Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying Searchfeed Attack...


  • Please log in to reply
15 replies to this topic

#1 Dragoon The Lad

Dragoon The Lad

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 07 February 2008 - 01:50 AM

So I've tried numerous methods of removing some malware on another infected computer to no avail.

I DID have a better post, but it was made so I can't go back and retrieve what I previously typed in when the hijack this error message pops up on the forum... anyways...

I'll try to resummarize. I'm willing to go from step 1 as long as someone doesn't mind helping me out with a walkthrough. I've tried numerous methods without success, kas and adaware have been useless without the right prep steps, and some tools won't even work within the other computer, with an error message coming up out of nowhere.

The hijacker leads to several sites, such as various searchfeed results that will never be meeting my hard earned money.

The infected computer has (slow) web access, so while small things can be attempted, I am unable to run web-scanners. I only use one antivirus utility at a time (I cripple / remove others if I try another tool), so I'm pretty certain this isn't being caused by antivirus crossover problems.

One of the problems caused are random eight letter executable files created in the system32 folder, which I originally found using procexp to figure out what was going on with the browser in the first place. After that, it was a flurry of nuisance.

Without further ado, the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:13 AM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Matthew\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139482890553
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150849108162
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/chuzzled...aploader_v7.cab
O20 - AppInit_DLLs: PAVWAIT.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe

--
End of file - 5455 bytes

*Edit*
I'm suppose I would still be in the "diagnosis" step of this, since the problem seems to be something I haven't found yet... or at least not something that can be removed easily.

Edited by Dragoon The Lad, 07 February 2008 - 01:58 AM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:33 AM

Posted 13 February 2008 - 12:18 PM

Hello Dragoon The Lad and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.

Searchfeed is a legitimate web advertising company, just like Google or Yahoo. The links could very well be legitimate. Hard to say at this point.

Let's look a little deeper and see if anything shows up. If not, we might want to send you over to the XP forum and have them check for any performance issues.

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Dragoon The Lad

Dragoon The Lad
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 13 February 2008 - 01:57 PM

Alrighty...

Here's the log.


WinPFind35 logfile created on: 2/13/2008 1:49:10 PM
WinPFind35U Version Beta51	 Folder = C:\Documents and Settings\Matthew\Desktop\WinPFind35u\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5700.6)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.48 Mb Total Physical Memory | 537.86 Mb Available Physical Memory | 52.60% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): C:\pagefile.sys 1533 2000;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 6.71 Gb Free Space | 12.02% Space Free | Partition Type: NTFS
Drive D: | 677.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAGOON
Current User Name: Matthew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 10:02:58 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 10:02:58 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 7/6/2007 1:02:26 PM | Attr =	]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 7/21/2005 1:07:22 AM | Attr =	]
ezprint.exe -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 8/1/2005 7:05:04 AM | Attr =	]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 8/6/2005 12:07:30 AM | Attr =	]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.6.43.1 | Size = 75304 bytes | Modified Date = 4/19/2007 12:35:46 PM | Attr =	]
tangoservice.exe -> %ProgramFiles%\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe ->  [Ver =  | Size = 57344 bytes | Modified Date = 8/5/2003 12:48:04 PM | Attr =	]
lxcgcoms.exe -> %SystemRoot%\SYSTEM32\lxcgcoms.exe ->   [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 7/25/2005 2:25:18 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 7/6/2007 1:02:26 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 10:02:58 PM | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\ati2sgag.exe ->  [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 8/5/2005 8:05:00 PM | Attr =	]
(AVP) Kaspersky Internet Security 7.0 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 218376 bytes | Modified Date = 6/28/2007 12:51:38 PM | Attr =	]
(C-DillaSrv) C-DillaSrv [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CDANTSRV.EXE -> C-Dilla Ltd [Ver = 3.22.020 | Size = 32256 bytes | Modified Date = 1/15/2001 3:20:24 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr =	]
(DomainService) DomainService [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\dfhtdqwo.exe -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/25/2007 10:46:36 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.6.43.1 | Size = 75304 bytes | Modified Date = 4/19/2007 12:35:46 PM | Attr =	]
(lnss_sscans) GFI LANguard N.S.S. Scheduled Scans Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\GFI\LANguard Network Security Scanner 3\sscansvc.exe -> GFI Software Ltd. [Ver = 1.0.0.0 | Size = 545792 bytes | Modified Date = 3/25/2003 9:28:09 AM | Attr =	]
(Lotus Domino Server (LotusDominoData)) Lotus Domino Server (LotusDominoData) [Win32_Own | Disabled | Stopped] -> %SystemDrive%\Lotus\Domino\nservice.exe =C:\Lotus\Domino\notes.ini -> File not found
(lxcg_device) lxcg_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\SYSTEM32\lxcgcoms.exe ->   [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 7/25/2005 2:25:18 PM | Attr =	]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.000 | Size = 69632 bytes | Modified Date = 8/17/2004 12:28:39 AM | Attr =	]
(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> File not found
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found
(TangoService) Tango Service [Win32_Own | Auto | Running] -> %ProgramFiles%\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe ->  [Ver =  | Size = 57344 bytes | Modified Date = 8/5/2003 12:48:04 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(Ad-Watch Connect Filter) Ad-Watch Connect Kernel Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\NSDriver.sys -> Lavasoft AB [Ver = 1.0.0.0 | Size = 9344 bytes | Modified Date = 6/4/2007 2:18:48 PM | Attr =	]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 1:15:00 PM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr =	]
(AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\an983.sys -> ADMtek Incorporated. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Modified Date = 8/28/2002 9:59:12 PM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 1:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 1:51:58 PM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6561 | Size = 1273344 bytes | Modified Date = 8/3/2005 10:10:18 PM | Attr =	]
(AvFlt) Antivirus Filter Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\av5flt.sys -> File not found
(BCM43XX) Linksys Wireless-G PCI Network Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.100.46.0 built by: WinDDK | Size = 369024 bytes | Modified Date = 4/29/2004 2:01:00 AM | Attr = R  ]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.51.0.0 built by: WinDDK | Size = 42368 bytes | Modified Date = 1/15/2003 2:45:06 PM | Attr =	]
(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\BCMSM.sys -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr =	]
(C-Dilla) C-Dilla [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CDANT.SYS -> C-Dilla Ltd [Ver = 3.22.020 | Size = 113512 bytes | Modified Date = 1/15/2001 3:20:24 PM | Attr =	]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Matthew\LOCALS~1\Temp\catchme.sys -> File not found
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 9336 bytes | Modified Date = 3/7/2007 6:51:00 PM | Attr =	]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 9464 bytes | Modified Date = 3/7/2007 6:51:00 PM | Attr =	]
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\cdudf_xp.sys -> Roxio [Ver = 5.3.4.21 built by: WinDDK | Size = 241152 bytes | Modified Date = 12/17/2002 12:27:32 PM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 1:51:54 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 1:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:17 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\Dvd_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 25898 bytes | Modified Date = 6/30/2003 10:29:46 PM | Attr =	]
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 12:11:06 PM | Attr =	]
(ENDETECT) ENDETECT [Kernel | On_Demand | Stopped] -> %ProgramFiles%\FrontierNet\FrontierNet DSL Attendant\app\endetect.sys -> Efficient Networks, Inc. [Ver = 1.00 | Size = 7752 bytes | Modified Date = 8/5/2003 12:56:06 PM | Attr =	]
(ENETHUSB) Speedstream Ethernet USB Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\enethusb.sys -> Efficient Networks, Inc. [Ver = 2.1.0.60 | Size = 28005 bytes | Modified Date = 5/14/2003 5:16:35 AM | Attr =	]
(Fadpu16E) Fadpu16E [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Matthew\LOCALS~1\Temp\Fadpu16E.sys -> File not found
(gmer) gmer [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
(HPUATA) HP CD Writer Plus Controller Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\HPUATA.sys -> SCM Microsystems Inc. [Ver = 4.2.3.30 | Size = 75776 bytes | Modified Date = 9/24/2001 3:36:28 AM | Attr =	]
(hwi4857) USB Flash Memory Controller Service2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\hwi4857.sys -> Cowon Systems, Inc. [Ver = 6.00 | Size = 10532 bytes | Modified Date = 12/31/2003 1:20:55 AM | Attr =	]
(i81x) i81x [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 161020 bytes | Modified Date = 8/4/2004 12:29:36 AM | Attr =	]
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12415 bytes | Modified Date = 8/4/2004 12:29:37 AM | Attr =	]
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12127 bytes | Modified Date = 8/4/2004 12:29:37 AM | Attr =	]
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11775 bytes | Modified Date = 8/4/2004 12:29:37 AM | Attr =	]
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12063 bytes | Modified Date = 8/4/2004 12:29:47 AM | Attr =	]
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19455 bytes | Modified Date = 8/4/2004 12:29:49 AM | Attr =	]
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 29311 bytes | Modified Date = 8/4/2004 12:29:41 AM | Attr =	]
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19551 bytes | Modified Date = 8/4/2004 12:29:42 AM | Attr =	]
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 33599 bytes | Modified Date = 8/4/2004 12:29:43 AM | Attr =	]
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 23615 bytes | Modified Date = 8/4/2004 12:29:45 AM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3762 | Size = 681469 bytes | Modified Date = 2/10/2004 11:17:06 AM | Attr =	]
(kl1) kl1 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\kl1.sys -> Kaspersky Lab [Ver = 6.1.21.0 | Size = 110360 bytes | Modified Date = 4/28/2007 4:51:02 PM | Attr =	]
(klif) klif [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 1/24/2008 11:37:40 AM | Attr =	]
(klim5) Kaspersky Anti-Virus NDIS Filter [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\klim5.sys -> Kaspersky Lab [Ver = 6.1.22.0 | Size = 24344 bytes | Modified Date = 4/4/2007 2:58:26 PM | Attr =	]
(L2XPSR) L2XPSR [Kernel | On_Demand | Stopped] -> %ProgramFiles%\FrontierNet\FrontierNet DSL Attendant\app\l2xpsr.sys -> Efficient Networks, Inc. [Ver = 2.13.03.00 | Size = 18478 bytes | Modified Date = 8/5/2003 12:54:56 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\Mmc_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 30630 bytes | Modified Date = 6/30/2003 10:29:46 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr =	]
(NPPTNT) NPPTNT [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\npptNT.sys -> INCA Internet Co., Ltd. [Ver = 2003, 7, 22, 1 | Size = 4608 bytes | Modified Date = 7/22/2003 1:14:04 AM | Attr =	]
(NTSTPL2) NTSTPL2 [Kernel | On_Demand | Stopped] -> %ProgramFiles%\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL2.SYS -> Network TeleSystems, Inc. [Ver = 4.17 | Size = 16736 bytes | Modified Date = 8/5/2003 12:56:24 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:54 AM | Attr =	]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 318, 0 | Size = 17153 bytes | Modified Date = 7/19/2002 10:22:08 AM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 11/20/2007 4:36:13 PM | Attr =	]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PortRst) PortRst [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\PortRST.sys -> Barom Technologies Co., Ltd. [Ver = 1.0.0.2 | Size = 12721 bytes | Modified Date = 12/31/2003 1:20:55 AM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr =	]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pwd_2K.sys -> Roxio [Ver = 5.3.4.59 | Size = 143834 bytes | Modified Date = 6/30/2003 10:29:46 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/7/2007 6:51:00 PM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 1:52:18 PM | Attr =	]
(SABProcEnum) SABProcEnum [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Internet Explorer\SABProcEnum.sys -> File not found
(SbcpHid) SbcpHid [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SbcpHid.sys ->  [Ver = 1.00 | Size = 22400 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr =	]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3538 | Size = 539008 bytes | Modified Date = 12/19/2002 5:48:48 PM | Attr =	]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 12:56:16 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr =	]
(SQTECH905C) DualCamera [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\Capt905c.sys -> Service & Quality Technology. [Ver = 0, 0, 1, 14 | Size = 38937 bytes | Modified Date = 3/24/2005 5:21:22 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr =	]
(TAPBIND) TAPBIND [Kernel | On_Demand | Stopped] -> %ProgramFiles%\FrontierNet\FrontierNet DSL Attendant\app\tapbind1.sys -> Network TeleSystems, Inc. [Ver = 4.25 | Size = 47136 bytes | Modified Date = 8/5/2003 12:56:22 PM | Attr =	]
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\udfreadr_xp.sys -> Roxio [Ver = 5.3.4.60 built by: WinDDK | Size = 206464 bytes | Modified Date = 6/30/2003 10:29:46 PM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 10/8/2002 11:57:40 AM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3442 | Size = 108736 bytes | Modified Date = 1/14/2003 12:38:36 PM | Attr =	]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3442 | Size = 78272 bytes | Modified Date = 1/14/2003 12:38:30 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
7ce1ab5a -> %SystemRoot%\SYSTEM32\yfmpplch.dll ->  [Ver =  | Size = 86080 bytes | Modified Date = 2/13/2008 11:26:54 AM | Attr =	]
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> File not found
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 8/6/2005 12:07:30 AM | Attr =	]
EzPrint -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 8/1/2005 7:05:04 AM | Attr =	]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe ->  [Ver =  | Size = 299008 bytes | Modified Date = 7/12/2005 8:36:32 AM | Attr =	]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 7/21/2005 1:07:22 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Matthew Startup Folder > -> C:\Documents and Settings\Matthew\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
PAVWAIT.DLL -> PAVWAIT.DLL -> File not found
C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 91400 bytes | Modified Date = 6/28/2007 12:51:42 PM | Attr =	]
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{BBB05D9E-0297-404D-A6BF-D8F2876B84A6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cbxwxyv.dll [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\SYSTEM32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 8/3/2005 10:04:18 PM | Attr =	]
cbxwxyv ->  -> File not found
igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3762 | Size = 339968 bytes | Modified Date = 2/10/2004 10:51:10 AM | Attr =	]
klogon -> %SystemRoot%\SYSTEM32\klogon.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 206088 bytes | Modified Date = 6/28/2007 12:51:48 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> about:blank -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: ProxyOverride ->  -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 9082 domain(s) found. -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
pagebuilder_yahoo.com [http] -> Trusted sites -> 
3 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{4fb8ee80-84ed-48be-9aa3-039bd59b42f5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\gohcuyum.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/13/2008 11:23:54 AM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 12:03:00 AM | Attr =	]
{69A87B7D-DE56-4136-9655-716BA50C19C7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] ->  [Ver =  | Size = 233472 bytes | Modified Date = 9/20/2005 2:41:40 PM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{BBB05D9E-0297-404D-A6BF-D8F2876B84A6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cbxwxyv.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]
{CFF8681B-513F-413D-B576-99F1B7D3E0D9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\mljjj.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 323168 bytes | Modified Date = 12/1/2007 5:47:48 PM | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] ->  [Ver =  | Size = 233472 bytes | Modified Date = 9/20/2005 2:41:40 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{B24BA06E-FB7B-4757-95C2-DC01125F750E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\YRefresher\YRefresher.dll [RefresherBand Class] ->  [Ver = 1, 0, 0, 1 | Size = 45056 bytes | Modified Date = 8/3/2001 4:58:00 PM | Attr =	]
WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]
WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] ->  [Ver =  | Size = 233472 bytes | Modified Date = 9/20/2005 2:41:40 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 222472 bytes | Modified Date = 6/28/2007 12:51:52 PM | Attr =	]
CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{120E090D-9136-4b78-8258-F0B44B4BD2AC} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77E68763-4284-41d6-B7E7-B6E1F053A9E7} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{05DB2DBC-96A4-44E5-AAA9-DC7412F20FAC} ->	() -> 
{35F9BBB5-A959-43F0-80F7-0F6923025BD9} ->	() -> 
{8FC6E816-37A0-48A9-BDDA-2088FA798118} ->	(Linksys Wireless-G PCI Network Adapter with SpeedBooster) -> 
{92B79E50-D28C-434C-8858-0759CEAABFB9} ->	() -> 
{D06F0E39-1B9B-4ED6-B6AF-91333A6F7F5A} ->	(Linksys NC100 Fast Ethernet Adapter) -> 
{F40BF3AF-8983-4906-9980-93E843C90751} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[{B5AB638F-D76C-415B-A8F2-F3CEAC502212}] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[{B5AB638F-D76C-415B-A8F2-F3CEAC502212}] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000075-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/voxacm.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{00000161-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/msaudio.cab[Reg Error: Key does not exist or could not be opened.] -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139482890553[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150849108162[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38198.9629050926[Reg Error: Key does not exist or could not be opened.] -> 
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[ZoneIntro Class] -> 
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-000000000000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Reg Error: Key does not exist or could not be opened.] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/chuzzledeluxe/popcaploader_v7.cab[PopCapLoader Object] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
Yahoo! Graffiti[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/clients/y/grt5_x.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =	]
C:\\WINDOWS\\system32\\mljjj -> %SystemRoot%\SYSTEM32\mljjj.dll ->  [Ver =  | Size = 323168 bytes | Modified Date = 12/1/2007 5:47:48 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =	]
schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1916 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 24794 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 122880 bytes | Modified Date = 1/29/2007 4:33:41 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 219952 bytes | Modified Date = 9/17/2007 6:11:01 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE -> C:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE [C:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE:*:Enabled:Age of Empires] -> Microsoft Corporation [Ver = 00.09.13.1115 | Size = 1470464 bytes | Modified Date = 12/1/1999 1:43:10 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List.REN\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List.REN\\C:\WINDOWS\system32\dfhtdqwo.exe -> C:\WINDOWS\system32\dfh -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\135:TCP -> 135:TCP:*:Enabled:TCP Port 135 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{05DB2DBC-96A4-44E5-AAA9-DC7412F20FAC} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{37DB30F0-D607-4652-ABE6-08B630ED3F84} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{F40BF3AF-8983-4906-9980-93E843C90751} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 -> 


