Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ultimate Defender Won't Go Away!


  • This topic is locked This topic is locked
59 replies to this topic

#1 ace61502

ace61502

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Olive Branch, MS
  • Local time:03:24 PM

Posted 02 January 2008 - 06:48 PM

I keep getting something that looks "official" but lists things I supposedly need to do. I'll try to get a screen shot next time it pops up and post that. It started after I had something crash my system on Christmas Eve. I think after following the "before you post" guidelines I MAY have finally gotten rid of gebabxy, jkhhf, but they've come back so many times I hesitate to think they are really gone for good now. My computer is still running pretty pathetically, so I know something is still not right. And I don't like having all these antispyware programs that seem to always run. Seems it's overkill, and it can't be helping my computer run faster with all those running in the background. Once we get this thing cleaned up, can you also give me recommendations on what I can get rid of there, too?

I tried following the instructions in another thread to get rid of Ultimate Defender, but this is still going on. Is it not UD? I guess the screenshot will help determine that, huh? :thumbsup:

Oh, and I used to have a task bar icon for the Dell Wireless LAN card utility to manage my internet connection, and it's gone and I can't get it to come back. (I use it a lot to change networks) Every now and then my internet connection will seem to stop, even though the Windows monitor thing in the taskbar shows an active connection. When I go to the Dell Wireless WLAN card utility I get a message about the settings being unstable (or something to that effect) and it recommends I restart. Never had that happen before Christmas Eve.

My mouse settings in the control panel also says something about being unable to connect to the Synaptics Pointing Device Driver since this all happened, and I can't get the mousepad thingie on my laptop to scroll using the edges anymore. Very annoying.

Here's the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:48 PM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.trixietracker.com/site/michaelray
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.trixietracker.com/site/michaelray?child=1425
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [SOsmte3N1l] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O8 - Extra context menu item: Save Picture to Mobile Phone - C:\Program Files\Pix2Fone\p2fd.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Upload File - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O9 - Extra 'Tools' menuitem: Upload File to Mobile Phone - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5195 bytes




Thanks in advance!

Edited by ace61502, 02 January 2008 - 11:20 PM.


BC AdBot (Login to Remove)

 


#2 ace61502

ace61502
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Olive Branch, MS
  • Local time:03:24 PM

Posted 02 January 2008 - 07:06 PM

Got the screen shot. This is one of several messages it will give...


Attached File  drvmcrzy.jpg   13.27KB   25 downloads


ETA: gebabxy.dll and jkhhf.dll are back. :thumbsup: They are not showing up on my log, but still in the system32 folder. I've just realized when I was running HJT before I had renamed it crusty, a tip I had seen somewhere. I was also using an older version of HJT. I renamed the newer version and ran again, and they still aren't showing up. I'm confused!

Edited by ace61502, 02 January 2008 - 11:34 PM.


#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:24 PM

Posted 18 January 2008 - 10:37 PM

Hello ace61502 and welcome to the BC HijackThis forum. Let' see what else is hiding in there.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 ace61502

ace61502
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Olive Branch, MS
  • Local time:03:24 PM

Posted 18 January 2008 - 11:20 PM

Thanks, OldTimer! While that downloads, let me fill you in on some of the symptoms.

posXXX.tmp files. THOUSANDS of them. In the My Documents folder (I renamed it More Stuff, though) and in C:. Popups galore. Both of these started in the last few days, best I can tell. Superantispyware did nothing for either. HJT didn't work. AdAware didn't work. Haven't tried SpyBot. Will try your suggestion first. :D I deleted 1500 of them a few days ago, and another 3500 today (1500 in My Documents and 2000 in C). There are also a bunch of files named s74, s74.1, s74.4, etc., that were created around the same time as all of the pos temp files. They are located in the Windows\Temp folder. In the Local Settings\temp folder are a few icoXXX.tmp files from the same times. There were a few items added to the PreFetch folder as well. I have no idea what happened yesterday afternoon, but a LOT of stuff got scattered all over my HD.

Interesting note, there were 7 Hijack this backups yesterday afternoon at 3:55pm. Right in the middle of all this other mess. I don't remember running HJT once, much less 7 times? After the last obvious file added to my machine yesterday is a file named wbemess.lo_ located in Windows\system32\wbem\Logs. It possibly began at 3:26 with this file I_VIEW32.EXE-24361997.pf in the Prefetch folder, or maybe RUNDLL32.EXE-679EB022.pf at 3:37. From 3:37 until 4:03pm there were 3,564 files added or modified. YIKES!

gebabxy.dll is gone. I guess that was Ultimate Defender? jkhhf.dll and jkhhf.exe are both still in the system32 folder. They won't go away.

Every few days I get two new icons on my desktop that can't be simply deleted. They come back. I've been doing a system restore to get rid of them knowing they'll be back. One of the icons resembles the Windows security icon, but it's a weblink to storageprotector.com. (The properties option on the right click menu has become my best friend lately)

That's all I can think of at the moment. There is probably more than that going on, but I'll let you see what you can find. The file has finished downloading, so I'll be back soon as it's done. :D

Edited by ace61502, 18 January 2008 - 11:31 PM.


#5 ace61502

ace61502
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Olive Branch, MS
  • Local time:03:24 PM

Posted 18 January 2008 - 11:32 PM

Wow! That scan was FAST! Here's the log:

WinPFind35 logfile created on: 1/18/2008 10:26:57 PM
WinPFind35U Version Beta23 Folder = C:\Documents and Settings\Amanda Elliott\Desktop\Antivirus\Per Old Timer\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

503.37 Mb Total Physical Memory | 227.83 Mb Available Physical Memory | 45.26% Memory free
1.20 Gb Paging File | 0.77 Gb Available in Paging File | 64.23% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 12.98 Gb Free Space | 37.93% Space Free | Partition Type: NTFS
Drive D: | 309.87 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: RALPH
Current User Name: Amanda Elliott
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 3/16/2007 6:10:54 PM | Attr = ]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1253376 bytes | Modified Date = 3/16/2007 6:10:52 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 4:37:09 AM | Attr = ]
lexpps.exe -> %System32%\lexpps.exe -> Lexmark International, Inc. [Ver = 8.29 | Size = 502272 bytes | Modified Date = 1/5/2008 7:54:19 AM | Attr = ]
lexpps .exe -> %System32%\LEXPPS .EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 1/18/2008 6:34:13 PM | Attr = ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 6:50:35 AM | Attr = R ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 6/9/2005 8:53:18 AM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 513536 bytes | Modified Date = 1/18/2008 6:34:07 PM | Attr = ]
wltray.exe -> %System32%\WLTRAY.exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 2080256 bytes | Modified Date = 1/18/2008 6:34:08 PM | Attr = ]
realsched .exe -> %CommonProgramFiles%\Real\Update_OB\realsched .exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 1/18/2008 6:34:36 PM | Attr = ]
wltray .exe -> %System32%\WLTRAY .exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Modified Date = 1/18/2008 6:34:39 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\Antivirus\Per Old Timer\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 300032 bytes | Modified Date = 1/17/2008 12:16:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 6:50:35 AM | Attr = R ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 4:37:09 AM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 6/9/2005 8:53:18 AM | Attr = ]
(PcCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\PcCtlCom.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1019 | Size = 880722 bytes | Modified Date = 9/4/2006 8:54:44 PM | Attr = ]
(Tmntsrv) Trend Micro Real-time Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\Tmntsrv.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 290889 bytes | Modified Date = 8/30/2005 4:30:32 PM | Attr = ]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\TmPfw.exe -> Trend Micro Inc. [Ver = 2.0.0.1135 | Size = 585792 bytes | Modified Date = 8/30/2005 4:30:34 PM | Attr = ]
(tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\tmproxy.exe -> Trend Micro Inc. [Ver = 1.0.0.1135 | Size = 262215 bytes | Modified Date = 8/30/2005 4:30:34 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 AM | Attr = ]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %System32%\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr = ]
(APPDRV) APPDRV [Kernel | System | Running] -> %System32%\drivers\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 8/3/2005 10:44:16 AM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 1:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 1:51:58 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 4.100.15.5 | Size = 604928 bytes | Modified Date = 3/16/2007 6:10:56 PM | Attr = ]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.37.0.0 built by: WinDDK | Size = 45312 bytes | Modified Date = 8/5/2005 3:32:16 AM | Attr = R ]
(CdaD10BA) CdaD10BA [Kernel | Auto | Running] -> %System32%\drivers\CdaD10BA.SYS -> Macrovision Europe Ltd [Ver = 3.17.000 | Size = 12464 bytes | Modified Date = 6/3/2006 6:25:30 PM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 1:51:54 PM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 1:52:16 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.03a | Size = 87488 bytes | Modified Date = 12/1/2004 3:22:00 AM | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.43a | Size = 40480 bytes | Modified Date = 11/23/2004 2:56:00 AM | Attr = ]
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 3:07:28 PM | Attr = ]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %System32%\drivers\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 11:10:48 AM | Attr = S]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 12:12:10 PM | Attr = ]
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %System32%\drivers\Entech.sys -> EnTech Taiwan [Ver = 1.0 | Size = 21664 bytes | Modified Date = 10/25/2004 8:02:00 PM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 12:21:04 AM | Attr = ]
(grmn0200) grmn0200.Sys Garmin USB DCP driver (install) [Kernel | On_Demand | Stopped] -> %System32%\drivers\grmn0200.sys -> GARMIN Corp. [Ver = 2.06 | Size = 16777 bytes | Modified Date = 2/14/2003 10:58:46 AM | Attr = ]
(grmn1200) grmn0200.Sys Garmin USB DCP driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\grmn1200.sys -> GARMIN Corp. [Ver = 2.01 | Size = 12905 bytes | Modified Date = 9/10/2002 8:49:28 AM | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows ® Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 8/12/2004 5:45:54 PM | Attr = ]
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 201600 bytes | Modified Date = 7/22/2005 3:01:08 AM | Attr = ]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 1035008 bytes | Modified Date = 7/22/2005 3:02:12 AM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4410 | Size = 1302812 bytes | Modified Date = 10/14/2005 9:15:18 PM | Attr = ]
(km_filter) km_filter [Kernel | On_Demand | Running] -> %System32%\drivers\km_filter.sys -> NetRatings, Inc. [Ver = 5.0.0.11r | Size = 8832 bytes | Modified Date = 6/8/2007 8:47:40 AM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 3:04:14 AM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr = ]
(nnrnstdi) nnrnstdi [Kernel | System | Running] -> %System32%\drivers\nnrnstdi.sys -> NetRatings, Inc. [Ver = 5.0.0.11r | Size = 13312 bytes | Modified Date = 6/8/2007 8:47:16 AM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 10:29:56 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 4/25/2005 2:03:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 1:52:18 PM | Attr = ]
(SABProcEnum) SABProcEnum [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Internet Explorer\SABProcEnum.sys -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ]
(SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr = ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 11:29:04 AM | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 11:28:50 AM | Attr = ]
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %System32%\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4717.0 nd286 cp1 | Size = 1032472 bytes | Modified Date = 9/9/2005 11:15:32 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 191936 bytes | Modified Date = 11/29/2005 4:36:56 AM | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25883 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86586 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15227 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/2/2008 12:03:21 PM | Attr = ]
(Tmfilter) Tmfilter [Kernel | Auto | Running] -> %System32%\drivers\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.550.0.1001 | Size = 202768 bytes | Modified Date = 9/17/2007 2:40:48 PM | Attr = ]
(Tmpreflt) Tmpreflt [Kernel | Auto | Running] -> %System32%\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.550.0.1001 | Size = 35856 bytes | Modified Date = 9/17/2007 2:40:44 PM | Attr = ]
(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> %System32%\drivers\tmtdi.sys -> Trend Micro Inc. [Ver = 2.0.0.1135 | Size = 38528 bytes | Modified Date = 8/30/2005 4:30:38 PM | Attr = ]
(tm_cfw) Common Firewall Driver [Kernel | Auto | Running] -> %System32%\drivers\TM_CFW.sys -> Trend Micro Inc. [Ver = 2.0.0.1135 | Size = 1884585 bytes | Modified Date = 8/30/2005 4:30:38 PM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr = ]
(Vsapint) Vsapint [Kernel | Auto | Running] -> %System32%\drivers\VsapiNT.sys -> Trend Micro Inc. [Ver = 8.550-1001 | Size = 1126072 bytes | Modified Date = 9/17/2007 2:31:22 PM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %System32%\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 717952 bytes | Modified Date = 7/22/2005 3:01:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
58c6165b -> %System32%\vjkbfeuv.dll -> [Ver = | Size = 86592 bytes | Modified Date = 1/17/2008 7:32:19 PM | Attr = ]
Broadcom Wireless Manager UI -> %System32%\WLTRAY.exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 2080256 bytes | Modified Date = 1/18/2008 6:34:08 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask .exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 1/18/2008 6:34:38 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 513536 bytes | Modified Date = 1/18/2008 6:34:07 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> File not found
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather .exe -> AWS Convergence Technologies, Inc. [Ver = 6, 6, 0, 0 | Size = 1343488 bytes | Modified Date = 1/18/2008 6:34:43 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YAHOOM~1 .EXE -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 1/18/2008 6:38:19 PM | Attr = ]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\jkhhf.exe -> %System32%\jkhhf.exe -> [Ver = | Size = 326656 bytes | Modified Date = 1/18/2008 6:34:09 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/10/2004 1:04:12 PM | Attr = HS]
< Amanda Elliott Startup Folder > -> C:\Documents and Settings\Amanda Elliott\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/10/2004 1:04:12 PM | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.trixietracker.com/site/michaelray?child=1425 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://go.trixietracker.com/site/michaelray ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4140 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4139 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0BBC3686-5E88-4B81-B2A1-710DC6CD9854} [HKEY_LOCAL_MACHINE] -> %System32%\jkhhf.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 323072 bytes | Modified Date = 1/6/2008 1:31:02 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{c37e9749-e20b-469e-b2fa-1b39abe683f9} [HKEY_LOCAL_MACHINE] -> %System32%\uaobmyud.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 76352 bytes | Modified Date = 1/17/2008 7:29:26 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{E19E589B-749F-4641-9ED3-032DEB7A8D92} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{E92BEFBA-E79D-4F41-9733-68DA49C4492B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{A2F93841-DEAB-0392-4958-BA333CF05732} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{4CFF62BF-CA2B-4383-B4DB-2080FE6612E2} -> (Broadcom 440x 10/100 Integrated Controller) ->
{FF6DFFB2-6173-4511-AB8A-D5152A4AA47C} -> (Dell Wireless 1470 Dual Band WLAN Mini-PCI Card) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{149E45D8-163E-4189-86FC-45022AB2B6C9}[HKEY_LOCAL_MACHINE] -> file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx[SpinTop DRM Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shock...director/sw.cab[Shockwave ActiveX Control] ->
{3334504D-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB[Reg Error: Key does not exist or could not be opened.] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}[HKEY_LOCAL_MACHINE] -> http://www.superadblocker.com/activex/sabspx.cab[SABScanProcesses Class] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_03] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CC450D71-CC90-424C-8638-1F2DBAC87A54}[HKEY_LOCAL_MACHINE] -> file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx[ArmHelper Control] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
C:\WINDOWS\system32\jkhhf -> %System32%\jkhhf.exe -> [Ver = | Size = 326656 bytes | Modified Date = 1/18/2008 6:34:09 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 10:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 676 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 66180 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\msotheof.exe -> C:\WINDOWS\system32\mso ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 10:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 10/10/2007 5:55:59 PM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
Ś -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->


