Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Spyware and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

 
Closed TopicStart new topic
> Systemdefender/virtumonde Infection, Do not know how to remove
cferreira
post May 17 2008, 08:59 PM
Post #1


New Member
*

Group: Members
Posts: 9
Joined: 17-May 08
Member No.: 209,531
Deckard's System Scanner v20071014.68
Run by jebanks on 2008-05-17 20:44:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-05-18 01:45:22 UTC - RP327 - Deckard's System Scanner Restore Point
1: 2008-05-17 19:19:38 UTC - RP326 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as jebanks.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:01 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPNRA.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\AOL\1137426204\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\temp\KRlyCLis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JEbanks\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jebanks.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CenterLock module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\CenterLock\CenterLock.dll
O2 - BHO: (no name) - {2E529F87-2B52-438C-9E7C-7D0A0DD910BA} - C:\WINDOWS\system32\wvUkJBrO.dll
O2 - BHO: (no name) - {354141F1-5C82-4395-B179-3AE6A12C33ED} - C:\WINDOWS\system32\tuvWpqPH.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B1BF38C7-4E65-4D8D-ABB0-EBE169098AFC} - C:\WINDOWS\system32\yATNeDwW.dll (file missing)
O3 - Toolbar: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\tmw6e\TMIETB.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: pvnsmfor - {E738884B-E75D-4AC3-B03F-62F7E7DD853E} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137426204\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9534] command /c del "C:\WINDOWS\system32\tuvWpqPH.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9215] cmd /c del "C:\WINDOWS\system32\tuvWpqPH.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135268256531
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://terminal.enetsolutions.net/msrdp.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://terminal.esclawyers.com/tsweb/msrdp.cab
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://kaseya.enetsolutions.net/inc/kaxRemote.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pm.webex.com/client/v_mywebex-t20/s...ort/ieatgpc.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ESCLAWYERS.COM
O17 - HKLM\Software\..\Telephony: DomainName = ESCLAWYERS.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ESCLAWYERS.COM
O20 - Winlogon Notify: CLSID - C:\WINDOWS\
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O20 - Winlogon Notify: wvUkJBrO - C:\WINDOWS\SYSTEM32\wvUkJBrO.dll
O21 - SSODL: mpfanvqg - {B9810075-D223-413B-AC9F-702A81B16614} - C:\WINDOWS\mpfanvqg.dll
O21 - SSODL: vbksrofa - {37FE3901-1297-4E81-BC2B-3EE2AB61DD1E} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kaseya Agent (KaseyaAgent) - Kaseya - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 14832 bytes

-- File Associations -----------------------------------------------------------

.com - unable to read key
.com - unable to read key
.pif - unable to read key
.reg - unable to read key
.reg - unable to read key
.reg - unable to read key
.scr - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Emt64 - c:\windows\system32\drivers\emt64.sys
R0 yhP87 - c:\windows\system32\drivers\yhp87.sys
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 tcpipBM (Bytemobile Kernel Network Provider) - c:\windows\system32\drivers\tcpipbm.sys <Not Verified; Bytemobile, Inc.; Bytemobile Optimization Client>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\progra~1\verizo~1\vzacce~1\smndis5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.4) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
R2 bmwebcfg (Bytemobile Web Configurator) - "c:\windows\system32\bmwebcfg.exe" <Not Verified; Bytemobile, Inc.; Bytemobile Optimization Client>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 Iap - "c:\program files\dell\openmanage\client\iap.exe" <Not Verified; Dell Inc; OpenManage Client Instrumentation>
R2 KaseyaAgent (Kaseya Agent) - "c:\program files\kaseya\agent\agentmon.exe" -s <Not Verified; Kaseya; Virtual System Administrator Agent>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>
R2 WinVNC4 (VNC Server Version 4) - "c:\program files\realvnc\vnc4\winvnc4.exe" -service <Not Verified; RealVNC Ltd.; VNC Server Free Edition>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
R3 HP Port Resolver - c:\windows\system32\spool\drivers\w32x86\3\hpbpro.exe <Not Verified; Hewlett-Packard Company; PortResolver Module>
R3 HP Status Server - c:\windows\system32\spool\drivers\w32x86\3\hpboid.exe <Not Verified; Hewlett-Packard Company; HP Status Server>

S2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
S2 Venturi2 (Venturi Client) - c:\program files\verizon wireless\venturi\client\ventc.exe <Not Verified; Venturi Wireless; VentC>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-17 13:56:44 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-16 12:27:11 368 --a------ C:\WINDOWS\Tasks\backup.job


