Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloader Infection


  • Please log in to reply
19 replies to this topic

#1 Devyn

Devyn

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 07 October 2007 - 08:00 PM

Hi! I've been having a problem with different programs not opening, but instead the "(program) has encountered a problem and needs to close." This happens for a number of my programs, but Adaware and SB - S&D are the programs I have been using to try and fix this. Since that doesn't seem to help, I'm asking for someone else who has more expertise!
Also, my computer seems to be lagging quite a bit, I don't know if this is due to the infection, or if there is some other way I could possibly speed up my computer a little.

I did everything on the Preparation Guide BUT the adaware and SB-S&D scans because they won't open in any fashion. Thanks for your help!

Here's my fresh HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:13, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dxcrkksm.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\winshow.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WinAble\winable.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {5F2AD7EC-B98B-4D4D-BE1E-659B357342BA} (RDDragDrop.RDDragDropX) - http://reddot.uark.edu/cms/Controls/RDDragDrop.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161830349959
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\dxcrkksm.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8951 bytes

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 October 2007 - 05:47 PM

Hi Devyn and Welcome to the Bleeping Computer!

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 Devyn

Devyn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 09 October 2007 - 07:57 PM

ComboFix 07-10-09.3 - Devyn 2007-10-09 19:43:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.169 [GMT -5:00]
Running from: C:\Documents and Settings\Devyn\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Program Files\svhost\wr-1-77.exe
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\abtwygox.ini
C:\WINDOWS\system32\acnjquuu.dll
C:\WINDOWS\system32\ajpgytbh.exe
C:\WINDOWS\system32\akjtcccj.exe
C:\WINDOWS\system32\avyvgubd.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\beapqwbu.ini
C:\WINDOWS\system32\bedryvdh.dll
C:\WINDOWS\system32\bhualntc.ini
C:\WINDOWS\system32\bopkkyiq.ini
C:\WINDOWS\system32\bpfxrkco.exe
C:\WINDOWS\system32\bqgxxofj.dll
C:\WINDOWS\system32\bucsaami.exe
C:\WINDOWS\system32\byxxxvt.dll
C:\WINDOWS\system32\cbxvtsq.dll
C:\WINDOWS\system32\cbxxvtt.dll
C:\WINDOWS\system32\ccumyhhu.exe
C:\WINDOWS\system32\ckfgjteq.dll
C:\WINDOWS\system32\clkpamym.ini
C:\WINDOWS\system32\clyhbvkh.ini
C:\WINDOWS\system32\cnleycug.exe
C:\WINDOWS\system32\comitnld.dll
C:\WINDOWS\system32\ctnlauhb.dll
C:\WINDOWS\system32\dbnmvfim.ini
C:\WINDOWS\system32\dlntimoc.ini
C:\WINDOWS\system32\dqvemuto.dll
C:\WINDOWS\system32\dqvqrjgw.exe
C:\WINDOWS\system32\drivers\jwnduhly.sys
C:\WINDOWS\system32\drivers\pvgodfvc.sys
C:\WINDOWS\system32\dxcrkksm.exe
C:\WINDOWS\system32\ednllcvh.ini
C:\WINDOWS\system32\efrmqgtm.dll
C:\WINDOWS\system32\evjtgrgf.dll
C:\WINDOWS\system32\evmayemq.exe
C:\WINDOWS\system32\ewmhyokx.dll
C:\WINDOWS\system32\ewsdfwvd.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\fbwwtdmp.dll
C:\WINDOWS\system32\ffhkj.bak1
C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.tmp
C:\WINDOWS\system32\fuxumhpx.exe
C:\WINDOWS\system32\fvscferh.exe
C:\WINDOWS\system32\gdydpcru.exe
C:\WINDOWS\system32\gktddgfs.dll
C:\WINDOWS\system32\gldghhmk.dll
C:\WINDOWS\system32\glsaagdq.ini
C:\WINDOWS\system32\gokwsgnr.exe
C:\WINDOWS\system32\gqdbnpav.dll
C:\WINDOWS\system32\gtspdbow.dll
C:\WINDOWS\system32\hdvyrdeb.ini
C:\WINDOWS\system32\hgnncjvg.dll
C:\WINDOWS\system32\hkvbhylc.dll
C:\WINDOWS\system32\hnoqbyho.dll
C:\WINDOWS\system32\hvcllnde.dll
C:\WINDOWS\system32\hxnmfmhr.exe
C:\WINDOWS\system32\ifadiroo.exe
C:\WINDOWS\system32\iinfwnhp.dll
C:\WINDOWS\system32\ioldqwjx.ini
C:\WINDOWS\system32\iqbvjfxk.exe
C:\WINDOWS\system32\iswxvyka.exe
C:\WINDOWS\system32\jfoxxgqb.ini
C:\WINDOWS\system32\jioidllu.dll
C:\WINDOWS\system32\jjalrtvq.exe
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jomlojsd.exe
C:\WINDOWS\system32\kglaqdgb.dll
C:\WINDOWS\system32\kmhhgdlg.ini
C:\WINDOWS\system32\knsnjbtk.dll
C:\WINDOWS\system32\ktbjnsnk.ini
C:\WINDOWS\system32\ktouxncv.dll
C:\WINDOWS\system32\kwtxwbod.exe
C:\WINDOWS\system32\lphasako.exe
C:\WINDOWS\system32\lpojearo.dll
C:\WINDOWS\system32\lrkhmafr.exe
C:\WINDOWS\system32\ltxhgve.dll
C:\WINDOWS\system32\lvmkdbog.exe
C:\WINDOWS\system32\mifvmnbd.dll
C:\WINDOWS\system32\mjiucoum.dll
C:\WINDOWS\system32\muocuijm.ini
C:\WINDOWS\system32\mymapklc.dll
C:\WINDOWS\system32\nodjsfrq.dll
C:\WINDOWS\system32\ohybqonh.ini
C:\WINDOWS\system32\oraejopl.ini
C:\WINDOWS\system32\otumevqd.ini
C:\WINDOWS\system32\oxvoomem.exe
C:\WINDOWS\system32\phnwfnii.ini
C:\WINDOWS\system32\pmdtwwbf.ini
C:\WINDOWS\system32\pmnnmno.dll
C:\WINDOWS\system32\povlhhpn.exe
C:\WINDOWS\system32\pyqverts.dll
C:\WINDOWS\system32\qdgaaslg.dll
C:\WINDOWS\system32\qetjgfkc.ini
C:\WINDOWS\system32\qiykkpob.dll
C:\WINDOWS\system32\qnvelviy.dll
C:\WINDOWS\system32\qomnkhe.dll
C:\WINDOWS\system32\qrfsjdon.ini
C:\WINDOWS\system32\qrumlard.exe
C:\WINDOWS\system32\qvqxmjnr.exe
C:\WINDOWS\system32\rcujpvro.exe
C:\WINDOWS\system32\rdxxrjau.ini
C:\WINDOWS\system32\rljoksay.exe
C:\WINDOWS\system32\rquycdpq.exe
C:\WINDOWS\system32\rrlgbjcx.exe
C:\WINDOWS\system32\rvhtrgss.exe
C:\WINDOWS\system32\sclbajnu.exe
C:\WINDOWS\system32\sfgddtkg.ini
C:\WINDOWS\system32\snnbqghc.exe
C:\WINDOWS\system32\stiedybl.exe
C:\WINDOWS\system32\strevqyp.ini
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T6\dlwr.exe
C:\WINDOWS\system32\taknjcxp.exe
C:\WINDOWS\system32\tieuutrh.exe
C:\WINDOWS\system32\tinqqqii.exe
C:\WINDOWS\system32\tkoseuxb.dll
C:\WINDOWS\system32\tmlytapj.exe
C:\WINDOWS\system32\tuurvggc.exe
C:\WINDOWS\system32\uaboxqpw.ini
C:\WINDOWS\system32\uajrxxdr.dll
C:\WINDOWS\system32\ubwqpaeb.dll
C:\WINDOWS\system32\uhgobihi.exe
C:\WINDOWS\system32\ulldioij.ini
C:\WINDOWS\system32\unrhioyg.exe
C:\WINDOWS\system32\uqmwuoan.exe
C:\WINDOWS\system32\uqwtnxqe.exe
C:\WINDOWS\system32\urhdcnje.exe
C:\WINDOWS\system32\urhdhicr.exe
C:\WINDOWS\system32\uuuqjnca.ini
C:\WINDOWS\system32\uyulefvm.exe
C:\WINDOWS\system32\vapnbdqg.ini
C:\WINDOWS\system32\vcknjdgr.dll
C:\WINDOWS\system32\vcnxuotk.ini
C:\WINDOWS\system32\vkplilvp.exe
C:\WINDOWS\system32\vrtjgshx.dll
C:\WINDOWS\system32\vvgpinsj.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wpqxobau.dll
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\X1\kmhp83122.exe
C:\WINDOWS\system32\X11
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X7
C:\WINDOWS\system32\xbnimtbf.exe
C:\WINDOWS\system32\xemhvsua.exe
C:\WINDOWS\system32\xhqknxep.exe
C:\WINDOWS\system32\xhsgjtrv.ini
C:\WINDOWS\system32\xjwqdloi.dll
C:\WINDOWS\system32\xkoyhmwe.ini
C:\WINDOWS\system32\xogywtba.dll
C:\WINDOWS\system32\xxbenqqh.dll
C:\WINDOWS\system32\ychqimof.exe
C:\WINDOWS\system32\yivlevnq.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IVMGJMPU