[Files/Folders - Created Within 30 days]
ioSpecial.ini -> %SystemDrive%\ioSpecial.ini -> [Ver = | Size = 125 bytes | Created Date = 12/24/2007 10:53:26 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 1/5/2008 12:34:50 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 12/24/2007 1:17:44 PM | Attr = ]
SDTHOOK.SYS -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Created Date = 1/2/2008 1:37:00 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/2/2008 12:05:21 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 12/31/2007 11:06:48 AM | Attr = ]
aeiucfja.dll -> %System32%\aeiucfja.dll -> [Ver = | Size = 75840 bytes | Created Date = 1/7/2008 2:32:46 AM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 12/31/2007 11:07:26 AM | Attr = ]
bwvmiwvf.dllbox -> %System32%\bwvmiwvf.dllbox -> [Ver = | Size = 27456 bytes | Created Date = 1/17/2008 3:37:10 PM | Attr = HS]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
fhhkj.ini -> %System32%\fhhkj.ini -> [Ver = | Size = 24714 bytes | Created Date = 1/6/2008 1:32:07 PM | Attr = HS]
fhhkj.ini2 -> %System32%\fhhkj.ini2 -> [Ver = | Size = 24714 bytes | Created Date = 1/6/2008 1:34:13 PM | Attr = HS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 12/31/2007 11:06:58 AM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Created Date = 12/24/2007 10:32:39 AM | Attr = ]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Created Date = 12/24/2007 10:32:59 AM | Attr = ]
igfxtray .exe -> %System32%\igfxtray .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Created Date = 12/24/2007 10:32:39 AM | Attr = ]
jkhhf.dll -> %System32%\jkhhf.dll -> [Ver = | Size = 323072 bytes | Created Date = 1/6/2008 12:56:17 PM | Attr = ]
jkhhf.exe -> %System32%\jkhhf.exe -> [Ver = | Size = 326656 bytes | Created Date = 1/6/2008 1:31:14 PM | Attr = ]
jljmztox.dllbox -> %System32%\jljmztox.dllbox -> [Ver = | Size = 28566 bytes | Created Date = 1/14/2008 12:32:55 AM | Attr = HS]
LEXPPS .EXE -> %System32%\LEXPPS .EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Created Date = 1/6/2008 12:56:17 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 12/31/2007 11:06:57 AM | Attr = ]
PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 2576 bytes | Created Date = 1/17/2008 7:16:53 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
RCX14.tmp -> %System32%\RCX14.tmp -> [Ver = | Size = 326656 bytes | Created Date = 1/11/2008 8:44:28 PM | Attr = ]
RCX15.tmp -> %System32%\RCX15.tmp -> [Ver = | Size = 326656 bytes | Created Date = 1/12/2008 4:23:56 AM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 12/25/2007 5:03:13 AM | Attr = R ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 25600 bytes | Created Date = 12/28/2007 7:11:12 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 1230 bytes | Created Date = 12/31/2007 10:40:54 AM | Attr = ]
uaobmyud.dll -> %System32%\uaobmyud.dll -> [Ver = | Size = 76352 bytes | Created Date = 1/17/2008 7:29:26 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 12/31/2007 11:06:58 AM | Attr = ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 1/5/2008 12:34:38 PM | Attr = ]
vjkbfeuv.dll -> %System32%\vjkbfeuv.dll -> [Ver = | Size = 86592 bytes | Created Date = 1/17/2008 7:32:18 PM | Attr = ]
vuefbkjv.ini -> %System32%\vuefbkjv.ini -> [Ver = | Size = 1075702 bytes | Created Date = 1/17/2008 7:32:30 PM | Attr = HS]
WLTRAY .exe -> %System32%\WLTRAY .exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Created Date = 1/18/2008 1:42:56 PM | Attr = ]
WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
ydcamqnh.ini -> %System32%\ydcamqnh.ini -> [Ver = | Size = 354 bytes | Created Date = 12/30/2007 4:15:33 AM | Attr = HS]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 12/31/2007 11:07:26 AM | Attr = ]
BBSTORE -> %SystemRoot%\BBSTORE -> [Folder | Created Date = 12/29/2007 12:54:38 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/2/2008 2:57:08 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 1/6/2008 12:53:27 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/5/2008 12:34:39 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 12/28/2007 5:45:06 PM | Attr = ]
SETUP32.INI -> %SystemRoot%\SETUP32.INI -> [Ver = | Size = 0 bytes | Created Date = 12/29/2007 12:52:36 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 1/6/2008 1:36:03 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 1/2/2008 12:28:06 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 12/28/2007 10:25:10 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 12/24/2007 1:34:28 PM | Attr = ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Created Date = 12/28/2007 5:38:07 PM | Attr = ]
SpinTop -> %UserAppData%\SpinTop -> [Folder | Created Date = 12/24/2007 4:42:54 AM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 12/24/2007 1:32:46 PM | Attr = ]
TrojanHunter -> %UserAppData%\TrojanHunter -> [Folder | Created Date = 12/25/2007 8:23:02 AM | Attr = ]
Oberon Games -> %LocalAppData%\Oberon Games -> [Folder | Created Date = 1/5/2008 1:15:37 AM | Attr = ]
The Learning Company -> %UserDocuments%\The Learning Company -> [Folder | Created Date = 12/29/2007 1:00:01 PM | Attr = ]
AmandaCurls.jpg -> %UserDesktop%\AmandaCurls.jpg -> [Ver = | Size = 9431 bytes | Created Date = 1/8/2008 10:32:49 PM | Attr = ]
Antivirus -> %UserDesktop%\Antivirus -> [Folder | Created Date = 12/25/2007 1:17:20 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 1/2/2008 2:02:41 PM | Attr = ]
Mexico.doc -> %UserDesktop%\Mexico.doc -> [Ver = | Size = 19968 bytes | Created Date = 1/14/2008 6:59:17 PM | Attr = ]
Mexico2.doc -> %UserDesktop%\Mexico2.doc -> [Ver = | Size = 252416 bytes | Created Date = 1/17/2008 9:09:59 PM | Attr = ]
MS%20Error%20done.jpg -> %UserDesktop%\MS%20Error%20done.jpg -> [Ver = | Size = 6002 bytes | Created Date = 1/14/2008 1:20:47 AM | Attr = ]
telemetry.doc -> %UserDesktop%\telemetry.doc -> [Ver = | Size = 19968 bytes | Created Date = 1/16/2008 4:43:12 PM | Attr = ]
SWF Studio -> %CommonProgramFiles%\SWF Studio -> [Folder | Created Date = 12/23/2007 2:46:51 AM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Created Date = 12/28/2007 5:38:07 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 12/24/2007 1:23:42 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
11dec1db0dfeb71c8a8f -> %SystemDrive%\11dec1db0dfeb71c8a8f -> [Folder | Modified Date = 1/2/2008 1:34:09 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/28/2007 7:28:19 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/2/2008 12:29:02 AM | Attr = ]
ioSpecial.ini -> %SystemDrive%\ioSpecial.ini -> [Ver = | Size = 125 bytes | Modified Date = 1/5/2008 8:23:05 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/18/2008 5:39:46 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 1/6/2008 1:35:51 PM | Attr = ]
Shop -> %SystemDrive%\Shop -> [Folder | Modified Date = 12/28/2007 6:42:43 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/5/2008 12:33:00 PM | Attr = HS]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 86133 bytes | Modified Date = 1/17/2008 6:21:35 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 1/2/2008 3:57:43 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/18/2008 6:34:34 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/6/2008 1:30:56 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 1/6/2008 1:30:56 PM | Attr = ]
hosts.20071228-142425.backup -> %System32%\drivers\etc\hosts.20071228-142425.backup -> [Ver = | Size = 114 bytes | Modified Date = 12/28/2007 11:30:33 AM | Attr = R ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/2/2008 12:03:21 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 1/1/2008 9:52:51 PM | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 1/1/2008 9:52:51 PM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/2/2008 2:45:36 PM | Attr = ]
aeiucfja.dll -> %System32%\aeiucfja.dll -> [Ver = | Size = 75840 bytes | Modified Date = 1/7/2008 2:32:47 AM | Attr = ]
bwvmiwvf.dllbox -> %System32%\bwvmiwvf.dllbox -> [Ver = | Size = 27456 bytes | Modified Date = 1/17/2008 4:03:30 PM | Attr = HS]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/17/2008 5:28:27 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/18/2008 4:48:06 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 1/17/2008 4:06:26 PM | Attr = ]
dla -> %System32%\dla -> [Folder | Modified Date = 12/25/2007 8:22:14 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/14/2008 3:40:12 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/17/2008 7:15:36 PM | Attr = ]
fhhkj.ini -> %System32%\fhhkj.ini -> [Ver = | Size = 24714 bytes | Modified Date = 1/18/2008 10:27:17 PM | Attr = HS]
fhhkj.ini2 -> %System32%\fhhkj.ini2 -> [Ver = | Size = 24714 bytes | Modified Date = 1/18/2008 10:27:08 PM | Attr = HS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/2/2008 1:25:37 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 12/24/2007 10:32:39 AM | Attr = ]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Modified Date = 12/20/2007 11:11:52 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 12/24/2007 10:32:59 AM | Attr = ]
igfxtray .exe -> %System32%\igfxtray .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 12/24/2007 10:32:39 AM | Attr = ]
jkhhf.dll -> %System32%\jkhhf.dll -> [Ver = | Size = 323072 bytes | Modified Date = 1/6/2008 1:31:02 PM | Attr = ]
jkhhf.exe -> %System32%\jkhhf.exe -> [Ver = | Size = 326656 bytes | Modified Date = 1/18/2008 6:34:09 PM | Attr = ]
jljmztox.dllbox -> %System32%\jljmztox.dllbox -> [Ver = | Size = 28566 bytes | Modified Date = 1/14/2008 12:46:45 AM | Attr = HS]
LEXPPS .EXE -> %System32%\LEXPPS .EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 1/18/2008 6:34:13 PM | Attr = ]
lexpps.exe -> %System32%\lexpps.exe -> Lexmark International, Inc. [Ver = 8.29 | Size = 502272 bytes | Modified Date = 1/5/2008 7:54:19 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/2/2008 1:25:37 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 55200 bytes | Modified Date = 1/17/2008 7:16:53 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 386040 bytes | Modified Date = 1/17/2008 7:16:53 PM | Attr = ]
PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 2576 bytes | Modified Date = 1/17/2008 7:16:53 PM | Attr = ]
RCX14.tmp -> %System32%\RCX14.tmp -> [Ver = | Size = 326656 bytes | Modified Date = 1/11/2008 8:44:28 PM | Attr = ]
RCX15.tmp -> %System32%\RCX15.tmp -> [Ver = | Size = 326656 bytes | Modified Date = 1/12/2008 4:23:56 AM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 1/17/2008 7:15:36 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/5/2008 12:33:00 PM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 12/25/2007 5:03:51 AM | Attr = R ]
Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 25600 bytes | Modified Date = 1/18/2008 7:10:41 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 1230 bytes | Modified Date = 12/31/2007 10:40:55 AM | Attr = ]
uaobmyud.dll -> %System32%\uaobmyud.dll -> [Ver = | Size = 76352 bytes | Modified Date = 1/17/2008 7:29:26 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/2/2008 1:25:37 PM | Attr = ]
vjkbfeuv.dll -> %System32%\vjkbfeuv.dll -> [Ver = | Size = 86592 bytes | Modified Date = 1/17/2008 7:32:19 PM | Attr = ]
vuefbkjv.ini -> %System32%\vuefbkjv.ini -> [Ver = | Size = 1075702 bytes | Modified Date = 1/17/2008 7:32:32 PM | Attr = HS]
wbem -> %System32%\wbem -> [Folder | Modified Date = 1/17/2008 4:06:02 PM | Attr = ]
WLTRAY .exe -> %System32%\WLTRAY .exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Modified Date = 1/18/2008 6:34:39 PM | Attr = ]
WLTRAY.exe -> %System32%\WLTRAY.exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 2080256 bytes | Modified Date = 1/18/2008 6:34:08 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/17/2008 4:07:42 PM | Attr = ]
ydcamqnh.ini -> %System32%\ydcamqnh.ini -> [Ver = | Size = 354 bytes | Modified Date = 12/30/2007 8:44:32 AM | Attr = HS]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 9:36:16 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 1/2/2008 2:39:26 PM | Attr = ]
BBSTORE -> %SystemRoot%\BBSTORE -> [Folder | Modified Date = 12/29/2007 12:54:38 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/2/2008 4:18:50 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/18/2008 6:33:51 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/17/2008 3:55:13 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 1/6/2008 12:53:27 PM | Attr = ]
EReg072.dat -> %SystemRoot%\EReg072.dat -> [Ver = | Size = 487 bytes | Modified Date = 12/21/2007 8:44:05 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/18/2008 2:38:23 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4696 bytes | Modified Date = 1/16/2008 2:05:59 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/17/2008 7:15:44 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/2/2008 12:29:04 AM | Attr = HS]
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 691 bytes | Modified Date = 1/17/2008 9:10:48 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/12/2008 12:02:55 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/18/2008 9:42:28 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 12/28/2007 5:45:06 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/17/2008 4:06:02 PM | Attr = ]
SETUP32.INI -> %SystemRoot%\SETUP32.INI -> [Ver = | Size = 0 bytes | Modified Date = 12/29/2007 12:52:36 PM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 12/28/2007 7:11:01 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 1/2/2008 2:45:29 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 243 bytes | Modified Date = 1/6/2008 1:31:05 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/18/2008 6:34:09 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/14/2008 1:08:39 AM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 1/18/2008 7:26:41 PM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 13312 bytes | Modified Date = 1/18/2008 8:17:14 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 12/28/2007 7:11:53 PM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 688 bytes | Modified Date = 1/17/2008 6:21:31 PM | Attr = ]
wt -> %SystemRoot%\wt -> [Folder | Modified Date = 12/26/2007 12:17:26 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/18/2008 6:34:13 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
GameHouse -> %AllUsersAppData%\GameHouse -> [Folder | Modified Date = 12/24/2007 11:24:41 AM | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 1/2/2008 12:28:06 AM | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 1/10/2008 10:10:50 AM | Attr = S]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 12/28/2007 10:27:16 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 12/24/2007 1:34:28 PM | Attr = ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Modified Date = 12/28/2007 5:38:07 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 1/16/2008 1:36:24 AM | Attr = ]
@Alternate Data Stream - 107 bytes -> %AllUsersAppData%\TEMP:13AA281B
@Alternate Data Stream - 117 bytes -> %AllUsersAppData%\TEMP:1FBE3CEB
@Alternate Data Stream - 109 bytes -> %AllUsersAppData%\TEMP:331B76C7
@Alternate Data Stream - 205 bytes -> %AllUsersAppData%\TEMP:4673E9EA
@Alternate Data Stream - 95 bytes -> %AllUsersAppData%\TEMP:5B3A4EC2
@Alternate Data Stream - 117 bytes -> %AllUsersAppData%\TEMP:6114B257
@Alternate Data Stream - 192 bytes -> %AllUsersAppData%\TEMP:78E0DF72
@Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:90D89144
@Alternate Data Stream - 101 bytes -> %AllUsersAppData%\TEMP:94D41096
@Alternate Data Stream - 206 bytes -> %AllUsersAppData%\TEMP:D31BE97C
@Alternate Data Stream - 204 bytes -> %AllUsersAppData%\TEMP:E412AAF2
Lavasoft -> %UserAppData%\Lavasoft -> [Folder | Modified Date = 1/2/2008 12:14:50 AM | Attr = ]
SpinTop -> %UserAppData%\SpinTop -> [Folder | Modified Date = 12/24/2007 4:42:54 AM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 12/24/2007 1:32:46 PM | Attr = ]
TrojanHunter -> %UserAppData%\TrojanHunter -> [Folder | Modified Date = 12/25/2007 8:23:02 AM | Attr = ]
WeatherBug -> %UserAppData%\WeatherBug -> [Folder | Modified Date = 1/11/2008 8:45:02 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 187904 bytes | Modified Date = 1/14/2008 1:43:49 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1574416 bytes | Modified Date = 1/9/2008 8:58:33 PM | Attr = H ]
Oberon Games -> %LocalAppData%\Oberon Games -> [Folder | Modified Date = 1/8/2008 1:01:54 AM | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 12/31/2007 12:50:56 PM | Attr = R ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 12/31/2007 12:52:28 PM | Attr = R ]
School -> %UserDocuments%\School -> [Folder | Modified Date = 12/31/2007 12:53:25 PM | Attr = ]
The Learning Company -> %UserDocuments%\The Learning Company -> [Folder | Modified Date = 12/29/2007 1:00:01 PM | Attr = ]
AmandaCurls.jpg -> %UserDesktop%\AmandaCurls.jpg -> [Ver = | Size = 9431 bytes | Modified Date = 1/8/2008 10:32:49 PM | Attr = ]
Antivirus -> %UserDesktop%\Antivirus -> [Folder | Modified Date = 1/18/2008 9:58:02 PM | Attr = ]
For sale -> %UserDesktop%\For sale -> [Folder | Modified Date = 1/5/2008 10:03:40 AM | Attr = ]
Greg watch -> %UserDesktop%\Greg watch -> [Folder | Modified Date = 1/12/2008 6:25:39 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 1/2/2008 2:02:41 PM | Attr = ]
Mexico.doc -> %UserDesktop%\Mexico.doc -> [Ver = | Size = 19968 bytes | Modified Date = 1/17/2008 7:34:16 PM | Attr = ]
Mexico2.doc -> %UserDesktop%\Mexico2.doc -> [Ver = | Size = 252416 bytes | Modified Date = 1/17/2008 9:09:59 PM | Attr = ]
MS%20Error%20done.jpg -> %UserDesktop%\MS%20Error%20done.jpg -> [Ver = | Size = 6002 bytes | Modified Date = 1/14/2008 1:20:47 AM | Attr = ]
Stuff -> %UserDesktop%\Stuff -> [Folder | Modified Date = 1/8/2008 10:32:00 PM | Attr = ]
telemetry.doc -> %UserDesktop%\telemetry.doc -> [Ver = | Size = 19968 bytes | Modified Date = 1/17/2008 6:03:08 PM | Attr = ]
Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 125952 bytes | Modified Date = 1/17/2008 9:06:56 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable
AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 12/23/2007 6:59:00 PM | Attr = ]
Services -> %CommonProgramFiles%\Services -> [Folder | Modified Date = 12/28/2007 6:38:25 PM | Attr = ]
SWF Studio -> %CommonProgramFiles%\SWF Studio -> [Folder | Modified Date = 12/23/2007 2:46:51 AM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 12/28/2007 5:42:13 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/2/2008 12:27:01 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5002 bytes | Modified Date = 1/14/2008 12:55:59 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 1/14/2008 12:55:59 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 3/2/2006 12:06:29 PM | Attr = ]
Perflib_Perfdata_f3c.dat -> C:\Documents and Settings\Amanda Elliott\Local Settings\Temp\Perflib_Perfdata_f3c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/12/2008 10:16:12 AM | Attr = ]