-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2008-05-17 15:14:15 0 d-------- C:\Program Files\Trend Micro
2008-05-17 13:53:16 0 d-------- C:\Program Files\Windows Defender
2008-05-17 13:40:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-17 10:17:56 91264 --a------ C:\WINDOWS\system32\otgjcdwi.dll
2008-05-17 10:10:10 91264 --a------ C:\WINDOWS\system32\avwrhaaq.dll
2008-05-16 14:52:02 1241938 --ahs---- C:\WINDOWS\system32\HPqpWvut.ini2
2008-05-16 13:12:01 0 d-------- C:\Program Files\RealVNC
2008-05-16 11:35:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-16 11:18:42 0 d-------- C:\Program Files\CenterLock
2008-05-16 10:57:09 0 d-------- C:\Documents and Settings\JEbanks\Application Data\TmpRecentIcons
2008-05-16 10:22:35 14336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-05-16 10:22:35 29056 --a------ C:\WINDOWS\system32\drivers\yhP87.sys
2008-05-15 17:07:24 91264 --a------ C:\WINDOWS\system32\oqvmxcii.dll
2008-05-15 17:06:21 1311426 --ahs---- C:\WINDOWS\system32\WwDeNTAy.ini2
2008-05-15 17:01:41 12288 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-05-15 17:01:41 27008 --a------ C:\WINDOWS\system32\drivers\Emt64.sys
2008-05-15 17:01:11 29312 --a------ C:\WINDOWS\system32\wvUkJBrO.dll
2008-05-15 17:00:51 196608 --a------ C:\WINDOWS\mpfanvqg.dll
2008-05-15 17:00:50 94208 --a------ C:\WINDOWS\exqb.exe
2008-05-15 13:42:24 0 d-------- C:\Program Files\MSXML 6.0
2008-05-15 13:14:52 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-05-15 13:14:48 0 d---s---- C:\Documents and Settings\ENET\Cookies
2008-05-15 13:14:48 0 dr-h----- C:\Documents and Settings\ENET\Application Data
2008-05-15 13:14:48 0 d-------- C:\Documents and Settings\ENET\Application Data\Sun
2008-05-15 13:14:48 0 d-------- C:\Documents and Settings\ENET\Application Data\Sonic
2008-05-15 13:14:48 0 d---s---- C:\Documents and Settings\ENET\Application Data\Microsoft
2008-05-15 13:14:48 0 d-------- C:\Documents and Settings\ENET\Application Data\Intel
2008-05-15 13:14:48 0 d-------- C:\Documents and Settings\ENET\Application Data\Identities
2008-05-15 13:14:47 0 d--h----- C:\Documents and Settings\ENET\Templates
2008-05-15 13:14:47 0 dr------- C:\Documents and Settings\ENET\Start Menu
2008-05-15 13:14:47 0 dr-h----- C:\Documents and Settings\ENET\SendTo
2008-05-15 13:14:47 0 dr-h----- C:\Documents and Settings\ENET\Recent
2008-05-15 13:14:47 0 d--h----- C:\Documents and Settings\ENET\PrintHood
2008-05-15 13:14:47 1835008 --ah----- C:\Documents and Settings\ENET\NTUSER.DAT
2008-05-15 13:14:47 0 d--h----- C:\Documents and Settings\ENET\NetHood
2008-05-15 13:14:47 0 dr------- C:\Documents and Settings\ENET\My Documents
2008-05-15 13:14:47 0 d--h----- C:\Documents and Settings\ENET\Local Settings
2008-05-15 13:14:47 0 dr------- C:\Documents and Settings\ENET\Favorites
2008-05-15 13:14:47 0 d-------- C:\Documents and Settings\ENET\Desktop
2008-05-15 12:55:31 135168 --a------ C:\WINDOWS\system32\kaseyasp.dll <Not Verified; Kaseya; Kaseya Agent Internet Access Protection Extension>
2008-05-15 12:55:26 0 d-------- C:\Program Files\Kaseya
2008-04-24 13:59:35 0 d-------- C:\Documents and Settings\JEbanks\Application Data\Help
2008-04-21 09:40:21 0 d-------- C:\O'Connor's Forms