((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 15:51 681 --a------ C:\WINDOWS\system32\kaebppfl.dll
2007-10-07 14:19 <DIR> d-------- C:\Documents and Settings\Devyn\.housecall6.6
2007-10-07 14:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-06 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-06 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-04 20:53 35,840 -ra------ C:\WINDOWS\tsitra77.exe
2007-10-04 20:43 <DIR> d-------- C:\Documents and Settings\Devyn\Application Data\WinRAR
2007-09-28 18:22 59,392 --a------ C:\WINDOWS\system32\dpvvo.dll
2007-09-28 11:05 59,392 --a------ C:\WINDOWS\system32\deskad.dll
2007-09-27 01:02 57,344 --a------ C:\WINDOWS\system32\dbghel.dll
2007-09-27 01:01 91,648 --a------ C:\WINDOWS\system32\dsaut.dll
2007-09-20 12:22 <DIR> d-------- C:\Program Files\Temporary
2007-09-20 12:18 35,328 --a------ C:\WINDOWS\winshow.exe
2007-09-18 14:39 <DIR> d-------- C:\Program Files\iTunes
2007-09-17 01:05 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-09-17 01:04 <DIR> d-------- C:\Program Files\Active WebCam
2007-09-17 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PY_Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 00:40 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Orbit
2007-10-09 07:13 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Azureus
2007-10-08 22:05 --------- d--h--w C:\Documents and Settings\Devyn\Application Data\Move Networks
2007-10-08 00:52 --------- d-----w C:\Program Files\Windows Plus
2007-10-07 05:24 --------- d-----w C:\Program Files\iPod
2007-10-06 19:51 --------- d-----w C:\Program Files\Auto Mouse
2007-09-30 21:11 --------- d-----w C:\Program Files\Azureus
2007-09-29 02:57 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Ruckus Network
2007-09-29 01:47 --------- d-----w C:\Program Files\Soulseek
2007-09-23 22:29 --------- d-----w C:\Program Files\FlashGet
2007-09-23 07:03 --------- d-----w C:\Program Files\anywebcam
2007-09-21 17:47 10 ----a-w C:\Program Files\.autoreg
2007-09-19 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-18 19:17 --------- d-----w C:\Program Files\Apple Software Update
2007-09-06 18:25 --------- d-----w C:\Program Files\mIRC
2007-08-29 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-29 06:11 --------- d-----w C:\Program Files\Yahoo!
2007-08-23 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 00:16 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-08-20 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse
2007-08-20 03:12 --------- d-----w C:\Program Files\3wPlayer
2007-08-18 21:03 --------- d-----w C:\Program Files\Viewpoint
2007-08-18 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-17 00:40 --------- d--h--w C:\Documents and Settings\Devyn\Application Data\ijjigame
2007-08-17 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-08-16 15:32 13,824 ----a-w C:\WINDOWS\plite731.exe
2007-08-15 08:05 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-12 15:00 --------- d-----w C:\Program Files\StepMania
2007-08-11 15:03 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Apple Computer
2006-09-17 22:19:16 104 -csh--r C:\WINDOWS\system32\C386C975D5.sys
2006-07-20 01:00:06 88 -csh--r C:\WINDOWS\system32\D575C986C3.sys
2006-09-17 22:19:16 7,518 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-05 16:42:45 1,009,595 -csha-w C:\WINDOWS\system32\xbadd.bak1
2007-02-04 16:42:17 1,006,778 -csha-w C:\WINDOWS\system32\xbadd.bak2
2007-02-05 23:25:01 1,007,624 -csha-w C:\WINDOWS\system32\xbadd.ini2
.

((((((((((((((((((((((((((((( snapshot@2007-10-09_19.41.10.74 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-10-10 00:49:20 C:\WINDOWS\Temp\Perflib_Perfdata_6b4.dat
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 408,064 2006-08-25 00:32:50 C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe
------w 204,288 2006-10-19 01:05:26 C:\Program Files\Windows Media Player\wmpnscfg.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD08616B-B846-444E-9CE7-70163FAC4A09}]
C:\WINDOWS\system32\pmkjg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af517806-f7aa-40ce-8362-5410bee476d8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFBBB848-9F42-4D34-9344-1DE2E0A08D7A}]
2004-08-10 05:00 91648 --a------ C:\WINDOWS\system32\dsaut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4FA1C0D-FE64-4CA9-AA7F-FC236138C6EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8E54160-100E-470A-92A5-7F2A573A02FF}]
C:\Program Files\Messenger\lafuven.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 11:56]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-12 02:58]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 14:35 C:\WINDOWS\stsystra.exe]
"svhost"="C:\WINDOWS\svhost.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-27 16:19]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-07-28 20:56:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxvtt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhff]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbw32]
winmbw32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartEnforcer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartEnforcer.lnk
backup=C:\WINDOWS\pss\SmartEnforcer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Devyn^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Devyn\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GM4IE]
C:\Program Files\GM4IE\GM4IE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\kbjqhygd.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
C:\WINDOWS\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\iugpygum.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winprotector]
"C:\WINDOWS\winprotector.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
"C:\WINDOWS\winshow.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"Sprint PCS v3 Utility Service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SavRoam"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"NBService"=3 (0x3)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Adobe LM Service"=3 (0x3)

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
S3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b45af00-97be-11db-936b-0016ce6a6674}]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9bb5c4a-e58a-11db-9396-0015c516e246}]
AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc90af61-b571-11db-9381-0016ce6a6674}]
AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 20:55:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 19:49:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 19:55:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 19:54
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:09, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD08616B-B846-444E-9CE7-70163FAC4A09} - C:\WINDOWS\system32\pmkjg.dll (file missing)
O2 - BHO: (no name) - {AFBBB848-9F42-4D34-9344-1DE2E0A08D7A} - C:\WINDOWS\system32\dsaut.dll
O2 - BHO: (no name) - {B4FA1C0D-FE64-4CA9-AA7F-FC236138C6EC} - (no file)
O2 - BHO: 0 - {D8E54160-100E-470A-92A5-7F2A573A02FF} - C:\Program Files\Messenger\lafuven.dll (file missing)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {5F2AD7EC-B98B-4D4D-BE1E-659B357342BA} (RDDragDrop.RDDragDropX) - http://reddot.uark.edu/cms/Controls/RDDragDrop.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161830349959
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O20 - Winlogon Notify: winmbw32 - winmbw32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10263 bytes

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 October 2007 - 03:19 AM

Copy the text below to notepad and save it to the desktop with the name CFScript.txt

File::
C:\WINDOWS\tsitra77.exe
C:\WINDOWS\plite731.exe
C:\WINDOWS\winprotector.exe
C:\WINDOWS\system32\dsaut.dll
C:\WINDOWS\system32\dpvvo.dll
C:\WINDOWS\system32\deskad.dll
C:\WINDOWS\system32\iugpygum.dll
C:\WINDOWS\system32\kbjqhygd.dll
C:\WINDOWS\system32\kaebppfl.dll
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.ini2
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD08616B-B846-444E-9CE7-70163FAC4A09}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af517806-f7aa-40ce-8362-5410bee476d8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFBBB848-9F42-4D34-9344-1DE2E0A08D7A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4FA1C0D-FE64-4CA9-AA7F-FC236138C6EC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8E54160-100E-470A-92A5-7F2A573A02FF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svhost"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxvtt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhff]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbw32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winprotector]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]

Next,drag CFScript.txt on top of ComboFix.exe and this will launch the application automatically and begin the fix.

Once its completed it process,Right-Click Here and Click "Save As" to download DelDomains.inf to your desktop.

Right Click DelDomains.inf on your desktop and select "Install"

It will perform a silent process-> Give it a minute to run.


After all is finished,please post back with the log from ComboFix and a fresh HijackThis log.

#5 Devyn

Devyn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 10 October 2007 - 01:13 PM