< End of report >

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:24 PM

Posted 19 January 2008 - 06:27 AM

Hi ace61502. Let's see if we can clean some of this up. Please print these directions and then follow the steps below in order.

Step #1

Open Notepad and copy/paste the text in the codebox below into the new document:

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> 58c6165b -> %System32%\vjkbfeuv.dll
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system32\jkhhf.exe -> %System32%\jkhhf.exe
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> objects_aol.com [*] -> Out of zone range - ( 5 )
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {0BBC3686-5E88-4B81-B2A1-710DC6CD9854} [HKEY_LOCAL_MACHINE] -> %System32%\jkhhf.dll [Reg Error: Value does not exist or could not be read.]
YY -> {c37e9749-e20b-469e-b2fa-1b39abe683f9} [HKEY_LOCAL_MACHINE] -> %System32%\uaobmyud.dll [Reg Error: Value does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{E19E589B-749F-4641-9ED3-032DEB7A8D92} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{E92BEFBA-E79D-4F41-9733-68DA49C4492B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.]
YN -> CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{A2F93841-DEAB-0392-4958-BA333CF05732} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\jkhhf -> %System32%\jkhhf.exe
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\msotheof.exe -> C:\WINDOWS\system32\mso
[Files/Folders - Created Within 30 days]
NY -> bwvmiwvf.dllbox -> %System32%\bwvmiwvf.dllbox
NY -> fhhkj.ini -> %System32%\fhhkj.ini
NY -> fhhkj.ini2 -> %System32%\fhhkj.ini2
NY -> jkhhf.dll -> %System32%\jkhhf.dll
NY -> jkhhf.exe -> %System32%\jkhhf.exe
NY -> jljmztox.dllbox -> %System32%\jljmztox.dllbox
NY -> RCX14.tmp -> %System32%\RCX14.tmp
NY -> RCX15.tmp -> %System32%\RCX15.tmp
NY -> tmp.reg -> %System32%\tmp.reg
NY -> uaobmyud.dll -> %System32%\uaobmyud.dll
NY -> vjkbfeuv.dll -> %System32%\vjkbfeuv.dll
NY -> vuefbkjv.ini -> %System32%\vuefbkjv.ini
NY -> WS2Fix.exe -> %System32%\WS2Fix.exe
NY -> ydcamqnh.ini -> %System32%\ydcamqnh.ini
[Files/Folders - Modified Within 30 days]
NY -> 11dec1db0dfeb71c8a8f -> %SystemDrive%\11dec1db0dfeb71c8a8f
NY -> aeiucfja.dll -> %System32%\aeiucfja.dll
NY -> bwvmiwvf.dllbox -> %System32%\bwvmiwvf.dllbox
NY -> fhhkj.ini -> %System32%\fhhkj.ini
NY -> fhhkj.ini2 -> %System32%\fhhkj.ini2
NY -> jkhhf.dll -> %System32%\jkhhf.dll
NY -> jkhhf.exe -> %System32%\jkhhf.exe
NY -> jljmztox.dllbox -> %System32%\jljmztox.dllbox
NY -> RCX14.tmp -> %System32%\RCX14.tmp
NY -> RCX15.tmp -> %System32%\RCX15.tmp
NY -> uaobmyud.dll -> %System32%\uaobmyud.dll
NY -> vjkbfeuv.dll -> %System32%\vjkbfeuv.dll
NY -> vuefbkjv.ini -> %System32%\vuefbkjv.ini
NY -> ydcamqnh.ini -> %System32%\ydcamqnh.ini
NY -> EReg072.dat -> %SystemRoot%\EReg072.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 107 bytes -> %AllUsersAppData%\TEMP:13AA281B
NY -> @Alternate Data Stream - 117 bytes -> %AllUsersAppData%\TEMP:1FBE3CEB
NY -> @Alternate Data Stream - 109 bytes -> %AllUsersAppData%\TEMP:331B76C7
NY -> @Alternate Data Stream - 205 bytes -> %AllUsersAppData%\TEMP:4673E9EA
NY -> @Alternate Data Stream - 95 bytes -> %AllUsersAppData%\TEMP:5B3A4EC2
NY -> @Alternate Data Stream - 117 bytes -> %AllUsersAppData%\TEMP:6114B257
NY -> @Alternate Data Stream - 192 bytes -> %AllUsersAppData%\TEMP:78E0DF72
NY -> @Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:90D89144
NY -> @Alternate Data Stream - 101 bytes -> %AllUsersAppData%\TEMP:94D41096
NY -> @Alternate Data Stream - 206 bytes -> %AllUsersAppData%\TEMP:D31BE97C
NY -> @Alternate Data Stream - 204 bytes -> %AllUsersAppData%\TEMP:E412AAF2
[Empty Temp Folders]
[Reboot]