-- Find3M Report ---------------------------------------------------------------

2008-05-15 12:55:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-22 14:31:24 23528 --a------ C:\Documents and Settings\JEbanks\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
03/27/2008 08:43 AM 247296 --a------ C:\Program Files\CenterLock\CenterLock.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E529F87-2B52-438C-9E7C-7D0A0DD910BA}]
05/15/2008 05:01 PM 29312 --a------ C:\WINDOWS\system32\wvUkJBrO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{354141F1-5C82-4395-B179-3AE6A12C33ED}]
C:\WINDOWS\system32\tuvWpqPH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1BF38C7-4E65-4D8D-ABB0-EBE169098AFC}]
C:\WINDOWS\system32\yATNeDwW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [01/24/2008 08:50 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [03/27/2007 03:06 PM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 08:08 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/05/2007 06:52 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1137426204\ee\AOLSoftware.exe" [09/25/2006 07:52 PM]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [01/27/2005 05:00 AM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [09/01/2005 06:24 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 05:33 PM]
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [10/18/2007 12:08 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 08:54 PM]
"Kaseya Agent Service Helper"="C:\Program Files\Kaseya\Agent\KaUsrTsk.exe" [03/07/2008 01:12 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
"SpybotDeletingA9534"=command /c del "C:\WINDOWS\system32\tuvWpqPH.dll_old"
"SpybotDeletingC9215"=cmd /c del "C:\WINDOWS\system32\tuvWpqPH.dll_old"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [12/14/2006 5:17:12 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2/25/2008 12:29:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2E529F87-2B52-438C-9E7C-7D0A0DD910BA}"= C:\WINDOWS\system32\wvUkJBrO.dll [05/15/2008 05:01 PM 29312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"= {B9810075-D223-413B-AC9F-702A81B16614} - C:\WINDOWS\mpfanvqg.dll [05/15/2008 10:41 AM 196608]
"vbksrofa"= {37FE3901-1297-4E81-BC2B-3EE2AB61DD1E} - C:\WINDOWS\vbksrofa.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CLSID]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 05/17/2008 10:15 AM 14336 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 05/17/2008 10:15 AM 12288 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkJBrO]
wvUkJBrO.dll 05/15/2008 05:01 PM 29312 C:\WINDOWS\system32\wvUkJBrO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvWpqPH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Emt64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yhP87.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


*Newly Created Service* - HP_PORT_RESOLVER
*Newly Created Service* - HP_STATUS_SERVER
*Newly Created Service* - RDPWD
*Newly Created Service* - TDTCP
*Newly Created Service* - WINDEFEND



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8382 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-17 20:50:21 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 2.26GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 2047.39 MiB / 1177.89 MiB
Pagefile Memory (total/avail): 5986.13 MiB / 5263.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.64 MiB

C: is Fixed (NTFS) - 93.1 GiB total, 61.2 GiB free.
D: is CDROM (No Media)
F: is Network (NTFS)
P: is Network (NTFS)
Q: is Network (Unformatted)
R: is Network (Unformatted)
T: is Network (NTFS)

\\.\PHYSICALDRIVE0 - Hitachi HTS721010G9AT00 - 93.16 GiB - 2 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 93.1 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"="C:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe:*:Enabled:VZAccess Manager"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1137426204\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1137426204\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1137426204\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137426204\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"="C:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe:*:Enabled:VZAccess Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"="C:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe:*:Enabled:SwiApiMux"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\JEbanks\Application Data
CI_HOLOS_CLI=C:\Program Files\Seagate Software\Open Olap\
CLASSPATH=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ESCJDE
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\JEbanks
LOGONSERVER=\\ESCEX1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=RDP-Tcp#10
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JEbanks\LOCALS~1\Temp
TMP=C:\DOCUME~1\JEbanks\LOCALS~1\Temp
USERDNSDOMAIN=ESCLAWYERS.COM
USERDOMAIN=ESCLAWYERS
USERNAME=jebanks
USERPROFILE=C:\Documents and Settings\JEbanks
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