ComboFix 07-10-09.3 - Devyn 2007-10-10 12:50:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.220 [GMT -5:00]
Running from: C:\Documents and Settings\Devyn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Devyn\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\plite731.exe
C:\WINDOWS\system32\deskad.dll
C:\WINDOWS\system32\dpvvo.dll
C:\WINDOWS\system32\dsaut.dll
C:\WINDOWS\system32\iugpygum.dll
C:\WINDOWS\system32\kaebppfl.dll
C:\WINDOWS\system32\kbjqhygd.dll
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\tsitra77.exe
C:\WINDOWS\winprotector.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\plite731.exe
C:\WINDOWS\system32\deskad.dll
C:\WINDOWS\system32\dpvvo.dll
C:\WINDOWS\system32\dsaut.dll
C:\WINDOWS\system32\kaebppfl.dll
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\tsitra77.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-10 03:03 <DIR> C:\WINDOWS\LastGood.Tmp
2007-10-09 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\4D
2007-10-09 20:52 39 --ah----- C:\high.sys
2007-10-09 20:51 <DIR> d-------- C:\Program Files\BlueBox
2007-10-09 20:50 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-10-09 20:50 <DIR> d--h----- C:\Documents and Settings\Devyn\InstallAnywhere
2007-10-07 14:19 <DIR> d-------- C:\Documents and Settings\Devyn\.housecall6.6
2007-10-07 14:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-06 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-06 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-04 20:43 <DIR> d-------- C:\Documents and Settings\Devyn\Application Data\WinRAR
2007-09-27 01:02 57,344 --a------ C:\WINDOWS\system32\dbghel.dll
2007-09-20 12:22 <DIR> d-------- C:\Program Files\Temporary
2007-09-20 12:18 35,328 --a------ C:\WINDOWS\winshow.exe
2007-09-18 14:39 <DIR> d-------- C:\Program Files\iTunes
2007-09-17 01:05 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-09-17 01:04 <DIR> d-------- C:\Program Files\Active WebCam
2007-09-17 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PY_Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 17:57 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Orbit
2007-10-10 02:18 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-10-10 02:18 --------- d-----w C:\Program Files\Symantec
2007-10-10 02:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-10 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-09 07:13 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Azureus
2007-10-08 22:05 --------- d--h--w C:\Documents and Settings\Devyn\Application Data\Move Networks
2007-10-08 00:52 --------- d-----w C:\Program Files\Windows Plus
2007-10-07 05:24 --------- d-----w C:\Program Files\iPod
2007-10-06 19:51 --------- d-----w C:\Program Files\Auto Mouse
2007-10-05 02:01 3,702 ----a-w C:\WINDOWS\system32\tmp.reg
2007-09-30 21:11 --------- d-----w C:\Program Files\Azureus
2007-09-29 02:57 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Ruckus Network
2007-09-29 01:47 --------- d-----w C:\Program Files\Soulseek
2007-09-23 22:29 --------- d-----w C:\Program Files\FlashGet
2007-09-23 07:03 --------- d-----w C:\Program Files\anywebcam
2007-09-21 17:47 10 ----a-w C:\Program Files\.autoreg
2007-09-19 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-18 19:17 --------- d-----w C:\Program Files\Apple Software Update
2007-09-06 18:25 --------- d-----w C:\Program Files\mIRC
2007-08-29 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-29 06:11 --------- d-----w C:\Program Files\Yahoo!
2007-08-23 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 00:16 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-08-20 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse
2007-08-20 03:12 --------- d-----w C:\Program Files\3wPlayer
2007-08-18 21:03 --------- d-----w C:\Program Files\Viewpoint
2007-08-18 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-17 00:40 --------- d--h--w C:\Documents and Settings\Devyn\Application Data\ijjigame
2007-08-17 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-08-15 08:05 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-12 15:00 --------- d-----w C:\Program Files\StepMania
2007-08-11 15:03 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Apple Computer
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-12 23:31 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
2006-09-17 22:19:16 104 -csh--r C:\WINDOWS\system32\C386C975D5.sys
2006-07-20 01:00:06 88 -csh--r C:\WINDOWS\system32\D575C986C3.sys
2006-09-17 22:19:16 7,518 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-09_19.41.10.74 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----atw 16,384 2007-10-10 17:56:58 C:\WINDOWS\Temp\Perflib_Perfdata_22c.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD08616B-B846-444E-9CE7-70163FAC4A09}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af517806-f7aa-40ce-8362-5410bee476d8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4FA1C0D-FE64-4CA9-AA7F-FC236138C6EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8E54160-100E-470A-92A5-7F2A573A02FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 11:56]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-12 02:58]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 14:35 C:\WINDOWS\stsystra.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-27 16:19]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-07-28 20:56:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxvtt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhff]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbw32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartEnforcer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartEnforcer.lnk
backup=C:\WINDOWS\pss\SmartEnforcer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Devyn^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Devyn\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GM4IE]
C:\Program Files\GM4IE\GM4IE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
C:\WINDOWS\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\iugpygum.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"Sprint PCS v3 Utility Service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SavRoam"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"NBService"=3 (0x3)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Adobe LM Service"=3 (0x3)

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
S3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b45af00-97be-11db-936b-0016ce6a6674}]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9bb5c4a-e58a-11db-9396-0015c516e246}]
AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc90af61-b571-11db-9381-0016ce6a6674}]
AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 20:55:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 12:56:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-10 13:00:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-10 12:59
C:\ComboFix2.txt ... 2007-10-09 19:55
.
--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:16, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {5F2AD7EC-B98B-4D4D-BE1E-659B357342BA} (RDDragDrop.RDDragDropX) - http://reddot.uark.edu/cms/Controls/RDDragDrop.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161830349959
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9322 bytes

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 October 2007 - 03:54 PM

If you will please,disable Spybots Tea Timer for a bit so we can be sure all is cleared,here is a link that will help with that.
http://www.russelltexas.com/malware/teatimer.htm

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Restart in Safe Mode and Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingcomputer.com/forums/ind...showtutorial=62

Locate and Delete this file please--> C:\WINDOWS\winshow.exe

This folder please--> C:\Program Files\Temporary


Restart Normal and Scan fresh with HijackThis and post that log in the next reply.


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#7 Devyn

Devyn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 11 October 2007 - 02:21 AM

Before I could get Teatimer shut off, my computer blue screened twice (while I was trying to restart to insure TeaTimer was off) with the following STOP message:

STOP: 0x0000007E (0xC0000005, 0x00000000, 0xF8A56FD8, 0xF8A56CD9)

I don't know what that's all about, but I figure you would be the one to ask. I really appreciate your help with getting my computer back to normal!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:41, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD08616B-B846-444E-9CE7-70163FAC4A09} - (no file)
O2 - BHO: (no name) - {af517806-f7aa-40ce-8362-5410bee476d8} - (no file)
O2 - BHO: (no name) - {B4FA1C0D-FE64-4CA9-AA7F-FC236138C6EC} - (no file)
O2 - BHO: (no name) - {D8E54160-100E-470A-92A5-7F2A573A02FF} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {5F2AD7EC-B98B-4D4D-BE1E-659B357342BA} (RDDragDrop.RDDragDropX) - http://reddot.uark.edu/cms/Controls/RDDragDrop.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161830349959
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O20 - Winlogon Notify: cbxxvtt - C:\WINDOWS\
O20 - Winlogon Notify: jkhff - C:\WINDOWS\
O20 - Winlogon Notify: winmbw32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9655 bytes



Scanning Report
Thursday, October 11, 2007 00:51:11 - 02:13:58

Computer name: DMOORELT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 28 malware found
Possible Browser Hijack attempt (spyware)

* System (Disinfected)

Tracking Cookie (spyware)

* System (Disinfected)
* System

Trojan-Dropper.Win32.Agent.bxm (virus)

* C:\WINDOWS\SYSTEM32\DBGHEL.DLL (Renamed & Submitted)

Virtumonde (spyware)

* System (Disinfected)

Vundo.gen38 (virus)

* C:\WINDOWS\SYSTEM32\BFLVLXEF.INI (Submitted)
* C:\WINDOWS\SYSTEM32\DPOFJUSB.INI (Submitted)
* C:\WINDOWS\SYSTEM32\ECJKARER.INI (Submitted)
* C:\WINDOWS\SYSTEM32\LPWYKQRN.INI (Submitted)
* C:\WINDOWS\SYSTEM32\MKOWSHLP.INI (Submitted)
* C:\WINDOWS\SYSTEM32\OVYPVLGV.INI (Submitted)
* C:\WINDOWS\SYSTEM32\OXSBPQGJ.INI (Submitted)
* C:\WINDOWS\SYSTEM32\QDXLVQIL.INI (Submitted)
* C:\WINDOWS\SYSTEM32\RJPOELBT.INI (Submitted)
* C:\WINDOWS\SYSTEM32\SXFIEDIJ.INI (Submitted)
* C:\WINDOWS\SYSTEM32\TUBKBYFE.INI (Submitted)
* C:\WINDOWS\SYSTEM32\UHDEXCAA.INI (Submitted)

Vundo.gen39 (virus)

* C:\WINDOWS\SYSTEM32\ATRGKLQP.INI (Submitted)
* C:\WINDOWS\SYSTEM32\DGYHQJBK.INI (Submitted)
* C:\WINDOWS\SYSTEM32\FRKAUDKV.INI (Submitted)
* C:\WINDOWS\SYSTEM32\GPPDFDEW.INI (Submitted)
* C:\WINDOWS\SYSTEM32\HWWLQBCJ.INI (Submitted)
* C:\WINDOWS\SYSTEM32\ITOCXUXB.INI (Submitted)
* C:\WINDOWS\SYSTEM32\OILBUTUM.INI (Submitted)
* C:\WINDOWS\SYSTEM32\PFLKLGGX.INI (Submitted)
* C:\WINDOWS\SYSTEM32\PXGQODFB.INI (Submitted)
* C:\WINDOWS\SYSTEM32\QQEBNYJC.INI (Submitted)
* C:\WINDOWS\SYSTEM32\REIFGXGW.INI (Submitted)

Statistics
Scanned:

* Files: 47307
* System: 5131
* Not scanned: 7

Actions:

* Disinfected: 3
* Renamed: 1
* Deleted: 0
* None: 24
* Submitted: 24

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{6FF12BFC-EE7F-4302-91E9-06786E72AE4C}.BIN
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-10-07
* F-Secure AVP: 7.0.171, 2007-10-11
* F-Secure Orion: 1.2.37, 2007-10-11
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0597-150-72
* F-Secure Pegasus: 1.19.0, 2007-09-02

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics

Copyright 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 October 2007 - 02:47 AM

Did the Blue Screen appear before or after you ran the F-Secure scan?

I need you to check for a folder for me so I can examine the dump files that may have been created during the Blue Screens.

Search for--> C:\Windows\Minidump

Let me know if you can find that folder please and let me know if there are any files inside it?

Lets make another CFScript and run it to remove those files found by F-Secure.