Save the document to your desktop as wpf35.txt and close Notepad.

Step #2

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Close SUPERAntiSpyware, we will come back to it later on.
Step #3

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Step #4

Start SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #5

Now start WinPFind35U. Open Notepad and then open the wpf35.txt file that you saved to your desktop. Copy/paste the contents of the Notepad file into the WinPFind35u textbox where it says Paste Fix Here and click the Run Fix button.

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot the computer normally.

Step #6

Post the following back here:
  • the VundoFix log (c:\vundofix.txt)
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u\MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
  • a new WinPFind35U report with the following options:
    • Under Additional Scans] click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans
  • Do not change any other settings.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 ace61502

ace61502
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Olive Branch, MS
  • Local time:03:24 PM

Posted 19 January 2008 - 04:16 PM

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 1:17:44 PM 12/24/2007

Listing files found while scanning....


VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 4:39:10 AM 12/25/2007

Listing files found while scanning....

C:\WINDOWS\lsass.exe
C:\WINDOWS\system32\cbxxuvt.dll
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.exe

Beginning removal...

Attempting to delete C:\WINDOWS\lsass.exe
C:\WINDOWS\lsass.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxxuvt.dll
C:\WINDOWS\system32\cbxxuvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 4:13:21 PM 12/28/2007

Listing files found while scanning....


VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 11:48:46 AM 1/19/2008

Listing files found while scanning....

C:\windows\system32\bwvmiwvf.dllbox
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.exe
C:\windows\system32\jljmztox.dllbox
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\uaobmyud.dll
C:\WINDOWS\system32\vjkbfeuv.dll

Beginning removal...

Attempting to delete C:\windows\system32\bwvmiwvf.dllbox
C:\windows\system32\bwvmiwvf.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Attempting to delete C:\windows\system32\jljmztox.dllbox
C:\windows\system32\jljmztox.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\lexpps.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uaobmyud.dll
C:\WINDOWS\system32\uaobmyud.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vjkbfeuv.dll
C:\WINDOWS\system32\vjkbfeuv.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\lexpps.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...



________________________________

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/19/2008 at 02:33 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384
Trace Rules Database Version: 1378

Scan type : Complete Scan
Total Scan Time : 02:08:13

Memory items scanned : 359
Memory threats detected : 4
Registry items scanned : 5624
Registry threats detected : 11
File items scanned : 115820
File threats detected : 289

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\JKHHF.DLL
C:\WINDOWS\SYSTEM32\JKHHF.DLL
HKLM\Software\Classes\CLSID\{52538D29-D748-4905-A347-5C200BD91DDD}
HKCR\CLSID\{52538D29-D748-4905-A347-5C200BD91DDD}
HKCR\CLSID\{52538D29-D748-4905-A347-5C200BD91DDD}\InprocServer32
HKCR\CLSID\{52538D29-D748-4905-A347-5C200BD91DDD}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52538D29-D748-4905-A347-5C200BD91DDD}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000047.DLL

Trojan.Vundo/Variant-Installer/A
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM32\WLTRAY.EXE
C:\WINDOWS\SYSTEM32\WLTRAY.EXE
[TkBellExe] C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
[Broadcom Wireless Manager UI] C:\WINDOWS\SYSTEM32\WLTRAY.EXE
[Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER .EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER .EXE
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX10.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX101.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX102.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX11.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX12.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX13.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX14.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX1BB.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX1BE.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX1EF.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX22.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX23.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX2D.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX43.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX44.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX46.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX47.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX6F2.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX817.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX81A.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCX95.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCXB.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCXD.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCXD0.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCXD5.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCXE.TMP
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMP\RCXF.TMP
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER .EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\AWS\WEATHERBUG\WEATHER .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER .EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000246.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000249.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000251.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000252.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000260.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000262.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000263.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000265.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000279.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000280.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000281.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000284.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0001274.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0001277.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0001278.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0001279.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001294.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001295.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001296.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001297.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001319.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001429.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001655.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001657.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0001692.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP14\A0001724.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001799.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001858.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0002167.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0002169.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0002170.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0002175.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0002177.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0002402.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0003164.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0003165.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004162.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004165.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004178.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004180.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004181.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004193.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004203.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004218.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004219.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004220.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004231.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004245.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004249.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004260.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004263.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004275.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004278.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004292.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004295.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004312.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004314.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004573.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004576.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004681.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004684.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004701.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004703.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004704.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0004727.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0004730.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0004756.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0004759.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0004782.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0004804.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0004816.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0004817.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005075.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005079.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005080.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005094.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005096.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005113.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005394.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005404.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005405.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005406.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005417.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0005467.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0005469.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0005470.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0005471.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0005472.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0005485.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0005488.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0005489.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007506.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007507.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007514.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007516.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007517.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007518.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007519.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000036.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000037.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000052.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0000097.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0000155.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0000157.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0000196.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0000200.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0000228.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0000229.EXE
C:\VUNDOFIX BACKUPS\LEXPPS.EXE.BAD
C:\WINDOWS\Prefetch\QTTASK .EXE-2A835E82.pf
C:\WINDOWS\Prefetch\REALSCHED.EXE-0948A6AF.pf
C:\WINDOWS\Prefetch\WEATHER.EXE-16549C68.pf
C:\WINDOWS\Prefetch\WLTRAY.EXE-0D3A5A80.pf
C:\WINDOWS\Prefetch\YAHOOMESSENGER .EXE-0E61C70E.pf

Trojan.Vundo/Variant-Installer
[load] C:\WINDOWS\SYSTEM32\JKHHF.EXE
C:\WINDOWS\SYSTEM32\JKHHF.EXE
[load] C:\WINDOWS\SYSTEM32\JKHHF.EXE
[load] C:\WINDOWS\SYSTEM32\JKHHF.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JKHHF.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000264.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000282.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0001280.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001293.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001656.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001859.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0002171.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0002178.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0003166.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004166.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004182.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0004204.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004250.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004264.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004279.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0004296.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000008.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004311.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004577.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004685.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0004705.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0004731.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0004760.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0004784.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0004803.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005097.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005114.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005408.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0005473.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0005491.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000011.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0000099.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0000112.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0000134.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0000158.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0000202.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0000230.EXE
C:\VUNDOFIX BACKUPS\JKHHF.EXE.BAD
C:\WINDOWS\SYSTEM32\RCX14.TMP
C:\WINDOWS\SYSTEM32\RCX15.TMP
C:\WINDOWS\Prefetch\JKHHF.EXE-2560C2C1.pf

Adware.Tracking Cookie
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@aff.primaryads[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@statcounter[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@apmebf[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@ads.bridgetrack[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@adrevolver[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@fastclick[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@findwhat[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@doubleclick[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@revsci[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@www.googleadservices[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@bluestreak[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@advertising[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@tacoda[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@hornymatches[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@azjmp[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@hitbox[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@atdmt[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@tribalfusion[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@counter.poq-files[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@sales.liveperson[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@toplist[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@ads.revsci[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@media.adrevolver[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@mediaplex[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@adopt.specificclick[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@zedo[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@sales.liveperson[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@specificclick[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@trafficmp[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@paypal.112.2o7[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda elliott@fonefinder[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda elliott@pathfinder[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@208.122.40[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@208.122.40[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@208.122.40[3].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@208.122.40[4].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@a.findarticles[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@aj.petfinder[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@family.findlaw[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@findagrave[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@findlaw[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@findlinks.addresses[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@freefind[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@need2find[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@partners.trafficneeds[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@petfinder[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@sales.liveperson[3].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@search.petfinder[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@searchfindworld[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@thezirius[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@traffic.buyservices[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@tribalfusion[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@trixietracker[6].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@www.findagrave[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@www.findarticles[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@www.findasidingcontractor[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@www.findawindowcontractor[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@www.mysitetraffic[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@www.textdatefinder[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@www.trafficland[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@www.transfinderi[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@ylwbook.findlinks.addresses[2].txt

Trojan.Downloader-Gen/DDC
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\K8A82UDY\GAMADRIL20071203[1]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0000308.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001848.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0004819.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0005430.EXE

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\CFSDAVED\SFGREZML.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000010.DLL

Adware.Search2Find
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\SMSS.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000040.EXE

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001320.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0001321.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001758.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001760.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0004815.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0004821.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000012.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000013.DLL
C:\WINDOWS\SYSTEM32\AEIUCFJA.DLL

Malware.Ultimate Defender
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000038.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000039.EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000048.DLL

Trojan.Unclassifed/AffiliateBundle
C:\VUNDOFIX BACKUPS\CBXXUVT.DLL.BAD

____________________________

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\58c6165b deleted successfully.
File C:\WINDOWS\System32\vjkbfeuv.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\C:\WINDOWS\system32\jkhhf.exe not found.
C:\WINDOWS\System32\jkhhf.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\objects_aol.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BBC3686-5E88-4B81-B2A1-710DC6CD9854}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BBC3686-5E88-4B81-B2A1-710DC6CD9854}\ not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jkhhf.dll
C:\WINDOWS\System32\jkhhf.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\jkhhf.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c37e9749-e20b-469e-b2fa-1b39abe683f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c37e9749-e20b-469e-b2fa-1b39abe683f9}\ deleted successfully.
File C:\WINDOWS\System32\uaobmyud.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E19E589B-749F-4641-9ED3-032DEB7A8D92} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E19E589B-749F-4641-9ED3-032DEB7A8D92}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E92BEFBA-E79D-4F41-9733-68DA49C4492B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E92BEFBA-E79D-4F41-9733-68DA49C4492B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{A2F93841-DEAB-0392-4958-BA333CF05732} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2F93841-DEAB-0392-4958-BA333CF05732}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A75C6120-9B36-11d4-A3F0-009027427750}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B13B4423-2647-4cfc-A4B3-C7D56CB83487}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\jkhhf deleted successfully.
File C:\WINDOWS\System32\jkhhf.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\msotheof.exe deleted successfully.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\bwvmiwvf.dllbox not found!
C:\WINDOWS\System32\fhhkj.ini moved successfully.
C:\WINDOWS\System32\fhhkj.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jkhhf.dll
C:\WINDOWS\System32\jkhhf.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\jkhhf.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\jkhhf.exe not found!
File C:\WINDOWS\System32\jljmztox.dllbox not found!
File C:\WINDOWS\System32\RCX14.tmp not found!
File C:\WINDOWS\System32\RCX15.tmp not found!
C:\WINDOWS\System32\tmp.reg moved successfully.
File C:\WINDOWS\System32\uaobmyud.dll not found!
File C:\WINDOWS\System32\vjkbfeuv.dll not found!
C:\WINDOWS\System32\vuefbkjv.ini moved successfully.
C:\WINDOWS\System32\WS2Fix.exe moved successfully.
C:\WINDOWS\System32\ydcamqnh.ini moved successfully.
[Files/Folders - Modified Within 30 days]
C:\11dec1db0dfeb71c8a8f moved successfully.
File C:\WINDOWS\System32\aeiucfja.dll not found!
File C:\WINDOWS\System32\bwvmiwvf.dllbox not found!
File C:\WINDOWS\System32\fhhkj.ini not found!
File C:\WINDOWS\System32\fhhkj.ini2 not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jkhhf.dll
C:\WINDOWS\System32\jkhhf.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\jkhhf.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\jkhhf.exe not found!
File C:\WINDOWS\System32\jljmztox.dllbox not found!
File C:\WINDOWS\System32\RCX14.tmp not found!
File C:\WINDOWS\System32\RCX15.tmp not found!
File C:\WINDOWS\System32\uaobmyud.dll not found!
File C:\WINDOWS\System32\vjkbfeuv.dll not found!
File C:\WINDOWS\System32\vuefbkjv.ini not found!
File C:\WINDOWS\System32\ydcamqnh.ini not found!
C:\WINDOWS\EReg072.dat moved successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:13AA281B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1FBE3CEB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5B3A4EC2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6114B257 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90D89144 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:94D41096 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2 deleted successfully.
[Empty Temp Folders]
C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Amanda Elliott\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of fix log >
WinPFind35U Version Beta23 fix logfile created on 01192008_150113