[Files/Folders - Created Within 30 days]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Created Date = 1/25/2008 2:08:58 PM | Attr =	]
KAV -> %SystemDrive%\KAV ->  [Folder | Created Date = 1/24/2008 6:12:48 AM | Attr =	]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 2/7/2008 2:28:26 AM | Attr =	]
UBCD4Win -> %SystemDrive%\UBCD4Win ->  [Folder | Created Date = 1/24/2008 5:21:53 AM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 1/24/2008 4:41:44 AM | Attr =	]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.05.0010 | Size = 115200 bytes | Modified Date = 1/24/2008 4:41:27 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 10637344 bytes | Modified Date = 2/7/2008 2:29:33 AM | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 54356 bytes | Modified Date = 2/7/2008 2:29:33 AM | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 78368 bytes | Modified Date = 2/13/2008 1:46:57 PM | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 4196 bytes | Modified Date = 2/7/2008 2:29:33 AM | Attr =  HS]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
klick.dat -> %SystemRoot%\System32\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Modified Date = 1/24/2008 11:36:41 AM | Attr =	]
klin.dat -> %SystemRoot%\System32\drivers\klin.dat ->  [Ver =  | Size = 91700 bytes | Modified Date = 2/4/2008 1:54:49 AM | Attr =	]
ajnuyjcx.dll -> %SystemRoot%\System32\ajnuyjcx.dll ->  [Ver =  | Size = 93760 bytes | Modified Date = 2/9/2008 11:22:31 AM | Attr =	]
akfnvrag.dll -> %SystemRoot%\System32\akfnvrag.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 12:23:57 PM | Attr =	]
akxhsaik.dll -> %SystemRoot%\System32\akxhsaik.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 6:55:10 AM | Attr =	]
amqqnowg.dll -> %SystemRoot%\System32\amqqnowg.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 4:20:33 PM | Attr =	]
aobveehd.dll -> %SystemRoot%\System32\aobveehd.dll ->  [Ver =  | Size = 95808 bytes | Modified Date = 2/8/2008 3:06:38 AM | Attr =	]
asnaxpes.ini -> %SystemRoot%\System32\asnaxpes.ini ->  [Ver =  | Size = 1143112 bytes | Modified Date = 1/25/2008 12:16:31 PM | Attr =  HS]
auoyykfn.ini -> %SystemRoot%\System32\auoyykfn.ini ->  [Ver =  | Size = 1143172 bytes | Modified Date = 1/25/2008 1:17:36 PM | Attr =  HS]
avhaebbw.dll -> %SystemRoot%\System32\avhaebbw.dll ->  [Ver =  | Size = 77376 bytes | Modified Date = 1/17/2008 10:48:52 AM | Attr =	]
ayovgmxm.ini -> %SystemRoot%\System32\ayovgmxm.ini ->  [Ver =  | Size = 1192152 bytes | Modified Date = 2/4/2008 2:11:50 AM | Attr =  HS]
baykhmkp.dll -> %SystemRoot%\System32\baykhmkp.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 12:13:07 PM | Attr =	]
bbiaeuyn.dll -> %SystemRoot%\System32\bbiaeuyn.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 1/30/2008 7:54:23 PM | Attr =	]
bccyoakj.dll -> %SystemRoot%\System32\bccyoakj.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 9:37:08 PM | Attr =	]
bctggvrh.dll -> %SystemRoot%\System32\bctggvrh.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 4:52:23 AM | Attr =	]
bgiiglmk.dll -> %SystemRoot%\System32\bgiiglmk.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 12:20:32 PM | Attr =	]
bkpguxaq.dll -> %SystemRoot%\System32\bkpguxaq.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 1/28/2008 7:54:41 PM | Attr =	]
bmkeepsr.dll -> %SystemRoot%\System32\bmkeepsr.dll ->  [Ver =  | Size = 87616 bytes | Modified Date = 1/24/2008 4:49:49 AM | Attr =	]
bmtukuml.dll -> %SystemRoot%\System32\bmtukuml.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 8:34:09 PM | Attr =	]
bpcqsjkx.exe -> %SystemRoot%\System32\bpcqsjkx.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/27/2008 7:50:19 PM | Attr =	]
bppetjol.dll -> %SystemRoot%\System32\bppetjol.dll ->  [Ver =  | Size = 89664 bytes | Modified Date = 2/9/2008 11:23:49 AM | Attr =	]
bsggcado.dll -> %SystemRoot%\System32\bsggcado.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/4/2008 1:47:09 AM | Attr =	]
btqtufya.ini -> %SystemRoot%\System32\btqtufya.ini ->  [Ver =  | Size = 1134062 bytes | Modified Date = 1/25/2008 1:52:40 AM | Attr =  HS]
bymuxpov.exe -> %SystemRoot%\System32\bymuxpov.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/30/2008 7:51:22 PM | Attr =	]
ceoepocf.dll -> %SystemRoot%\System32\ceoepocf.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 3:48:41 PM | Attr =	]
cpsapabf.dll -> %SystemRoot%\System32\cpsapabf.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 1:44:37 AM | Attr =	]
cvjhojqy.ini -> %SystemRoot%\System32\cvjhojqy.ini ->  [Ver =  | Size = 1135622 bytes | Modified Date = 1/25/2008 7:04:23 AM | Attr =  HS]
dcxmfumy.ini -> %SystemRoot%\System32\dcxmfumy.ini ->  [Ver =  | Size = 1142812 bytes | Modified Date = 1/26/2008 3:27:32 PM | Attr =  HS]
dequvfiv.ini -> %SystemRoot%\System32\dequvfiv.ini ->  [Ver =  | Size = 1130398 bytes | Modified Date = 1/24/2008 2:39:22 PM | Attr =  HS]
dkxkbhev.dll -> %SystemRoot%\System32\dkxkbhev.dll ->  [Ver =  | Size = 85568 bytes | Modified Date = 1/20/2008 10:57:24 AM | Attr =	]
drieuuhj.ini -> %SystemRoot%\System32\drieuuhj.ini ->  [Ver =  | Size = 1199933 bytes | Modified Date = 2/7/2008 3:39:52 AM | Attr =  HS]
dvgolgeo.dll -> %SystemRoot%\System32\dvgolgeo.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 1:59:26 AM | Attr =	]
ehqwtxbh.dll -> %SystemRoot%\System32\ehqwtxbh.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/11/2008 11:23:54 AM | Attr =	]
eiemchpv.dll -> %SystemRoot%\System32\eiemchpv.dll ->  [Ver =  | Size = 94784 bytes | Modified Date = 2/9/2008 3:06:37 AM | Attr =	]
eipnuupg.ini -> %SystemRoot%\System32\eipnuupg.ini ->  [Ver =  | Size = 1119642 bytes | Modified Date = 1/24/2008 5:45:16 AM | Attr =  HS]
elgmsnja.ini -> %SystemRoot%\System32\elgmsnja.ini ->  [Ver =  | Size = 1109005 bytes | Modified Date = 1/22/2008 1:29:50 PM | Attr =  HS]
eqbsidll.ini -> %SystemRoot%\System32\eqbsidll.ini ->  [Ver =  | Size = 1142752 bytes | Modified Date = 1/25/2008 3:27:05 PM | Attr =  HS]
eqlwdpvr.ini -> %SystemRoot%\System32\eqlwdpvr.ini ->  [Ver =  | Size = 1221683 bytes | Modified Date = 2/9/2008 11:21:45 AM | Attr =  HS]
esalmfvu.dll -> %SystemRoot%\System32\esalmfvu.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/27/2008 7:53:20 PM | Attr =	]
exdpkuqf.ini -> %SystemRoot%\System32\exdpkuqf.ini ->  [Ver =  | Size = 1130518 bytes | Modified Date = 1/24/2008 4:17:47 PM | Attr =  HS]
fdeyjmom.dll -> %SystemRoot%\System32\fdeyjmom.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/4/2008 12:54:24 AM | Attr =	]
fembqtlg.dll -> %SystemRoot%\System32\fembqtlg.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 7:01:07 AM | Attr =	]
fodrgkal.dll -> %SystemRoot%\System32\fodrgkal.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 2:20:52 PM | Attr =	]
fotmkora.ini -> %SystemRoot%\System32\fotmkora.ini ->  [Ver =  | Size = 1133394 bytes | Modified Date = 1/25/2008 2:55:26 AM | Attr =  HS]
ftwcchqk.dll -> %SystemRoot%\System32\ftwcchqk.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 10:07:07 AM | Attr =	]
geohlgvn.ini -> %SystemRoot%\System32\geohlgvn.ini ->  [Ver =  | Size = 1073283 bytes | Modified Date = 1/18/2008 10:51:49 AM | Attr =  HS]
glbuwhpd.dll -> %SystemRoot%\System32\glbuwhpd.dll ->  [Ver =  | Size = 81984 bytes | Modified Date = 1/18/2008 10:51:26 AM | Attr =	]
gohcuyum.dll -> %SystemRoot%\System32\gohcuyum.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/13/2008 11:23:54 AM | Attr =	]
gpuunpie.dll -> %SystemRoot%\System32\gpuunpie.dll ->  [Ver =  | Size = 87616 bytes | Modified Date = 1/24/2008 5:13:52 AM | Attr =	]
gqwnfvbo.ini -> %SystemRoot%\System32\gqwnfvbo.ini ->  [Ver =  | Size = 1089316 bytes | Modified Date = 1/21/2008 12:51:26 PM | Attr =  HS]
hcetyeop.dll -> %SystemRoot%\System32\hcetyeop.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 1:54:18 PM | Attr =	]
hclppmfy.ini -> %SystemRoot%\System32\hclppmfy.ini ->  [Ver =  | Size = 1211815 bytes | Modified Date = 2/13/2008 11:27:48 AM | Attr =  HS]
hfxqccpc.exe -> %SystemRoot%\System32\hfxqccpc.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/29/2008 7:49:53 PM | Attr =	]
hgklpnmq.dll -> %SystemRoot%\System32\hgklpnmq.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/26/2008 7:51:08 PM | Attr =	]
hkfmcvps.ini -> %SystemRoot%\System32\hkfmcvps.ini ->  [Ver =  | Size = 1172233 bytes | Modified Date = 2/3/2008 7:54:41 PM | Attr =  HS]
hlobtjjt.dll -> %SystemRoot%\System32\hlobtjjt.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 7:28:10 PM | Attr =	]
hmaouioq.ini -> %SystemRoot%\System32\hmaouioq.ini ->  [Ver =  | Size = 1180987 bytes | Modified Date = 1/31/2008 7:54:50 PM | Attr =  HS]
hosovjyr.dll -> %SystemRoot%\System32\hosovjyr.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 2:46:06 AM | Attr =	]
huxivllg.dll -> %SystemRoot%\System32\huxivllg.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/1/2008 7:51:17 PM | Attr =	]
hvovhifg.exe -> %SystemRoot%\System32\hvovhifg.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/26/2008 7:48:27 PM | Attr =	]
ijfdrhjg.ini -> %SystemRoot%\System32\ijfdrhjg.ini ->  [Ver =  | Size = 1142692 bytes | Modified Date = 1/25/2008 2:24:01 PM | Attr =  HS]
invjfjkv.ini -> %SystemRoot%\System32\invjfjkv.ini ->  [Ver =  | Size = 1138053 bytes | Modified Date = 1/25/2008 11:13:23 AM | Attr =  HS]
itlabicf.dll -> %SystemRoot%\System32\itlabicf.dll ->  [Ver =  | Size = 92224 bytes | Modified Date = 2/7/2008 3:36:37 AM | Attr =	]
jjjlm.ini2 -> %SystemRoot%\System32\jjjlm.ini2 ->  [Ver =  | Size = 164461 bytes | Modified Date = 2/13/2008 1:49:33 PM | Attr =  HS]
jowaxqvk.dll -> %SystemRoot%\System32\jowaxqvk.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 3:55:07 AM | Attr =	]
jwaawiyy.dll -> %SystemRoot%\System32\jwaawiyy.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/21/2008 12:45:49 PM | Attr =	]
kqkmvsfv.ini -> %SystemRoot%\System32\kqkmvsfv.ini ->  [Ver =  | Size = 1142632 bytes | Modified Date = 1/25/2008 2:19:06 PM | Attr =  HS]
krvghyjt.ini -> %SystemRoot%\System32\krvghyjt.ini ->  [Ver =  | Size = 1130818 bytes | Modified Date = 1/24/2008 8:41:03 PM | Attr =  HS]
kydrnhot.ini -> %SystemRoot%\System32\kydrnhot.ini ->  [Ver =  | Size = 1130998 bytes | Modified Date = 1/24/2008 11:46:43 PM | Attr =  HS]
lfacwvhx.ini -> %SystemRoot%\System32\lfacwvhx.ini ->  [Ver =  | Size = 1130578 bytes | Modified Date = 1/24/2008 4:29:45 PM | Attr =  HS]
lgvxqatp.dll -> %SystemRoot%\System32\lgvxqatp.dll ->  [Ver =  | Size = 90688 bytes | Modified Date = 2/6/2008 3:20:08 AM | Attr =	]
lkqcdvvh.exe -> %SystemRoot%\System32\lkqcdvvh.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/25/2008 2:20:49 PM | Attr =	]
lojteppb.ini -> %SystemRoot%\System32\lojteppb.ini ->  [Ver =  | Size = 1217990 bytes | Modified Date = 2/10/2008 11:24:18 AM | Attr =  HS]
lsawwlrm.dll -> %SystemRoot%\System32\lsawwlrm.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 1:54:48 AM | Attr =	]
ltusskyo.dll -> %SystemRoot%\System32\ltusskyo.dll ->  [Ver =  | Size = 86080 bytes | Modified Date = 2/12/2008 11:26:54 AM | Attr =	]
mbvqksml.exe -> %SystemRoot%\System32\mbvqksml.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/25/2008 3:23:45 PM | Attr =	]
mcwkvuar.dll -> %SystemRoot%\System32\mcwkvuar.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/26/2008 3:23:46 PM | Attr =	]
meuukmaf.exe -> %SystemRoot%\System32\meuukmaf.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 2/4/2008 2:06:24 AM | Attr =	]
mlngvcda.dll -> %SystemRoot%\System32\mlngvcda.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/3/2008 7:51:17 PM | Attr =	]
momjyedf.ini -> %SystemRoot%\System32\momjyedf.ini ->  [Ver =  | Size = 1188432 bytes | Modified Date = 2/4/2008 12:54:41 AM | Attr =  HS]
mugnirtp.ini -> %SystemRoot%\System32\mugnirtp.ini ->  [Ver =  | Size = 1172173 bytes | Modified Date = 2/2/2008 7:54:38 PM | Attr =  HS]
murnbdjt.ini -> %SystemRoot%\System32\murnbdjt.ini ->  [Ver =  | Size = 1073352 bytes | Modified Date = 1/19/2008 10:57:37 AM | Attr =  HS]
mxmgvoya.dll -> %SystemRoot%\System32\mxmgvoya.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/4/2008 2:11:29 AM | Attr =	]
nbevrygw.ini -> %SystemRoot%\System32\nbevrygw.ini ->  [Ver =  | Size = 1134160 bytes | Modified Date = 1/25/2008 6:01:22 AM | Attr =  HS]
ndbwlpuv.dll -> %SystemRoot%\System32\ndbwlpuv.dll ->  [Ver =  | Size = 86080 bytes | Modified Date = 2/10/2008 11:26:49 AM | Attr =	]
nfkyyoua.dll -> %SystemRoot%\System32\nfkyyoua.dll ->  [Ver =  | Size = 87104 bytes | Modified Date = 1/25/2008 1:17:10 PM | Attr =	]
nhmrmdcv.dll -> %SystemRoot%\System32\nhmrmdcv.dll ->  [Ver =  | Size = 80960 bytes | Modified Date = 1/23/2008 3:30:47 PM | Attr =	]
nwgivgwx.ini -> %SystemRoot%\System32\nwgivgwx.ini ->  [Ver =  | Size = 1219221 bytes | Modified Date = 2/11/2008 11:27:14 AM | Attr =  HS]
nxgwsook.dll -> %SystemRoot%\System32\nxgwsook.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 10:40:08 PM | Attr =	]
obvfnwqg.dll -> %SystemRoot%\System32\obvfnwqg.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 1/21/2008 12:51:10 PM | Attr =	]
odacggsb.ini -> %SystemRoot%\System32\odacggsb.ini ->  [Ver =  | Size = 1191852 bytes | Modified Date = 2/4/2008 1:51:39 AM | Attr =  HS]
orwqeols.dll -> %SystemRoot%\System32\orwqeols.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 2:03:25 AM | Attr =	]
otdljjgk.ini -> %SystemRoot%\System32\otdljjgk.ini ->  [Ver =  | Size = 1130338 bytes | Modified Date = 1/24/2008 1:30:06 PM | Attr =  HS]
otobhppv.ini -> %SystemRoot%\System32\otobhppv.ini ->  [Ver =  | Size = 1129315 bytes | Modified Date = 1/24/2008 12:27:45 PM | Attr =  HS]
oykssutl.ini -> %SystemRoot%\System32\oykssutl.ini ->  [Ver =  | Size = 1217615 bytes | Modified Date = 2/12/2008 11:27:16 AM | Attr =  HS]
plyppboe.dll -> %SystemRoot%\System32\plyppboe.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 2:09:48 AM | Attr =	]
pspxexhb.dll -> %SystemRoot%\System32\pspxexhb.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 4:47:52 AM | Attr =	]
psxruupq.dll -> %SystemRoot%\System32\psxruupq.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 12:54:19 AM | Attr =	]
ptaqxvgl.ini -> %SystemRoot%\System32\ptaqxvgl.ini ->  [Ver =  | Size = 1194315 bytes | Modified Date = 2/6/2008 3:33:05 AM | Attr =  HS]
pyiruphs.dll -> %SystemRoot%\System32\pyiruphs.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 1:26:45 PM | Attr =	]
qaxugpkb.ini -> %SystemRoot%\System32\qaxugpkb.ini ->  [Ver =  | Size = 1142692 bytes | Modified Date = 1/28/2008 7:55:11 PM | Attr =  HS]
qmqqwkis.dll -> %SystemRoot%\System32\qmqqwkis.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 5:58:07 AM | Attr =	]
qngdixqi.dll -> %SystemRoot%\System32\qngdixqi.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 12:20:55 PM | Attr =	]
qplnvljh.dll -> %SystemRoot%\System32\qplnvljh.dll ->  [Ver =  | Size = 78400 bytes | Modified Date = 1/19/2008 10:51:24 AM | Attr =	]
quyjrsmv.dll -> %SystemRoot%\System32\quyjrsmv.dll ->  [Ver =  | Size = 94272 bytes | Modified Date = 2/6/2008 3:14:26 AM | Attr =	]
qvjyxxlt.dll -> %SystemRoot%\System32\qvjyxxlt.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 5:26:23 PM | Attr =	]
raifxrvc.dll -> %SystemRoot%\System32\raifxrvc.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 11:28:49 AM | Attr =	]
rbgwdjnn.dll -> %SystemRoot%\System32\rbgwdjnn.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 5:23:34 PM | Attr =	]
rblxxgfc.dll -> %SystemRoot%\System32\rblxxgfc.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 11:43:10 PM | Attr =	]
rmxbsaas.dll -> %SystemRoot%\System32\rmxbsaas.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 11:07:06 AM | Attr =	]
rspeekmb.ini -> %SystemRoot%\System32\rspeekmb.ini ->  [Ver =  | Size = 1119651 bytes | Modified Date = 1/24/2008 5:04:04 AM | Attr =  HS]
ruybamme.ini -> %SystemRoot%\System32\ruybamme.ini ->  [Ver =  | Size = 1142572 bytes | Modified Date = 1/27/2008 7:54:50 PM | Attr =  HS]
rvmfjrng.dll -> %SystemRoot%\System32\rvmfjrng.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 9:04:07 AM | Attr =	]
rvpdwlqe.dll -> %SystemRoot%\System32\rvpdwlqe.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/9/2008 3:09:37 AM | Attr =	]
sabgdetp.ini -> %SystemRoot%\System32\sabgdetp.ini ->  [Ver =  | Size = 1130938 bytes | Modified Date = 1/24/2008 10:43:38 PM | Attr =  HS]
scgqaagq.dll -> %SystemRoot%\System32\scgqaagq.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 8:01:08 AM | Attr =	]
sdyunhwg.dll -> %SystemRoot%\System32\sdyunhwg.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/12/2008 11:23:54 AM | Attr =	]
sgeglwfe.dll -> %SystemRoot%\System32\sgeglwfe.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 1:08:30 PM | Attr =	]
skaebqal.dll -> %SystemRoot%\System32\skaebqal.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 6:29:21 PM | Attr =	]
skfprdmp.dll -> %SystemRoot%\System32\skfprdmp.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 2:36:41 PM | Attr =	]
soincroh.dll -> %SystemRoot%\System32\soincroh.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/29/2008 7:52:52 PM | Attr =	]
spvcmfkh.dll -> %SystemRoot%\System32\spvcmfkh.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/3/2008 7:54:17 PM | Attr =	]
srjuxvky.dll -> %SystemRoot%\System32\srjuxvky.dll ->  [Ver =  | Size = 79936 bytes | Modified Date = 1/28/2008 7:48:59 PM | Attr =	]
tbkrofbm.dll -> %SystemRoot%\System32\tbkrofbm.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 1:46:08 AM | Attr =	]
teuyleed.ini -> %SystemRoot%\System32\teuyleed.ini ->  [Ver =  | Size = 1191985 bytes | Modified Date = 2/5/2008 2:54:53 AM | Attr =  HS]
tfeyayrh.dll -> %SystemRoot%\System32\tfeyayrh.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 1:56:32 PM | Attr =	]
tgpmpdlc.dll -> %SystemRoot%\System32\tgpmpdlc.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 3:27:06 PM | Attr =	]
tjdcelfg.ini -> %SystemRoot%\System32\tjdcelfg.ini ->  [Ver =  | Size = 1135682 bytes | Modified Date = 1/25/2008 8:07:22 AM | Attr =  HS]
tjsebcov.dll -> %SystemRoot%\System32\tjsebcov.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 12:46:08 AM | Attr =	]
tluuptfd.dll -> %SystemRoot%\System32\tluuptfd.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 3:49:06 AM | Attr =	]
tpwplmba.dll -> %SystemRoot%\System32\tpwplmba.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 1:11:09 PM | Attr =	]
tqaeroqw.ini -> %SystemRoot%\System32\tqaeroqw.ini ->  [Ver =  | Size = 1162207 bytes | Modified Date = 1/28/2008 7:55:12 PM | Attr =  HS]
tsmamhhw.ini -> %SystemRoot%\System32\tsmamhhw.ini ->  [Ver =  | Size = 1073412 bytes | Modified Date = 1/19/2008 10:57:49 AM | Attr =  HS]
txocnevi.dll -> %SystemRoot%\System32\txocnevi.dll ->  [Ver =  | Size = 96832 bytes | Modified Date = 2/2/2008 7:51:17 PM | Attr =	]
uhsbyakd.ini -> %SystemRoot%\System32\uhsbyakd.ini ->  [Ver =  | Size = 1194255 bytes | Modified Date = 2/6/2008 3:33:00 AM | Attr =  HS]
umldeegr.exe -> %SystemRoot%\System32\umldeegr.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/28/2008 7:51:38 PM | Attr =	]
umxcjgig.dll -> %SystemRoot%\System32\umxcjgig.dll ->  [Ver =  | Size = 77376 bytes | Modified Date = 1/22/2008 1:27:22 PM | Attr =	]
unahyxnd.ini -> %SystemRoot%\System32\unahyxnd.ini ->  [Ver =  | Size = 1130698 bytes | Modified Date = 1/24/2008 6:35:37 PM | Attr =  HS]