JEbanks (admin)
TTaylor.ESCLAWYERS
Administrator.ESCLAWYERS (admin)
James D Ebanks (admin)
ENET (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\MHLAW40\Uninst.isu
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 7.0 Corporate Edition --> MsiExec.exe /I{ACF70000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 8.1.2 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
AT&T Communication Manager --> MsiExec.exe /X{A81BFA08-5D4C-4D4C-ACEF-BF558C70D99D}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BlackBerry Desktop Software 4.2.1 --> MsiExec.exe /i{D5FF3187-EEED-4AA1-BC3A-F2FF30560EDF}
BlackBerry Desktop Software 4.2.1 --> MsiExec.exe /I{D5FF3187-EEED-4AA1-BC3A-F2FF30560EDF}
Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Broadcom ASF Management Applications --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon iP90 --> C:\WINDOWS\system32\CNMCP71.exe "-PRINTERNAMECanon iP90" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon iP90 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon iP90 Installer\Inst2\cnmi0409.dll"
Canon iP90 Setup Utility --> "C:\Program Files\Canon\Canon iP90 Setup Utility\Maint.exe" /Uninstall C:\Program Files\Canon\Canon iP90 Setup Utility\uninst.ini
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CenterLock --> "C:\Program Files\CenterLock\Uninstall.exe"
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Crystal Reports --> MsiExec.exe /I{7699B723-9718-41DE-8C18-549F341C02CE}
Curitel PC Card Software --> C:\Program Files\Verizon Wireless\PC5740\PWI_Uninstall.exe
Dictaphone Walkabout Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0FF755A3-2FC0-4A32-8EFF-5B576D334604}\Setup.exe" -l0x9
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Driver Installer --> MsiExec.exe /X{753D852A-D86D-42C9-9978-40AE66FB8985}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaseya Agent --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48C76121-4F90-11D5-9884-0050BA85A903}\Setup.exe" UNINSTALL
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Office Outlook 2003 --> MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
O'Connor's Texas Causes of Action Pleadings on CD 2008 --> C:\O'Connor's Forms\2008 O'Connor's Texas Causes of Action Pleadings on CD\Uninstall.exe
O2Micro Smartcard Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7FE1E97D-B93B-4817-8BC2-19C0347F4DB4} /l1033
OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
PCLaw Quick Tour and Lessons --> C:\PROGRA~1\PCLawQTL\UNWISE.EXE C:\PROGRA~1\PCLawQTL\INSTALL.LOG
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 SET_LIM_RADIO - ALL
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Sanction II Version 2.6 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\SanctionII\SANCTIONII6.UNI"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Texas Pattern Jury Charges - Business 2006 --> C:\WINDOWS\iun6002.exe "C:\Texas PJC - Business 2006\UnInstall\gen.ini"
Texas Pattern Jury Charges - General Negligence 2006 --> C:\WINDOWS\iun6002.exe "C:\Texas PJC - General Negligence 2006\UnInstall\gen.ini"
Texas Pattern Jury Charges - Malpractice 2006 --> C:\WINDOWS\iun6002.exe "C:\Texas PJC - Malpractice 2006\UnInstall\gen.ini"
Time Matters 6.0 Enterprise - Legal Series --> C:\tmw6e\UNWISE.EXE C:\tmw6e\install.log
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Uninstall PCLaw --> C:\PROGRA~1\ACG\PCLAW32\UNINSTAL.EXE
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Venturi Client 3.1.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}\Setup.exe" -l0x9 -vuninstall
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type11041 / Error
Event Submitted/Written: 05/17/2008 10:05:37 AM
Event ID/Source: 1502 / Userenv
Event Description:
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.


DETAIL - The process cannot access the file because it is being used by another process.

Event Record #/Type11040 / Warning
Event Submitted/Written: 05/17/2008 09:43:06 AM
Event ID/Source: 258 / McLogEvent
Event Description:
Would be blocked by port blocking rule (rule is in warn-only mode) (Anti-virus Standard Protection:Prevent mass mailing worms from sending mail).

Event Record #/Type11039 / Warning
Event Submitted/Written: 05/17/2008 09:41:01 AM
Event ID/Source: 258 / McLogEvent
Event Description:
Would be blocked by port blocking rule (rule is in warn-only mode) (Anti-virus Standard Protection:Prevent mass mailing worms from sending mail).

Event Record #/Type11037 / Error
Event Submitted/Written: 05/16/2008 00:02:32 PM
Event ID/Source: 1515 / Userenv
Event Description:
Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Event Record #/Type11036 / Error
Event Submitted/Written: 05/16/2008 00:02:21 PM
Event ID/Source: 1511 / Userenv
Event Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26578 / Warning
Event Submitted/Written: 05/17/2008 08:47:32 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ESCLAWYERS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ESCLAWYERS27 can't undo changes that you allow.

For more information please see the following:
%ESCLAWYERS275

Scan ID: {D102CFE4-22DD-46E3-B87D-BDEEC7F5F423}

User: ESCLAWYERS\Jebanks

Name: %ESCLAWYERS271

ID: %ESCLAWYERS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ESCLAWYERS276

Alert Type: %ESCLAWYERS278

Detection Type: 1.1.1593.02

Event Record #/Type26577 / Warning
Event Submitted/Written: 05/17/2008 08:47:32 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ESCLAWYERS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ESCLAWYERS27 can't undo changes that you allow.

