97,e6,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9c,91,57,dd,37,a3,f4,70,d4,1e,69,7b,39,4c,49,90,d5,ae,8c,f6,05,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:cb,11,c2,71,1c,f9,1e,64,59,3c,fe,8a,73,63,80,fc,56,1b,87,48,90,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
source file error: E:\Documents and Settings\Simon.SIMON-PC\ntuser.dat
scanning hidden files ...
E:\WINDOWS\Thumbs.db:encryptable 0 bytes
E:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT 6144 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
scan completed successfully
hidden files: 0

< End of report >

Malwarebytes' Anti-Malware 1.30
Database version: 1440
Windows 5.1.2600 Service Pack 2

2008-12-01 17:55:22
mbam-log-2008-12-01 (17-55-22).txt

Scan type: Quick Scan
Objects scanned: 69158
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg94-z641-2sf-n31p-5m1er6h6l1 (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.74 85.255.112.153 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.74 85.255.112.153 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8b472491-2ec7-406d-8962-77dd62a0b914}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.74 85.255.112.153 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.74 85.255.112.153 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8b472491-2ec7-406d-8962-77dd62a0b914}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.74 85.255.112.153 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8b472491-2ec7-406d-8962-77dd62a0b914}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.74 85.255.112.153 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
E:\RECYCLER\S-1-5-21-5601479003-1218356361-213137255-7886\winigon.exe (Backdoor.Bot) -> Delete on reboot.
E:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Documents and Settings\Simon.SIMON-PC\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

still getting redirected to copy-book, and i still experiance that

Your computer (IP: REMOVED) generates an attacking DOS requests at our servers caused by the spyware/virus named 'Troj/Rustok-N'

Hello.

Because of the volume of posts to your own topic, it would appear to our helpers that you are already being assisted. Volunteer analysts look for topics with no response. :eek:

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806)

Regards.

No im not being assisted, i'm just good with computers, just this DNS shit is annoying me, i would like some assistance

Hello.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806)


Yea... i kinda don't have time for my computer to be infected, seeing i do Internet banking. so please spare me this "don't run fixes" because i don't want to loose money.