#8 ace61502

ace61502
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Olive Branch, MS
  • Local time:03:24 PM

Posted 19 January 2008 - 04:17 PM

WinPFind35 logfile created on: 1/19/2008 3:10:35 PM
WinPFind35U Version Beta23 Folder = C:\Documents and Settings\Amanda Elliott\Desktop\Antivirus\Per Old Timer\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

503.37 Mb Total Physical Memory | 161.88 Mb Available Physical Memory | 32.16% Memory free
1.20 Gb Paging File | 0.90 Gb Available in Paging File | 75.42% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 13.38 Gb Free Space | 39.12% Space Free | Partition Type: NTFS
Drive D: | 309.87 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: RALPH
Current User Name: Amanda Elliott
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 3/16/2007 6:10:54 PM | Attr = ]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1253376 bytes | Modified Date = 3/16/2007 6:10:52 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 4:37:09 AM | Attr = ]
lexpps.exe -> %System32%\lexpps.exe -> Lexmark International, Inc. [Ver = 8.29 | Size = 502272 bytes | Modified Date = 1/5/2008 7:54:19 AM | Attr = ]
lexpps .exe -> %System32%\LEXPPS .EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 1/19/2008 3:04:00 PM | Attr = ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 6:50:35 AM | Attr = R ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 6/9/2005 8:53:18 AM | Attr = ]
pcctlcom.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\PcCtlCom.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1019 | Size = 880722 bytes | Modified Date = 9/4/2006 8:54:44 PM | Attr = ]
tmntsrv.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\Tmntsrv.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 290889 bytes | Modified Date = 8/30/2005 4:30:32 PM | Attr = ]
tmproxy.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\tmproxy.exe -> Trend Micro Inc. [Ver = 1.0.0.1135 | Size = 262215 bytes | Modified Date = 8/30/2005 4:30:34 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 AM | Attr = ]
tmpfw.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\TmPfw.exe -> Trend Micro Inc. [Ver = 2.0.0.1135 | Size = 585792 bytes | Modified Date = 8/30/2005 4:30:34 PM | Attr = ]
pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\pccguide.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 823362 bytes | Modified Date = 1/2/2008 1:21:50 PM | Attr = ]
weather .exe -> %ProgramFiles%\AWS\WeatherBug\Weather .exe -> AWS Convergence Technologies, Inc. [Ver = 6, 6, 0, 0 | Size = 1719296 bytes | Modified Date = 1/19/2008 2:52:11 PM | Attr = ]
weather .exe -> %ProgramFiles%\AWS\WeatherBug\Weather .exe -> AWS Convergence Technologies, Inc. [Ver = 6, 6, 0, 0 | Size = 1343488 bytes | Modified Date = 1/19/2008 3:08:13 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\Antivirus\Per Old Timer\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 300032 bytes | Modified Date = 1/17/2008 12:16:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 6:50:35 AM | Attr = R ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 4:37:09 AM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 6/9/2005 8:53:18 AM | Attr = ]
(PcCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 12\PcCtlCom.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1019 | Size = 880722 bytes | Modified Date = 9/4/2006 8:54:44 PM | Attr = ]
(Tmntsrv) Trend Micro Real-time Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 12\Tmntsrv.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 290889 bytes | Modified Date = 8/30/2005 4:30:32 PM | Attr = ]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 12\TmPfw.exe -> Trend Micro Inc. [Ver = 2.0.0.1135 | Size = 585792 bytes | Modified Date = 8/30/2005 4:30:34 PM | Attr = ]
(tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 12\tmproxy.exe -> Trend Micro Inc. [Ver = 1.0.0.1135 | Size = 262215 bytes | Modified Date = 8/30/2005 4:30:34 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 AM | Attr = ]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %System32%\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
QuickTime Task -> %ProgramFiles%\QuickTime\qttask .exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 1/19/2008 3:08:01 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> File not found
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather .exe -> AWS Convergence Technologies, Inc. [Ver = 6, 6, 0, 0 | Size = 1343488 bytes | Modified Date = 1/19/2008 3:08:13 PM | Attr = ]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\jkhhf.exe -> %System32%\jkhhf.exe -> [Ver = | Size = 326656 bytes | Modified Date = 1/19/2008 3:07:57 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/10/2004 1:04:12 PM | Attr = HS]
< Amanda Elliott Startup Folder > -> C:\Documents and Settings\Amanda Elliott\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/10/2004 1:04:12 PM | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.trixietracker.com/site/michaelray?child=1425 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://go.trixietracker.com/site/michaelray ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4140 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4139 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{5AA128E3-74F8-4CDF-8810-6B30020FBC91} [HKEY_LOCAL_MACHINE] -> %System32%\jkhhf.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 323072 bytes | Modified Date = 1/19/2008 12:17:03 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> [Messenger Class] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{4CFF62BF-CA2B-4383-B4DB-2080FE6612E2} -> (Broadcom 440x 10/100 Integrated Controller) ->
{FF6DFFB2-6173-4511-AB8A-D5152A4AA47C} -> (Dell Wireless 1470 Dual Band WLAN Mini-PCI Card) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{149E45D8-163E-4189-86FC-45022AB2B6C9}[HKEY_LOCAL_MACHINE] -> file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx[SpinTop DRM Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shock...director/sw.cab[Shockwave ActiveX Control] ->
{3334504D-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB[Reg Error: Key does not exist or could not be opened.] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}[HKEY_LOCAL_MACHINE] -> http://www.superadblocker.com/activex/sabspx.cab[SABScanProcesses Class] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_03] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CC450D71-CC90-424C-8638-1F2DBAC87A54}[HKEY_LOCAL_MACHINE] -> file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx[ArmHelper Control] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->