unuwjeey.dll -> %SystemRoot%\System32\unuwjeey.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 2:52:07 AM | Attr =	]
usheagik.ini -> %SystemRoot%\System32\usheagik.ini ->  [Ver =  | Size = 1185552 bytes | Modified Date = 1/31/2008 7:54:36 PM | Attr =  HS]
usixyvfi.ini -> %SystemRoot%\System32\usixyvfi.ini ->  [Ver =  | Size = 1188101 bytes | Modified Date = 2/1/2008 7:54:38 PM | Attr =  HS]
uwlkqotr.ini -> %SystemRoot%\System32\uwlkqotr.ini ->  [Ver =  | Size = 1117442 bytes | Modified Date = 1/23/2008 3:33:34 PM | Attr =  HS]
vcaxqqsd.dll -> %SystemRoot%\System32\vcaxqqsd.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/5/2008 2:35:29 AM | Attr =	]
vehbkxkd.ini -> %SystemRoot%\System32\vehbkxkd.ini ->  [Ver =  | Size = 1073472 bytes | Modified Date = 1/20/2008 10:57:45 AM | Attr =  HS]
vfqarpui.ini -> %SystemRoot%\System32\vfqarpui.ini ->  [Ver =  | Size = 1133454 bytes | Modified Date = 1/25/2008 3:58:30 AM | Attr =  HS]
vfwjliug.ini -> %SystemRoot%\System32\vfwjliug.ini ->  [Ver =  | Size = 1130878 bytes | Modified Date = 1/24/2008 9:43:37 PM | Attr =  HS]
visfrcon.ini -> %SystemRoot%\System32\visfrcon.ini ->  [Ver =  | Size = 1135742 bytes | Modified Date = 1/25/2008 9:10:27 AM | Attr =  HS]
vstlfmgt.dll -> %SystemRoot%\System32\vstlfmgt.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 4:26:21 PM | Attr =	]
vuplwbdn.ini -> %SystemRoot%\System32\vuplwbdn.ini ->  [Ver =  | Size = 1218050 bytes | Modified Date = 2/10/2008 11:27:05 AM | Attr =  HS]
wadkeubg.dll -> %SystemRoot%\System32\wadkeubg.dll ->  [Ver =  | Size = 94784 bytes | Modified Date = 1/31/2008 7:51:17 PM | Attr =	]
wdbemlrk.ini -> %SystemRoot%\System32\wdbemlrk.ini ->  [Ver =  | Size = 1219594 bytes | Modified Date = 2/8/2008 3:09:58 AM | Attr =  HS]
wirpjbbt.ini -> %SystemRoot%\System32\wirpjbbt.ini ->  [Ver =  | Size = 1180927 bytes | Modified Date = 1/30/2008 7:56:57 PM | Attr =  HS]
wotliugp.dll -> %SystemRoot%\System32\wotliugp.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/10/2008 11:23:50 AM | Attr =	]
wwwtvnhj.ini -> %SystemRoot%\System32\wwwtvnhj.ini ->  [Ver =  | Size = 1134100 bytes | Modified Date = 1/25/2008 4:58:22 AM | Attr =  HS]
wxicejca.dll -> %SystemRoot%\System32\wxicejca.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/5/2008 2:54:48 AM | Attr =	]
xakicgdn.dll -> %SystemRoot%\System32\xakicgdn.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 3:20:46 PM | Attr =	]
xcqhdxpq.dll -> %SystemRoot%\System32\xcqhdxpq.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 9:01:06 AM | Attr =	]
xdytwefu.dll -> %SystemRoot%\System32\xdytwefu.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 5:53:00 AM | Attr =	]
xfmffimv.ini -> %SystemRoot%\System32\xfmffimv.ini ->  [Ver =  | Size = 1130638 bytes | Modified Date = 1/24/2008 5:32:55 PM | Attr =  HS]
xjhtlgfv.dll -> %SystemRoot%\System32\xjhtlgfv.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 7:34:09 PM | Attr =	]
xmmlsmwu.ini -> %SystemRoot%\System32\xmmlsmwu.ini ->  [Ver =  | Size = 1130758 bytes | Modified Date = 1/24/2008 7:37:43 PM | Attr =  HS]
xnjvtuoi.dll -> %SystemRoot%\System32\xnjvtuoi.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 2:34:18 AM | Attr =	]
xoaxknhf.dll -> %SystemRoot%\System32\xoaxknhf.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/21/2008 1:25:47 PM | Attr =	]
xwgvigwn.dll -> %SystemRoot%\System32\xwgvigwn.dll ->  [Ver =  | Size = 86080 bytes | Modified Date = 2/11/2008 11:26:54 AM | Attr =	]
xxvqqbiv.ini -> %SystemRoot%\System32\xxvqqbiv.ini ->  [Ver =  | Size = 1119659 bytes | Modified Date = 1/24/2008 12:18:17 PM | Attr =  HS]
yfmpplch.dll -> %SystemRoot%\System32\yfmpplch.dll ->  [Ver =  | Size = 86080 bytes | Modified Date = 2/13/2008 11:26:54 AM | Attr =	]
yjhuidfo.exe -> %SystemRoot%\System32\yjhuidfo.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/26/2008 3:20:46 PM | Attr =	]
ymufmxcd.dll -> %SystemRoot%\System32\ymufmxcd.dll ->  [Ver =  | Size = 89152 bytes | Modified Date = 1/26/2008 3:26:47 PM | Attr =	]
ypdchbjs.ini -> %SystemRoot%\System32\ypdchbjs.ini ->  [Ver =  | Size = 1136622 bytes | Modified Date = 1/25/2008 10:10:22 AM | Attr =  HS]
ysssrgpj.dll -> %SystemRoot%\System32\ysssrgpj.dll ->  [Ver =  | Size = 79424 bytes | Modified Date = 1/20/2008 10:54:24 AM | Attr =	]
yvavhopl.ini -> %SystemRoot%\System32\yvavhopl.ini ->  [Ver =  | Size = 1109177 bytes | Modified Date = 1/22/2008 1:35:00 PM | Attr =  HS]
ywiibija.dll -> %SystemRoot%\System32\ywiibija.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 5:08:05 AM | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 2/7/2008 2:41:34 AM | Attr =	]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14116 | Size = 819200 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 1/18/2008 8:31:10 PM | Attr =	]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 1/25/2008 2:19:39 PM | Attr =	]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Created Date = 1/24/2008 6:18:04 AM | Attr =	]
06-0707(DELL_E113)-JW3_S.exe -> %UserProfile%\My Documents\06-0707(DELL_E113)-JW3_S.exe ->  [Ver =  | Size = 806912 bytes | Modified Date = 7/7/2006 6:46:48 PM | Attr =	]
UBCD4Win.lnk -> %AllUsersProfile%\Desktop\UBCD4Win.lnk ->  [Ver =  | Size = 1241 bytes | Modified Date = 1/24/2008 5:23:58 AM | Attr =	]
Ventrilo.lnk -> %AllUsersProfile%\Desktop\Ventrilo.lnk ->  [Ver =  | Size = 630 bytes | Modified Date = 1/19/2008 5:26:19 AM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/13/2008 1:44:06 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
ConvertX -> %UserProfile%\Desktop\ConvertX ->  [Folder | Created Date = 2/6/2008 6:07:39 AM | Attr =	]
Dragonforce - Through The Fire And Flames.mp3 -> %UserProfile%\Desktop\Dragonforce - Through The Fire And Flames.mp3 ->  [Ver =  | Size = 10660430 bytes | Modified Date = 2/2/2008 4:30:14 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Dragonforce - Through The Fire And Flames.mp3:Zone.Identifier
EZPCFix-1-0-0-16.exe -> %UserProfile%\Desktop\EZPCFix-1-0-0-16.exe -> http://www.EzPcFix.net [Ver = 1.00.0016 | Size = 806912 bytes | Modified Date = 1/24/2008 5:50:30 AM | Attr =	]
Finger Eleven - Paralyzer (No Cut Out).mp3 -> %UserProfile%\Desktop\Finger Eleven - Paralyzer (No Cut Out).mp3 ->  [Ver =  | Size = 8186052 bytes | Modified Date = 1/30/2008 8:48:37 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Finger Eleven - Paralyzer (No Cut Out).mp3:Zone.Identifier
Full Metal Alchemist on MrWyzzurds Wonders (Diana2002).lnk -> %UserProfile%\Desktop\Full Metal Alchemist on MrWyzzurds Wonders (Diana2002).lnk ->  [Ver =  | Size = 500 bytes | Modified Date = 2/4/2008 2:58:43 AM | Attr =	]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2/7/2008 1:48:10 AM | Attr =	]
MrWyzzurd.lnk -> %UserProfile%\Desktop\MrWyzzurd.lnk ->  [Ver =  | Size = 461 bytes | Modified Date = 2/6/2008 5:18:00 PM | Attr =	]
SDFix -> %UserProfile%\Desktop\SDFix ->  [Folder | Created Date = 2/13/2008 1:46:45 PM | Attr =	]
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe ->  [Ver =  | Size = 1305991 bytes | Modified Date = 2/7/2008 2:34:36 AM | Attr =	]
sp26625 -> %UserProfile%\Desktop\sp26625 ->  [Folder | Created Date = 2/4/2008 1:45:27 AM | Attr =	]
sp26625.exe -> %UserProfile%\Desktop\sp26625.exe -> Hewlett-Packard											  [Ver = 1.I0														 | Size = 3416752 bytes | Modified Date = 2/4/2008 1:33:02 AM | Attr =	]
Tetrix.mp3 -> %UserProfile%\Desktop\Tetrix.mp3 ->  [Ver =  | Size = 1731649 bytes | Modified Date = 1/13/2006 6:36:20 PM | Attr =	]
UBCD4WinV306.exe -> %UserProfile%\Desktop\UBCD4WinV306.exe -> UBCD4Win Team - Benjamin Burrows							 [Ver = 3.0.6.0			  | Size = 206143560 bytes | Modified Date = 1/24/2008 2:40:02 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\UBCD4WinV306.exe:Zone.Identifier
Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk ->  [Ver =  | Size = 804 bytes | Modified Date = 6/26/2006 1:33:30 AM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/13/2008 1:47:17 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Modified Date = 1/25/2008 2:18:21 PM | Attr =	]
KAV -> %SystemDrive%\KAV ->  [Folder | Modified Date = 1/24/2008 11:36:15 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/24/2008 6:18:06 AM | Attr =	]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 2/7/2008 3:17:20 AM | Attr =	]
temp -> %SystemDrive%\temp ->  [Folder | Modified Date = 2/7/2008 3:06:04 AM | Attr =	]
UBCD4Win -> %SystemDrive%\UBCD4Win ->  [Folder | Modified Date = 1/24/2008 5:28:16 AM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 1/24/2008 4:41:44 AM | Attr =	]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.05.0010 | Size = 115200 bytes | Modified Date = 1/24/2008 4:41:27 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/9/2008 11:21:00 AM | Attr =	]
ETC -> %SystemRoot%\System32\drivers\ETC ->  [Folder | Modified Date = 2/7/2008 2:49:39 AM | Attr =	]
HOSTS -> %SystemRoot%\System32\drivers\ETC\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 2/7/2008 2:49:39 AM | Attr =	]
hosts.ics -> %SystemRoot%\System32\drivers\ETC\hosts.ics ->  [Ver =  | Size = 492 bytes | Modified Date = 2/9/2008 11:22:28 AM | Attr =	]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 10637344 bytes | Modified Date = 2/7/2008 2:29:33 AM | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 54356 bytes | Modified Date = 2/7/2008 2:29:33 AM | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 78368 bytes | Modified Date = 2/13/2008 1:46:57 PM | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 4196 bytes | Modified Date = 2/7/2008 2:29:33 AM | Attr =  HS]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
klick.dat -> %SystemRoot%\System32\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Modified Date = 1/24/2008 11:36:41 AM | Attr =	]
klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 1/24/2008 11:37:40 AM | Attr =	]
klin.dat -> %SystemRoot%\System32\drivers\klin.dat ->  [Ver =  | Size = 91700 bytes | Modified Date = 2/4/2008 1:54:49 AM | Attr =	]
ajnuyjcx.dll -> %SystemRoot%\System32\ajnuyjcx.dll ->  [Ver =  | Size = 93760 bytes | Modified Date = 2/9/2008 11:22:31 AM | Attr =	]
akfnvrag.dll -> %SystemRoot%\System32\akfnvrag.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 12:23:57 PM | Attr =	]
akxhsaik.dll -> %SystemRoot%\System32\akxhsaik.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 6:55:10 AM | Attr =	]
amqqnowg.dll -> %SystemRoot%\System32\amqqnowg.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 4:20:33 PM | Attr =	]
aobveehd.dll -> %SystemRoot%\System32\aobveehd.dll ->  [Ver =  | Size = 95808 bytes | Modified Date = 2/8/2008 3:06:38 AM | Attr =	]
aptmntun.ini -> %SystemRoot%\System32\aptmntun.ini ->  [Ver =  | Size = 1068485 bytes | Modified Date = 1/17/2008 9:58:30 AM | Attr =  HS]
asnaxpes.ini -> %SystemRoot%\System32\asnaxpes.ini ->  [Ver =  | Size = 1143112 bytes | Modified Date = 1/25/2008 12:16:31 PM | Attr =  HS]
auoyykfn.ini -> %SystemRoot%\System32\auoyykfn.ini ->  [Ver =  | Size = 1143172 bytes | Modified Date = 1/25/2008 1:17:36 PM | Attr =  HS]
avhaebbw.dll -> %SystemRoot%\System32\avhaebbw.dll ->  [Ver =  | Size = 77376 bytes | Modified Date = 1/17/2008 10:48:52 AM | Attr =	]
ayovgmxm.ini -> %SystemRoot%\System32\ayovgmxm.ini ->  [Ver =  | Size = 1192152 bytes | Modified Date = 2/4/2008 2:11:50 AM | Attr =  HS]
baykhmkp.dll -> %SystemRoot%\System32\baykhmkp.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 12:13:07 PM | Attr =	]
bbiaeuyn.dll -> %SystemRoot%\System32\bbiaeuyn.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 1/30/2008 7:54:23 PM | Attr =	]
bccyoakj.dll -> %SystemRoot%\System32\bccyoakj.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 9:37:08 PM | Attr =	]
bctggvrh.dll -> %SystemRoot%\System32\bctggvrh.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 4:52:23 AM | Attr =	]
bgiiglmk.dll -> %SystemRoot%\System32\bgiiglmk.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 12:20:32 PM | Attr =	]
bkpguxaq.dll -> %SystemRoot%\System32\bkpguxaq.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 1/28/2008 7:54:41 PM | Attr =	]
bmkeepsr.dll -> %SystemRoot%\System32\bmkeepsr.dll ->  [Ver =  | Size = 87616 bytes | Modified Date = 1/24/2008 4:49:49 AM | Attr =	]
bmtukuml.dll -> %SystemRoot%\System32\bmtukuml.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 8:34:09 PM | Attr =	]
bpcqsjkx.exe -> %SystemRoot%\System32\bpcqsjkx.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/27/2008 7:50:19 PM | Attr =	]
bppetjol.dll -> %SystemRoot%\System32\bppetjol.dll ->  [Ver =  | Size = 89664 bytes | Modified Date = 2/9/2008 11:23:49 AM | Attr =	]
bsggcado.dll -> %SystemRoot%\System32\bsggcado.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/4/2008 1:47:09 AM | Attr =	]
btqtufya.ini -> %SystemRoot%\System32\btqtufya.ini ->  [Ver =  | Size = 1134062 bytes | Modified Date = 1/25/2008 1:52:40 AM | Attr =  HS]
bymuxpov.exe -> %SystemRoot%\System32\bymuxpov.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/30/2008 7:51:22 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/7/2008 3:44:43 AM | Attr =	]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
ceoepocf.dll -> %SystemRoot%\System32\ceoepocf.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 3:48:41 PM | Attr =	]
cpsapabf.dll -> %SystemRoot%\System32\cpsapabf.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 1:44:37 AM | Attr =	]
cvjhojqy.ini -> %SystemRoot%\System32\cvjhojqy.ini ->  [Ver =  | Size = 1135622 bytes | Modified Date = 1/25/2008 7:04:23 AM | Attr =  HS]
dcxmfumy.ini -> %SystemRoot%\System32\dcxmfumy.ini ->  [Ver =  | Size = 1142812 bytes | Modified Date = 1/26/2008 3:27:32 PM | Attr =  HS]
dequvfiv.ini -> %SystemRoot%\System32\dequvfiv.ini ->  [Ver =  | Size = 1130398 bytes | Modified Date = 1/24/2008 2:39:22 PM | Attr =  HS]
dkxkbhev.dll -> %SystemRoot%\System32\dkxkbhev.dll ->  [Ver =  | Size = 85568 bytes | Modified Date = 1/20/2008 10:57:24 AM | Attr =	]
DLLCACHE -> %SystemRoot%\System32\DLLCACHE ->  [Folder | Modified Date = 1/24/2008 11:31:35 AM | Attr = RHS]
drieuuhj.ini -> %SystemRoot%\System32\drieuuhj.ini ->  [Ver =  | Size = 1199933 bytes | Modified Date = 2/7/2008 3:39:52 AM | Attr =  HS]
DRIVERS -> %SystemRoot%\System32\DRIVERS ->  [Folder | Modified Date = 2/4/2008 1:54:49 AM | Attr =	]
dvgolgeo.dll -> %SystemRoot%\System32\dvgolgeo.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 1:59:26 AM | Attr =	]
ehqwtxbh.dll -> %SystemRoot%\System32\ehqwtxbh.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/11/2008 11:23:54 AM | Attr =	]
eiemchpv.dll -> %SystemRoot%\System32\eiemchpv.dll ->  [Ver =  | Size = 94784 bytes | Modified Date = 2/9/2008 3:06:37 AM | Attr =	]
eipnuupg.ini -> %SystemRoot%\System32\eipnuupg.ini ->  [Ver =  | Size = 1119642 bytes | Modified Date = 1/24/2008 5:45:16 AM | Attr =  HS]
elgmsnja.ini -> %SystemRoot%\System32\elgmsnja.ini ->  [Ver =  | Size = 1109005 bytes | Modified Date = 1/22/2008 1:29:50 PM | Attr =  HS]
eqbsidll.ini -> %SystemRoot%\System32\eqbsidll.ini ->  [Ver =  | Size = 1142752 bytes | Modified Date = 1/25/2008 3:27:05 PM | Attr =  HS]
eqlwdpvr.ini -> %SystemRoot%\System32\eqlwdpvr.ini ->  [Ver =  | Size = 1221683 bytes | Modified Date = 2/9/2008 11:21:45 AM | Attr =  HS]
esalmfvu.dll -> %SystemRoot%\System32\esalmfvu.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/27/2008 7:53:20 PM | Attr =	]
exdpkuqf.ini -> %SystemRoot%\System32\exdpkuqf.ini ->  [Ver =  | Size = 1130518 bytes | Modified Date = 1/24/2008 4:17:47 PM | Attr =  HS]
fdeyjmom.dll -> %SystemRoot%\System32\fdeyjmom.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/4/2008 12:54:24 AM | Attr =	]
fembqtlg.dll -> %SystemRoot%\System32\fembqtlg.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 7:01:07 AM | Attr =	]
fodrgkal.dll -> %SystemRoot%\System32\fodrgkal.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 2:20:52 PM | Attr =	]
fotmkora.ini -> %SystemRoot%\System32\fotmkora.ini ->  [Ver =  | Size = 1133394 bytes | Modified Date = 1/25/2008 2:55:26 AM | Attr =  HS]
ftwcchqk.dll -> %SystemRoot%\System32\ftwcchqk.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 10:07:07 AM | Attr =	]
geohlgvn.ini -> %SystemRoot%\System32\geohlgvn.ini ->  [Ver =  | Size = 1073283 bytes | Modified Date = 1/18/2008 10:51:49 AM | Attr =  HS]
glbuwhpd.dll -> %SystemRoot%\System32\glbuwhpd.dll ->  [Ver =  | Size = 81984 bytes | Modified Date = 1/18/2008 10:51:26 AM | Attr =	]
gohcuyum.dll -> %SystemRoot%\System32\gohcuyum.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/13/2008 11:23:54 AM | Attr =	]
gpuunpie.dll -> %SystemRoot%\System32\gpuunpie.dll ->  [Ver =  | Size = 87616 bytes | Modified Date = 1/24/2008 5:13:52 AM | Attr =	]
gqwnfvbo.ini -> %SystemRoot%\System32\gqwnfvbo.ini ->  [Ver =  | Size = 1089316 bytes | Modified Date = 1/21/2008 12:51:26 PM | Attr =  HS]
hcetyeop.dll -> %SystemRoot%\System32\hcetyeop.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 1:54:18 PM | Attr =	]
hclppmfy.ini -> %SystemRoot%\System32\hclppmfy.ini ->  [Ver =  | Size = 1211815 bytes | Modified Date = 2/13/2008 11:27:48 AM | Attr =  HS]
hfxqccpc.exe -> %SystemRoot%\System32\hfxqccpc.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/29/2008 7:49:53 PM | Attr =	]
hgklpnmq.dll -> %SystemRoot%\System32\hgklpnmq.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/26/2008 7:51:08 PM | Attr =	]
hkfmcvps.ini -> %SystemRoot%\System32\hkfmcvps.ini ->  [Ver =  | Size = 1172233 bytes | Modified Date = 2/3/2008 7:54:41 PM | Attr =  HS]
hlobtjjt.dll -> %SystemRoot%\System32\hlobtjjt.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 7:28:10 PM | Attr =	]
hmaouioq.ini -> %SystemRoot%\System32\hmaouioq.ini ->  [Ver =  | Size = 1180987 bytes | Modified Date = 1/31/2008 7:54:50 PM | Attr =  HS]
hosovjyr.dll -> %SystemRoot%\System32\hosovjyr.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 2:46:06 AM | Attr =	]
huxivllg.dll -> %SystemRoot%\System32\huxivllg.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/1/2008 7:51:17 PM | Attr =	]
hvovhifg.exe -> %SystemRoot%\System32\hvovhifg.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/26/2008 7:48:27 PM | Attr =	]
ijfdrhjg.ini -> %SystemRoot%\System32\ijfdrhjg.ini ->  [Ver =  | Size = 1142692 bytes | Modified Date = 1/25/2008 2:24:01 PM | Attr =  HS]
invjfjkv.ini -> %SystemRoot%\System32\invjfjkv.ini ->  [Ver =  | Size = 1138053 bytes | Modified Date = 1/25/2008 11:13:23 AM | Attr =  HS]
itlabicf.dll -> %SystemRoot%\System32\itlabicf.dll ->  [Ver =  | Size = 92224 bytes | Modified Date = 2/7/2008 3:36:37 AM | Attr =	]
jjjlm.bak1 -> %SystemRoot%\System32\jjjlm.bak1 ->  [Ver =  | Size = 164445 bytes | Modified Date = 2/12/2008 11:22:38 AM | Attr =  HS]
jjjlm.bak2 -> %SystemRoot%\System32\jjjlm.bak2 ->  [Ver =  | Size = 164445 bytes | Modified Date = 2/13/2008 11:22:41 AM | Attr =  HS]
jjjlm.ini2 -> %SystemRoot%\System32\jjjlm.ini2 ->  [Ver =  | Size = 164461 bytes | Modified Date = 2/13/2008 1:49:43 PM | Attr =  HS]
jowaxqvk.dll -> %SystemRoot%\System32\jowaxqvk.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 3:55:07 AM | Attr =	]
jwaawiyy.dll -> %SystemRoot%\System32\jwaawiyy.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/21/2008 12:45:49 PM | Attr =	]