Copy the text below to notepad and save it with the name CFSript.txt

Files::
C:\WINDOWS\SYSTEM32\DBGHEL.0LL
C:\WINDOWS\SYSTEM32\DBGHEL.OLL
C:\WINDOWS\SYSTEM32\BFLVLXEF.INI
C:\WINDOWS\SYSTEM32\DPOFJUSB.INI
C:\WINDOWS\SYSTEM32\ECJKARER.INI
C:\WINDOWS\SYSTEM32\LPWYKQRN.INI
C:\WINDOWS\SYSTEM32\MKOWSHLP.INI
C:\WINDOWS\SYSTEM32\OVYPVLGV.INI
C:\WINDOWS\SYSTEM32\OXSBPQGJ.INI
C:\WINDOWS\SYSTEM32\QDXLVQIL.INI
C:\WINDOWS\SYSTEM32\RJPOELBT.INI
C:\WINDOWS\SYSTEM32\SXFIEDIJ.INI
C:\WINDOWS\SYSTEM32\UHDEXCAA.INI
C:\WINDOWS\SYSTEM32\ATRGKLQP.INI
C:\WINDOWS\SYSTEM32\DGYHQJBK.INI
C:\WINDOWS\SYSTEM32\FRKAUDKV.INI
C:\WINDOWS\SYSTEM32\GPPDFDEW.INI
C:\WINDOWS\SYSTEM32\HWWLQBCJ.INI
C:\WINDOWS\SYSTEM32\ITOCXUXB.INI
C:\WINDOWS\SYSTEM32\OILBUTUM.INI
C:\WINDOWS\SYSTEM32\PFLKLGGX.INI
C:\WINDOWS\SYSTEM32\PXGQODFB.INI
C:\WINDOWS\SYSTEM32\QQEBNYJC.INI
C:\WINDOWS\SYSTEM32\REIFGXGW.INI

Drag CFScript.txt on top of ComboFix.exe and allow the program to run,once complete,post the log it generates please.

After that,Please run the Bit Defender Online Scan
http://www.bitdefender.com/scan8/ie.html

You must use Internet Explorer for this scanner.

Install the ActiveX and Click on "Click here to Scan"

Allow it to update and Scan the Machine.

It should disinfect or delete whatever it finds that is infected.

Save the report in generates in a text format please and post it back here

#9 Devyn

Devyn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 11 October 2007 - 08:58 PM

The two blue screens appeared while I was trying to disable TeaTimer.exe in SpyBot - Search & Destory.

I looked in the folder you requested and there are exactly fifty (50) files in there. If you need me to do anything with them, I would be more than willing!

Here's ComboFix:

ComboFix 07-10-09.3 - Devyn 2007-10-11 12:32:33.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.103 [GMT -5:00]
Running from: C:\Documents and Settings\Devyn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Devyn\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))))
.

2007-10-10 03:03 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\4D
2007-10-09 20:52 39 --ah----- C:\high.sys
2007-10-09 20:51 <DIR> d-------- C:\Program Files\BlueBox
2007-10-09 20:50 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-10-09 20:50 <DIR> d--h----- C:\Documents and Settings\Devyn\InstallAnywhere
2007-10-07 14:19 <DIR> d-------- C:\Documents and Settings\Devyn\.housecall6.6
2007-10-07 14:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-06 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-06 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-04 20:43 <DIR> d-------- C:\Documents and Settings\Devyn\Application Data\WinRAR
2007-09-18 14:39 <DIR> d-------- C:\Program Files\iTunes
2007-09-17 01:05 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-09-17 01:04 <DIR> d-------- C:\Program Files\Active WebCam
2007-09-17 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PY_Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 17:38 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Azureus
2007-10-11 05:39 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Orbit
2007-10-11 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-10 02:18 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-10-10 02:18 --------- d-----w C:\Program Files\Symantec
2007-10-10 02:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-10 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-08 22:05 --------- d--h--w C:\Documents and Settings\Devyn\Application Data\Move Networks
2007-10-08 00:52 --------- d-----w C:\Program Files\Windows Plus
2007-10-07 05:24 --------- d-----w C:\Program Files\iPod
2007-10-06 19:51 --------- d-----w C:\Program Files\Auto Mouse
2007-10-05 02:01 3,702 ----a-w C:\WINDOWS\system32\tmp.reg
2007-09-30 21:11 --------- d-----w C:\Program Files\Azureus
2007-09-29 02:57 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Ruckus Network
2007-09-29 01:47 --------- d-----w C:\Program Files\Soulseek
2007-09-23 22:29 --------- d-----w C:\Program Files\FlashGet
2007-09-23 07:03 --------- d-----w C:\Program Files\anywebcam
2007-09-21 17:47 10 ----a-w C:\Program Files\.autoreg
2007-09-18 19:17 --------- d-----w C:\Program Files\Apple Software Update
2007-09-06 18:25 --------- d-----w C:\Program Files\mIRC
2007-08-29 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-29 06:11 --------- d-----w C:\Program Files\Yahoo!
2007-08-23 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-21 00:16 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-08-20 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-20 03:12 --------- d-----w C:\Program Files\3wPlayer
2007-08-18 21:03 --------- d-----w C:\Program Files\Viewpoint
2007-08-18 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-17 00:40 --------- d--h--w C:\Documents and Settings\Devyn\Application Data\ijjigame
2007-08-17 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-08-15 08:05 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-12 15:00 --------- d-----w C:\Program Files\StepMania
2007-08-11 15:03 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Apple Computer
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-12 23:31 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
2006-09-17 22:19:16 104 -csh--r C:\WINDOWS\system32\C386C975D5.sys
2006-07-20 01:00:06 88 -csh--r C:\WINDOWS\system32\D575C986C3.sys
2006-09-17 22:19:16 7,518 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-09_19.41.10.74 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-10 10:00:00 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-w 500,120 2007-05-07 21:38:46 C:\WINDOWS\Downloaded Program Files\daas_s.dll
----a-w 192,920 2007-05-07 21:39:00 C:\WINDOWS\Downloaded Program Files\fsauc.dll
----a-w 254,360 2007-05-07 21:39:24 C:\WINDOWS\Downloaded Program Files\fscax.dll
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 17:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 17:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-r 1,165,584 2007-10-11 00:58:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-10-11 00:58:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-10-11 00:58:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-10-11 00:58:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-10-11 00:58:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\system32\xpsp3res.dll
----atw 16,384 2007-10-11 05:38:46 C:\WINDOWS\Temp\Perflib_Perfdata_494.dat
.
----a-r 1,165,584 2007-09-19 08:02:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-09-19 08:02:41 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-09-19 08:02:41 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-09-19 08:02:41 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-09-19 08:02:41 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-09-19 08:02:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 17:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
----a-w 61,952 2006-10-17 17:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-10 10:00:00 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
----a-w 248,320 2007-03-09 11:28:00 C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD08616B-B846-444E-9CE7-70163FAC4A09}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af517806-f7aa-40ce-8362-5410bee476d8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4FA1C0D-FE64-4CA9-AA7F-FC236138C6EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8E54160-100E-470A-92A5-7F2A573A02FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 11:56]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-12 02:58]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 14:35 C:\WINDOWS\stsystra.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-27 16:19]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-07-28 20:56:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxvtt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhff]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbw32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartEnforcer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartEnforcer.lnk
backup=C:\WINDOWS\pss\SmartEnforcer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Devyn^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Devyn\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GM4IE]
C:\Program Files\GM4IE\GM4IE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
C:\WINDOWS\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\iugpygum.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"Sprint PCS v3 Utility Service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SavRoam"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"NBService"=3 (0x3)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Adobe LM Service"=3 (0x3)

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
S3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b45af00-97be-11db-936b-0016ce6a6674}]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9bb5c4a-e58a-11db-9396-0015c516e246}]
AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc90af61-b571-11db-9381-0016ce6a6674}]
AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 20:55:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 12:38:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-11 12:40:08
C:\ComboFix-quarantined-files.txt ... 2007-10-11 12:39
C:\ComboFix2.txt ... 2007-10-10 13:00
C:\ComboFix3.txt ... 2007-10-09 19:55
.
--- E O F ---


Here's Bit Defender ( I have also uploaded a copy to my personal website so it's easier to understand http://www.cybercityzero.com/BDlog.html):

BitDefender Online Scanner


Scan report generated at: Thu, Oct 11, 2007 - 15:55:16

Scan path: C:\;D:\;E:\;G:\;


Statistics

Time


03:02:22

Files


695265

Folders


17160

Boot Sectors


6

Archives


38272

Packed Files


38279







Results

Identified Viruses


39

Infected Files


272

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


273







Engines Info

Virus Definitions


826226

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


14

Archive plugins


38

Unpack plugins


7

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\AP0.htm.bac_a03060


Infected with: Exploit.HTML.Ascii.A

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\AP0.htm.bac_a03060


Disinfection failed

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\AP0.htm.bac_a03060


Deleted

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\AP1.htm.bac_a03060


Infected with: Exploit.HTML.Ascii.A

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\AP1.htm.bac_a03060


Disinfection failed

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\AP1.htm.bac_a03060


Deleted

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\AP2.htm.bac_a03060


Infected with: Exploit.HTML.Ascii.A

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\AP2.htm.bac_a03060


Disinfection failed

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\AP2.htm.bac_a03060


Deleted

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\winable.exe.bac_a03060=>(Quarantine-4)


Infected with: Trojan.Downloader.JJAJ

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\winable.exe.bac_a03060=>(Quarantine-4)


Disinfection failed

C:\Documents and Settings\Devyn\.housecall6.6\Quarantine\winable.exe.bac_a03060=>(Quarantine-4)


Deleted

C:\Documents and Settings\Devyn\Application Data\Thunderbird\Profiles\wvu06g5b.default\Mail\Local Folders\Inbox=>(message 4039)


Infected with: Generic.Trojan.Phish.F57692D3

C:\Documents and Settings\Devyn\Application Data\Thunderbird\Profiles\wvu06g5b.default\Mail\Local Folders\Inbox=>(message 4039)