For more information please see the following:
%ESCLAWYERS275

Scan ID: {F34BE081-979D-4FFA-862E-1B0C61EE41BF}

User: ESCLAWYERS\Jebanks

Name: %ESCLAWYERS271

ID: %ESCLAWYERS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ESCLAWYERS276

Alert Type: %ESCLAWYERS278

Detection Type: 1.1.1593.02

Event Record #/Type26576 / Warning
Event Submitted/Written: 05/17/2008 08:47:32 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ESCLAWYERS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ESCLAWYERS27 can't undo changes that you allow.

For more information please see the following:
%ESCLAWYERS275

Scan ID: {0A8C17F1-FB38-4353-BAE8-083CFA4B8AC5}

User: ESCLAWYERS\Jebanks

Name: %ESCLAWYERS271

ID: %ESCLAWYERS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ESCLAWYERS276

Alert Type: %ESCLAWYERS278

Detection Type: 1.1.1593.02

Event Record #/Type26575 / Warning
Event Submitted/Written: 05/17/2008 08:47:29 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ESCLAWYERS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ESCLAWYERS27 can't undo changes that you allow.

For more information please see the following:
%ESCLAWYERS275

Scan ID: {32CA24D9-8A22-4B76-93F6-906159C5D50D}

User: ESCLAWYERS\Jebanks

Name: %ESCLAWYERS271

ID: %ESCLAWYERS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ESCLAWYERS276

Alert Type: %ESCLAWYERS278

Detection Type: 1.1.1593.02

Event Record #/Type26574 / Warning
Event Submitted/Written: 05/17/2008 08:47:29 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ESCLAWYERS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ESCLAWYERS27 can't undo changes that you allow.

For more information please see the following:
%ESCLAWYERS275

Scan ID: {64D95ABD-C79C-4B36-AC25-389B43C7CFBE}

User: ESCLAWYERS\Jebanks

Name: %ESCLAWYERS271

ID: %ESCLAWYERS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ESCLAWYERS276

Alert Type: %ESCLAWYERS278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-05-17 20:50:21 ------------



Windows Firewall has been enabled, since the scan.
Go to the top of the page
 
+Quote Post
SifuMike
post May 18 2008, 10:03 AM
Post #2


malware expert
******

Group: HJT Team
Posts: 9,947
Joined: 8-January 05
From: Vancouver (not BC) WA (Not DC) USA
Member No.: 9,026
Hello cferreira,

The infection you were dealing with messed with your default file associations, so we have to fix this as well.

Please download DAFT and save it to your desktop:
Double-click the daft.exe icon. Read the disclaimer and click OK.
Click on the Scan button.
Place a checkmark next to the following entries:

.com
.pif
.reg
.scr

Click the Fix button.
Re-scan and save a logfile.
By default, it will save as daft.txt.
Close all other windows and browsers, and press the Fix Checked button.
If everything is ok again, it should display the "all associations ok message".
Please post the daft.txt log.



Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new Deckard System Scanner log.


This post has been edited by SifuMike: May 18 2008, 10:09 AM
Reason for edit: spelling


--------------------
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!




Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
Go to the top of the page
 
+Quote Post
cferreira
post May 19 2008, 09:59 AM
Post #3


New Member
*

Group: Members
Posts: 9
Joined: 17-May 08
Member No.: 209,531
The scans have been completed.

This is the VundoFix Log:
VundoFix V7.0.3

Scan started at 9:23:17 AM 5/19/2008

Listing files found while scanning....

No infected files were found.