kqkmvsfv.ini -> %SystemRoot%\System32\kqkmvsfv.ini ->  [Ver =  | Size = 1142632 bytes | Modified Date = 1/25/2008 2:19:06 PM | Attr =  HS]
krvghyjt.ini -> %SystemRoot%\System32\krvghyjt.ini ->  [Ver =  | Size = 1130818 bytes | Modified Date = 1/24/2008 8:41:03 PM | Attr =  HS]
kydrnhot.ini -> %SystemRoot%\System32\kydrnhot.ini ->  [Ver =  | Size = 1130998 bytes | Modified Date = 1/24/2008 11:46:43 PM | Attr =  HS]
lfacwvhx.ini -> %SystemRoot%\System32\lfacwvhx.ini ->  [Ver =  | Size = 1130578 bytes | Modified Date = 1/24/2008 4:29:45 PM | Attr =  HS]
lgvxqatp.dll -> %SystemRoot%\System32\lgvxqatp.dll ->  [Ver =  | Size = 90688 bytes | Modified Date = 2/6/2008 3:20:08 AM | Attr =	]
lkqcdvvh.exe -> %SystemRoot%\System32\lkqcdvvh.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/25/2008 2:20:49 PM | Attr =	]
lojteppb.ini -> %SystemRoot%\System32\lojteppb.ini ->  [Ver =  | Size = 1217990 bytes | Modified Date = 2/10/2008 11:24:18 AM | Attr =  HS]
lsawwlrm.dll -> %SystemRoot%\System32\lsawwlrm.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 1:54:48 AM | Attr =	]
ltusskyo.dll -> %SystemRoot%\System32\ltusskyo.dll ->  [Ver =  | Size = 86080 bytes | Modified Date = 2/12/2008 11:26:54 AM | Attr =	]
mbvqksml.exe -> %SystemRoot%\System32\mbvqksml.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/25/2008 3:23:45 PM | Attr =	]
mcwkvuar.dll -> %SystemRoot%\System32\mcwkvuar.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/26/2008 3:23:46 PM | Attr =	]
meuukmaf.exe -> %SystemRoot%\System32\meuukmaf.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 2/4/2008 2:06:24 AM | Attr =	]
mlngvcda.dll -> %SystemRoot%\System32\mlngvcda.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/3/2008 7:51:17 PM | Attr =	]
momjyedf.ini -> %SystemRoot%\System32\momjyedf.ini ->  [Ver =  | Size = 1188432 bytes | Modified Date = 2/4/2008 12:54:41 AM | Attr =  HS]
mugnirtp.ini -> %SystemRoot%\System32\mugnirtp.ini ->  [Ver =  | Size = 1172173 bytes | Modified Date = 2/2/2008 7:54:38 PM | Attr =  HS]
murnbdjt.ini -> %SystemRoot%\System32\murnbdjt.ini ->  [Ver =  | Size = 1073352 bytes | Modified Date = 1/19/2008 10:57:37 AM | Attr =  HS]
mxmgvoya.dll -> %SystemRoot%\System32\mxmgvoya.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/4/2008 2:11:29 AM | Attr =	]
nbevrygw.ini -> %SystemRoot%\System32\nbevrygw.ini ->  [Ver =  | Size = 1134160 bytes | Modified Date = 1/25/2008 6:01:22 AM | Attr =  HS]
ndbwlpuv.dll -> %SystemRoot%\System32\ndbwlpuv.dll ->  [Ver =  | Size = 86080 bytes | Modified Date = 2/10/2008 11:26:49 AM | Attr =	]
nfkyyoua.dll -> %SystemRoot%\System32\nfkyyoua.dll ->  [Ver =  | Size = 87104 bytes | Modified Date = 1/25/2008 1:17:10 PM | Attr =	]
nhmrmdcv.dll -> %SystemRoot%\System32\nhmrmdcv.dll ->  [Ver =  | Size = 80960 bytes | Modified Date = 1/23/2008 3:30:47 PM | Attr =	]
nwgivgwx.ini -> %SystemRoot%\System32\nwgivgwx.ini ->  [Ver =  | Size = 1219221 bytes | Modified Date = 2/11/2008 11:27:14 AM | Attr =  HS]
nxgwsook.dll -> %SystemRoot%\System32\nxgwsook.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 10:40:08 PM | Attr =	]
obvfnwqg.dll -> %SystemRoot%\System32\obvfnwqg.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 1/21/2008 12:51:10 PM | Attr =	]
odacggsb.ini -> %SystemRoot%\System32\odacggsb.ini ->  [Ver =  | Size = 1191852 bytes | Modified Date = 2/4/2008 1:51:39 AM | Attr =  HS]
orwqeols.dll -> %SystemRoot%\System32\orwqeols.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 2:03:25 AM | Attr =	]
otdljjgk.ini -> %SystemRoot%\System32\otdljjgk.ini ->  [Ver =  | Size = 1130338 bytes | Modified Date = 1/24/2008 1:30:06 PM | Attr =  HS]
otobhppv.ini -> %SystemRoot%\System32\otobhppv.ini ->  [Ver =  | Size = 1129315 bytes | Modified Date = 1/24/2008 12:27:45 PM | Attr =  HS]
oykssutl.ini -> %SystemRoot%\System32\oykssutl.ini ->  [Ver =  | Size = 1217615 bytes | Modified Date = 2/12/2008 11:27:16 AM | Attr =  HS]
plyppboe.dll -> %SystemRoot%\System32\plyppboe.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 2:09:48 AM | Attr =	]
pspxexhb.dll -> %SystemRoot%\System32\pspxexhb.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 4:47:52 AM | Attr =	]
psxruupq.dll -> %SystemRoot%\System32\psxruupq.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 12:54:19 AM | Attr =	]
ptaqxvgl.ini -> %SystemRoot%\System32\ptaqxvgl.ini ->  [Ver =  | Size = 1194315 bytes | Modified Date = 2/6/2008 3:33:05 AM | Attr =  HS]
pyiruphs.dll -> %SystemRoot%\System32\pyiruphs.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 1:26:45 PM | Attr =	]
qaxugpkb.ini -> %SystemRoot%\System32\qaxugpkb.ini ->  [Ver =  | Size = 1142692 bytes | Modified Date = 1/28/2008 7:55:11 PM | Attr =  HS]
qmqqwkis.dll -> %SystemRoot%\System32\qmqqwkis.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 5:58:07 AM | Attr =	]
qngdixqi.dll -> %SystemRoot%\System32\qngdixqi.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 12:20:55 PM | Attr =	]
qplnvljh.dll -> %SystemRoot%\System32\qplnvljh.dll ->  [Ver =  | Size = 78400 bytes | Modified Date = 1/19/2008 10:51:24 AM | Attr =	]
quyjrsmv.dll -> %SystemRoot%\System32\quyjrsmv.dll ->  [Ver =  | Size = 94272 bytes | Modified Date = 2/6/2008 3:14:26 AM | Attr =	]
qvjyxxlt.dll -> %SystemRoot%\System32\qvjyxxlt.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 5:26:23 PM | Attr =	]
raifxrvc.dll -> %SystemRoot%\System32\raifxrvc.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 11:28:49 AM | Attr =	]
rbgwdjnn.dll -> %SystemRoot%\System32\rbgwdjnn.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 5:23:34 PM | Attr =	]
rblxxgfc.dll -> %SystemRoot%\System32\rblxxgfc.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 11:43:10 PM | Attr =	]
rmxbsaas.dll -> %SystemRoot%\System32\rmxbsaas.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 11:07:06 AM | Attr =	]
rspeekmb.ini -> %SystemRoot%\System32\rspeekmb.ini ->  [Ver =  | Size = 1119651 bytes | Modified Date = 1/24/2008 5:04:04 AM | Attr =  HS]
ruybamme.ini -> %SystemRoot%\System32\ruybamme.ini ->  [Ver =  | Size = 1142572 bytes | Modified Date = 1/27/2008 7:54:50 PM | Attr =  HS]
rvmfjrng.dll -> %SystemRoot%\System32\rvmfjrng.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 9:04:07 AM | Attr =	]
rvpdwlqe.dll -> %SystemRoot%\System32\rvpdwlqe.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/9/2008 3:09:37 AM | Attr =	]
sabgdetp.ini -> %SystemRoot%\System32\sabgdetp.ini ->  [Ver =  | Size = 1130938 bytes | Modified Date = 1/24/2008 10:43:38 PM | Attr =  HS]
scgqaagq.dll -> %SystemRoot%\System32\scgqaagq.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 8:01:08 AM | Attr =	]
sdyunhwg.dll -> %SystemRoot%\System32\sdyunhwg.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/12/2008 11:23:54 AM | Attr =	]
sgeglwfe.dll -> %SystemRoot%\System32\sgeglwfe.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 1:08:30 PM | Attr =	]
skaebqal.dll -> %SystemRoot%\System32\skaebqal.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 6:29:21 PM | Attr =	]
skfprdmp.dll -> %SystemRoot%\System32\skfprdmp.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 2:36:41 PM | Attr =	]
soincroh.dll -> %SystemRoot%\System32\soincroh.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/29/2008 7:52:52 PM | Attr =	]
spvcmfkh.dll -> %SystemRoot%\System32\spvcmfkh.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/3/2008 7:54:17 PM | Attr =	]
srjuxvky.dll -> %SystemRoot%\System32\srjuxvky.dll ->  [Ver =  | Size = 79936 bytes | Modified Date = 1/28/2008 7:48:59 PM | Attr =	]
tbkrofbm.dll -> %SystemRoot%\System32\tbkrofbm.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 1:46:08 AM | Attr =	]
teuyleed.ini -> %SystemRoot%\System32\teuyleed.ini ->  [Ver =  | Size = 1191985 bytes | Modified Date = 2/5/2008 2:54:53 AM | Attr =  HS]
tfeyayrh.dll -> %SystemRoot%\System32\tfeyayrh.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 1:56:32 PM | Attr =	]
tgpmpdlc.dll -> %SystemRoot%\System32\tgpmpdlc.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 3:27:06 PM | Attr =	]
tjdcelfg.ini -> %SystemRoot%\System32\tjdcelfg.ini ->  [Ver =  | Size = 1135682 bytes | Modified Date = 1/25/2008 8:07:22 AM | Attr =  HS]
tjsebcov.dll -> %SystemRoot%\System32\tjsebcov.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 12:46:08 AM | Attr =	]
tluuptfd.dll -> %SystemRoot%\System32\tluuptfd.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 3:49:06 AM | Attr =	]
tpwplmba.dll -> %SystemRoot%\System32\tpwplmba.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 1:11:09 PM | Attr =	]
tqaeroqw.ini -> %SystemRoot%\System32\tqaeroqw.ini ->  [Ver =  | Size = 1162207 bytes | Modified Date = 1/28/2008 7:55:12 PM | Attr =  HS]
tsmamhhw.ini -> %SystemRoot%\System32\tsmamhhw.ini ->  [Ver =  | Size = 1073412 bytes | Modified Date = 1/19/2008 10:57:49 AM | Attr =  HS]
txocnevi.dll -> %SystemRoot%\System32\txocnevi.dll ->  [Ver =  | Size = 96832 bytes | Modified Date = 2/2/2008 7:51:17 PM | Attr =	]
uhsbyakd.ini -> %SystemRoot%\System32\uhsbyakd.ini ->  [Ver =  | Size = 1194255 bytes | Modified Date = 2/6/2008 3:33:00 AM | Attr =  HS]
umldeegr.exe -> %SystemRoot%\System32\umldeegr.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/28/2008 7:51:38 PM | Attr =	]
umxcjgig.dll -> %SystemRoot%\System32\umxcjgig.dll ->  [Ver =  | Size = 77376 bytes | Modified Date = 1/22/2008 1:27:22 PM | Attr =	]
unahyxnd.ini -> %SystemRoot%\System32\unahyxnd.ini ->  [Ver =  | Size = 1130698 bytes | Modified Date = 1/24/2008 6:35:37 PM | Attr =  HS]
unuwjeey.dll -> %SystemRoot%\System32\unuwjeey.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/25/2008 2:52:07 AM | Attr =	]
usheagik.ini -> %SystemRoot%\System32\usheagik.ini ->  [Ver =  | Size = 1185552 bytes | Modified Date = 1/31/2008 7:54:36 PM | Attr =  HS]
usixyvfi.ini -> %SystemRoot%\System32\usixyvfi.ini ->  [Ver =  | Size = 1188101 bytes | Modified Date = 2/1/2008 7:54:38 PM | Attr =  HS]
uwlkqotr.ini -> %SystemRoot%\System32\uwlkqotr.ini ->  [Ver =  | Size = 1117442 bytes | Modified Date = 1/23/2008 3:33:34 PM | Attr =  HS]
vcaxqqsd.dll -> %SystemRoot%\System32\vcaxqqsd.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/5/2008 2:35:29 AM | Attr =	]
vehbkxkd.ini -> %SystemRoot%\System32\vehbkxkd.ini ->  [Ver =  | Size = 1073472 bytes | Modified Date = 1/20/2008 10:57:45 AM | Attr =  HS]
vfqarpui.ini -> %SystemRoot%\System32\vfqarpui.ini ->  [Ver =  | Size = 1133454 bytes | Modified Date = 1/25/2008 3:58:30 AM | Attr =  HS]
vfwjliug.ini -> %SystemRoot%\System32\vfwjliug.ini ->  [Ver =  | Size = 1130878 bytes | Modified Date = 1/24/2008 9:43:37 PM | Attr =  HS]
visfrcon.ini -> %SystemRoot%\System32\visfrcon.ini ->  [Ver =  | Size = 1135742 bytes | Modified Date = 1/25/2008 9:10:27 AM | Attr =  HS]
vstlfmgt.dll -> %SystemRoot%\System32\vstlfmgt.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 4:26:21 PM | Attr =	]
vuplwbdn.ini -> %SystemRoot%\System32\vuplwbdn.ini ->  [Ver =  | Size = 1218050 bytes | Modified Date = 2/10/2008 11:27:05 AM | Attr =  HS]
wadkeubg.dll -> %SystemRoot%\System32\wadkeubg.dll ->  [Ver =  | Size = 94784 bytes | Modified Date = 1/31/2008 7:51:17 PM | Attr =	]
wdbemlrk.ini -> %SystemRoot%\System32\wdbemlrk.ini ->  [Ver =  | Size = 1219594 bytes | Modified Date = 2/8/2008 3:09:58 AM | Attr =  HS]
wirpjbbt.ini -> %SystemRoot%\System32\wirpjbbt.ini ->  [Ver =  | Size = 1180927 bytes | Modified Date = 1/30/2008 7:56:57 PM | Attr =  HS]
wotliugp.dll -> %SystemRoot%\System32\wotliugp.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/10/2008 11:23:50 AM | Attr =	]
wwwtvnhj.ini -> %SystemRoot%\System32\wwwtvnhj.ini ->  [Ver =  | Size = 1134100 bytes | Modified Date = 1/25/2008 4:58:22 AM | Attr =  HS]
wxicejca.dll -> %SystemRoot%\System32\wxicejca.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/5/2008 2:54:48 AM | Attr =	]
xakicgdn.dll -> %SystemRoot%\System32\xakicgdn.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 3:20:46 PM | Attr =	]
xcqhdxpq.dll -> %SystemRoot%\System32\xcqhdxpq.dll ->  [Ver =  | Size = 81472 bytes | Modified Date = 1/25/2008 9:01:06 AM | Attr =	]
xdytwefu.dll -> %SystemRoot%\System32\xdytwefu.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 5:53:00 AM | Attr =	]
xfmffimv.ini -> %SystemRoot%\System32\xfmffimv.ini ->  [Ver =  | Size = 1130638 bytes | Modified Date = 1/24/2008 5:32:55 PM | Attr =  HS]
xjhtlgfv.dll -> %SystemRoot%\System32\xjhtlgfv.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 7:34:09 PM | Attr =	]
xmmlsmwu.ini -> %SystemRoot%\System32\xmmlsmwu.ini ->  [Ver =  | Size = 1130758 bytes | Modified Date = 1/24/2008 7:37:43 PM | Attr =  HS]
xnjvtuoi.dll -> %SystemRoot%\System32\xnjvtuoi.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 2/4/2008 2:34:18 AM | Attr =	]
xoaxknhf.dll -> %SystemRoot%\System32\xoaxknhf.dll ->  [Ver =  | Size = 78912 bytes | Modified Date = 1/21/2008 1:25:47 PM | Attr =	]
xwgvigwn.dll -> %SystemRoot%\System32\xwgvigwn.dll ->  [Ver =  | Size = 86080 bytes | Modified Date = 2/11/2008 11:26:54 AM | Attr =	]
xxvqqbiv.ini -> %SystemRoot%\System32\xxvqqbiv.ini ->  [Ver =  | Size = 1119659 bytes | Modified Date = 1/24/2008 12:18:17 PM | Attr =  HS]
yfmpplch.dll -> %SystemRoot%\System32\yfmpplch.dll ->  [Ver =  | Size = 86080 bytes | Modified Date = 2/13/2008 11:26:54 AM | Attr =	]
yjhuidfo.exe -> %SystemRoot%\System32\yjhuidfo.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/26/2008 3:20:46 PM | Attr =	]
ymufmxcd.dll -> %SystemRoot%\System32\ymufmxcd.dll ->  [Ver =  | Size = 89152 bytes | Modified Date = 1/26/2008 3:26:47 PM | Attr =	]
ypdchbjs.ini -> %SystemRoot%\System32\ypdchbjs.ini ->  [Ver =  | Size = 1136622 bytes | Modified Date = 1/25/2008 10:10:22 AM | Attr =  HS]
ysssrgpj.dll -> %SystemRoot%\System32\ysssrgpj.dll ->  [Ver =  | Size = 79424 bytes | Modified Date = 1/20/2008 10:54:24 AM | Attr =	]
yvavhopl.ini -> %SystemRoot%\System32\yvavhopl.ini ->  [Ver =  | Size = 1109177 bytes | Modified Date = 1/22/2008 1:35:00 PM | Attr =  HS]
ywiibija.dll -> %SystemRoot%\System32\ywiibija.dll ->  [Ver =  | Size = 80448 bytes | Modified Date = 1/24/2008 5:08:05 AM | Attr =	]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/9/2008 11:20:25 AM | Attr =   S]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 519 bytes | Modified Date = 1/24/2008 4:52:38 AM | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 2/7/2008 2:41:57 AM | Attr =	]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14116 | Size = 819200 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 1/18/2008 8:31:10 PM | Attr =	]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 1/25/2008 2:19:39 PM | Attr =	]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 1/24/2008 6:19:36 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/24/2008 6:31:32 AM | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/13/2008 1:45:35 PM | Attr =	]
SYSTEM32 -> %SystemRoot%\SYSTEM32 ->  [Folder | Modified Date = 2/13/2008 1:49:43 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/13/2008 1:45:01 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/9/2008 11:20:48 AM | Attr =  H ]
User_Feed_Synchronization-{5DC94FE9-9328-4842-9B7C-55792775CDB8}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{5DC94FE9-9328-4842-9B7C-55792775CDB8}.job ->  [Ver =  | Size = 426 bytes | Modified Date = 2/13/2008 1:02:45 PM | Attr =  H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 9155 bytes | Modified Date = 2/15/2005 3:22:47 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5174 bytes | Modified Date = 12/1/2007 5:42:38 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 12/1/2007 5:42:38 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 1/17/2008 10:49:48 AM | Attr =	]
Perflib_Perfdata_5bc.dat -> C:\Documents and Settings\Matthew\Local Settings\Temp\Perflib_Perfdata_5bc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/9/2008 11:21:20 AM | Attr =	]
2 C:\Documents and Settings\Matthew\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Matthew\Local Settings\Temp\*.tmp -> 
Perflib_Perfdata_6ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6ac.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/9/2008 11:21:59 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Modified Date = 2/4/2008 1:58:27 AM | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 1/24/2008 5:32:11 AM | Attr =   S]
Vso -> %AppData%\Vso ->  [Folder | Modified Date = 2/4/2008 2:43:08 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 68608 bytes | Modified Date = 2/5/2008 12:55:05 AM | Attr =	]
UBCD4Win.lnk -> %AllUsersProfile%\Desktop\UBCD4Win.lnk ->  [Ver =  | Size = 1241 bytes | Modified Date = 1/24/2008 5:23:58 AM | Attr =	]
Ventrilo.lnk -> %AllUsersProfile%\Desktop\Ventrilo.lnk ->  [Ver =  | Size = 630 bytes | Modified Date = 1/19/2008 5:26:19 AM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/13/2008 1:44:06 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
ConvertX -> %UserProfile%\Desktop\ConvertX ->  [Folder | Modified Date = 2/6/2008 11:46:55 PM | Attr =	]
Dragonforce - Through The Fire And Flames.mp3 -> %UserProfile%\Desktop\Dragonforce - Through The Fire And Flames.mp3 ->  [Ver =  | Size = 10660430 bytes | Modified Date = 2/2/2008 4:30:14 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Dragonforce - Through The Fire And Flames.mp3:Zone.Identifier
EZPCFix-1-0-0-16.exe -> %UserProfile%\Desktop\EZPCFix-1-0-0-16.exe -> http://www.EzPcFix.net [Ver = 1.00.0016 | Size = 806912 bytes | Modified Date = 1/24/2008 5:50:30 AM | Attr =	]
Finger Eleven - Paralyzer (No Cut Out).mp3 -> %UserProfile%\Desktop\Finger Eleven - Paralyzer (No Cut Out).mp3 ->  [Ver =  | Size = 8186052 bytes | Modified Date = 1/30/2008 8:48:37 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Finger Eleven - Paralyzer (No Cut Out).mp3:Zone.Identifier
Full Metal Alchemist on MrWyzzurds Wonders (Diana2002).lnk -> %UserProfile%\Desktop\Full Metal Alchemist on MrWyzzurds Wonders (Diana2002).lnk ->  [Ver =  | Size = 500 bytes | Modified Date = 2/4/2008 2:58:43 AM | Attr =	]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2/7/2008 1:48:10 AM | Attr =	]
MrWyzzurd.lnk -> %UserProfile%\Desktop\MrWyzzurd.lnk ->  [Ver =  | Size = 461 bytes | Modified Date = 2/6/2008 5:18:00 PM | Attr =	]
New Folder -> %UserProfile%\Desktop\New Folder ->  [Folder | Modified Date = 1/17/2008 10:46:05 AM | Attr =	]
SDFix -> %UserProfile%\Desktop\SDFix ->  [Folder | Modified Date = 2/13/2008 1:46:45 PM | Attr =	]
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe ->  [Ver =  | Size = 1305991 bytes | Modified Date = 2/7/2008 2:34:36 AM | Attr =	]
sp26625 -> %UserProfile%\Desktop\sp26625 ->  [Folder | Modified Date = 2/4/2008 1:45:31 AM | Attr =	]
sp26625.exe -> %UserProfile%\Desktop\sp26625.exe -> Hewlett-Packard											  [Ver = 1.I0														 | Size = 3416752 bytes | Modified Date = 2/4/2008 1:33:02 AM | Attr =	]
UBCD4WinV306.exe -> %UserProfile%\Desktop\UBCD4WinV306.exe -> UBCD4Win Team - Benjamin Burrows							 [Ver = 3.0.6.0			  | Size = 206143560 bytes | Modified Date = 1/24/2008 2:40:02 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\UBCD4WinV306.exe:Zone.Identifier
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/13/2008 1:47:17 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 1/19/2008 5:25:58 AM | Attr =	]