Disinfection failed

C:\Documents and Settings\Devyn\Application Data\Thunderbird\Profiles\wvu06g5b.default\Mail\Local Folders\Inbox=>(message 4039)


Deleted

C:\Documents and Settings\Devyn\Application Data\Thunderbird\Profiles\wvu06g5b.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\Devyn\Application Data\Thunderbird\Profiles\wvu06g5b.default\Mail\Local Folders\Inbox=>(message 4655)


Infected with: Generic.Peed.Eml.F1D45731

C:\Documents and Settings\Devyn\Application Data\Thunderbird\Profiles\wvu06g5b.default\Mail\Local Folders\Inbox=>(message 4655)


Disinfection failed

C:\Documents and Settings\Devyn\Application Data\Thunderbird\Profiles\wvu06g5b.default\Mail\Local Folders\Inbox=>(message 4655)


Deleted

C:\Documents and Settings\Devyn\Application Data\Thunderbird\Profiles\wvu06g5b.default\Mail\Local Folders\Inbox


Updated

C:\qoobox\Quarantine\C\Program Files\svhost\wr-1-77.exe.vir


Infected with: Trojan.Downloader.Small.AAGB

C:\qoobox\Quarantine\C\Program Files\svhost\wr-1-77.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\Program Files\svhost\wr-1-77.exe.vir


Deleted

C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir


Infected with: Trojan.Downloader.JJAJ

C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Rootkit.Agent.EV

C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir=>(NSIS o)


Update failed

C:\qoobox\Quarantine\C\WINDOWS\b138.exe.vir


Infected with: Trojan.Downloader.Agent.BHU

C:\qoobox\Quarantine\C\WINDOWS\b138.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\b138.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\plite731.exe.vir


Infected with: Trojan.Adband.A

C:\qoobox\Quarantine\C\WINDOWS\plite731.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\plite731.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\svhost.exe.vir


Infected with: Trojan.VB.Agent.K

C:\qoobox\Quarantine\C\WINDOWS\svhost.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\svhost.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\acnjquuu.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\acnjquuu.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ajpgytbh.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\ajpgytbh.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\ajpgytbh.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\akjtcccj.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\akjtcccj.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\akjtcccj.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\avyvgubd.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\avyvgubd.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\avyvgubd.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\b02FdUe\b02FdUe1065.exe.vir


Infected with: Trojan.Downloader.Vb.AWJ

C:\qoobox\Quarantine\C\WINDOWS\system32\b02FdUe\b02FdUe1065.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\b02FdUe\b02FdUe1065.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\bedryvdh.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\bedryvdh.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\bpfxrkco.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\bpfxrkco.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\bpfxrkco.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\bqgxxofj.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\bqgxxofj.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\bucsaami.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\bucsaami.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\bucsaami.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\byxxxvt.dll.vir


Detected with: Adware.Virtumonde.GFZ

C:\qoobox\Quarantine\C\WINDOWS\system32\byxxxvt.dll.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\byxxxvt.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\cbxvtsq.dll.vir


Infected with: Trojan.Vundo.DMV

C:\qoobox\Quarantine\C\WINDOWS\system32\cbxvtsq.dll.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\cbxvtsq.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ccumyhhu.exe.vir


Infected with: Trojan.Fotomoto.A

C:\qoobox\Quarantine\C\WINDOWS\system32\ccumyhhu.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ckfgjteq.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\ckfgjteq.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\cnleycug.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\cnleycug.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\cnleycug.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\comitnld.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\comitnld.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ctnlauhb.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\ctnlauhb.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\deskad.dll.vir


Infected with: Trojan.Spy.Bzub.NFQ

C:\qoobox\Quarantine\C\WINDOWS\system32\deskad.dll.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\deskad.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\dpvvo.dll.vir


Infected with: Trojan.Spy.Bzub.NFQ

C:\qoobox\Quarantine\C\WINDOWS\system32\dpvvo.dll.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\dpvvo.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\dqvemuto.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\dqvemuto.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\dqvqrjgw.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\dqvqrjgw.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\dqvqrjgw.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\jwnduhly.sys.vir


Infected with: Trojan.Spy.Bzub.NFQ

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\jwnduhly.sys.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\jwnduhly.sys.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\dsaut.dll.vir


Infected with: Trojan.Spy.Bzub.NFY

C:\qoobox\Quarantine\C\WINDOWS\system32\dsaut.dll.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\dsaut.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\dxcrkksm.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\dxcrkksm.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\dxcrkksm.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\evjtgrgf.dll.vir


Infected with: Trojan.Bho.BD

C:\qoobox\Quarantine\C\WINDOWS\system32\evjtgrgf.dll.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\evjtgrgf.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\evmayemq.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\evmayemq.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\evmayemq.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ewmhyokx.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\ewmhyokx.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ewsdfwvd.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\ewsdfwvd.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\ewsdfwvd.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir


Infected with: Trojan.Downloader.VB.VGA

C:\qoobox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\f10WtR\f10WtR1099.exe.vir


Infected with: Trojan.Agent.VB.AOU

C:\qoobox\Quarantine\C\WINDOWS\system32\f10WtR\f10WtR1099.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\f10WtR\f10WtR1099.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\fbwwtdmp.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\fbwwtdmp.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\fuxumhpx.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\fuxumhpx.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\fuxumhpx.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\fvscferh.exe.vir


Infected with: Trojan.Fotomoto.A

C:\qoobox\Quarantine\C\WINDOWS\system32\fvscferh.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\gdydpcru.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\gdydpcru.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\gdydpcru.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\gldghhmk.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\gldghhmk.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\gokwsgnr.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\gokwsgnr.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\gokwsgnr.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\gqdbnpav.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\gqdbnpav.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\gtspdbow.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\gtspdbow.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\hkvbhylc.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\hkvbhylc.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\hvcllnde.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\hvcllnde.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\hxnmfmhr.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\hxnmfmhr.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\hxnmfmhr.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ifadiroo.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\ifadiroo.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\ifadiroo.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\iinfwnhp.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\iinfwnhp.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\iqbvjfxk.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\iqbvjfxk.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\iqbvjfxk.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\iswxvyka.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\iswxvyka.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\iswxvyka.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\jioidllu.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\jioidllu.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\jjalrtvq.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\jjalrtvq.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\jjalrtvq.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\jomlojsd.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\jomlojsd.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\jomlojsd.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\kglaqdgb.dll.vir


Infected with: Trojan.Bho.BD

C:\qoobox\Quarantine\C\WINDOWS\system32\kglaqdgb.dll.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\kglaqdgb.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\knsnjbtk.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\knsnjbtk.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\kwtxwbod.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\kwtxwbod.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\kwtxwbod.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\lphasako.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\lphasako.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\lphasako.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\lpojearo.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\lpojearo.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\lrkhmafr.exe.vir


Infected with: Trojan.Fotomoto.A

C:\qoobox\Quarantine\C\WINDOWS\system32\lrkhmafr.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\lvmkdbog.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\lvmkdbog.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\lvmkdbog.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\mifvmnbd.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\mifvmnbd.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\mjiucoum.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\mjiucoum.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\mymapklc.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\mymapklc.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\nodjsfrq.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\nodjsfrq.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\oxvoomem.exe.vir


Infected with: Trojan.Fotomoto.A

C:\qoobox\Quarantine\C\WINDOWS\system32\oxvoomem.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\pmnnmno.dll.vir


Infected with: Trojan.Vundo.DNC

C:\qoobox\Quarantine\C\WINDOWS\system32\pmnnmno.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\povlhhpn.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\povlhhpn.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\povlhhpn.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\pyqverts.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\pyqverts.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\qdgaaslg.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\qdgaaslg.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\qiykkpob.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\qiykkpob.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\qnvelviy.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\qnvelviy.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\qomnkhe.dll.vir


Infected with: Trojan.Vundo.DNC

C:\qoobox\Quarantine\C\WINDOWS\system32\qomnkhe.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\qrumlard.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\qrumlard.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\qrumlard.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\qvqxmjnr.exe.vir


Infected with: Trojan.Fotomoto.A

C:\qoobox\Quarantine\C\WINDOWS\system32\qvqxmjnr.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\rcujpvro.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\rcujpvro.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\rcujpvro.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\rljoksay.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\rljoksay.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\rljoksay.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\rquycdpq.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\rquycdpq.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\rquycdpq.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\rrlgbjcx.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\rrlgbjcx.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\rrlgbjcx.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\rvhtrgss.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\rvhtrgss.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\rvhtrgss.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\sclbajnu.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\sclbajnu.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\sclbajnu.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\snnbqghc.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\snnbqghc.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\snnbqghc.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\stiedybl.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\stiedybl.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\stiedybl.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\T6\dlwr.exe.vir


Infected with: Trojan.Downloader.BKF

C:\qoobox\Quarantine\C\WINDOWS\system32\T6\dlwr.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\T6\dlwr.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\taknjcxp.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\taknjcxp.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\taknjcxp.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\tieuutrh.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\tieuutrh.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\tieuutrh.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\tinqqqii.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\tinqqqii.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\tinqqqii.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\tkoseuxb.dll.vir