[Files/Folders - Created Within 30 days]
ioSpecial.ini -> %SystemDrive%\ioSpecial.ini -> [Ver = | Size = 125 bytes | Created Date = 12/24/2007 10:53:26 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 1/5/2008 12:34:50 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 12/24/2007 1:17:44 PM | Attr = ]
SDTHOOK.SYS -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Created Date = 1/2/2008 1:37:00 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/2/2008 12:05:21 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 12/31/2007 11:06:48 AM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 12/31/2007 11:07:26 AM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
fhhkj.ini -> %System32%\fhhkj.ini -> [Ver = | Size = 6626 bytes | Created Date = 1/19/2008 3:07:54 PM | Attr = HS]
fhhkj.ini2 -> %System32%\fhhkj.ini2 -> [Ver = | Size = 319 bytes | Created Date = 1/19/2008 3:07:55 PM | Attr = HS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 12/31/2007 11:06:58 AM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Created Date = 12/24/2007 10:32:39 AM | Attr = ]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Created Date = 12/24/2007 10:32:59 AM | Attr = ]
igfxtray .exe -> %System32%\igfxtray .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Created Date = 12/24/2007 10:32:39 AM | Attr = ]
jkhhf.dll -> %System32%\jkhhf.dll -> [Ver = | Size = 323072 bytes | Created Date = 1/19/2008 12:17:03 PM | Attr = ]
jkhhf.exe -> %System32%\jkhhf.exe -> [Ver = | Size = 326656 bytes | Created Date = 1/19/2008 3:07:57 PM | Attr = ]
LEXPPS .EXE -> %System32%\LEXPPS .EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Created Date = 1/6/2008 12:56:17 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 12/31/2007 11:06:57 AM | Attr = ]
PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 2576 bytes | Created Date = 1/17/2008 7:16:53 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 12/25/2007 5:03:13 AM | Attr = R ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 25600 bytes | Created Date = 12/28/2007 7:11:12 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 12/31/2007 11:06:58 AM | Attr = ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 1/5/2008 12:34:38 PM | Attr = ]
WLTRAY .exe -> %System32%\WLTRAY .exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Created Date = 1/18/2008 1:42:56 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 12/31/2007 11:07:26 AM | Attr = ]
BBSTORE -> %SystemRoot%\BBSTORE -> [Folder | Created Date = 12/29/2007 12:54:38 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/2/2008 2:57:08 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 1/6/2008 12:53:27 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/5/2008 12:34:39 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 12/28/2007 5:45:06 PM | Attr = ]
SETUP32.INI -> %SystemRoot%\SETUP32.INI -> [Ver = | Size = 0 bytes | Created Date = 12/29/2007 12:52:36 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 1/6/2008 1:36:03 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
HipSoft -> %AllUsersAppData%\HipSoft -> [Folder | Created Date = 1/19/2008 4:11:06 AM | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 1/2/2008 12:28:06 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 12/28/2007 10:25:10 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 12/24/2007 1:34:28 PM | Attr = ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Created Date = 12/28/2007 5:38:07 PM | Attr = ]
SpinTop -> %UserAppData%\SpinTop -> [Folder | Created Date = 12/24/2007 4:42:54 AM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 12/24/2007 1:32:46 PM | Attr = ]
TrojanHunter -> %UserAppData%\TrojanHunter -> [Folder | Created Date = 12/25/2007 8:23:02 AM | Attr = ]
Oberon Games -> %LocalAppData%\Oberon Games -> [Folder | Created Date = 1/5/2008 1:15:37 AM | Attr = ]
DSC02740.JPG -> %UserDocuments%\DSC02740.JPG -> [Ver = | Size = 22002 bytes | Created Date = 1/19/2008 3:57:54 AM | Attr = ]
The Learning Company -> %UserDocuments%\The Learning Company -> [Folder | Created Date = 12/29/2007 1:00:01 PM | Attr = ]
Antivirus -> %UserDesktop%\Antivirus -> [Folder | Created Date = 12/25/2007 1:17:20 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 1/2/2008 2:02:41 PM | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 12/24/2007 1:16:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
SWF Studio -> %CommonProgramFiles%\SWF Studio -> [Folder | Created Date = 12/23/2007 2:46:51 AM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Created Date = 12/28/2007 5:38:07 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 12/24/2007 1:23:42 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/28/2007 7:28:19 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/2/2008 12:29:02 AM | Attr = ]
ioSpecial.ini -> %SystemDrive%\ioSpecial.ini -> [Ver = | Size = 125 bytes | Modified Date = 1/19/2008 11:46:14 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/19/2008 11:46:18 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 1/6/2008 1:35:51 PM | Attr = ]
Shop -> %SystemDrive%\Shop -> [Folder | Modified Date = 12/28/2007 6:42:43 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/5/2008 12:33:00 PM | Attr = HS]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 86133 bytes | Modified Date = 1/17/2008 6:21:35 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 1/19/2008 12:15:21 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/19/2008 3:05:35 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/6/2008 1:30:56 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 1/6/2008 1:30:56 PM | Attr = ]
hosts.20071228-142425.backup -> %System32%\drivers\etc\hosts.20071228-142425.backup -> [Ver = | Size = 114 bytes | Modified Date = 12/28/2007 11:30:33 AM | Attr = R ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/2/2008 12:03:21 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 1/1/2008 9:52:51 PM | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 1/1/2008 9:52:51 PM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/2/2008 2:45:36 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/17/2008 5:28:27 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/19/2008 12:26:10 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 1/17/2008 4:06:26 PM | Attr = ]
dla -> %System32%\dla -> [Folder | Modified Date = 12/25/2007 8:22:14 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/14/2008 3:40:12 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/17/2008 7:15:36 PM | Attr = ]
fhhkj.ini -> %System32%\fhhkj.ini -> [Ver = | Size = 6626 bytes | Modified Date = 1/19/2008 3:10:35 PM | Attr = HS]
fhhkj.ini2 -> %System32%\fhhkj.ini2 -> [Ver = | Size = 319 bytes | Modified Date = 1/19/2008 3:07:55 PM | Attr = HS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/2/2008 1:25:37 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 12/24/2007 10:32:39 AM | Attr = ]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Modified Date = 12/20/2007 11:11:52 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 12/24/2007 10:32:59 AM | Attr = ]
igfxtray .exe -> %System32%\igfxtray .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 12/24/2007 10:32:39 AM | Attr = ]
jkhhf.dll -> %System32%\jkhhf.dll -> [Ver = | Size = 323072 bytes | Modified Date = 1/19/2008 12:17:03 PM | Attr = ]
jkhhf.exe -> %System32%\jkhhf.exe -> [Ver = | Size = 326656 bytes | Modified Date = 1/19/2008 3:07:57 PM | Attr = ]
LEXPPS .EXE -> %System32%\LEXPPS .EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 1/19/2008 3:04:00 PM | Attr = ]
lexpps.exe -> %System32%\lexpps.exe -> Lexmark International, Inc. [Ver = 8.29 | Size = 502272 bytes | Modified Date = 1/5/2008 7:54:19 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/2/2008 1:25:37 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 55200 bytes | Modified Date = 1/17/2008 7:16:53 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 386040 bytes | Modified Date = 1/17/2008 7:16:53 PM | Attr = ]
PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 2576 bytes | Modified Date = 1/17/2008 7:16:53 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 1/17/2008 7:15:36 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/5/2008 12:33:00 PM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 12/25/2007 5:03:51 AM | Attr = R ]
Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 25600 bytes | Modified Date = 1/18/2008 7:10:41 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/2/2008 1:25:37 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 1/17/2008 4:06:02 PM | Attr = ]
WLTRAY .exe -> %System32%\WLTRAY .exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Modified Date = 1/19/2008 12:22:48 PM | Attr = ]
WLTRAY.exe -> %System32%\WLTRAY.exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 2080256 bytes | Modified Date = 1/19/2008 12:17:20 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/17/2008 4:07:42 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 9:36:16 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 1/2/2008 2:39:26 PM | Attr = ]
BBSTORE -> %SystemRoot%\BBSTORE -> [Folder | Modified Date = 12/29/2007 12:54:38 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/2/2008 4:18:50 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/19/2008 3:03:31 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/17/2008 3:55:13 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 1/6/2008 12:53:27 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/18/2008 2:38:23 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4696 bytes | Modified Date = 1/16/2008 2:05:59 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/17/2008 7:15:44 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/2/2008 12:29:04 AM | Attr = HS]
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 691 bytes | Modified Date = 1/17/2008 9:10:48 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/12/2008 12:02:55 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/19/2008 3:08:22 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 12/28/2007 5:45:06 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/17/2008 4:06:02 PM | Attr = ]
SETUP32.INI -> %SystemRoot%\SETUP32.INI -> [Ver = | Size = 0 bytes | Modified Date = 12/29/2007 12:52:36 PM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 12/28/2007 7:11:01 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 1/2/2008 2:45:29 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 243 bytes | Modified Date = 1/6/2008 1:31:05 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/19/2008 3:07:57 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/14/2008 1:08:39 AM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 1/19/2008 3:10:15 PM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 13312 bytes | Modified Date = 1/18/2008 8:17:14 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 12/28/2007 7:11:53 PM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 688 bytes | Modified Date = 1/17/2008 6:21:31 PM | Attr = ]
wt -> %SystemRoot%\wt -> [Folder | Modified Date = 12/26/2007 12:17:26 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/19/2008 3:03:56 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
GameHouse -> %AllUsersAppData%\GameHouse -> [Folder | Modified Date = 12/24/2007 11:24:41 AM | Attr = ]
HipSoft -> %AllUsersAppData%\HipSoft -> [Folder | Modified Date = 1/19/2008 4:11:06 AM | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 1/2/2008 12:28:06 AM | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 1/10/2008 10:10:50 AM | Attr = S]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 12/28/2007 10:27:16 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 12/24/2007 1:34:28 PM | Attr = ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Modified Date = 12/28/2007 5:38:07 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 1/19/2008 5:11:11 AM | Attr = ]
@Alternate Data Stream - 111 bytes -> %AllUsersAppData%\TEMP:C86B29EB
@Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:FD604D11
Lavasoft -> %UserAppData%\Lavasoft -> [Folder | Modified Date = 1/2/2008 12:14:50 AM | Attr = ]
SpinTop -> %UserAppData%\SpinTop -> [Folder | Modified Date = 12/24/2007 4:42:54 AM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 12/24/2007 1:32:46 PM | Attr = ]
TrojanHunter -> %UserAppData%\TrojanHunter -> [Folder | Modified Date = 12/25/2007 8:23:02 AM | Attr = ]
WeatherBug -> %UserAppData%\WeatherBug -> [Folder | Modified Date = 1/11/2008 8:45:02 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 187904 bytes | Modified Date = 1/14/2008 1:43:49 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1574416 bytes | Modified Date = 1/9/2008 8:58:33 PM | Attr = H ]
Oberon Games -> %LocalAppData%\Oberon Games -> [Folder | Modified Date = 1/8/2008 1:01:54 AM | Attr = ]
DSC02740.JPG -> %UserDocuments%\DSC02740.JPG -> [Ver = | Size = 22002 bytes | Modified Date = 1/19/2008 2:55:22 AM | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 12/31/2007 12:50:56 PM | Attr = R ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 12/31/2007 12:52:28 PM | Attr = R ]
School -> %UserDocuments%\School -> [Folder | Modified Date = 12/31/2007 12:53:25 PM | Attr = ]
The Learning Company -> %UserDocuments%\The Learning Company -> [Folder | Modified Date = 12/29/2007 1:00:01 PM | Attr = ]
Antivirus -> %UserDesktop%\Antivirus -> [Folder | Modified Date = 1/19/2008 11:44:01 AM | Attr = ]
For sale -> %UserDesktop%\For sale -> [Folder | Modified Date = 1/5/2008 10:03:40 AM | Attr = ]
Greg watch -> %UserDesktop%\Greg watch -> [Folder | Modified Date = 1/12/2008 6:25:39 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 1/2/2008 2:02:41 PM | Attr = ]
Stuff -> %UserDesktop%\Stuff -> [Folder | Modified Date = 1/19/2008 12:28:07 PM | Attr = ]
Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 125952 bytes | Modified Date = 1/17/2008 9:06:56 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 12/24/2007 1:17:02 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 12/23/2007 6:59:00 PM | Attr = ]
Services -> %CommonProgramFiles%\Services -> [Folder | Modified Date = 12/28/2007 6:38:25 PM | Attr = ]
SWF Studio -> %CommonProgramFiles%\SWF Studio -> [Folder | Modified Date = 12/23/2007 2:46:51 AM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 12/28/2007 5:42:13 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/2/2008 12:27:01 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5002 bytes | Modified Date = 1/14/2008 12:55:59 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 1/14/2008 12:55:59 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 3/2/2006 12:06:29 PM | Attr = ]

< End of report >

#9 ace61502

ace61502
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Olive Branch, MS
  • Local time:03:24 PM

Posted 19 January 2008 - 07:25 PM

Thanks so much for your help. :blink:

The jkhhf files are back. :thumbsup:

Other than that, I don't see anything actually happening, and not sure what else to look for.

One of those programs deleted Yahoo Messenger! Is it possible that it was infected somehow?

Amanda

Edited by ace61502, 19 January 2008 - 07:28 PM.


#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:24 PM

Posted 19 January 2008 - 08:17 PM

Hi ace61502. That looks much better than the first time. When computer is as heavily infected as this one it sometimes takes a couple of runs.

Repeat the same steps again. For the WinPFind35u fix use the following:

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system32\jkhhf.exe -> %System32%\jkhhf.exe
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {5AA128E3-74F8-4CDF-8810-6B30020FBC91} [HKEY_LOCAL_MACHINE] -> %System32%\jkhhf.dll [Reg Error: Value does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
NY -> fhhkj.ini -> %System32%\fhhkj.ini
NY -> fhhkj.ini2 -> %System32%\fhhkj.ini2
NY -> jkhhf.dll -> %System32%\jkhhf.dll
NY -> jkhhf.exe -> %System32%\jkhhf.exe
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> DSC02740.JPG -> %UserDocuments%\DSC02740.JPG
[Files/Folders - Modified Within 30 days]
NY -> fhhkj.ini -> %System32%\fhhkj.ini
NY -> fhhkj.ini2 -> %System32%\fhhkj.ini2
NY -> jkhhf.dll -> %System32%\jkhhf.dll
NY -> jkhhf.exe -> %System32%\jkhhf.exe
NY -> bootstat.dat -> %SystemRoot%\bootstat.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> DSC02740.JPG -> %UserDocuments%\DSC02740.JPG
[Empty Temp Folders]
[Start Explorer]

I wasn't sure about the DSC02740.JPG file. It's a picture file. If you downloaded it off from the internet or received it from someone else leave it in there. If it came from your own camera then you can take that line out (there are two lines in the fix).

Post all of the logs back here along with a new WinPFind35u scan. If the jkhhf files come back then we'll grab a different tool.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 ace61502

ace61502
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Olive Branch, MS
  • Local time:03:24 PM

Posted 19 January 2008 - 11:53 PM

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 1:17:44 PM 12/24/2007

Listing files found while scanning....


VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 4:39:10 AM 12/25/2007

Listing files found while scanning....

C:\WINDOWS\lsass.exe
C:\WINDOWS\system32\cbxxuvt.dll
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.exe

Beginning removal...

Attempting to delete C:\WINDOWS\lsass.exe
C:\WINDOWS\lsass.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxxuvt.dll
C:\WINDOWS\system32\cbxxuvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 4:13:21 PM 12/28/2007

Listing files found while scanning....


VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 11:48:46 AM 1/19/2008

Listing files found while scanning....

C:\windows\system32\bwvmiwvf.dllbox
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.exe
C:\windows\system32\jljmztox.dllbox
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\uaobmyud.dll
C:\WINDOWS\system32\vjkbfeuv.dll

Beginning removal...

Attempting to delete C:\windows\system32\bwvmiwvf.dllbox
C:\windows\system32\bwvmiwvf.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Attempting to delete C:\windows\system32\jljmztox.dllbox
C:\windows\system32\jljmztox.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\lexpps.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uaobmyud.dll
C:\WINDOWS\system32\uaobmyud.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vjkbfeuv.dll
C:\WINDOWS\system32\vjkbfeuv.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\lexpps.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 7:25:21 PM 1/19/2008

Listing files found while scanning....

C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\lexpps.exe

Beginning removal...

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\lexpps.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 8:00:38 PM 1/19/2008

Listing files found while scanning....