< End of report >


#4 Dragoon The Lad

Dragoon The Lad
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 13 February 2008 - 01:58 PM

...and I think you can see the millions of eight letter spawns now... lol

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:33 AM

Posted 13 February 2008 - 03:48 PM

Hi Dragoon The Lad. Quite a collection you have going there. You saving them for something special lol.

One thing before we start. The Kapersky Anti-Virus has been effectively neutralized. It is doing nothing and won't until it is uninstalled and re-installed fresh. This won't be able to be done until we remove this infection, so basically, you're grounded lol. Unless it is absolutely necessary, stay off the internet. If you absolutely have to go on, only go to secure sites, stay off from IM, and do not, under any circumstances run or use any file sharing programs. Unless of course you like this type of activity and want to start all over again :thumbsup:

Now let's get started. Follow the steps below in order:

Step #1

Download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Step #2

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to unload:
DomainService
Files to delete:
%SystemRoot%\cookies.ini
%SystemRoot%\System32\ajnuyjcx.dll
%SystemRoot%\System32\akfnvrag.dll
%SystemRoot%\System32\akxhsaik.dll
%SystemRoot%\System32\amqqnowg.dll
%SystemRoot%\System32\aobveehd.dll
%SystemRoot%\System32\aptmntun.ini
%SystemRoot%\System32\asnaxpes.ini
%SystemRoot%\System32\auoyykfn.ini
%SystemRoot%\System32\avhaebbw.dll
%SystemRoot%\System32\ayovgmxm.ini
%SystemRoot%\System32\baykhmkp.dll
%SystemRoot%\System32\bbiaeuyn.dll
%SystemRoot%\System32\bccyoakj.dll
%SystemRoot%\System32\bctggvrh.dll
%SystemRoot%\System32\bgiiglmk.dll
%SystemRoot%\System32\bkpguxaq.dll
%SystemRoot%\System32\bmkeepsr.dll
%SystemRoot%\System32\bmtukuml.dll
%SystemRoot%\System32\bpcqsjkx.exe
%SystemRoot%\System32\bppetjol.dll
%SystemRoot%\System32\bsggcado.dll
%SystemRoot%\System32\btqtufya.ini
%SystemRoot%\System32\bymuxpov.exe
%SystemRoot%\system32\cbxwxyv.dll 
%SystemRoot%\System32\ceoepocf.dll
%SystemRoot%\System32\cpsapabf.dll
%SystemRoot%\System32\cvjhojqy.ini
%SystemRoot%\System32\dcxmfumy.ini
%SystemRoot%\System32\dequvfiv.ini
%SystemRoot%\system32\dfhtdqwo.exe
%SystemRoot%\System32\dkxkbhev.dll
%SystemRoot%\System32\drieuuhj.ini
%SystemRoot%\System32\dvgolgeo.dll
%SystemRoot%\System32\ehqwtxbh.dll
%SystemRoot%\System32\eiemchpv.dll
%SystemRoot%\System32\eipnuupg.ini
%SystemRoot%\System32\elgmsnja.ini
%SystemRoot%\System32\eqbsidll.ini
%SystemRoot%\System32\eqlwdpvr.ini
%SystemRoot%\System32\esalmfvu.dll
%SystemRoot%\System32\exdpkuqf.ini
%SystemRoot%\System32\fdeyjmom.dll
%SystemRoot%\System32\fembqtlg.dll
%SystemRoot%\System32\fodrgkal.dll
%SystemRoot%\System32\fotmkora.ini
%SystemRoot%\System32\ftwcchqk.dll
%SystemRoot%\System32\geohlgvn.ini
%SystemRoot%\System32\glbuwhpd.dll
%SystemRoot%\System32\gohcuyum.dll
%SystemRoot%\SYSTEM32\gohcuyum.dll 
%SystemRoot%\System32\gpuunpie.dll
%SystemRoot%\System32\gqwnfvbo.ini
%SystemRoot%\System32\hcetyeop.dll
%SystemRoot%\System32\hclppmfy.ini
%SystemRoot%\System32\hfxqccpc.exe
%SystemRoot%\System32\hgklpnmq.dll
%SystemRoot%\System32\hkfmcvps.ini
%SystemRoot%\System32\hlobtjjt.dll
%SystemRoot%\System32\hmaouioq.ini
%SystemRoot%\System32\hosovjyr.dll
%SystemRoot%\System32\huxivllg.dll
%SystemRoot%\System32\hvovhifg.exe
%SystemRoot%\System32\ijfdrhjg.ini
%SystemRoot%\System32\invjfjkv.ini
%SystemRoot%\System32\itlabicf.dll
%SystemRoot%\System32\jjjlm.bak1
%SystemRoot%\System32\jjjlm.bak2
%SystemRoot%\System32\jjjlm.ini2
%SystemRoot%\System32\jowaxqvk.dll
%SystemRoot%\System32\jwaawiyy.dll
%SystemRoot%\System32\kqkmvsfv.ini
%SystemRoot%\System32\krvghyjt.ini
%SystemRoot%\System32\kydrnhot.ini
%SystemRoot%\System32\lfacwvhx.ini
%SystemRoot%\System32\lgvxqatp.dll
%SystemRoot%\System32\lkqcdvvh.exe
%SystemRoot%\System32\lojteppb.ini
%SystemRoot%\System32\lsawwlrm.dll
%SystemRoot%\System32\ltusskyo.dll
%SystemRoot%\System32\mbvqksml.exe
%SystemRoot%\System32\mcwkvuar.dll
%SystemRoot%\System32\meuukmaf.exe
%SystemRoot%\SYSTEM32\mljjj.dll
%SystemRoot%\SYSTEM32\mljjj.dll 
%SystemRoot%\System32\mlngvcda.dll
%SystemRoot%\System32\momjyedf.ini
%SystemRoot%\System32\mugnirtp.ini
%SystemRoot%\System32\murnbdjt.ini
%SystemRoot%\System32\mxmgvoya.dll
%SystemRoot%\System32\nbevrygw.ini
%SystemRoot%\System32\ndbwlpuv.dll
%SystemRoot%\System32\nfkyyoua.dll
%SystemRoot%\System32\nhmrmdcv.dll
%SystemRoot%\System32\nwgivgwx.ini
%SystemRoot%\System32\nxgwsook.dll
%SystemRoot%\System32\obvfnwqg.dll
%SystemRoot%\System32\odacggsb.ini
%SystemRoot%\System32\orwqeols.dll
%SystemRoot%\System32\otdljjgk.ini
%SystemRoot%\System32\otobhppv.ini
%SystemRoot%\System32\oykssutl.ini
%SystemRoot%\System32\plyppboe.dll
%SystemRoot%\System32\pspxexhb.dll
%SystemRoot%\System32\psxruupq.dll
%SystemRoot%\System32\ptaqxvgl.ini
%SystemRoot%\System32\pyiruphs.dll
%SystemRoot%\System32\qaxugpkb.ini
%SystemRoot%\System32\qmqqwkis.dll
%SystemRoot%\System32\qngdixqi.dll
%SystemRoot%\System32\qplnvljh.dll
%SystemRoot%\System32\quyjrsmv.dll
%SystemRoot%\System32\qvjyxxlt.dll
%SystemRoot%\System32\raifxrvc.dll
%SystemRoot%\System32\rbgwdjnn.dll
%SystemRoot%\System32\rblxxgfc.dll
%SystemRoot%\System32\rmxbsaas.dll
%SystemRoot%\System32\rspeekmb.ini
%SystemRoot%\System32\ruybamme.ini
%SystemRoot%\System32\rvmfjrng.dll
%SystemRoot%\System32\rvpdwlqe.dll
%SystemRoot%\System32\sabgdetp.ini
%SystemRoot%\System32\scgqaagq.dll
%SystemRoot%\System32\sdyunhwg.dll
%SystemRoot%\System32\sgeglwfe.dll
%SystemRoot%\System32\skaebqal.dll
%SystemRoot%\System32\skfprdmp.dll
%SystemRoot%\System32\soincroh.dll
%SystemRoot%\System32\spvcmfkh.dll
%SystemRoot%\System32\srjuxvky.dll
%SystemRoot%\System32\tbkrofbm.dll
%SystemRoot%\System32\teuyleed.ini
%SystemRoot%\System32\tfeyayrh.dll
%SystemRoot%\System32\tgpmpdlc.dll
%SystemRoot%\System32\tjdcelfg.ini
%SystemRoot%\System32\tjsebcov.dll
%SystemRoot%\System32\tluuptfd.dll
%SystemRoot%\System32\tpwplmba.dll
%SystemRoot%\System32\tqaeroqw.ini
%SystemRoot%\System32\tsmamhhw.ini
%SystemRoot%\System32\txocnevi.dll
%SystemRoot%\System32\uhsbyakd.ini
%SystemRoot%\System32\umldeegr.exe
%SystemRoot%\System32\umxcjgig.dll
%SystemRoot%\System32\unahyxnd.ini
%SystemRoot%\System32\unuwjeey.dll
%SystemRoot%\System32\usheagik.ini
%SystemRoot%\System32\usixyvfi.ini
%SystemRoot%\System32\uwlkqotr.ini
%SystemRoot%\System32\vcaxqqsd.dll
%SystemRoot%\System32\vehbkxkd.ini
%SystemRoot%\System32\vfqarpui.ini
%SystemRoot%\System32\vfwjliug.ini
%SystemRoot%\System32\visfrcon.ini
%SystemRoot%\System32\vstlfmgt.dll
%SystemRoot%\System32\vuplwbdn.ini
%SystemRoot%\System32\wadkeubg.dll
%SystemRoot%\System32\wdbemlrk.ini
%SystemRoot%\System32\wirpjbbt.ini
%SystemRoot%\System32\wotliugp.dll
%SystemRoot%\System32\wwwtvnhj.ini
%SystemRoot%\System32\wxicejca.dll
%SystemRoot%\System32\xakicgdn.dll
%SystemRoot%\System32\xcqhdxpq.dll
%SystemRoot%\System32\xdytwefu.dll
%SystemRoot%\System32\xfmffimv.ini
%SystemRoot%\System32\xjhtlgfv.dll
%SystemRoot%\System32\xmmlsmwu.ini
%SystemRoot%\System32\xnjvtuoi.dll
%SystemRoot%\System32\xoaxknhf.dll
%SystemRoot%\System32\xwgvigwn.dll
%SystemRoot%\System32\xxvqqbiv.ini
%SystemRoot%\SYSTEM32\yfmpplch.dll
%SystemRoot%\System32\yjhuidfo.exe
%SystemRoot%\System32\ymufmxcd.dll
%SystemRoot%\System32\ypdchbjs.ini
%SystemRoot%\System32\ysssrgpj.dll
%SystemRoot%\System32\yvavhopl.ini
%SystemRoot%\System32\ywiibija.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Step #3

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #4
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Step #5