Infected with: Trojan.Bho.BD

C:\qoobox\Quarantine\C\WINDOWS\system32\tkoseuxb.dll.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\tkoseuxb.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\tmlytapj.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\tmlytapj.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\tmlytapj.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\tuurvggc.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\tuurvggc.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\tuurvggc.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\uajrxxdr.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\uajrxxdr.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ubwqpaeb.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\ubwqpaeb.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\uhgobihi.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\uhgobihi.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\uhgobihi.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\unrhioyg.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\unrhioyg.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\unrhioyg.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\uqmwuoan.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\uqmwuoan.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\uqmwuoan.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\uqwtnxqe.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\uqwtnxqe.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\uqwtnxqe.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\urhdcnje.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\urhdcnje.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\urhdcnje.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\urhdhicr.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\urhdhicr.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\urhdhicr.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\uyulefvm.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\uyulefvm.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\uyulefvm.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\vcknjdgr.dll.vir


Infected with: Trojan.BHO.BP

C:\qoobox\Quarantine\C\WINDOWS\system32\vcknjdgr.dll.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\vcknjdgr.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\vkplilvp.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\vkplilvp.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\vkplilvp.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\vrtjgshx.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\vrtjgshx.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\vvgpinsj.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\vvgpinsj.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\vvgpinsj.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\X1\kmhp83122.exe.vir=>(NSIS o)=>zlib_nsis0003


Detected with: Adware.TTC.B

C:\qoobox\Quarantine\C\WINDOWS\system32\X1\kmhp83122.exe.vir=>(NSIS o)=>zlib_nsis0003


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\X1\kmhp83122.exe.vir=>(NSIS o)=>zlib_nsis0003


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\X1\kmhp83122.exe.vir=>(NSIS o)


Update failed

C:\qoobox\Quarantine\C\WINDOWS\system32\xbnimtbf.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\xbnimtbf.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\xbnimtbf.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\xemhvsua.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\xemhvsua.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\xemhvsua.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\xhqknxep.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\xhqknxep.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\xhqknxep.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\xjwqdloi.dll.vir


Infected with: Trojan.Vundo.DMP

C:\qoobox\Quarantine\C\WINDOWS\system32\xjwqdloi.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\xxbenqqh.dll.vir


Infected with: Trojan.Virtumod.AAC

C:\qoobox\Quarantine\C\WINDOWS\system32\xxbenqqh.dll.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\xxbenqqh.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\ychqimof.exe.vir


Infected with: Trojan.Fotomoto.E

C:\qoobox\Quarantine\C\WINDOWS\system32\ychqimof.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\ychqimof.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\tsitra77.exe.vir


Infected with: Trojan.Downloader.Agent.BLS

C:\qoobox\Quarantine\C\WINDOWS\tsitra77.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\tsitra77.exe.vir


Deleted

C:\qoobox\Quarantine\catchme2007-10-09_193837.35.zip=>cbxxvtt.dll


Detected with: Adware.Virtumonde.GFZ

C:\qoobox\Quarantine\catchme2007-10-09_193837.35.zip=>cbxxvtt.dll


Disinfection failed

C:\qoobox\Quarantine\catchme2007-10-09_193837.35.zip=>cbxxvtt.dll


Deleted

C:\qoobox\Quarantine\catchme2007-10-09_193837.35.zip


Updated

C:\qoobox\Quarantine\catchme2007-10-09_193837.35.zip=>jkhff.dll


Infected with: Trojan.Virtumod.VH

C:\qoobox\Quarantine\catchme2007-10-09_193837.35.zip=>jkhff.dll


Disinfection failed

C:\qoobox\Quarantine\catchme2007-10-09_193837.35.zip=>jkhff.dll


Deleted

C:\qoobox\Quarantine\catchme2007-10-09_193837.35.zip


Updated

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072513.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072513.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072514.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072514.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072515.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072515.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072516.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072516.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072518.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072518.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072519.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0072519.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP357\A0072641.exe


Infected with: Trojan.Agent.VB.AOU

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP357\A0072641.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP357\A0072641.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0073210.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0073210.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP360\A0073210.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP361\A0073237.exe


Infected with: Trojan.Agent.VB.AOU

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP361\A0073237.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP361\A0073237.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP366\A0073559.exe


Infected with: Trojan.PWS.Onlinegames.NET

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP366\A0073559.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP366\A0075555.exe


Infected with: Trojan.Downloader.Agent.YOP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP366\A0075555.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP366\A0075555.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077593.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077593.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077593.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077598.exe


Infected with: Trojan.Downloader.Agent.YOP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077598.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077598.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077599.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077599.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077599.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077601.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077601.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077601.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077605.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077605.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077605.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077608.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077608.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077608.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077635.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077635.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077635.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077684.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077684.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077685.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077685.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077686.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077686.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077687.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077687.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077697.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077697.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077698.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0077698.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0078686.dll


Infected with: Trojan.Vundo.DNI

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0078686.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0078710.dll


Infected with: Trojan.Spy.Bzub.NFY

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0078710.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0078710.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0079729.sys


Infected with: Trojan.Spy.Bzub.NFQ

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0079729.sys


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0079729.sys


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0080720.dll


Infected with: Trojan.Spy.Bzub.NFY

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0080720.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0080720.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\A0083765.exe


Infected with: Trojan.Downloader.Agent.YIS

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\A0083765.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\A0083765.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\A0083767.exe


Infected with: Trojan.Downloader.Agent.BUO

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\A0083767.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\A0083767.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\A0083770.exe


Infected with: Trojan.Downloader.JJAJ

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\A0083770.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\A0083770.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\A0083774.exe


Infected with: Trojan.PWS.Onlinegames.NET

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\A0083774.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP377\A0085771.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Trojan.Downloader.Purityscan.EH

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP377\A0085771.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP377\A0085771.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP377\A0085771.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087013.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Rootkit.Agent.EV

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087013.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087013.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087013.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087014.exe


Infected with: Trojan.Downloader.Agent.BHU

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087014.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087014.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087017.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087017.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087017.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087018.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087018.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087018.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087019.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087019.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087019.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087020.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087020.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087020.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087021.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087021.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087021.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087022.exe


Infected with: Trojan.Fotomoto.A

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087022.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087023.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087023.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087023.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087024.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087024.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087024.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087025.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087025.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087025.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087026.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087026.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087026.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087027.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087027.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087027.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087028.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087028.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087028.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087029.exe


Infected with: Trojan.Fotomoto.A

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087029.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087030.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087030.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087030.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087031.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087031.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087031.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087032.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087032.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087032.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087033.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087033.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087033.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087034.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087034.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087034.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087035.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087035.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087035.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087036.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087036.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087036.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087037.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087037.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087037.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087038.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087038.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087038.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087039.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087039.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087039.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087040.exe


Infected with: Trojan.Fotomoto.A

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087040.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087041.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087041.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087041.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087042.exe


Infected with: Trojan.Fotomoto.A

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087042.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087043.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087043.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087043.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087044.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087044.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087044.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087045.exe


Infected with: Trojan.Fotomoto.A

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087045.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087046.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087046.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087046.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087047.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087047.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087047.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087048.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087048.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087048.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087049.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087049.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087049.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087050.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087050.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087050.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087051.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087051.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087051.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087052.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087052.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087052.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087053.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087053.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087053.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087054.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087054.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087054.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087055.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087055.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087055.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087056.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087056.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087056.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087057.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087057.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087057.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087058.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087058.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087058.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087059.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087059.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087059.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087060.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087060.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087060.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087061.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087061.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087061.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087062.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087062.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087062.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087063.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087063.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087063.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087064.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087064.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087064.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087065.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087065.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087065.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087066.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087066.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087066.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087067.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087067.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087067.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087068.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087068.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087068.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087069.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087069.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087069.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087070.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087070.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087070.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087071.exe


Infected with: Trojan.Fotomoto.E

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087071.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087071.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087072.sys


Infected with: Trojan.Spy.Bzub.NFQ

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087072.sys


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087072.sys


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087074.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087074.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087075.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087075.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087076.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087076.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087077.dll


Detected with: Adware.Virtumonde.GFZ

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087077.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087077.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087078.dll


Infected with: Trojan.Vundo.DMV

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087078.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087078.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087079.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087079.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087080.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087080.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087081.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087081.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087082.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087082.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087084.dll


Infected with: Trojan.Bho.BD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087084.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087084.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087085.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087085.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087086.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087086.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087088.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087088.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087089.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087089.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087090.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087090.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087092.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087092.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087094.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087094.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087095.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087095.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087096.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087096.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087097.dll


Infected with: Trojan.Bho.BD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087097.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087097.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087098.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087098.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087100.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087100.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087101.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087101.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087102.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087102.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087103.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087103.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087104.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087104.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087105.dll


Infected with: Trojan.Vundo.DNC

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087105.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087106.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087106.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087107.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087107.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087108.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087108.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087109.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087109.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087110.dll


Infected with: Trojan.Vundo.DNC

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087110.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087111.dll


Infected with: Trojan.Bho.BD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087111.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087111.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087112.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087112.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087113.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087113.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087114.dll


Infected with: Trojan.BHO.BP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087114.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087114.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087115.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087115.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087117.dll


Infected with: Trojan.Vundo.DMP

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087117.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087119.dll


Infected with: Trojan.Virtumod.AAC

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087119.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087119.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087156.exe


Infected with: Trojan.Downloader.JJAJ

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087156.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087156.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087158.exe


Infected with: Trojan.Downloader.Small.AAGB

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087158.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087158.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087159.exe


Infected with: Trojan.Downloader.BKF

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087159.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087159.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087160.exe=>(NSIS o)=>zlib_nsis0003


Detected with: Adware.TTC.B

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087160.exe=>(NSIS o)=>zlib_nsis0003


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087160.exe=>(NSIS o)=>zlib_nsis0003


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087160.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087161.exe


Infected with: Trojan.Downloader.Vb.AWJ

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087161.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087161.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087162.exe