This is the Deckard System Scanner Log:
Deckard's System Scanner v20071014.68
Run by jebanks on 2008-05-19 09:53:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jebanks.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:21 AM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Network Associates\Common Framework\udaterui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\AOL\1137426204\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\JEbanks\Desktop\Chad Cleanup\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jebanks.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11CB2C8B-00BD-459D-B40D-420845E2BE2D} - C:\WINDOWS\system32\wvUoNDtQ.dll (file missing)
O2 - BHO: CenterLock module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\CenterLock\CenterLock.dll
O2 - BHO: (no name) - {2E529F87-2B52-438C-9E7C-7D0A0DD910BA} - C:\WINDOWS\system32\wvUkJBrO.dll
O2 - BHO: (no name) - {354141F1-5C82-4395-B179-3AE6A12C33ED} - C:\WINDOWS\system32\tuvWpqPH.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B1BF38C7-4E65-4D8D-ABB0-EBE169098AFC} - C:\WINDOWS\system32\yATNeDwW.dll (file missing)
O3 - Toolbar: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\tmw6e\TMIETB.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: pvnsmfor - {E738884B-E75D-4AC3-B03F-62F7E7DD853E} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137426204\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [c4192508] rundll32.exe "C:\WINDOWS\system32\tmaaeyeb.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA3867] command /c del "C:\WINDOWS\system32\tuvWpqPH.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC716] cmd /c del "C:\WINDOWS\system32\tuvWpqPH.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7815] command /c del "C:\WINDOWS\system32\wvUoNDtQ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8938] cmd /c del "C:\WINDOWS\system32\wvUoNDtQ.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135268256531
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://terminal.enetsolutions.net/msrdp.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://terminal.esclawyers.com/tsweb/msrdp.cab
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://kaseya.enetsolutions.net/inc/kaxRemote.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pm.webex.com/client/v_mywebex-t20/s...ort/ieatgpc.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ESCLAWYERS.COM
O17 - HKLM\Software\..\Telephony: DomainName = ESCLAWYERS.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ESCLAWYERS.COM
O20 - Winlogon Notify: CLSID - C:\WINDOWS\
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O20 - Winlogon Notify: wvUkJBrO - C:\WINDOWS\SYSTEM32\wvUkJBrO.dll
O21 - SSODL: vbksrofa - {37FE3901-1297-4E81-BC2B-3EE2AB61DD1E} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kaseya Agent (KaseyaAgent) - Kaseya - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14147 bytes

-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-19 09:23:17 0 d-------- C:\VundoFix Backups
2008-05-19 09:16:39 91264 --a------ C:\WINDOWS\system32\tmaaeyeb.dll
2008-05-19 08:34:30 1238741 --ahs---- C:\WINDOWS\system32\QtDNoUvw.ini2
2008-05-17 21:15:36 3388 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-17 15:14:15 0 d-------- C:\Program Files\Trend Micro
2008-05-17 13:53:16 0 d-------- C:\Program Files\Windows Defender
2008-05-17 13:40:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-17 10:17:56 91264 --a------ C:\WINDOWS\system32\otgjcdwi.dll
2008-05-17 10:10:10 91264 --a------ C:\WINDOWS\system32\avwrhaaq.dll
2008-05-16 14:52:02 1241938 --ahs---- C:\WINDOWS\system32\HPqpWvut.ini2
2008-05-16 13:12:01 0 d-------- C:\Program Files\RealVNC
2008-05-16 11:35:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-16 11:18:42 0 d-------- C:\Program Files\CenterLock
2008-05-16 10:57:09 0 d-------- C:\Documents and Settings\JEbanks\Application Data\TmpRecentIcons
2008-05-16 10:22:35 14336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-05-16 10:22:35 29056 --a------ C:\WINDOWS\system32\drivers\yhP87.sys
2008-05-15 17:07:24 91264 --a------ C:\WINDOWS\system32\oqvmxcii.dll
2008-05-15 17:06:21 1311426 --ahs---- C:\WINDOWS\system32\WwDeNTAy.ini2
2008-05-15 17:01:41 12288 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-05-15 17:01:41 27008 --a------ C:\WINDOWS\system32\drivers\Emt64.sys
2008-05-15 17:01:11 29312 --a------ C:\WINDOWS\system32\wvUkJBrO.dll
2008-05-15 17:00:50 94208 --a------ C:\WINDOWS\exqb.exe
2008-05-15 13:42:24 0 d-------- C:\Program Files\MSXML 6.0
2008-05-15 13:14:52 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-05-15 13:14:48 0 d---s---- C:\Documents and Settings\ENET\Cookies
2008-05-15 13:14:48 0 dr-h----- C:\Documents and Settings\ENET\Application Data
2008-05-15 13:14:48 0 d-------- C:\Documents and Settings\ENET\Application Data\Sun
2008-05-15 13:14:48 0 d-------- C:\Documents and Settings\ENET\Application Data\Sonic
2008-05-15 13:14:48 0 d---s---- C:\Documents and Settings\ENET\Application Data\Microsoft
2008-05-15 13:14:48 0 d-------- C:\Documents and Settings\ENET\Application Data\Intel
2008-05-15 13:14:48 0 d-------- C:\Documents and Settings\ENET\Application Data\Identities
2008-05-15 13:14:47 0 d--h----- C:\Documents and Setti