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YY -> (DomainService) DomainService [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\dfhtdqwo.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> 7ce1ab5a -> %SystemRoot%\SYSTEM32\yfmpplch.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> PAVWAIT.DLL -> PAVWAIT.DLL
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cbxwxyv.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> cbxwxyv -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {4fb8ee80-84ed-48be-9aa3-039bd59b42f5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\gohcuyum.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cbxwxyv.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {CFF8681B-513F-413D-B576-99F1B7D3E0D9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\mljjj.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\\WINDOWS\\system32\\mljjj -> %SystemRoot%\SYSTEM32\mljjj.dll
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0]
[Files/Folders - Created Within 30 days]
NY -> ajnuyjcx.dll -> %SystemRoot%\System32\ajnuyjcx.dll
NY -> akfnvrag.dll -> %SystemRoot%\System32\akfnvrag.dll
NY -> akxhsaik.dll -> %SystemRoot%\System32\akxhsaik.dll
NY -> amqqnowg.dll -> %SystemRoot%\System32\amqqnowg.dll
NY -> aobveehd.dll -> %SystemRoot%\System32\aobveehd.dll
NY -> asnaxpes.ini -> %SystemRoot%\System32\asnaxpes.ini
NY -> auoyykfn.ini -> %SystemRoot%\System32\auoyykfn.ini
NY -> avhaebbw.dll -> %SystemRoot%\System32\avhaebbw.dll
NY -> ayovgmxm.ini -> %SystemRoot%\System32\ayovgmxm.ini
NY -> baykhmkp.dll -> %SystemRoot%\System32\baykhmkp.dll
NY -> bbiaeuyn.dll -> %SystemRoot%\System32\bbiaeuyn.dll
NY -> bccyoakj.dll -> %SystemRoot%\System32\bccyoakj.dll
NY -> bctggvrh.dll -> %SystemRoot%\System32\bctggvrh.dll
NY -> bgiiglmk.dll -> %SystemRoot%\System32\bgiiglmk.dll
NY -> bkpguxaq.dll -> %SystemRoot%\System32\bkpguxaq.dll
NY -> bmkeepsr.dll -> %SystemRoot%\System32\bmkeepsr.dll
NY -> bmtukuml.dll -> %SystemRoot%\System32\bmtukuml.dll
NY -> bpcqsjkx.exe -> %SystemRoot%\System32\bpcqsjkx.exe
NY -> bppetjol.dll -> %SystemRoot%\System32\bppetjol.dll
NY -> bsggcado.dll -> %SystemRoot%\System32\bsggcado.dll
NY -> btqtufya.ini -> %SystemRoot%\System32\btqtufya.ini
NY -> bymuxpov.exe -> %SystemRoot%\System32\bymuxpov.exe
NY -> ceoepocf.dll -> %SystemRoot%\System32\ceoepocf.dll
NY -> cpsapabf.dll -> %SystemRoot%\System32\cpsapabf.dll
NY -> cvjhojqy.ini -> %SystemRoot%\System32\cvjhojqy.ini
NY -> dcxmfumy.ini -> %SystemRoot%\System32\dcxmfumy.ini
NY -> dequvfiv.ini -> %SystemRoot%\System32\dequvfiv.ini
NY -> dkxkbhev.dll -> %SystemRoot%\System32\dkxkbhev.dll
NY -> drieuuhj.ini -> %SystemRoot%\System32\drieuuhj.ini
NY -> dvgolgeo.dll -> %SystemRoot%\System32\dvgolgeo.dll
NY -> ehqwtxbh.dll -> %SystemRoot%\System32\ehqwtxbh.dll
NY -> eiemchpv.dll -> %SystemRoot%\System32\eiemchpv.dll
NY -> eipnuupg.ini -> %SystemRoot%\System32\eipnuupg.ini
NY -> elgmsnja.ini -> %SystemRoot%\System32\elgmsnja.ini
NY -> eqbsidll.ini -> %SystemRoot%\System32\eqbsidll.ini
NY -> eqlwdpvr.ini -> %SystemRoot%\System32\eqlwdpvr.ini
NY -> esalmfvu.dll -> %SystemRoot%\System32\esalmfvu.dll
NY -> exdpkuqf.ini -> %SystemRoot%\System32\exdpkuqf.ini
NY -> fdeyjmom.dll -> %SystemRoot%\System32\fdeyjmom.dll
NY -> fembqtlg.dll -> %SystemRoot%\System32\fembqtlg.dll
NY -> fodrgkal.dll -> %SystemRoot%\System32\fodrgkal.dll
NY -> fotmkora.ini -> %SystemRoot%\System32\fotmkora.ini
NY -> ftwcchqk.dll -> %SystemRoot%\System32\ftwcchqk.dll
NY -> geohlgvn.ini -> %SystemRoot%\System32\geohlgvn.ini
NY -> glbuwhpd.dll -> %SystemRoot%\System32\glbuwhpd.dll
NY -> gohcuyum.dll -> %SystemRoot%\System32\gohcuyum.dll
NY -> gpuunpie.dll -> %SystemRoot%\System32\gpuunpie.dll
NY -> gqwnfvbo.ini -> %SystemRoot%\System32\gqwnfvbo.ini
NY -> hcetyeop.dll -> %SystemRoot%\System32\hcetyeop.dll
NY -> hclppmfy.ini -> %SystemRoot%\System32\hclppmfy.ini
NY -> hfxqccpc.exe -> %SystemRoot%\System32\hfxqccpc.exe
NY -> hgklpnmq.dll -> %SystemRoot%\System32\hgklpnmq.dll
NY -> hkfmcvps.ini -> %SystemRoot%\System32\hkfmcvps.ini
NY -> hlobtjjt.dll -> %SystemRoot%\System32\hlobtjjt.dll
NY -> hmaouioq.ini -> %SystemRoot%\System32\hmaouioq.ini
NY -> hosovjyr.dll -> %SystemRoot%\System32\hosovjyr.dll
NY -> huxivllg.dll -> %SystemRoot%\System32\huxivllg.dll
NY -> hvovhifg.exe -> %SystemRoot%\System32\hvovhifg.exe
NY -> ijfdrhjg.ini -> %SystemRoot%\System32\ijfdrhjg.ini
NY -> invjfjkv.ini -> %SystemRoot%\System32\invjfjkv.ini
NY -> itlabicf.dll -> %SystemRoot%\System32\itlabicf.dll
NY -> jjjlm.ini2 -> %SystemRoot%\System32\jjjlm.ini2
NY -> jowaxqvk.dll -> %SystemRoot%\System32\jowaxqvk.dll
NY -> jwaawiyy.dll -> %SystemRoot%\System32\jwaawiyy.dll
NY -> kqkmvsfv.ini -> %SystemRoot%\System32\kqkmvsfv.ini
NY -> krvghyjt.ini -> %SystemRoot%\System32\krvghyjt.ini
NY -> kydrnhot.ini -> %SystemRoot%\System32\kydrnhot.ini
NY -> lfacwvhx.ini -> %SystemRoot%\System32\lfacwvhx.ini
NY -> lgvxqatp.dll -> %SystemRoot%\System32\lgvxqatp.dll
NY -> lkqcdvvh.exe -> %SystemRoot%\System32\lkqcdvvh.exe
NY -> lojteppb.ini -> %SystemRoot%\System32\lojteppb.ini
NY -> lsawwlrm.dll -> %SystemRoot%\System32\lsawwlrm.dll
NY -> ltusskyo.dll -> %SystemRoot%\System32\ltusskyo.dll
NY -> mbvqksml.exe -> %SystemRoot%\System32\mbvqksml.exe
NY -> mcwkvuar.dll -> %SystemRoot%\System32\mcwkvuar.dll
NY -> meuukmaf.exe -> %SystemRoot%\System32\meuukmaf.exe
NY -> mlngvcda.dll -> %SystemRoot%\System32\mlngvcda.dll
NY -> momjyedf.ini -> %SystemRoot%\System32\momjyedf.ini
NY -> mugnirtp.ini -> %SystemRoot%\System32\mugnirtp.ini
NY -> murnbdjt.ini -> %SystemRoot%\System32\murnbdjt.ini
NY -> mxmgvoya.dll -> %SystemRoot%\System32\mxmgvoya.dll
NY -> nbevrygw.ini -> %SystemRoot%\System32\nbevrygw.ini
NY -> ndbwlpuv.dll -> %SystemRoot%\System32\ndbwlpuv.dll
NY -> nfkyyoua.dll -> %SystemRoot%\System32\nfkyyoua.dll
NY -> nhmrmdcv.dll -> %SystemRoot%\System32\nhmrmdcv.dll
NY -> nwgivgwx.ini -> %SystemRoot%\System32\nwgivgwx.ini
NY -> nxgwsook.dll -> %SystemRoot%\System32\nxgwsook.dll
NY -> obvfnwqg.dll -> %SystemRoot%\System32\obvfnwqg.dll
NY -> odacggsb.ini -> %SystemRoot%\System32\odacggsb.ini
NY -> orwqeols.dll -> %SystemRoot%\System32\orwqeols.dll
NY -> otdljjgk.ini -> %SystemRoot%\System32\otdljjgk.ini
NY -> otobhppv.ini -> %SystemRoot%\System32\otobhppv.ini
NY -> oykssutl.ini -> %SystemRoot%\System32\oykssutl.ini
NY -> plyppboe.dll -> %SystemRoot%\System32\plyppboe.dll
NY -> pspxexhb.dll -> %SystemRoot%\System32\pspxexhb.dll
NY -> psxruupq.dll -> %SystemRoot%\System32\psxruupq.dll
NY -> ptaqxvgl.ini -> %SystemRoot%\System32\ptaqxvgl.ini
NY -> pyiruphs.dll -> %SystemRoot%\System32\pyiruphs.dll
NY -> qaxugpkb.ini -> %SystemRoot%\System32\qaxugpkb.ini
NY -> qmqqwkis.dll -> %SystemRoot%\System32\qmqqwkis.dll
NY -> qngdixqi.dll -> %SystemRoot%\System32\qngdixqi.dll
NY -> qplnvljh.dll -> %SystemRoot%\System32\qplnvljh.dll
NY -> quyjrsmv.dll -> %SystemRoot%\System32\quyjrsmv.dll
NY -> qvjyxxlt.dll -> %SystemRoot%\System32\qvjyxxlt.dll
NY -> raifxrvc.dll -> %SystemRoot%\System32\raifxrvc.dll
NY -> rbgwdjnn.dll -> %SystemRoot%\System32\rbgwdjnn.dll
NY -> rblxxgfc.dll -> %SystemRoot%\System32\rblxxgfc.dll
NY -> rmxbsaas.dll -> %SystemRoot%\System32\rmxbsaas.dll
NY -> rspeekmb.ini -> %SystemRoot%\System32\rspeekmb.ini
NY -> ruybamme.ini -> %SystemRoot%\System32\ruybamme.ini
NY -> rvmfjrng.dll -> %SystemRoot%\System32\rvmfjrng.dll
NY -> rvpdwlqe.dll -> %SystemRoot%\System32\rvpdwlqe.dll
NY -> sabgdetp.ini -> %SystemRoot%\System32\sabgdetp.ini
NY -> scgqaagq.dll -> %SystemRoot%\System32\scgqaagq.dll
NY -> sdyunhwg.dll -> %SystemRoot%\System32\sdyunhwg.dll
NY -> sgeglwfe.dll -> %SystemRoot%\System32\sgeglwfe.dll
NY -> skaebqal.dll -> %SystemRoot%\System32\skaebqal.dll
NY -> skfprdmp.dll -> %SystemRoot%\System32\skfprdmp.dll
NY -> soincroh.dll -> %SystemRoot%\System32\soincroh.dll
NY -> spvcmfkh.dll -> %SystemRoot%\System32\spvcmfkh.dll
NY -> srjuxvky.dll -> %SystemRoot%\System32\srjuxvky.dll
NY -> tbkrofbm.dll -> %SystemRoot%\System32\tbkrofbm.dll
NY -> teuyleed.ini -> %SystemRoot%\System32\teuyleed.ini
NY -> tfeyayrh.dll -> %SystemRoot%\System32\tfeyayrh.dll
NY -> tgpmpdlc.dll -> %SystemRoot%\System32\tgpmpdlc.dll
NY -> tjdcelfg.ini -> %SystemRoot%\System32\tjdcelfg.ini
NY -> tjsebcov.dll -> %SystemRoot%\System32\tjsebcov.dll
NY -> tluuptfd.dll -> %SystemRoot%\System32\tluuptfd.dll
NY -> tpwplmba.dll -> %SystemRoot%\System32\tpwplmba.dll
NY -> tqaeroqw.ini -> %SystemRoot%\System32\tqaeroqw.ini
NY -> tsmamhhw.ini -> %SystemRoot%\System32\tsmamhhw.ini
NY -> txocnevi.dll -> %SystemRoot%\System32\txocnevi.dll
NY -> uhsbyakd.ini -> %SystemRoot%\System32\uhsbyakd.ini
NY -> umldeegr.exe -> %SystemRoot%\System32\umldeegr.exe
NY -> umxcjgig.dll -> %SystemRoot%\System32\umxcjgig.dll
NY -> unahyxnd.ini -> %SystemRoot%\System32\unahyxnd.ini
NY -> unuwjeey.dll -> %SystemRoot%\System32\unuwjeey.dll
NY -> usheagik.ini -> %SystemRoot%\System32\usheagik.ini
NY -> usixyvfi.ini -> %SystemRoot%\System32\usixyvfi.ini
NY -> uwlkqotr.ini -> %SystemRoot%\System32\uwlkqotr.ini
NY -> vcaxqqsd.dll -> %SystemRoot%\System32\vcaxqqsd.dll
NY -> vehbkxkd.ini -> %SystemRoot%\System32\vehbkxkd.ini
NY -> vfqarpui.ini -> %SystemRoot%\System32\vfqarpui.ini
NY -> vfwjliug.ini -> %SystemRoot%\System32\vfwjliug.ini
NY -> visfrcon.ini -> %SystemRoot%\System32\visfrcon.ini
NY -> vstlfmgt.dll -> %SystemRoot%\System32\vstlfmgt.dll
NY -> vuplwbdn.ini -> %SystemRoot%\System32\vuplwbdn.ini
NY -> wadkeubg.dll -> %SystemRoot%\System32\wadkeubg.dll
NY -> wdbemlrk.ini -> %SystemRoot%\System32\wdbemlrk.ini
NY -> wirpjbbt.ini -> %SystemRoot%\System32\wirpjbbt.ini
NY -> wotliugp.dll -> %SystemRoot%\System32\wotliugp.dll
NY -> wwwtvnhj.ini -> %SystemRoot%\System32\wwwtvnhj.ini
NY -> wxicejca.dll -> %SystemRoot%\System32\wxicejca.dll
NY -> xakicgdn.dll -> %SystemRoot%\System32\xakicgdn.dll
NY -> xcqhdxpq.dll -> %SystemRoot%\System32\xcqhdxpq.dll
NY -> xdytwefu.dll -> %SystemRoot%\System32\xdytwefu.dll
NY -> xfmffimv.ini -> %SystemRoot%\System32\xfmffimv.ini
NY -> xjhtlgfv.dll -> %SystemRoot%\System32\xjhtlgfv.dll
NY -> xmmlsmwu.ini -> %SystemRoot%\System32\xmmlsmwu.ini
NY -> xnjvtuoi.dll -> %SystemRoot%\System32\xnjvtuoi.dll
NY -> xoaxknhf.dll -> %SystemRoot%\System32\xoaxknhf.dll
NY -> xwgvigwn.dll -> %SystemRoot%\System32\xwgvigwn.dll
NY -> xxvqqbiv.ini -> %SystemRoot%\System32\xxvqqbiv.ini
NY -> yfmpplch.dll -> %SystemRoot%\System32\yfmpplch.dll
NY -> yjhuidfo.exe -> %SystemRoot%\System32\yjhuidfo.exe
NY -> ymufmxcd.dll -> %SystemRoot%\System32\ymufmxcd.dll
NY -> ypdchbjs.ini -> %SystemRoot%\System32\ypdchbjs.ini
NY -> ysssrgpj.dll -> %SystemRoot%\System32\ysssrgpj.dll
NY -> yvavhopl.ini -> %SystemRoot%\System32\yvavhopl.ini
NY -> ywiibija.dll -> %SystemRoot%\System32\ywiibija.dll
[Files/Folders - Modified Within 30 days]
NY -> ajnuyjcx.dll -> %SystemRoot%\System32\ajnuyjcx.dll
NY -> akfnvrag.dll -> %SystemRoot%\System32\akfnvrag.dll
NY -> akxhsaik.dll -> %SystemRoot%\System32\akxhsaik.dll
NY -> amqqnowg.dll -> %SystemRoot%\System32\amqqnowg.dll
NY -> aobveehd.dll -> %SystemRoot%\System32\aobveehd.dll
NY -> aptmntun.ini -> %SystemRoot%\System32\aptmntun.ini
NY -> asnaxpes.ini -> %SystemRoot%\System32\asnaxpes.ini
NY -> auoyykfn.ini -> %SystemRoot%\System32\auoyykfn.ini
NY -> avhaebbw.dll -> %SystemRoot%\System32\avhaebbw.dll
NY -> ayovgmxm.ini -> %SystemRoot%\System32\ayovgmxm.ini
NY -> baykhmkp.dll -> %SystemRoot%\System32\baykhmkp.dll
NY -> bbiaeuyn.dll -> %SystemRoot%\System32\bbiaeuyn.dll
NY -> bccyoakj.dll -> %SystemRoot%\System32\bccyoakj.dll
NY -> bctggvrh.dll -> %SystemRoot%\System32\bctggvrh.dll
NY -> bgiiglmk.dll -> %SystemRoot%\System32\bgiiglmk.dll
NY -> bkpguxaq.dll -> %SystemRoot%\System32\bkpguxaq.dll
NY -> bmkeepsr.dll -> %SystemRoot%\System32\bmkeepsr.dll
NY -> bmtukuml.dll -> %SystemRoot%\System32\bmtukuml.dll
NY -> bpcqsjkx.exe -> %SystemRoot%\System32\bpcqsjkx.exe
NY -> bppetjol.dll -> %SystemRoot%\System32\bppetjol.dll
NY -> bsggcado.dll -> %SystemRoot%\System32\bsggcado.dll
NY -> btqtufya.ini -> %SystemRoot%\System32\btqtufya.ini
NY -> bymuxpov.exe -> %SystemRoot%\System32\bymuxpov.exe
NY -> ceoepocf.dll -> %SystemRoot%\System32\ceoepocf.dll
NY -> cpsapabf.dll -> %SystemRoot%\System32\cpsapabf.dll
NY -> cvjhojqy.ini -> %SystemRoot%\System32\cvjhojqy.ini
NY -> dcxmfumy.ini -> %SystemRoot%\System32\dcxmfumy.ini
NY -> dequvfiv.ini -> %SystemRoot%\System32\dequvfiv.ini
NY -> dkxkbhev.dll -> %SystemRoot%\System32\dkxkbhev.dll
NY -> drieuuhj.ini -> %SystemRoot%\System32\drieuuhj.ini
NY -> dvgolgeo.dll -> %SystemRoot%\System32\dvgolgeo.dll
NY -> ehqwtxbh.dll -> %SystemRoot%\System32\ehqwtxbh.dll
NY -> eiemchpv.dll -> %SystemRoot%\System32\eiemchpv.dll
NY -> eipnuupg.ini -> %SystemRoot%\System32\eipnuupg.ini
NY -> elgmsnja.ini -> %SystemRoot%\System32\elgmsnja.ini
NY -> eqbsidll.ini -> %SystemRoot%\System32\eqbsidll.ini
NY -> eqlwdpvr.ini -> %SystemRoot%\System32\eqlwdpvr.ini
NY -> esalmfvu.dll -> %SystemRoot%\System32\esalmfvu.dll
NY -> exdpkuqf.ini -> %SystemRoot%\System32\exdpkuqf.ini
NY -> fdeyjmom.dll -> %SystemRoot%\System32\fdeyjmom.dll
NY -> fembqtlg.dll -> %SystemRoot%\System32\fembqtlg.dll
NY -> fodrgkal.dll -> %SystemRoot%\System32\fodrgkal.dll
NY -> fotmkora.ini -> %SystemRoot%\System32\fotmkora.ini
NY -> ftwcchqk.dll -> %SystemRoot%\System32\ftwcchqk.dll
NY -> geohlgvn.ini -> %SystemRoot%\System32\geohlgvn.ini
NY -> glbuwhpd.dll -> %SystemRoot%\System32\glbuwhpd.dll
NY -> gohcuyum.dll -> %SystemRoot%\System32\gohcuyum.dll
NY -> gpuunpie.dll -> %SystemRoot%\System32\gpuunpie.dll
NY -> gqwnfvbo.ini -> %SystemRoot%\System32\gqwnfvbo.ini
NY -> hcetyeop.dll -> %SystemRoot%\System32\hcetyeop.dll
NY -> hclppmfy.ini -> %SystemRoot%\System32\hclppmfy.ini
NY -> hfxqccpc.exe -> %SystemRoot%\System32\hfxqccpc.exe
NY -> hgklpnmq.dll -> %SystemRoot%\System32\hgklpnmq.dll
NY -> hkfmcvps.ini -> %SystemRoot%\System32\hkfmcvps.ini
NY -> hlobtjjt.dll -> %SystemRoot%\System32\hlobtjjt.dll
NY -> hmaouioq.ini -> %SystemRoot%\System32\hmaouioq.ini
NY -> hosovjyr.dll -> %SystemRoot%\System32\hosovjyr.dll
NY -> huxivllg.dll -> %SystemRoot%\System32\huxivllg.dll
NY -> hvovhifg.exe -> %SystemRoot%\System32\hvovhifg.exe
NY -> ijfdrhjg.ini -> %SystemRoot%\System32\ijfdrhjg.ini
NY -> invjfjkv.ini -> %SystemRoot%\System32\invjfjkv.ini
NY -> itlabicf.dll -> %SystemRoot%\System32\itlabicf.dll
NY -> jjjlm.bak1 -> %SystemRoot%\System32\jjjlm.bak1
NY -> jjjlm.bak2 -> %SystemRoot%\System32\jjjlm.bak2
NY -> jjjlm.ini2 -> %SystemRoot%\System32\jjjlm.ini2
NY -> jowaxqvk.dll -> %SystemRoot%\System32\jowaxqvk.dll
NY -> jwaawiyy.dll -> %SystemRoot%\System32\jwaawiyy.dll
NY -> kqkmvsfv.ini -> %SystemRoot%\System32\kqkmvsfv.ini
NY -> krvghyjt.ini -> %SystemRoot%\System32\krvghyjt.ini
NY -> kydrnhot.ini -> %SystemRoot%\System32\kydrnhot.ini
NY -> lfacwvhx.ini -> %SystemRoot%\System32\lfacwvhx.ini
NY -> lkqcdvvh.exe -> %SystemRoot%\System32\lkqcdvvh.exe
NY -> lojteppb.ini -> %SystemRoot%\System32\lojteppb.ini
NY -> lsawwlrm.dll -> %SystemRoot%\System32\lsawwlrm.dll
NY -> ltusskyo.dll -> %SystemRoot%\System32\ltusskyo.dll
NY -> mbvqksml.exe -> %SystemRoot%\System32\mbvqksml.exe
NY -> mcwkvuar.dll -> %SystemRoot%\System32\mcwkvuar.dll
NY -> meuukmaf.exe -> %SystemRoot%\System32\meuukmaf.exe
NY -> mlngvcda.dll -> %SystemRoot%\System32\mlngvcda.dll
NY -> momjyedf.ini -> %SystemRoot%\System32\momjyedf.ini
NY -> murnbdjt.ini -> %SystemRoot%\System32\murnbdjt.ini
NY -> mxmgvoya.dll -> %SystemRoot%\System32\mxmgvoya.dll
NY -> nbevrygw.ini -> %SystemRoot%\System32\nbevrygw.ini
NY -> ndbwlpuv.dll -> %SystemRoot%\System32\ndbwlpuv.dll
NY -> nfkyyoua.dll -> %SystemRoot%\System32\nfkyyoua.dll
NY -> nhmrmdcv.dll -> %SystemRoot%\System32\nhmrmdcv.dll
NY -> nwgivgwx.ini -> %SystemRoot%\System32\nwgivgwx.ini
NY -> nxgwsook.dll -> %SystemRoot%\System32\nxgwsook.dll
NY -> obvfnwqg.dll -> %SystemRoot%\System32\obvfnwqg.dll
NY -> odacggsb.ini -> %SystemRoot%\System32\odacggsb.ini
NY -> orwqeols.dll -> %SystemRoot%\System32\orwqeols.dll
NY -> otdljjgk.ini -> %SystemRoot%\System32\otdljjgk.ini
NY -> otobhppv.ini -> %SystemRoot%\System32\otobhppv.ini
NY -> oykssutl.ini -> %SystemRoot%\System32\oykssutl.ini
NY -> plyppboe.dll -> %SystemRoot%\System32\plyppboe.dll
NY -> pspxexhb.dll -> %SystemRoot%\System32\pspxexhb.dll
NY -> psxruupq.dll -> %SystemRoot%\System32\psxruupq.dll
NY -> ptaqxvgl.ini -> %SystemRoot%\System32\ptaqxvgl.ini
NY -> pyiruphs.dll -> %SystemRoot%\System32\pyiruphs.dll
NY -> qaxugpkb.ini -> %SystemRoot%\System32\qaxugpkb.ini
NY -> qmqqwkis.dll -> %SystemRoot%\System32\qmqqwkis.dll
NY -> qngdixqi.dll -> %SystemRoot%\System32\qngdixqi.dll
NY -> qplnvljh.dll -> %SystemRoot%\System32\qplnvljh.dll
NY -> quyjrsmv.dll -> %SystemRoot%\System32\quyjrsmv.dll
NY -> qvjyxxlt.dll -> %SystemRoot%\System32\qvjyxxlt.dll
NY -> raifxrvc.dll -> %SystemRoot%\System32\raifxrvc.dll
NY -> rbgwdjnn.dll -> %SystemRoot%\System32\rbgwdjnn.dll
NY -> rblxxgfc.dll -> %SystemRoot%\System32\rblxxgfc.dll
NY -> rmxbsaas.dll -> %SystemRoot%\System32\rmxbsaas.dll
NY -> rspeekmb.ini -> %SystemRoot%\System32\rspeekmb.ini
NY -> ruybamme.ini -> %SystemRoot%\System32\ruybamme.ini
NY -> rvmfjrng.dll -> %SystemRoot%\System32\rvmfjrng.dll
NY -> rvpdwlqe.dll -> %SystemRoot%\System32\rvpdwlqe.dll
NY -> sabgdetp.ini -> %SystemRoot%\System32\sabgdetp.ini
NY -> scgqaagq.dll -> %SystemRoot%\System32\scgqaagq.dll
NY -> sdyunhwg.dll -> %SystemRoot%\System32\sdyunhwg.dll
NY -> sgeglwfe.dll -> %SystemRoot%\System32\sgeglwfe.dll
NY -> skaebqal.dll -> %SystemRoot%\System32\skaebqal.dll
NY -> skfprdmp.dll -> %SystemRoot%\System32\skfprdmp.dll
NY -> soincroh.dll -> %SystemRoot%\System32\soincroh.dll
NY -> spvcmfkh.dll -> %SystemRoot%\System32\spvcmfkh.dll
NY -> srjuxvky.dll -> %SystemRoot%\System32\srjuxvky.dll
NY -> tbkrofbm.dll -> %SystemRoot%\System32\tbkrofbm.dll
NY -> teuyleed.ini -> %SystemRoot%\System32\teuyleed.ini
NY -> tfeyayrh.dll -> %SystemRoot%\System32\tfeyayrh.dll
NY -> tgpmpdlc.dll -> %SystemRoot%\System32\tgpmpdlc.dll
NY -> tjdcelfg.ini -> %SystemRoot%\System32\tjdcelfg.ini
NY -> tjsebcov.dll -> %SystemRoot%\System32\tjsebcov.dll
NY -> tluuptfd.dll -> %SystemRoot%\System32\tluuptfd.dll
NY -> tpwplmba.dll -> %SystemRoot%\System32\tpwplmba.dll
NY -> tqaeroqw.ini -> %SystemRoot%\System32\tqaeroqw.ini
NY -> tsmamhhw.ini -> %SystemRoot%\System32\tsmamhhw.ini
NY -> txocnevi.dll -> %SystemRoot%\System32\txocnevi.dll
NY -> uhsbyakd.ini -> %SystemRoot%\System32\uhsbyakd.ini
NY -> umldeegr.exe -> %SystemRoot%\System32\umldeegr.exe
NY -> umxcjgig.dll -> %SystemRoot%\System32\umxcjgig.dll
NY -> unahyxnd.ini -> %SystemRoot%\System32\unahyxnd.ini
NY -> unuwjeey.dll -> %SystemRoot%\System32\unuwjeey.dll
NY -> usheagik.ini -> %SystemRoot%\System32\usheagik.ini
NY -> usixyvfi.ini -> %SystemRoot%\System32\usixyvfi.ini
NY -> uwlkqotr.ini -> %SystemRoot%\System32\uwlkqotr.ini
NY -> vcaxqqsd.dll -> %SystemRoot%\System32\vcaxqqsd.dll
NY -> vehbkxkd.ini -> %SystemRoot%\System32\vehbkxkd.ini
NY -> vfqarpui.ini -> %SystemRoot%\System32\vfqarpui.ini
NY -> vfwjliug.ini -> %SystemRoot%\System32\vfwjliug.ini
NY -> visfrcon.ini -> %SystemRoot%\System32\visfrcon.ini
NY -> vstlfmgt.dll -> %SystemRoot%\System32\vstlfmgt.dll
NY -> vuplwbdn.ini -> %SystemRoot%\System32\vuplwbdn.ini
NY -> wadkeubg.dll -> %SystemRoot%\System32\wadkeubg.dll
NY -> wdbemlrk.ini -> %SystemRoot%\System32\wdbemlrk.ini
NY -> wirpjbbt.ini -> %SystemRoot%\System32\wirpjbbt.ini
NY -> wotliugp.dll -> %SystemRoot%\System32\wotliugp.dll
NY -> wwwtvnhj.ini -> %SystemRoot%\System32\wwwtvnhj.ini
NY -> wxicejca.dll -> %SystemRoot%\System32\wxicejca.dll
NY -> xakicgdn.dll -> %SystemRoot%\System32\xakicgdn.dll
NY -> xcqhdxpq.dll -> %SystemRoot%\System32\xcqhdxpq.dll
NY -> xdytwefu.dll -> %SystemRoot%\System32\xdytwefu.dll
NY -> xfmffimv.ini -> %SystemRoot%\System32\xfmffimv.ini
NY -> xjhtlgfv.dll -> %SystemRoot%\System32\xjhtlgfv.dll
NY -> xmmlsmwu.ini -> %SystemRoot%\System32\xmmlsmwu.ini
NY -> xnjvtuoi.dll -> %SystemRoot%\System32\xnjvtuoi.dll
NY -> xoaxknhf.dll -> %SystemRoot%\System32\xoaxknhf.dll
NY -> xwgvigwn.dll -> %SystemRoot%\System32\xwgvigwn.dll
NY -> xxvqqbiv.ini -> %SystemRoot%\System32\xxvqqbiv.ini
NY -> yfmpplch.dll -> %SystemRoot%\System32\yfmpplch.dll
NY -> yjhuidfo.exe -> %SystemRoot%\System32\yjhuidfo.exe
NY -> ymufmxcd.dll -> %SystemRoot%\System32\ymufmxcd.dll
NY -> ypdchbjs.ini -> %SystemRoot%\System32\ypdchbjs.ini
NY -> ysssrgpj.dll -> %SystemRoot%\System32\ysssrgpj.dll
NY -> yvavhopl.ini -> %SystemRoot%\System32\yvavhopl.ini
NY -> ywiibija.dll -> %SystemRoot%\System32\ywiibija.dll
NY -> cookies.ini -> %SystemRoot%\cookies.ini
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #6