Infected with: Trojan.Downloader.VB.VGA

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087162.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087162.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087163.exe


Infected with: Trojan.Agent.VB.AOU

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087163.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087163.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087165.exe


Infected with: Trojan.VB.Agent.K

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087165.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087165.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087169.dll


Detected with: Adware.Virtumonde.GFZ

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087169.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087169.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087170.dll


Infected with: Trojan.Virtumod.VH

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087170.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP381\A0087170.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088446.exe


Infected with: Trojan.Adband.A

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088446.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088446.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088447.dll


Infected with: Trojan.Spy.Bzub.NFQ

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088447.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088447.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088448.dll


Infected with: Trojan.Spy.Bzub.NFQ

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088448.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088448.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088449.dll


Infected with: Trojan.Spy.Bzub.NFY

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088449.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088449.dll


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088451.exe


Infected with: Trojan.Downloader.Agent.BLS

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088451.exe


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP384\A0088451.exe


Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP385\A0089664.dll


Infected with: Trojan.Agent.AFIF

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP385\A0089664.dll


Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP385\A0089664.dll


Deleted

C:\VundoFix Backups\nqjfbxrs.dll.bad


Infected with: Trojan.JuanSearch.A

C:\VundoFix Backups\nqjfbxrs.dll.bad


Disinfection failed

C:\VundoFix Backups\nqjfbxrs.dll.bad


Deleted

C:\VundoFix Backups\obfsexyn.exe.bad


Infected with: Trojan.Clicker.Small.YB

C:\VundoFix Backups\obfsexyn.exe.bad


Disinfection failed

C:\VundoFix Backups\obfsexyn.exe.bad


Deleted

C:\VundoFix Backups\ofvimeff.exe.bad


Infected with: Trojan.LowZones.SA

C:\VundoFix Backups\ofvimeff.exe.bad


Disinfection failed

C:\VundoFix Backups\ofvimeff.exe.bad


Deleted

C:\VundoFix Backups\pinquntg.exe.bad


Infected with: Trojan.Clicker.Agent.NP

C:\VundoFix Backups\pinquntg.exe.bad


Disinfection failed

C:\VundoFix Backups\pinquntg.exe.bad


Deleted

C:\VundoFix Backups\pmkjg.dll.bad


Infected with: Trojan.Virtumod.AAP

C:\VundoFix Backups\pmkjg.dll.bad


Disinfection failed

C:\VundoFix Backups\pmkjg.dll.bad


Deleted

C:\VundoFix Backups\tagecdwy.exe.bad


Infected with: Trojan.Clicker.Agent.NP

C:\VundoFix Backups\tagecdwy.exe.bad


Disinfection failed

C:\VundoFix Backups\tagecdwy.exe.bad


Deleted

C:\VundoFix Backups\yrwngqcj.exe.bad


Infected with: Trojan.LowZones.SA

C:\VundoFix Backups\yrwngqcj.exe.bad


Disinfection failed

C:\VundoFix Backups\yrwngqcj.exe.bad


Deleted

C:\WINDOWS\system32\DBGHEL.0LL


Infected with: Trojan.Agent.AFIF

C:\WINDOWS\system32\DBGHEL.0LL


Disinfection failed

C:\WINDOWS\system32\DBGHEL.0LL


Deleted

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 October 2007 - 04:01 AM

Hmmm,most everything is in a secured folder and should not be posing a threat,that damn tea timer is a real pain sometimes,was it disabled when you ran combofix?

I borked the CFScript too,recreate that script please to reflect the one below

File::
C:\WINDOWS\SYSTEM32\DBGHEL.0LL
C:\WINDOWS\SYSTEM32\DBGHEL.OLL
C:\WINDOWS\SYSTEM32\BFLVLXEF.INI
C:\WINDOWS\SYSTEM32\DPOFJUSB.INI
C:\WINDOWS\SYSTEM32\ECJKARER.INI
C:\WINDOWS\SYSTEM32\LPWYKQRN.INI
C:\WINDOWS\SYSTEM32\MKOWSHLP.INI
C:\WINDOWS\SYSTEM32\OVYPVLGV.INI
C:\WINDOWS\SYSTEM32\OXSBPQGJ.INI
C:\WINDOWS\SYSTEM32\QDXLVQIL.INI
C:\WINDOWS\SYSTEM32\RJPOELBT.INI
C:\WINDOWS\SYSTEM32\SXFIEDIJ.INI
C:\WINDOWS\SYSTEM32\UHDEXCAA.INI
C:\WINDOWS\SYSTEM32\ATRGKLQP.INI
C:\WINDOWS\SYSTEM32\DGYHQJBK.INI
C:\WINDOWS\SYSTEM32\FRKAUDKV.INI
C:\WINDOWS\SYSTEM32\GPPDFDEW.INI
C:\WINDOWS\SYSTEM32\HWWLQBCJ.INI
C:\WINDOWS\SYSTEM32\ITOCXUXB.INI
C:\WINDOWS\SYSTEM32\OILBUTUM.INI
C:\WINDOWS\SYSTEM32\PFLKLGGX.INI
C:\WINDOWS\SYSTEM32\PXGQODFB.INI
C:\WINDOWS\SYSTEM32\QQEBNYJC.INI
C:\WINDOWS\SYSTEM32\REIFGXGW.INI


I typed Files:: and it should have been File::

Once you have corrected my typo,follow the procedure again and drag the corrected CFSript.txt on top of ComboFix.exe and allow the program to run again,this time it should remove all those files.


Any idea where this file came from,seems to have just recently appeared

2007-10-09 20:52 39 --ah----- C:\high.sys

Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingcomputer.com/forums/ind...showtutorial=62


Lemme know about that file and post the ComboFix log please.

#11 Devyn

Devyn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 12 October 2007 - 10:40 AM

I checked before I ran ComboFix and it said it was disabled. As for the high.sys file, I have no idea what it is or where it came from. Here is the new combofix log:

ComboFix 07-10-09.3 - Devyn 2007-10-12 9:34:50.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.104 [GMT -5:00]
Running from: C:\Documents and Settings\Devyn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Devyn\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\ATRGKLQP.INI
C:\WINDOWS\SYSTEM32\BFLVLXEF.INI
C:\WINDOWS\SYSTEM32\DBGHEL.0LL
C:\WINDOWS\SYSTEM32\DBGHEL.OLL
C:\WINDOWS\SYSTEM32\DGYHQJBK.INI
C:\WINDOWS\SYSTEM32\DPOFJUSB.INI
C:\WINDOWS\SYSTEM32\ECJKARER.INI
C:\WINDOWS\SYSTEM32\FRKAUDKV.INI
C:\WINDOWS\SYSTEM32\GPPDFDEW.INI
C:\WINDOWS\SYSTEM32\HWWLQBCJ.INI
C:\WINDOWS\SYSTEM32\ITOCXUXB.INI
C:\WINDOWS\SYSTEM32\LPWYKQRN.INI
C:\WINDOWS\SYSTEM32\MKOWSHLP.INI
C:\WINDOWS\SYSTEM32\OILBUTUM.INI
C:\WINDOWS\SYSTEM32\OVYPVLGV.INI
C:\WINDOWS\SYSTEM32\OXSBPQGJ.INI
C:\WINDOWS\SYSTEM32\PFLKLGGX.INI
C:\WINDOWS\SYSTEM32\PXGQODFB.INI
C:\WINDOWS\SYSTEM32\QDXLVQIL.INI
C:\WINDOWS\SYSTEM32\QQEBNYJC.INI
C:\WINDOWS\SYSTEM32\REIFGXGW.INI
C:\WINDOWS\SYSTEM32\RJPOELBT.INI
C:\WINDOWS\SYSTEM32\SXFIEDIJ.INI
C:\WINDOWS\SYSTEM32\UHDEXCAA.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\ATRGKLQP.INI
C:\WINDOWS\SYSTEM32\BFLVLXEF.INI
C:\WINDOWS\SYSTEM32\DGYHQJBK.INI
C:\WINDOWS\SYSTEM32\DPOFJUSB.INI
C:\WINDOWS\SYSTEM32\ECJKARER.INI
C:\WINDOWS\SYSTEM32\FRKAUDKV.INI
C:\WINDOWS\SYSTEM32\GPPDFDEW.INI
C:\WINDOWS\SYSTEM32\HWWLQBCJ.INI
C:\WINDOWS\SYSTEM32\ITOCXUXB.INI
C:\WINDOWS\SYSTEM32\LPWYKQRN.INI
C:\WINDOWS\SYSTEM32\MKOWSHLP.INI
C:\WINDOWS\SYSTEM32\OILBUTUM.INI
C:\WINDOWS\SYSTEM32\OVYPVLGV.INI
C:\WINDOWS\SYSTEM32\OXSBPQGJ.INI
C:\WINDOWS\SYSTEM32\PFLKLGGX.INI
C:\WINDOWS\SYSTEM32\PXGQODFB.INI
C:\WINDOWS\SYSTEM32\QDXLVQIL.INI
C:\WINDOWS\SYSTEM32\QQEBNYJC.INI
C:\WINDOWS\SYSTEM32\REIFGXGW.INI
C:\WINDOWS\SYSTEM32\RJPOELBT.INI
C:\WINDOWS\SYSTEM32\SXFIEDIJ.INI
C:\WINDOWS\SYSTEM32\UHDEXCAA.INI