C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\lexpps.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\lexpps.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\jkhhf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\lexpps.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

______________________________

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/19/2008 at 10:17 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384
Trace Rules Database Version: 1378

Scan type : Complete Scan
Total Scan Time : 01:49:31

Memory items scanned : 376
Memory threats detected : 3
Registry items scanned : 5616
Registry threats detected : 9
File items scanned : 102544
File threats detected : 55

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\JKHHF.DLL
C:\WINDOWS\SYSTEM32\JKHHF.DLL
HKLM\Software\Classes\CLSID\{3629637A-8F1D-4650-B09D-E3DE74BECABA}
HKCR\CLSID\{3629637A-8F1D-4650-B09D-E3DE74BECABA}
HKCR\CLSID\{3629637A-8F1D-4650-B09D-E3DE74BECABA}\InprocServer32
HKCR\CLSID\{3629637A-8F1D-4650-B09D-E3DE74BECABA}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629637A-8F1D-4650-B09D-E3DE74BECABA}

Trojan.Vundo/Variant-Installer/A
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER .EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER .EXE
[Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1 .EXE
C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1 .EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007532.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007533.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007534.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007535.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007536.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007537.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0009641.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0009642.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0009643.EXE
C:\VUNDOFIX BACKUPS\LEXPPS.EXE.BAD
C:\WINDOWS\SYSTEM32\WLTRAY.EXE
C:\WINDOWS\Prefetch\QTTASK .EXE-1F17A010.pf
C:\WINDOWS\Prefetch\QTTASK .EXE-2AEB2148.pf
C:\WINDOWS\Prefetch\QTTASK .EXE-213A88B9.pf
C:\WINDOWS\Prefetch\QTTASK .EXE-01444BFF.pf
C:\WINDOWS\Prefetch\WEATHER .EXE-16528D81.pf
C:\WINDOWS\Prefetch\YAHOOM~1 .EXE-08A750C5.pf

Trojan.Vundo/Variant-Installer
[load] C:\WINDOWS\SYSTEM32\JKHHF.EXE
C:\WINDOWS\SYSTEM32\JKHHF.EXE
[load] C:\WINDOWS\SYSTEM32\JKHHF.EXE
[load] C:\WINDOWS\SYSTEM32\JKHHF.EXE
C:\DOCUMENTS AND SETTINGS\AMANDA ELLIOTT\DESKTOP\ANTIVIRUS\PER OLD TIMER\WINPFIND35U\MOVEDFILES\01192008_150113\WINDOWS\SYSTEM32\JKHHF.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0009610.EXE
C:\VUNDOFIX BACKUPS\JKHHF.EXE.BAD
C:\WINDOWS\Prefetch\JKHHF.EXE-2560C2C1.pf

Adware.Tracking Cookie
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@apmebf[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@ipoint.targetpoint[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@fastclick[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@doubleclick[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@bluestreak[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@trixietracker[6].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@advertising[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@tacoda[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@atdmt[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@tribalfusion[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@anad.tacoda[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@sales.liveperson[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@anat.tacoda[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@mediaplex[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@adopt.specificclick[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@sales.liveperson[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@overture[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@vitacost.122.2o7[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@specificclick[2].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@ads.associatedcontent[1].txt
C:\Documents and Settings\Amanda Elliott\Cookies\amanda_elliott@trafficmp[1].txt

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0007544.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0009609.DLL

_________________________

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\C:\WINDOWS\system32\jkhhf.exe not found.
C:\WINDOWS\System32\jkhhf.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AA128E3-74F8-4CDF-8810-6B30020FBC91}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA128E3-74F8-4CDF-8810-6B30020FBC91}\ not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jkhhf.dll
C:\WINDOWS\System32\jkhhf.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\jkhhf.dll scheduled to be moved on reboot.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\fhhkj.ini moved successfully.
C:\WINDOWS\System32\fhhkj.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jkhhf.dll
C:\WINDOWS\System32\jkhhf.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\jkhhf.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\jkhhf.exe not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\fhhkj.ini not found!
File C:\WINDOWS\System32\fhhkj.ini2 not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jkhhf.dll
C:\WINDOWS\System32\jkhhf.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\jkhhf.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\jkhhf.exe not found!
C:\WINDOWS\bootstat.dat moved successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
[Empty Temp Folders]
C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Amanda Elliott\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta23 fix logfile created on 01192008_223911


WinPFind35 logfile created on: 1/19/2008 10:46:54 PM
WinPFind35U Version Beta23 Folder = C:\Documents and Settings\Amanda Elliott\Desktop\Antivirus\Per Old Timer\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

503.37 Mb Total Physical Memory | 171.43 Mb Available Physical Memory | 34.06% Memory free
1.20 Gb Paging File | 0.90 Gb Available in Paging File | 75.05% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 13.31 Gb Free Space | 38.91% Space Free | Partition Type: NTFS
Drive D: | 309.87 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: RALPH
Current User Name: Amanda Elliott
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 3/16/2007 6:10:54 PM | Attr = ]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1253376 bytes | Modified Date = 3/16/2007 6:10:52 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 4:37:09 AM | Attr = ]
lexpps.exe -> %System32%\lexpps.exe -> Lexmark International, Inc. [Ver = 8.29 | Size = 502272 bytes | Modified Date = 1/5/2008 7:54:19 AM | Attr = ]
lexpps .exe -> %System32%\LEXPPS .EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 1/19/2008 10:41:14 PM | Attr = ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 6:50:35 AM | Attr = R ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 6/9/2005 8:53:18 AM | Attr = ]
pcctlcom.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\PcCtlCom.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1019 | Size = 880722 bytes | Modified Date = 9/4/2006 8:54:44 PM | Attr = ]
tmntsrv.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\Tmntsrv.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 290889 bytes | Modified Date = 8/30/2005 4:30:32 PM | Attr = ]
tmproxy.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\tmproxy.exe -> Trend Micro Inc. [Ver = 1.0.0.1135 | Size = 262215 bytes | Modified Date = 8/30/2005 4:30:34 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 AM | Attr = ]
tmpfw.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\TmPfw.exe -> Trend Micro Inc. [Ver = 2.0.0.1135 | Size = 585792 bytes | Modified Date = 8/30/2005 4:30:34 PM | Attr = ]
weather .exe -> %ProgramFiles%\AWS\WeatherBug\Weather .exe -> AWS Convergence Technologies, Inc. [Ver = 6, 6, 0, 0 | Size = 1719296 bytes | Modified Date = 1/19/2008 10:20:39 PM | Attr = ]
weather .exe -> %ProgramFiles%\AWS\WeatherBug\Weather .exe -> AWS Convergence Technologies, Inc. [Ver = 6, 6, 0, 0 | Size = 1343488 bytes | Modified Date = 1/19/2008 10:42:01 PM | Attr = ]
pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\pccguide.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 823362 bytes | Modified Date = 1/2/2008 1:21:50 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\Antivirus\Per Old Timer\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 300032 bytes | Modified Date = 1/17/2008 12:16:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 6:50:35 AM | Attr = R ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 4:37:09 AM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 6/9/2005 8:53:18 AM | Attr = ]
(PcCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 12\PcCtlCom.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1019 | Size = 880722 bytes | Modified Date = 9/4/2006 8:54:44 PM | Attr = ]
(Tmntsrv) Trend Micro Real-time Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 12\Tmntsrv.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 290889 bytes | Modified Date = 8/30/2005 4:30:32 PM | Attr = ]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 12\TmPfw.exe -> Trend Micro Inc. [Ver = 2.0.0.1135 | Size = 585792 bytes | Modified Date = 8/30/2005 4:30:34 PM | Attr = ]
(tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 12\tmproxy.exe -> Trend Micro Inc. [Ver = 1.0.0.1135 | Size = 262215 bytes | Modified Date = 8/30/2005 4:30:34 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 AM | Attr = ]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %System32%\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
QuickTime Task -> %ProgramFiles%\QuickTime\qttask .exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 1/19/2008 10:41:59 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> File not found
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather .exe -> AWS Convergence Technologies, Inc. [Ver = 6, 6, 0, 0 | Size = 1343488 bytes | Modified Date = 1/19/2008 10:42:01 PM | Attr = ]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\jkhhf.exe -> %System32%\jkhhf.exe -> [Ver = | Size = 326656 bytes | Modified Date = 1/19/2008 10:41:55 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/10/2004 1:04:12 PM | Attr = HS]
< Amanda Elliott Startup Folder > -> C:\Documents and Settings\Amanda Elliott\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/10/2004 1:04:12 PM | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.trixietracker.com/site/michaelray?child=1425 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://go.trixietracker.com/site/michaelray ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4140 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4139 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{9C239876-E19C-4B8A-BDD7-C05063FEDE49} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2B63EC5-22AB-4C2C-B686-DECA9BD786AC} [HKEY_LOCAL_MACHINE] -> %System32%\jkhhf.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 323072 bytes | Modified Date = 1/19/2008 8:25:56 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> [Messenger Class] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{4CFF62BF-CA2B-4383-B4DB-2080FE6612E2} -> (Broadcom 440x 10/100 Integrated Controller) ->
{FF6DFFB2-6173-4511-AB8A-D5152A4AA47C} -> (Dell Wireless 1470 Dual Band WLAN Mini-PCI Card) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{149E45D8-163E-4189-86FC-45022AB2B6C9}[HKEY_LOCAL_MACHINE] -> file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx[SpinTop DRM Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shock...director/sw.cab[Shockwave ActiveX Control] ->
{3334504D-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB[Reg Error: Key does not exist or could not be opened.] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}[HKEY_LOCAL_MACHINE] -> http://www.superadblocker.com/activex/sabspx.cab[SABScanProcesses Class] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_03] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CC450D71-CC90-424C-8638-1F2DBAC87A54}[HKEY_LOCAL_MACHINE] -> file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx[ArmHelper Control] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->