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (just use the default options this time).
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #7

Post the following back here:The Avenger report (c:\Avenger.txt)
The VundoFix log (c:\vundofix.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 Dragoon The Lad

Dragoon The Lad
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 13 February 2008 - 04:21 PM

Time to break your mousewheel :D.

Avenger Log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\goebtjno

*******************

Script file located at: \??\C:\Program Files\ejtmyque.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver DomainService unloaded successfully.
File C:\WINDOWS\cookies.ini deleted successfully.
File C:\WINDOWS\System32\ajnuyjcx.dll deleted successfully.
File C:\WINDOWS\System32\akfnvrag.dll deleted successfully.
File C:\WINDOWS\System32\akxhsaik.dll deleted successfully.
File C:\WINDOWS\System32\amqqnowg.dll deleted successfully.
File C:\WINDOWS\System32\aobveehd.dll deleted successfully.
File C:\WINDOWS\System32\aptmntun.ini deleted successfully.
File C:\WINDOWS\System32\asnaxpes.ini deleted successfully.
File C:\WINDOWS\System32\auoyykfn.ini deleted successfully.
File C:\WINDOWS\System32\avhaebbw.dll deleted successfully.
File C:\WINDOWS\System32\ayovgmxm.ini deleted successfully.
File C:\WINDOWS\System32\baykhmkp.dll deleted successfully.
File C:\WINDOWS\System32\bbiaeuyn.dll deleted successfully.
File C:\WINDOWS\System32\bccyoakj.dll deleted successfully.
File C:\WINDOWS\System32\bctggvrh.dll deleted successfully.
File C:\WINDOWS\System32\bgiiglmk.dll deleted successfully.
File C:\WINDOWS\System32\bkpguxaq.dll deleted successfully.
File C:\WINDOWS\System32\bmkeepsr.dll deleted successfully.
File C:\WINDOWS\System32\bmtukuml.dll deleted successfully.
File C:\WINDOWS\System32\bpcqsjkx.exe deleted successfully.


File C:\WINDOWS\System32\bppetjol.dll not found!
Deletion of file C:\WINDOWS\System32\bppetjol.dll failed!

Could not process line:
C:\WINDOWS\System32\bppetjol.dll
Status: 0xc0000034

File C:\WINDOWS\System32\bsggcado.dll deleted successfully.
File C:\WINDOWS\System32\btqtufya.ini deleted successfully.
File C:\WINDOWS\System32\bymuxpov.exe deleted successfully.


File C:\WINDOWS\system32\cbxwxyv.dll not found!
Deletion of file C:\WINDOWS\system32\cbxwxyv.dll failed!

Could not process line:
C:\WINDOWS\system32\cbxwxyv.dll
Status: 0xc0000034

File C:\WINDOWS\System32\ceoepocf.dll deleted successfully.
File C:\WINDOWS\System32\cpsapabf.dll deleted successfully.
File C:\WINDOWS\System32\cvjhojqy.ini deleted successfully.
File C:\WINDOWS\System32\dcxmfumy.ini deleted successfully.
File C:\WINDOWS\System32\dequvfiv.ini deleted successfully.


File C:\WINDOWS\system32\dfhtdqwo.exe not found!
Deletion of file C:\WINDOWS\system32\dfhtdqwo.exe failed!

Could not process line:
C:\WINDOWS\system32\dfhtdqwo.exe
Status: 0xc0000034

File C:\WINDOWS\System32\dkxkbhev.dll deleted successfully.
File C:\WINDOWS\System32\drieuuhj.ini deleted successfully.
File C:\WINDOWS\System32\dvgolgeo.dll deleted successfully.
File C:\WINDOWS\System32\ehqwtxbh.dll deleted successfully.
File C:\WINDOWS\System32\eiemchpv.dll deleted successfully.
File C:\WINDOWS\System32\eipnuupg.ini deleted successfully.
File C:\WINDOWS\System32\elgmsnja.ini deleted successfully.
File C:\WINDOWS\System32\eqbsidll.ini deleted successfully.
File C:\WINDOWS\System32\eqlwdpvr.ini deleted successfully.
File C:\WINDOWS\System32\esalmfvu.dll deleted successfully.
File C:\WINDOWS\System32\exdpkuqf.ini deleted successfully.
File C:\WINDOWS\System32\fdeyjmom.dll deleted successfully.
File C:\WINDOWS\System32\fembqtlg.dll deleted successfully.
File C:\WINDOWS\System32\fodrgkal.dll deleted successfully.
File C:\WINDOWS\System32\fotmkora.ini deleted successfully.
File C:\WINDOWS\System32\ftwcchqk.dll deleted successfully.
File C:\WINDOWS\System32\geohlgvn.ini deleted successfully.
File C:\WINDOWS\System32\glbuwhpd.dll deleted successfully.
File C:\WINDOWS\System32\gohcuyum.dll deleted successfully.


File C:\WINDOWS\SYSTEM32\gohcuyum.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\gohcuyum.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\gohcuyum.dll
Status: 0xc0000034

File C:\WINDOWS\System32\gpuunpie.dll deleted successfully.
File C:\WINDOWS\System32\gqwnfvbo.ini deleted successfully.
File C:\WINDOWS\System32\hcetyeop.dll deleted successfully.
File C:\WINDOWS\System32\hclppmfy.ini deleted successfully.
File C:\WINDOWS\System32\hfxqccpc.exe deleted successfully.
File C:\WINDOWS\System32\hgklpnmq.dll deleted successfully.
File C:\WINDOWS\System32\hkfmcvps.ini deleted successfully.
File C:\WINDOWS\System32\hlobtjjt.dll deleted successfully.
File C:\WINDOWS\System32\hmaouioq.ini deleted successfully.
File C:\WINDOWS\System32\hosovjyr.dll deleted successfully.
File C:\WINDOWS\System32\huxivllg.dll deleted successfully.
File C:\WINDOWS\System32\hvovhifg.exe deleted successfully.
File C:\WINDOWS\System32\ijfdrhjg.ini deleted successfully.
File C:\WINDOWS\System32\invjfjkv.ini deleted successfully.
File C:\WINDOWS\System32\itlabicf.dll deleted successfully.
File C:\WINDOWS\System32\jjjlm.bak1 deleted successfully.
File C:\WINDOWS\System32\jjjlm.bak2 deleted successfully.
File C:\WINDOWS\System32\jjjlm.ini2 deleted successfully.
File C:\WINDOWS\System32\jowaxqvk.dll deleted successfully.
File C:\WINDOWS\System32\jwaawiyy.dll deleted successfully.
File C:\WINDOWS\System32\kqkmvsfv.ini deleted successfully.
File C:\WINDOWS\System32\krvghyjt.ini deleted successfully.
File C:\WINDOWS\System32\kydrnhot.ini deleted successfully.
File C:\WINDOWS\System32\lfacwvhx.ini deleted successfully.
File C:\WINDOWS\System32\lgvxqatp.dll deleted successfully.
File C:\WINDOWS\System32\lkqcdvvh.exe deleted successfully.
File C:\WINDOWS\System32\lojteppb.ini deleted successfully.
File C:\WINDOWS\System32\lsawwlrm.dll deleted successfully.


File C:\WINDOWS\System32\ltusskyo.dll not found!
Deletion of file C:\WINDOWS\System32\ltusskyo.dll failed!

Could not process line:
C:\WINDOWS\System32\ltusskyo.dll
Status: 0xc0000034

File C:\WINDOWS\System32\mbvqksml.exe deleted successfully.
File C:\WINDOWS\System32\mcwkvuar.dll deleted successfully.
File C:\WINDOWS\System32\meuukmaf.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\mljjj.dll deleted successfully.


File C:\WINDOWS\SYSTEM32\mljjj.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\mljjj.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\mljjj.dll
Status: 0xc0000034

File C:\WINDOWS\System32\mlngvcda.dll deleted successfully.
File C:\WINDOWS\System32\momjyedf.ini deleted successfully.
File C:\WINDOWS\System32\mugnirtp.ini deleted successfully.
File C:\WINDOWS\System32\murnbdjt.ini deleted successfully.
File C:\WINDOWS\System32\mxmgvoya.dll deleted successfully.
File C:\WINDOWS\System32\nbevrygw.ini deleted successfully.


File C:\WINDOWS\System32\ndbwlpuv.dll not found!
Deletion of file C:\WINDOWS\System32\ndbwlpuv.dll failed!

Could not process line:
C:\WINDOWS\System32\ndbwlpuv.dll
Status: 0xc0000034

File C:\WINDOWS\System32\nfkyyoua.dll deleted successfully.
File C:\WINDOWS\System32\nhmrmdcv.dll deleted successfully.
File C:\WINDOWS\System32\nwgivgwx.ini deleted successfully.
File C:\WINDOWS\System32\nxgwsook.dll deleted successfully.
File C:\WINDOWS\System32\obvfnwqg.dll deleted successfully.
File C:\WINDOWS\System32\odacggsb.ini deleted successfully.
File C:\WINDOWS\System32\orwqeols.dll deleted successfully.
File C:\WINDOWS\System32\otdljjgk.ini deleted successfully.
File C:\WINDOWS\System32\otobhppv.ini deleted successfully.
File C:\WINDOWS\System32\oykssutl.ini deleted successfully.
File C:\WINDOWS\System32\plyppboe.dll deleted successfully.
File C:\WINDOWS\System32\pspxexhb.dll deleted successfully.
File C:\WINDOWS\System32\psxruupq.dll deleted successfully.
File C:\WINDOWS\System32\ptaqxvgl.ini deleted successfully.
File C:\WINDOWS\System32\pyiruphs.dll deleted successfully.
File C:\WINDOWS\System32\qaxugpkb.ini deleted successfully.
File C:\WINDOWS\System32\qmqqwkis.dll deleted successfully.
File C:\WINDOWS\System32\qngdixqi.dll deleted successfully.
File C:\WINDOWS\System32\qplnvljh.dll deleted successfully.
File C:\WINDOWS\System32\quyjrsmv.dll deleted successfully.
File C:\WINDOWS\System32\qvjyxxlt.dll deleted successfully.
File C:\WINDOWS\System32\raifxrvc.dll deleted successfully.
File C:\WINDOWS\System32\rbgwdjnn.dll deleted successfully.
File C:\WINDOWS\System32\rblxxgfc.dll deleted successfully.
File C:\WINDOWS\System32\rmxbsaas.dll deleted successfully.
File C:\WINDOWS\System32\rspeekmb.ini deleted successfully.
File C:\WINDOWS\System32\ruybamme.ini deleted successfully.
File C:\WINDOWS\System32\rvmfjrng.dll deleted successfully.


File C:\WINDOWS\System32\rvpdwlqe.dll not found!
Deletion of file C:\WINDOWS\System32\rvpdwlqe.dll failed!

Could not process line:
C:\WINDOWS\System32\rvpdwlqe.dll
Status: 0xc0000034

File C:\WINDOWS\System32\sabgdetp.ini deleted successfully.
File C:\WINDOWS\System32\scgqaagq.dll deleted successfully.
File C:\WINDOWS\System32\sdyunhwg.dll deleted successfully.
File C:\WINDOWS\System32\sgeglwfe.dll deleted successfully.
File C:\WINDOWS\System32\skaebqal.dll deleted successfully.
File C:\WINDOWS\System32\skfprdmp.dll deleted successfully.
File C:\WINDOWS\System32\soincroh.dll deleted successfully.
File C:\WINDOWS\System32\spvcmfkh.dll deleted successfully.
File C:\WINDOWS\System32\srjuxvky.dll deleted successfully.
File C:\WINDOWS\System32\tbkrofbm.dll deleted successfully.
File C:\WINDOWS\System32\teuyleed.ini deleted successfully.
File C:\WINDOWS\System32\tfeyayrh.dll deleted successfully.
File C:\WINDOWS\System32\tgpmpdlc.dll deleted successfully.
File C:\WINDOWS\System32\tjdcelfg.ini deleted successfully.
File C:\WINDOWS\System32\tjsebcov.dll deleted successfully.
File C:\WINDOWS\System32\tluuptfd.dll deleted successfully.
File C:\WINDOWS\System32\tpwplmba.dll deleted successfully.
File C:\WINDOWS\System32\tqaeroqw.ini deleted successfully.
File C:\WINDOWS\System32\tsmamhhw.ini deleted successfully.
File C:\WINDOWS\System32\txocnevi.dll deleted successfully.
File C:\WINDOWS\System32\uhsbyakd.ini deleted successfully.
File C:\WINDOWS\System32\umldeegr.exe deleted successfully.
File C:\WINDOWS\System32\umxcjgig.dll deleted successfully.
File C:\WINDOWS\System32\unahyxnd.ini deleted successfully.
File C:\WINDOWS\System32\unuwjeey.dll deleted successfully.
File C:\WINDOWS\System32\usheagik.ini deleted successfully.
File C:\WINDOWS\System32\usixyvfi.ini deleted successfully.
File C:\WINDOWS\System32\uwlkqotr.ini deleted successfully.
File C:\WINDOWS\System32\vcaxqqsd.dll deleted successfully.
File C:\WINDOWS\System32\vehbkxkd.ini deleted successfully.
File C:\WINDOWS\System32\vfqarpui.ini deleted successfully.
File C:\WINDOWS\System32\vfwjliug.ini deleted successfully.
File C:\WINDOWS\System32\visfrcon.ini deleted successfully.
File C:\WINDOWS\System32\vstlfmgt.dll deleted successfully.
File C:\WINDOWS\System32\vuplwbdn.ini deleted successfully.
File C:\WINDOWS\System32\wadkeubg.dll deleted successfully.
File C:\WINDOWS\System32\wdbemlrk.ini deleted successfully.
File C:\WINDOWS\System32\wirpjbbt.ini deleted successfully.
File C:\WINDOWS\System32\wotliugp.dll deleted successfully.
File C:\WINDOWS\System32\wwwtvnhj.ini deleted successfully.
File C:\WINDOWS\System32\wxicejca.dll deleted successfully.
File C:\WINDOWS\System32\xakicgdn.dll deleted successfully.
File C:\WINDOWS\System32\xcqhdxpq.dll deleted successfully.
File C:\WINDOWS\System32\xdytwefu.dll deleted successfully.
File C:\WINDOWS\System32\xfmffimv.ini deleted successfully.
File C:\WINDOWS\System32\xjhtlgfv.dll deleted successfully.
File C:\WINDOWS\System32\xmmlsmwu.ini deleted successfully.
File C:\WINDOWS\System32\xnjvtuoi.dll deleted successfully.
File C:\WINDOWS\System32\xoaxknhf.dll deleted successfully.