.
((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-11 12:51 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-11 12:51 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-10 03:03 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\4D
2007-10-09 20:52 39 --ah----- C:\high.sys
2007-10-09 20:51 <DIR> d-------- C:\Program Files\BlueBox
2007-10-09 20:50 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-10-09 20:50 <DIR> d--h----- C:\Documents and Settings\Devyn\InstallAnywhere
2007-10-07 14:19 <DIR> d-------- C:\Documents and Settings\Devyn\.housecall6.6
2007-10-07 14:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-06 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-06 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-04 20:43 <DIR> d-------- C:\Documents and Settings\Devyn\Application Data\WinRAR
2007-09-18 14:39 <DIR> d-------- C:\Program Files\iTunes
2007-09-17 01:05 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-09-17 01:04 <DIR> d-------- C:\Program Files\Active WebCam
2007-09-17 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PY_Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 14:33 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Azureus
2007-10-12 02:00 --------- d-----w C:\Program Files\FlashGet
2007-10-11 05:39 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Orbit
2007-10-11 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-10 02:18 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-10-10 02:18 --------- d-----w C:\Program Files\Symantec
2007-10-10 02:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-10 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-08 22:05 --------- d--h--w C:\Documents and Settings\Devyn\Application Data\Move Networks
2007-10-08 00:52 --------- d-----w C:\Program Files\Windows Plus
2007-10-07 05:24 --------- d-----w C:\Program Files\iPod
2007-10-06 19:51 --------- d-----w C:\Program Files\Auto Mouse
2007-10-05 02:01 3,702 ----a-w C:\WINDOWS\system32\tmp.reg
2007-09-30 21:11 --------- d-----w C:\Program Files\Azureus
2007-09-29 02:57 --------- d-----w C:\Documents and Settings\Devyn\Application Data\Ruckus Network
2007-09-29 01:47 --------- d-----w C:\Program Files\Soulseek
2007-09-23 07:03 --------- d-----w C:\Program Files\anywebcam
2007-09-21 17:47 10 ----a-w C:\Program Files\.autoreg
2007-09-18 19:17 --------- d-----w C:\Program Files\Apple Software Update
2007-09-06 18:25 --------- d-----w C:\Program Files\mIRC
2007-08-29 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-29 06:11 --------- d-----w C:\Program Files\Yahoo!
2007-08-23 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-21 00:16 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-08-20 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-20 03:12 --------- d-----w C:\Program Files\3wPlayer
2007-08-18 21:03 --------- d-----w C:\Program Files\Viewpoint
2007-08-18 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-17 00:40 --------- d--h--w C:\Documents and Settings\Devyn\Application Data\ijjigame
2007-08-17 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-08-15 08:05 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-12 15:00 --------- d-----w C:\Program Files\StepMania
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-12 23:31 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
2006-09-17 22:19:16 104 -csh--r C:\WINDOWS\system32\C386C975D5.sys
2006-07-20 01:00:06 88 -csh--r C:\WINDOWS\system32\D575C986C3.sys
2006-09-17 22:19:16 7,518 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-09_19.41.10.74 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 53,248 2006-05-25 06:22:06 C:\WINDOWS\bdoscandel.exe
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-10 10:00:00 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-w 45,056 2007-10-11 17:51:15 C:\WINDOWS\BDOSCAN8\avxdisk.dll
----a-w 10,240 2007-10-11 17:51:15 C:\WINDOWS\BDOSCAN8\avxs.dll
----a-w 27,136 2007-10-11 17:51:15 C:\WINDOWS\BDOSCAN8\avxt.dll
----a-w 181,760 2007-10-11 17:51:18 C:\WINDOWS\BDOSCAN8\bdcore.dll
----a-w 118,784 2005-03-01 19:08:48 C:\WINDOWS\BDOSCAN8\bdupd.dll
----a-w 53,248 2005-03-01 19:08:52 C:\WINDOWS\BDOSCAN8\ipsupd.dll
----a-w 142,848 2007-10-11 17:51:19 C:\WINDOWS\BDOSCAN8\libfn.dll
----a-w 86,016 2007-10-11 17:51:16 C:\WINDOWS\BDOSCAN8\librtvr.dll
----a-w 118,784 2005-03-01 19:08:48 C:\WINDOWS\Downloaded Program Files\bdupd.dll
----a-w 500,120 2007-05-07 21:38:46 C:\WINDOWS\Downloaded Program Files\daas_s.dll
----a-w 192,920 2007-05-07 21:39:00 C:\WINDOWS\Downloaded Program Files\fsauc.dll
----a-w 254,360 2007-05-07 21:39:24 C:\WINDOWS\Downloaded Program Files\fscax.dll
----a-w 53,248 2005-03-01 19:08:52 C:\WINDOWS\Downloaded Program Files\ipsupd.dll
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 17:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 17:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-r 1,165,584 2007-10-11 00:58:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-10-11 00:58:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-10-11 00:58:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-10-11 00:58:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-10-11 00:58:23 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-10-11 00:58:22 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\system32\xpsp3res.dll
----atw 16,384 2007-10-11 05:38:46 C:\WINDOWS\Temp\Perflib_Perfdata_494.dat
.
----a-r 1,165,584 2007-09-19 08:02:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-09-19 08:02:41 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-09-19 08:02:41 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-09-19 08:02:41 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-09-19 08:02:40 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-09-19 08:02:41 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-09-19 08:02:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 17:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
----a-w 61,952 2006-10-17 17:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-10 10:00:00 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
----a-w 248,320 2007-03-09 11:28:00 C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD08616B-B846-444E-9CE7-70163FAC4A09}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af517806-f7aa-40ce-8362-5410bee476d8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4FA1C0D-FE64-4CA9-AA7F-FC236138C6EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8E54160-100E-470A-92A5-7F2A573A02FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 11:56]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-12 02:58]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 14:35 C:\WINDOWS\stsystra.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-27 16:19]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-07-28 20:56:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxvtt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhff]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbw32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartEnforcer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartEnforcer.lnk
backup=C:\WINDOWS\pss\SmartEnforcer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Devyn^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Devyn\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GM4IE]
C:\Program Files\GM4IE\GM4IE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
C:\WINDOWS\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\iugpygum.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"Sprint PCS v3 Utility Service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SavRoam"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"NBService"=3 (0x3)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Adobe LM Service"=3 (0x3)

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
R3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b45af00-97be-11db-936b-0016ce6a6674}]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9bb5c4a-e58a-11db-9396-0015c516e246}]
AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc90af61-b571-11db-9381-0016ce6a6674}]
AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 20:55:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 09:41:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 9:42:09
C:\ComboFix-quarantined-files.txt ... 2007-10-12 09:41
C:\ComboFix2.txt ... 2007-10-11 12:40
C:\ComboFix3.txt ... 2007-10-10 13:00
.
--- E O F ---

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 October 2007 - 12:05 PM

Copy the text in the code box to notepad and save it to the desktop.

Save as type:--> All File
Save it with the name fix.reg

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD08616B-B846-444E-9CE7-70163FAC4A09}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af517806-f7aa-40ce-8362-5410bee476d8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4FA1C0D-FE64-4CA9-AA7F-FC236138C6EC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8E54160-100E-470A-92A5-7F2A573A02FF}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxvtt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhff]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbw32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]


Once saved,double click to execute and when prompted allow it to merge into the registry.

Next go to C:\high.sys--> Right Click and Select Rename

Rename it to nothigh.sys.old

Restart the machine and scan fresh with HijackThis and post that log.

You said there were some 50 files in the MiniDump folder...correct?

#13 Devyn

Devyn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 12 October 2007 - 04:01 PM

Yes, there were exactly 50 .dmp files in the Minidump folder. The file names looks like this: Mini052506-01.dmp and go to Mini101007-01.dmp when I arrange by modified.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:12, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD08616B-B846-444E-9CE7-70163FAC4A09} - (no file)
O2 - BHO: (no name) - {af517806-f7aa-40ce-8362-5410bee476d8} - (no file)
O2 - BHO: (no name) - {B4FA1C0D-FE64-4CA9-AA7F-FC236138C6EC} - (no file)
O2 - BHO: (no name) - {D8E54160-100E-470A-92A5-7F2A573A02FF} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F2AD7EC-B98B-4D4D-BE1E-659B357342BA} (RDDragDrop.RDDragDropX) - http://reddot.uark.edu/cms/Controls/RDDragDrop.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161830349959
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9768 bytes

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 October 2007 - 02:27 AM

We will take care of those BHOs in a bit,with the minidumps--> Mini101007

That represents the date the dump file was created.

Can you grab one or two of the latest files created and upload them at the site below
http://www.uploadmalware.com

After upload those,can you go to safe mode and generate me a HijackThis log.

Post it when ready.

#15 Devyn

Devyn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 13 October 2007 - 02:39 AM

I submitted two files:
Mini101007-01.dmp
and
Mini100907-01.dmp

Here is the HijackThis log from Safe Mode:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:49 AM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD08616B-B846-444E-9CE7-70163FAC4A09} - (no file)
O2 - BHO: (no name) - {af517806-f7aa-40ce-8362-5410bee476d8} - (no file)
O2 - BHO: (no name) - {B4FA1C0D-FE64-4CA9-AA7F-FC236138C6EC} - (no file)
O2 - BHO: (no name) - {D8E54160-100E-470A-92A5-7F2A573A02FF} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8401] command /c del "C:\WINDOWS\system32\jkhff.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2671] cmd /c del "C:\WINDOWS\system32\jkhff.dll_tobedeleted"
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Orbit.lnk = ?
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F2AD7EC-B98B-4D4D-BE1E-659B357342BA} (RDDragDrop.RDDragDropX) - http://reddot.uark.edu/cms/Controls/RDDragDrop.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161830349959
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8055 bytes

Edited by Devyn, 13 October 2007 - 02:55 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users