[Files/Folders - Created Within 30 days]
ioSpecial.ini -> %SystemDrive%\ioSpecial.ini -> [Ver = | Size = 125 bytes | Created Date = 12/24/2007 10:53:26 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 1/5/2008 12:34:50 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 12/24/2007 1:17:44 PM | Attr = ]
SDTHOOK.SYS -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Created Date = 1/2/2008 1:37:00 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/2/2008 12:05:21 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 12/31/2007 11:06:48 AM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 12/31/2007 11:07:26 AM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
fhhkj.ini -> %System32%\fhhkj.ini -> [Ver = | Size = 595 bytes | Created Date = 1/19/2008 8:26:04 PM | Attr = HS]
fhhkj.ini2 -> %System32%\fhhkj.ini2 -> [Ver = | Size = 451 bytes | Created Date = 1/19/2008 8:26:06 PM | Attr = HS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 12/31/2007 11:06:58 AM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Created Date = 12/24/2007 10:32:39 AM | Attr = ]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Created Date = 12/24/2007 10:32:59 AM | Attr = ]
igfxtray .exe -> %System32%\igfxtray .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Created Date = 12/24/2007 10:32:39 AM | Attr = ]
jkhhf.dll -> %System32%\jkhhf.dll -> [Ver = | Size = 323072 bytes | Created Date = 1/19/2008 8:25:56 PM | Attr = ]
jkhhf.exe -> %System32%\jkhhf.exe -> [Ver = | Size = 326656 bytes | Created Date = 1/19/2008 10:20:41 PM | Attr = ]
LEXPPS .EXE -> %System32%\LEXPPS .EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Created Date = 1/6/2008 12:56:17 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 12/31/2007 11:06:57 AM | Attr = ]
PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 2576 bytes | Created Date = 1/17/2008 7:16:53 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 12/25/2007 5:03:13 AM | Attr = R ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 25600 bytes | Created Date = 12/28/2007 7:11:12 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 12/31/2007 11:06:58 AM | Attr = ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 12/31/2007 10:17:28 AM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 1/5/2008 12:34:38 PM | Attr = ]
WLTRAY .exe -> %System32%\WLTRAY .exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Created Date = 1/18/2008 1:42:56 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 12/31/2007 11:07:26 AM | Attr = ]
BBSTORE -> %SystemRoot%\BBSTORE -> [Folder | Created Date = 12/29/2007 12:54:38 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/2/2008 2:57:08 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 1/6/2008 12:53:27 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/5/2008 12:34:39 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 12/28/2007 5:45:06 PM | Attr = ]
SETUP32.INI -> %SystemRoot%\SETUP32.INI -> [Ver = | Size = 0 bytes | Created Date = 12/29/2007 12:52:36 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 1/6/2008 1:36:03 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
HipSoft -> %AllUsersAppData%\HipSoft -> [Folder | Created Date = 1/19/2008 4:11:06 AM | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 1/2/2008 12:28:06 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 12/28/2007 10:25:10 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 12/24/2007 1:34:28 PM | Attr = ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Created Date = 12/28/2007 5:38:07 PM | Attr = ]
SpinTop -> %UserAppData%\SpinTop -> [Folder | Created Date = 12/24/2007 4:42:54 AM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 12/24/2007 1:32:46 PM | Attr = ]
TrojanHunter -> %UserAppData%\TrojanHunter -> [Folder | Created Date = 12/25/2007 8:23:02 AM | Attr = ]
Oberon Games -> %LocalAppData%\Oberon Games -> [Folder | Created Date = 1/5/2008 1:15:37 AM | Attr = ]
DSC02740.JPG -> %UserDocuments%\DSC02740.JPG -> [Ver = | Size = 22002 bytes | Created Date = 1/19/2008 3:57:54 AM | Attr = ]
The Learning Company -> %UserDocuments%\The Learning Company -> [Folder | Created Date = 12/29/2007 1:00:01 PM | Attr = ]
Antivirus -> %UserDesktop%\Antivirus -> [Folder | Created Date = 12/25/2007 1:17:20 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 1/2/2008 2:02:41 PM | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 12/24/2007 1:16:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
SWF Studio -> %CommonProgramFiles%\SWF Studio -> [Folder | Created Date = 12/23/2007 2:46:51 AM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Created Date = 12/28/2007 5:38:07 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 12/24/2007 1:23:42 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/28/2007 7:28:19 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/2/2008 12:29:02 AM | Attr = ]
ioSpecial.ini -> %SystemDrive%\ioSpecial.ini -> [Ver = | Size = 125 bytes | Modified Date = 1/19/2008 11:46:14 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/19/2008 11:46:18 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 1/6/2008 1:35:51 PM | Attr = ]
Shop -> %SystemDrive%\Shop -> [Folder | Modified Date = 12/28/2007 6:42:43 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/5/2008 12:33:00 PM | Attr = HS]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 86133 bytes | Modified Date = 1/17/2008 6:21:35 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 1/19/2008 8:24:10 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/19/2008 10:42:32 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/6/2008 1:30:56 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 1/6/2008 1:30:56 PM | Attr = ]
hosts.20071228-142425.backup -> %System32%\drivers\etc\hosts.20071228-142425.backup -> [Ver = | Size = 114 bytes | Modified Date = 12/28/2007 11:30:33 AM | Attr = R ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/2/2008 12:03:21 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 1/1/2008 9:52:51 PM | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 1/1/2008 9:52:51 PM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/2/2008 2:45:36 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/17/2008 5:28:27 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/19/2008 8:28:33 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 1/17/2008 4:06:26 PM | Attr = ]
dla -> %System32%\dla -> [Folder | Modified Date = 12/25/2007 8:22:14 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/14/2008 3:40:12 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/17/2008 7:15:36 PM | Attr = ]
fhhkj.ini -> %System32%\fhhkj.ini -> [Ver = | Size = 595 bytes | Modified Date = 1/19/2008 10:46:56 PM | Attr = HS]
fhhkj.ini2 -> %System32%\fhhkj.ini2 -> [Ver = | Size = 451 bytes | Modified Date = 1/19/2008 10:44:57 PM | Attr = HS]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/2/2008 1:25:37 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 12/24/2007 10:32:39 AM | Attr = ]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Modified Date = 12/20/2007 11:11:52 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 12/24/2007 10:32:59 AM | Attr = ]
igfxtray .exe -> %System32%\igfxtray .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 12/24/2007 10:32:39 AM | Attr = ]
jkhhf.dll -> %System32%\jkhhf.dll -> [Ver = | Size = 323072 bytes | Modified Date = 1/19/2008 8:25:56 PM | Attr = ]
jkhhf.exe -> %System32%\jkhhf.exe -> [Ver = | Size = 326656 bytes | Modified Date = 1/19/2008 10:41:55 PM | Attr = ]
LEXPPS .EXE -> %System32%\LEXPPS .EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 1/19/2008 10:41:14 PM | Attr = ]
lexpps.exe -> %System32%\lexpps.exe -> Lexmark International, Inc. [Ver = 8.29 | Size = 502272 bytes | Modified Date = 1/5/2008 7:54:19 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/2/2008 1:25:37 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 55200 bytes | Modified Date = 1/17/2008 7:16:53 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 386040 bytes | Modified Date = 1/17/2008 7:16:53 PM | Attr = ]
PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 2576 bytes | Modified Date = 1/17/2008 7:16:53 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 1/17/2008 7:15:36 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/5/2008 12:33:00 PM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 12/25/2007 5:03:51 AM | Attr = R ]
Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 25600 bytes | Modified Date = 1/19/2008 6:19:29 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/2/2008 1:25:37 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 1/17/2008 4:06:02 PM | Attr = ]
WLTRAY .exe -> %System32%\WLTRAY .exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Modified Date = 1/19/2008 12:22:48 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/17/2008 4:07:42 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 9:36:16 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 1/2/2008 2:39:26 PM | Attr = ]
BBSTORE -> %SystemRoot%\BBSTORE -> [Folder | Modified Date = 12/29/2007 12:54:38 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/2/2008 4:18:50 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/17/2008 3:55:13 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 1/6/2008 12:53:27 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/18/2008 2:38:23 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4696 bytes | Modified Date = 1/16/2008 2:05:59 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/17/2008 7:15:44 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/2/2008 12:29:04 AM | Attr = HS]
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 691 bytes | Modified Date = 1/19/2008 7:23:41 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/12/2008 12:02:55 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/19/2008 10:18:06 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 12/28/2007 5:45:06 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/17/2008 4:06:02 PM | Attr = ]
SETUP32.INI -> %SystemRoot%\SETUP32.INI -> [Ver = | Size = 0 bytes | Modified Date = 12/29/2007 12:52:36 PM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 12/28/2007 7:11:01 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 1/2/2008 2:45:29 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 243 bytes | Modified Date = 1/6/2008 1:31:05 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/19/2008 10:41:55 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/14/2008 1:08:39 AM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 1/19/2008 10:44:05 PM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 13312 bytes | Modified Date = 1/19/2008 3:11:49 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 12/28/2007 7:11:53 PM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 688 bytes | Modified Date = 1/17/2008 6:21:31 PM | Attr = ]
wt -> %SystemRoot%\wt -> [Folder | Modified Date = 12/26/2007 12:17:26 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/19/2008 10:41:08 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
GameHouse -> %AllUsersAppData%\GameHouse -> [Folder | Modified Date = 12/24/2007 11:24:41 AM | Attr = ]
HipSoft -> %AllUsersAppData%\HipSoft -> [Folder | Modified Date = 1/19/2008 4:11:06 AM | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 1/2/2008 12:28:06 AM | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 1/10/2008 10:10:50 AM | Attr = S]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 12/28/2007 10:27:16 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 12/24/2007 1:34:28 PM | Attr = ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Modified Date = 12/28/2007 5:38:07 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 1/19/2008 5:11:11 AM | Attr = ]
@Alternate Data Stream - 111 bytes -> %AllUsersAppData%\TEMP:C86B29EB
@Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:FD604D11
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 1/19/2008 6:26:48 PM | Attr = ]
Lavasoft -> %UserAppData%\Lavasoft -> [Folder | Modified Date = 1/2/2008 12:14:50 AM | Attr = ]
SpinTop -> %UserAppData%\SpinTop -> [Folder | Modified Date = 12/24/2007 4:42:54 AM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 12/24/2007 1:32:46 PM | Attr = ]
TrojanHunter -> %UserAppData%\TrojanHunter -> [Folder | Modified Date = 12/25/2007 8:23:02 AM | Attr = ]
WeatherBug -> %UserAppData%\WeatherBug -> [Folder | Modified Date = 1/11/2008 8:45:02 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 187904 bytes | Modified Date = 1/14/2008 1:43:49 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1574416 bytes | Modified Date = 1/9/2008 8:58:33 PM | Attr = H ]
Oberon Games -> %LocalAppData%\Oberon Games -> [Folder | Modified Date = 1/8/2008 1:01:54 AM | Attr = ]
DSC02740.JPG -> %UserDocuments%\DSC02740.JPG -> [Ver = | Size = 22002 bytes | Modified Date = 1/19/2008 2:55:22 AM | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 12/31/2007 12:50:56 PM | Attr = R ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 12/31/2007 12:52:28 PM | Attr = R ]
School -> %UserDocuments%\School -> [Folder | Modified Date = 12/31/2007 12:53:25 PM | Attr = ]
The Learning Company -> %UserDocuments%\The Learning Company -> [Folder | Modified Date = 12/29/2007 1:00:01 PM | Attr = ]
Thumbs.db -> %UserDocuments%\Thumbs.db -> [Ver = | Size = 14848 bytes | Modified Date = 1/19/2008 6:19:12 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable
Antivirus -> %UserDesktop%\Antivirus -> [Folder | Modified Date = 1/19/2008 11:44:01 AM | Attr = ]
For sale -> %UserDesktop%\For sale -> [Folder | Modified Date = 1/5/2008 10:03:40 AM | Attr = ]
Greg watch -> %UserDesktop%\Greg watch -> [Folder | Modified Date = 1/12/2008 6:25:39 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 1/2/2008 2:02:41 PM | Attr = ]
Stuff -> %UserDesktop%\Stuff -> [Folder | Modified Date = 1/19/2008 12:28:07 PM | Attr = ]
Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 125952 bytes | Modified Date = 1/17/2008 9:06:56 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 12/24/2007 1:17:02 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 12/23/2007 6:59:00 PM | Attr = ]
Services -> %CommonProgramFiles%\Services -> [Folder | Modified Date = 12/28/2007 6:38:25 PM | Attr = ]
SWF Studio -> %CommonProgramFiles%\SWF Studio -> [Folder | Modified Date = 12/23/2007 2:46:51 AM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 12/28/2007 5:42:13 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/2/2008 12:27:01 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5002 bytes | Modified Date = 1/14/2008 12:55:59 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 1/14/2008 12:55:59 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 3/2/2006 12:06:29 PM | Attr = ]

< End of report >

#12 ace61502

ace61502
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Olive Branch, MS
  • Local time:03:24 PM

Posted 19 January 2008 - 11:55 PM

*sigh* jkhhf is still there.

Some other things I forgot to mention about the problems I had been having:

My Symantics touchpad driver kept getting compromised, requiring it to be re-installed
My Dell WLAN wireless utility driver kept getting compromised, requiring it to be re-installed
Something keeps disabling my screen saver.

I'm curious as to what was causing that.

ETA: I also have a question about Tea Timer (it's driving me up the wall!). I keep clicking for it to always react this way and denying whatever it pops up, but it still keeps popping up the same things over and over on the same sites, like Photobucket. What's up with that? Any idea?

Edited by ace61502, 19 January 2008 - 11:59 PM.


#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:24 PM

Posted 20 January 2008 - 02:28 PM

Hi ace61502. Not to worry. We're not done with this yet lol. We need a diferent tool.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
c:\windows\system32\fhhkj.ini
c:\windows\system32\fhhkj.ini2
c:\windows\system32\jkhhf.dll
c:\windows\system32\jkhhf.exe

registry values to delete:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | load

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh WinPFind35u log by using Add/Reply

4. Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system32\jkhhf.exe -> %System32%\jkhhf.exe
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {9C239876-E19C-4B8A-BDD7-C05063FEDE49} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {E2B63EC5-22AB-4C2C-B686-DECA9BD786AC} [HKEY_LOCAL_MACHINE] -> %System32%\jkhhf.dll [Reg Error: Value does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
YY -> fhhkj.ini -> %System32%\fhhkj.ini
YY -> fhhkj.ini2 -> %System32%\fhhkj.ini2
YY -> jkhhf.dll -> %System32%\jkhhf.dll
YY -> jkhhf.exe -> %System32%\jkhhf.exe
[Files/Folders - Modified Within 30 days]
YY -> fhhkj.ini -> %System32%\fhhkj.ini
YY -> fhhkj.ini2 -> %System32%\fhhkj.ini2
YY -> jkhhf.dll -> %System32%\jkhhf.dll
YY -> jkhhf.exe -> %System32%\jkhhf.exe
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
YY -> @Alternate Data Stream - 111 bytes -> %AllUsersAppData%\TEMP:C86B29EB
YY -> @Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:FD604D11
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind35u scan.

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Post the Avenger report and the new WPF35u lag back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 ace61502

ace61502
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Olive Branch, MS
  • Local time:03:24 PM

Posted 20 January 2008 - 02:52 PM

All hell is breaking loose now!

I'm getting popups again. Once there was just one after another after another popping up until I got task manager open and used the alt+tab function to ke pulling it back to the front until I managed to end task one of them before another popped up in front of it again.

Got an iexplore.exe error, but don't remember what it all said.

NT_Kernelerror 1256 has popped up several times.

The storageprotector.com links are back on my desktop.

Then I got this error and was able to write it all down:

A potential problem has been detected and Windows has been shutdown buggy application topreent damage to your computer
***WXZ.SYS - Address F73120A6 base at C00000, Date Stamp 36b072A3
kernel debugger using: COM2 (Port 0x28f, Baud Rate 192000)


What in the world is going on?

Amanda

#15 ace61502

ace61502
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Olive Branch, MS
  • Local time:03:24 PM

Posted 20 January 2008 - 02:53 PM

I didn't see your reply before posting the above. I wonder if I should wait to hear back from you before running the above fixes? This is driving me crazy!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users