File C:\WINDOWS\System32\xwgvigwn.dll not found!
Deletion of file C:\WINDOWS\System32\xwgvigwn.dll failed!

Could not process line:
C:\WINDOWS\System32\xwgvigwn.dll
Status: 0xc0000034

File C:\WINDOWS\System32\xxvqqbiv.ini deleted successfully.
File C:\WINDOWS\SYSTEM32\yfmpplch.dll deleted successfully.
File C:\WINDOWS\System32\yjhuidfo.exe deleted successfully.
File C:\WINDOWS\System32\ymufmxcd.dll deleted successfully.
File C:\WINDOWS\System32\ypdchbjs.ini deleted successfully.
File C:\WINDOWS\System32\ysssrgpj.dll deleted successfully.
File C:\WINDOWS\System32\yvavhopl.ini deleted successfully.
File C:\WINDOWS\System32\ywiibija.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



After that, the next step was to run Vundofix.exe... The funny thing was I had already run it a week prior. After another try at running it, it picked up nothing. I did however recover the log file from when I used it:


VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 4:41:44 AM 1/24/2008

Listing files found while scanning....


VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 4:43:00 AM 1/24/2008

Listing files found while scanning....

C:\windows\system32\ooxxmlhn.exe
C:\windows\system32\ucgjfwbi.exe
C:\windows\system32\ucgjfwbi.exe

Beginning removal...

Attempting to delete C:\windows\system32\ooxxmlhn.exe
C:\windows\system32\ooxxmlhn.exe Has been deleted!

Attempting to delete C:\windows\system32\ucgjfwbi.exe
C:\windows\system32\ucgjfwbi.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 4:05:20 PM 2/13/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...




The setup of that log is strange, but that's what was in it.

Next I ran the fix and then did the scan again.

WinPFind35 logfile created on: 2/13/2008 4:12:33 PM
WinPFind35U Version Beta51	 Folder = C:\Documents and Settings\Matthew\Desktop\WinPFind35u\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5700.6)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.48 Mb Total Physical Memory | 694.42 Mb Available Physical Memory | 67.91% Memory free
2.40 Gb Paging File | 2.21 Gb Available in Paging File | 92.02% Paging File free
Paging file location(s): C:\pagefile.sys 1533 2000;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 6.78 Gb Free Space | 12.14% Space Free | Partition Type: NTFS
Drive D: | 677.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAGOON
Current User Name: Matthew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 10:02:58 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 10:02:58 PM | Attr =	]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 7/21/2005 1:07:22 AM | Attr =	]
ezprint.exe -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 8/1/2005 7:05:04 AM | Attr =	]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 8/6/2005 12:07:30 AM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 7/6/2007 1:02:26 PM | Attr =	]
ati2sgag.exe -> %SystemRoot%\SYSTEM32\ati2sgag.exe ->  [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 8/5/2005 8:05:00 PM | Attr =	]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.6.43.1 | Size = 75304 bytes | Modified Date = 4/19/2007 12:35:46 PM | Attr =	]
tangoservice.exe -> %ProgramFiles%\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe ->  [Ver =  | Size = 57344 bytes | Modified Date = 8/5/2003 12:48:04 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 7/6/2007 1:02:26 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 10:02:58 PM | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stop_Pending] -> %SystemRoot%\SYSTEM32\ati2sgag.exe ->  [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 8/5/2005 8:05:00 PM | Attr =	]
(AVP) Kaspersky Internet Security 7.0 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 218376 bytes | Modified Date = 6/28/2007 12:51:38 PM | Attr =	]
(C-DillaSrv) C-DillaSrv [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CDANTSRV.EXE -> C-Dilla Ltd [Ver = 3.22.020 | Size = 32256 bytes | Modified Date = 1/15/2001 3:20:24 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/25/2007 10:46:36 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.6.43.1 | Size = 75304 bytes | Modified Date = 4/19/2007 12:35:46 PM | Attr =	]
(lnss_sscans) GFI LANguard N.S.S. Scheduled Scans Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\GFI\LANguard Network Security Scanner 3\sscansvc.exe -> GFI Software Ltd. [Ver = 1.0.0.0 | Size = 545792 bytes | Modified Date = 3/25/2003 9:28:09 AM | Attr =	]
(Lotus Domino Server (LotusDominoData)) Lotus Domino Server (LotusDominoData) [Win32_Own | Disabled | Stopped] -> %SystemDrive%\Lotus\Domino\nservice.exe =C:\Lotus\Domino\notes.ini -> File not found
(lxcg_device) lxcg_device [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\lxcgcoms.exe ->   [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 7/25/2005 2:25:18 PM | Attr =	]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.000 | Size = 69632 bytes | Modified Date = 8/17/2004 12:28:39 AM | Attr =	]
(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> File not found
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found
(TangoService) Tango Service [Win32_Own | Auto | Running] -> %ProgramFiles%\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe ->  [Ver =  | Size = 57344 bytes | Modified Date = 8/5/2003 12:48:04 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> File not found
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 8/6/2005 12:07:30 AM | Attr =	]
EzPrint -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 8/1/2005 7:05:04 AM | Attr =	]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe ->  [Ver =  | Size = 299008 bytes | Modified Date = 7/12/2005 8:36:32 AM | Attr =	]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 7/21/2005 1:07:22 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Matthew Startup Folder > -> C:\Documents and Settings\Matthew\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 91400 bytes | Modified Date = 6/28/2007 12:51:42 PM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\SYSTEM32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 8/3/2005 10:04:18 PM | Attr =	]
igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3762 | Size = 339968 bytes | Modified Date = 2/10/2004 10:51:10 AM | Attr =	]
klogon -> %SystemRoot%\SYSTEM32\klogon.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 206088 bytes | Modified Date = 6/28/2007 12:51:48 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> about:blank -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: ProxyOverride ->  -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 9082 domain(s) found. -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
pagebuilder_yahoo.com [http] -> Trusted sites -> 
3 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 12:03:00 AM | Attr =	]
{69A87B7D-DE56-4136-9655-716BA50C19C7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] ->  [Ver =  | Size = 233472 bytes | Modified Date = 9/20/2005 2:41:40 PM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{BD7BC06F-CEB5-4DC8-9FC7-527FF4A6D075} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mljjj.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] ->  [Ver =  | Size = 233472 bytes | Modified Date = 9/20/2005 2:41:40 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{B24BA06E-FB7B-4757-95C2-DC01125F750E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\YRefresher\YRefresher.dll [RefresherBand Class] ->  [Ver = 1, 0, 0, 1 | Size = 45056 bytes | Modified Date = 8/3/2001 4:58:00 PM | Attr =	]
WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]
WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] ->  [Ver =  | Size = 233472 bytes | Modified Date = 9/20/2005 2:41:40 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 222472 bytes | Modified Date = 6/28/2007 12:51:52 PM | Attr =	]
CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{120E090D-9136-4b78-8258-F0B44B4BD2AC} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77E68763-4284-41d6-B7E7-B6E1F053A9E7} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{05DB2DBC-96A4-44E5-AAA9-DC7412F20FAC} ->	() -> 
{35F9BBB5-A959-43F0-80F7-0F6923025BD9} ->	() -> 
{8FC6E816-37A0-48A9-BDDA-2088FA798118} ->	(Linksys Wireless-G PCI Network Adapter with SpeedBooster) -> 
{92B79E50-D28C-434C-8858-0759CEAABFB9} ->	() -> 
{D06F0E39-1B9B-4ED6-B6AF-91333A6F7F5A} ->	(Linksys NC100 Fast Ethernet Adapter) -> 
{F40BF3AF-8983-4906-9980-93E843C90751} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[{B5AB638F-D76C-415B-A8F2-F3CEAC502212}] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[{B5AB638F-D76C-415B-A8F2-F3CEAC502212}] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000075-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/voxacm.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{00000161-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/msaudio.cab[Reg Error: Key does not exist or could not be opened.] -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139482890553[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150849108162[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38198.9629050926[Reg Error: Key does not exist or could not be opened.] -> 
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[ZoneIntro Class] -> 
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-000000000000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Reg Error: Key does not exist or could not be opened.] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/chuzzledeluxe/popcaploader_v7.cab[PopCapLoader Object] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
Yahoo! Graffiti[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/clients/y/grt5_x.cab[Reg Error: Key does not exist or could not be opened.] -> 



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 2/13/2008 4:02:05 PM | Attr =	]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Created Date = 1/25/2008 2:08:58 PM | Attr =	]
KAV -> %SystemDrive%\KAV ->  [Folder | Created Date = 1/24/2008 6:12:48 AM | Attr =	]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 2/7/2008 2:28:26 AM | Attr =	]
UBCD4Win -> %SystemDrive%\UBCD4Win ->  [Folder | Created Date = 1/24/2008 5:21:53 AM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 1/24/2008 4:41:44 AM | Attr =	]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.05.0010 | Size = 115200 bytes | Modified Date = 1/24/2008 4:41:27 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 10637344 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 111020 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 79904 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 9608 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr =  HS]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
klick.dat -> %SystemRoot%\System32\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Modified Date = 1/24/2008 11:36:41 AM | Attr =	]
klin.dat -> %SystemRoot%\System32\drivers\klin.dat ->  [Ver =  | Size = 91700 bytes | Modified Date = 2/4/2008 1:54:49 AM | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 2/7/2008 2:41:34 AM | Attr =	]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14116 | Size = 819200 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 1/18/2008 8:31:10 PM | Attr =	]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 1/25/2008 2:19:39 PM | Attr =	]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 2/13/2008 4:02:05 PM | Attr =	]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Modified Date = 1/25/2008 2:18:21 PM | Attr =	]
KAV -> %SystemDrive%\KAV ->  [Folder | Modified Date = 1/24/2008 11:36:15 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/13/2008 3:59:52 PM | Attr =	]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 2/7/2008 3:17:20 AM | Attr =	]
temp -> %SystemDrive%\temp ->  [Folder | Modified Date = 2/7/2008 3:06:04 AM | Attr =	]
UBCD4Win -> %SystemDrive%\UBCD4Win ->  [Folder | Modified Date = 1/24/2008 5:28:16 AM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2/13/2008 4:05:18 PM | Attr =	]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.05.0010 | Size = 115200 bytes | Modified Date = 1/24/2008 4:41:27 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/13/2008 4:11:29 PM | Attr =	]
ETC -> %SystemRoot%\System32\drivers\ETC ->  [Folder | Modified Date = 2/7/2008 2:49:39 AM | Attr =	]
HOSTS -> %SystemRoot%\System32\drivers\ETC\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 2/7/2008 2:49:39 AM | Attr =	]
hosts.ics -> %SystemRoot%\System32\drivers\ETC\hosts.ics ->  [Ver =  | Size = 492 bytes | Modified Date = 2/13/2008 4:02:56 PM | Attr =	]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 10637344 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 111020 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 79904 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 9608 bytes | Modified Date = 2/13/2008 4:10:19 PM | Attr =  HS]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
klick.dat -> %SystemRoot%\System32\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Modified Date = 1/24/2008 11:36:41 AM | Attr =	]
klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 1/24/2008 11:37:40 AM | Attr =	]
klin.dat -> %SystemRoot%\System32\drivers\klin.dat ->  [Ver =  | Size = 91700 bytes | Modified Date = 2/4/2008 1:54:49 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/7/2008 3:44:43 AM | Attr =	]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
DLLCACHE -> %SystemRoot%\System32\DLLCACHE ->  [Folder | Modified Date = 1/24/2008 11:31:35 AM | Attr = RHS]
DRIVERS -> %SystemRoot%\System32\DRIVERS ->  [Folder | Modified Date = 2/13/2008 4:02:05 PM | Attr =	]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/13/2008 4:11:19 PM | Attr =   S]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 2/7/2008 2:41:57 AM | Attr =	]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14116 | Size = 819200 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 1/18/2008 8:31:10 PM | Attr =	]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 1/25/2008 2:19:39 PM | Attr =	]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 1/25/2008 2:06:18 PM | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 1/24/2008 6:19:36 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/24/2008 6:31:32 AM | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/13/2008 2:34:40 PM | Attr =	]
SYSTEM32 -> %SystemRoot%\SYSTEM32 ->  [Folder | Modified Date = 2/13/2008 3:59:57 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/13/2008 4:10:00 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/13/2008 4:11:23 PM | Attr =  H ]
User_Feed_Synchronization-{5DC94FE9-9328-4842-9B7C-55792775CDB8}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{5DC94FE9-9328-4842-9B7C-55792775CDB8}.job ->  [Ver =  | Size = 426 bytes | Modified Date = 2/13/2008 1:02:45 PM | Attr =  H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 9155 bytes | Modified Date = 2/15/2005 3:22:47 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5174 bytes | Modified Date = 12/1/2007 5:42:38 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 12/1/2007 5:42:38 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 1/17/2008 10:49:48 AM | Attr =	]
Perflib_Perfdata_350.dat -> C:\Documents and Settings\Matthew\Local Settings\Temp\Perflib_Perfdata_350.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/13/2008 4:11:50 PM | Attr =	]
Perflib_Perfdata_524.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_524.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/13/2008 4:12:21 PM | Attr =	]

< End of report >


That was the resulting log.

I disabled the internet on the target machine while all of this was being done. The computer I'm using now is leeching the internet off of the infected machine, so I had to enable the internet after the last fix/scan was performed. I won't be testing explorer until you tell me to :thumbsup:. I'm just glad this computer doesn't suffer from the infection that the host does.



Err and a quick edit:

Pretty sure its some form of malware and not performance issue. I had originally posted that the searchfeed was coming in the form of popups that would cripple internet explorer until they loaded up, but unfortunately that information vanished when I first tried to post a HJT log, and never got added the second time around. Totally my bad!

Edited by Dragoon The Lad, 13 February 2008 - 04:25 PM.


#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:33 AM

Posted 13 February 2008 - 04:46 PM

Hi Dragoon The Lad. That looks much better. Just a few registry keys to clean out yet.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{120E090D-9136-4b78-8258-F0B44B4BD2AC} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{77E68763-4284-41d6-B7E7-B6E1F053A9E7} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

After that, go ahead and uninstall Kapersky and then reinstall it fresh. Update it and do a full system scan and post the report back here. It's looking pretty good at this time.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 Dragoon The Lad

Dragoon The Lad
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 13 February 2008 - 11:26 PM

Alrighty, successfully ran the code through.

Got KAV running once more, now that it was fully uninstalled, reinstalled, and brought up to date.

There were two logs of use, one that had a "no files found" and then:



(Please see attached, it was WAAAY too big to fit in one post :thumbsup:.)



Now what really concerns me are some of the above entries, including the windows_98_se_second_edition_cd-key, and a handfull of the others dotting around it. I don't believe I downloaded anything like that, installed, etc... I've never even had anything other than XP running on that machine! If it's not a virus then I have no clue what it's doing on there.

In the mean time though, those are the extras that it picked up on. Sorry for the delay, the machine doesn't exactly run like it used to. Still have not tested the internet yet.

Attached Files

  • Attached File  LOG1.txt   299.7KB   40 downloads


#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:33 AM

Posted 13 February 2008 - 11:48 PM

Hi Dragoon The Lad. That looks good too. The bulk of what if found were files already quaratined by various programs. We'll clean those up in a final cleanup. But there were a cuople of new ones (or possibly very old ones). Let's do an online scan and see what it comes up with.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 Dragoon The Lad

Dragoon The Lad
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 14 February 2008 - 10:29 AM

Hrm, the online scanner didn't seem to want to run. I'll look more into performance issues for this problem, as there are some small things on this computer that seem to be "unique" for a computer to be running the way this one does. Not exactly a problem unless I need to do specific things (like the online scanner). I'll PM you if it somehow gets tied into malware, but its far more likely to be the computer setup.

The computer I'm using now, however, is the host computer. The connection speed appears to be much better, the browser isn't locking up to load popups, and it would at least appear that the main infection I was worried about is now gone. I'll be using the last log that was posted to do some cleanup on this computer (I'm a little handy in that department, the infection I had was just a little more than I was prepared for ;D ).

I had one final teensy weensy question:

I actually run a computer repair service myself (which would be a joke seeing as a service would get calls) and while I don't exactly get the most business in the world, I was wondering if this is a fairly common malware issue (I would think so with the specially aimed tools), and if these steps can be generally followed (I can identify the files based off of the solution you gave me in comparison with my clean log). Knowing this may save me and potential customers some frustration later on in life :D.

I'll definitely be donating when I have some money on hand, the fact that this computer is working to a much better extent makes me much happier. To be certain:

Did a google check. No apparant hijackings. No pop up advertisements.

Monitored via kaspersky. System doesn't appear to be spawning executables, dlls, etc anymore that it shouldn't be.

There doesn't appear to be any outbound traffic that shouldn't be occuring.


Now to see if my video games will run a little better without the traffic, downloading, and such on my system. Many thanks again for your assistance!

-Matt-

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:33 AM

Posted 14 February 2008 - 12:44 PM

Hi Dragoon The Lad. Glad to hear things are better. As for cleanup of the tools used, WPF35 has a built-in cleanup function. Here are the steps we normally use at the end of a fix:

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start WinPFind35
    Click the CleanUp button
  • WinPFind35 will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • WinPFind35 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
As for the malware removal, with many infections it is unique to the machine. Many file names are random and the locations and registry keys can change (sometimes daily lol). That is why the AV/AS companies update their definitions daily (or sometimes multiple times a day). There are some things that remain constant and we have a number of self-help removal guides located in the Spyware and Malware Removal Guides and Reading Room forum. For others, it's a hunt and destroy. There are a number of different places the infection can place itself in the registry to start and a number of different places it can drop it's files. You just have to look for them.

Run the machine for a couple of days and let me know if it remains stable and if you have any more questions/issues. Then we can close this topic and you can be free.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 Dragoon The Lad

Dragoon The Lad
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 15 February 2008 - 02:31 PM

Sure thing!

So far so good, and thanks again!

#13 Dragoon The Lad

Dragoon The Lad
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 20 February 2008 - 10:33 PM

Damn it all! It was going so well for a few days too, it looks like something must've been lying dormant!

I've been using the other computer, the infected, on facebook for a few days now. I left the browser open and took off to watch the lunar eclipse with some friends and came back to antivirus installers, another searchfeed window, and so on and so forth. It wasn't anything I visited that restarted it so it must be lying dormant somewhere. ARGH!!!

...I'll be putting up a HJT log shortly (I'm trying to get the system to a somewhat usable state). Methinks there should be a class action lawsuit filed for damages caused by software I never agreed to recieving. It's not like that computer is the only damaged one, this one can't browse the internet nearly as fast when the other computer is crippled. Grrr.

ANYWAYS, I'll be posting begging for more help shortly. I'll run the WinPU fix too.

Its kinda funny that this should happen, I was just over at the local navy club helping them clean out a similar infection and came home to this. What a slap in the face.

#14 Dragoon The Lad

Dragoon The Lad
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 20 February 2008 - 10:45 PM

I want to fix some settings on my HJT log but I don't know if killing the processes will prevent some things from being picked up first. Figured I'd let you being the deciding factor, since you've killed this sucker once.

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:40 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\TWF0dGhldw\command.exe
C:\PROGRA~1\COMMON~1\CROSOF~1.NET\smss.exe
C:\Program Files\?racle\r?ndll.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Matthew\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [7ce1ab5a] rundll32.exe "C:\WINDOWS\system32\ngbxaqxt.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.8\webbuying.exe
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Lbphkc] "C:\Program Files\?racle\r?ndll.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202992307796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202992286156
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/chuzzled...aploader_v7.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0dGhldw\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe

--
End of file - 6975 bytes



I will run WIN thingy now. Going to redownload in case the infection corrupted something and move it over from the network. The computer is pointing more towards needing a wipe and I have no clue where the stupid windows CD went, so I'm stuck with trying to fix it and make do. Go me for losing the CD.

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:33 AM

Posted 21 February 2008 - 12:02 AM

Hi Dragoon The Lad. Yes, I will need a new WinPFind35 scan. Is this the same computer that was just cleaned? My guess would be that this is not something that was dormant. It probably either came from a website (social networking sites are cesspools) or if another infected computer was on the network this is jumping from PC to PC.

Let's see what the wpf35 scan shows.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users