Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infections - Deckerd Log


  • Please log in to reply
9 replies to this topic

#1 Indigoblue47

Indigoblue47

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 21 May 2008 - 10:40 AM

Can someone please help with this?
Here's the log:

----------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Jeremy on 2008-05-08 12:44:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
71: 2008-05-08 16:44:42 UTC - RP422 - Deckard's System Scanner Restore Point
70: 2008-05-08 13:52:25 UTC - RP421 - System Checkpoint
69: 2008-05-07 01:15:17 UTC - RP420 - System Checkpoint
68: 2008-05-02 17:49:41 UTC - RP419 - System Checkpoint
67: 2008-04-28 15:36:02 UTC - RP418 - Windows Defender Checkpoint


-- First Restore Point --
1: 2008-04-11 05:05:39 UTC - RP352 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-08 12:48:01
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\HP\HP Software Update\hpwuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetWaiting\netwaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Documents and Settings\Jeremy\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Jeremy\Application Data\Microsoft\Windows\begqexu.exe
C:\Program Files\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeremy\Desktop\dss.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ipconfig.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foundationsoccerclub.com/Founda...%20SC/Home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {2b1d2449-d988-e5db-d354-9a61d06747c0} - {0c74760d-16a9-453d-bd5e-889d9442d1b2} - C:\WINDOWS\system32\clfhbobi.dll
O2 - BHO: (no name) - {1950888C-C0A5-471E-95A6-2DEF5D2FE100} - C:\WINDOWS\system32\xxyxvwwv.dll
O2 - BHO: gooochi browser optimizer - {3cfd077f-5423-0d98-a2ac-f1306d5a29e3} - C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - C:\WINDOWS\system32\byxurpqr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar5.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll" DllInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662E902BC
9ED7286138F75F2F0C8D6E84A1EF7F506DCD610837FC16E1DCD66A47
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [5cf2be13] rundll32.exe "C:\WINDOWS\system32\hysrtsow.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BM5fc18d8f] Rundll32.exe "C:\WINDOWS\system32\psmvkhnr.dll",s
O4 - HKLM\..\Run: [{9ced4071-c942-d005-3222-093486202c37}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll" DllInit
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Jeremy\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Jeremy\Application Data\Microsoft\Windows\begqexu.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Jeremy\Application Data\Microsoft\Windows\ofgawr.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Jeremy\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [BM5fc18d8f] Rundll32.exe "C:\WINDOWS\system32\gjstffjc.dll",s
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200608968046
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: byxurpqr - C:\WINDOWS\system32\byxurpqr.dll
O20 - Winlogon Notify: cbXPgffg - C:\WINDOWS\system32\cbXPgffg.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe


--
End of file - 17381 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 symhhii - c:\windows\system32\drivers\symhhii.sys
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 ApiMon - c:\windows\system32\drivers\apimon.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S2 AOL ACS (AOL Connectivity Service) - c:\progra~1\common~1\aol\acs\aolacsd.exe (file missing)
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (ATW)
Device ID: ROOT\NET\0000
Manufacturer: America Online, Inc.
Name: WAN Miniport (ATW)
PNP Device ID: ROOT\NET\0000
Service: wanatw


-- Scheduled Tasks -------------------------------------------------------------

2008-05-08 12:43:01 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-16 00:55:00 346 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1153021658.job
2007-09-14 22:28:35 352 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JEREMY-Jeremy).job


-- Files created between 2008-04-08 and 2008-05-08 -----------------------------

2008-05-08 11:09:49 2112 --a------ C:\WINDOWS\system32\lummfweg.exe
2008-05-08 11:06:53 106048 --a------ C:\WINDOWS\system32\clfhbobi.dll
2008-05-08 11:04:00 97856 --a------ C:\WINDOWS\system32\hysrtsow.dll
2008-05-08 11:03:50 105024 --a------ C:\WINDOWS\system32\psmvkhnr.dll
2008-05-08 10:41:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-08 10:41:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-08 10:05:40 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Mozilla
2008-05-08 09:55:25 0 d-------- C:\Program Files\Svconr
2008-05-08 09:35:23 0 d-------- C:\WINDOWS\system32\bkEur01
2008-05-07 15:40:14 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-07 15:40:05 0 d-------- C:\Program Files\AVG
2008-05-07 15:40:04 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-07 14:45:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-07 12:28:37 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-05-07 12:20:31 0 d-------- C:\kav
2008-05-07 10:57:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-07 10:52:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-07 10:41:18 0 d-------- C:\New Folder (2)
2008-05-07 10:41:06 0 d-------- C:\Dan Temp
2008-05-05 12:09:38 330752 --a------ C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll
2008-04-28 13:49:34 37376 -ra------ C:\WINDOWS\mrofinu572.exe
2008-04-24 17:44:20 73728 --a------ C:\WINDOWS\b156.exe
2008-04-21 21:59:28 39936 --a------ C:\WINDOWS\system32\ssqNGWpM.dll
2008-04-21 21:56:30 37376 --a------ C:\WINDOWS\17PHolmes572.exe
2008-04-21 21:56:25 0 d-------- C:\Program Files\Outerinfo
2008-04-21 21:56:24 0 d-------- C:\Documents and Settings\Jeremy\Application Data\?ymbols
2008-04-21 21:56:15 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-04-21 21:56:12 0 d-------- C:\Program Files\Common Files\?ecurity
2008-04-21 21:56:07 39936 --a------ C:\WINDOWS\system32\yayWpppQ.dll
2008-04-20 09:58:24 1040196 --ahs---- C:\WINDOWS\system32\vwwvxyxx.ini2
2008-04-20 09:58:21 274432 -----n--- C:\WINDOWS\system32\xxyxvwwv.dll
2008-04-20 09:56:43 34099 --a------ C:\WINDOWS\system32\mljklkll.dll
2008-04-20 09:53:34 0 d-------- C:\Program Files\??sembly
2008-04-20 09:53:25 0 d-------- C:\WINDOWS\?ymbols
2008-04-20 09:53:21 0 d-------- C:\WINDOWS\system32\xcsDd01
2008-04-20 09:53:20 34099 --a------ C:\WINDOWS\system32\byxurpqr.dll
2008-04-15 11:08:54 0 d-------- C:\Documents and Settings\Jeremy\Application Data\WinTouch
2008-04-15 11:08:52 0 d-------- C:\Program Files\Inet_Get_2
2008-04-15 11:03:52 0 d-------- C:\Documents and Settings\Jeremy\Application Data\SpeedRunner
2008-04-15 10:58:51 0 d-------- C:\Program Files\JavaCore
2008-04-15 10:58:50 0 d-------- C:\Program Files\InetGet2
2008-04-15 10:48:47 0 d-------- C:\Program Files\Temporary
2008-04-15 10:48:47 0 d-------- C:\Program Files\CPV
2008-04-14 14:08:18 46592 --a------ C:\WINDOWS\b157.exe
2008-04-14 11:11:14 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-11 11:53:20 0 d-------- C:\Program Files\Enigma Software Group
2008-04-11 10:48:26 11264 --a------ C:\WINDOWS\b138.exe
2008-04-11 04:03:21 0 d-------- C:\Program Files\Windows Defender
2008-04-11 03:07:57 0 d-------- C:\Program Files\Symantec
2008-04-11 03:07:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-11 03:07:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-11 02:41:51 298349 --a------ C:\Documents and Settings\Jeremy\gside.exe
2008-04-11 01:05:29 6772 --ahs---- C:\WINDOWS\system32\rAHjTvut.ini2
2008-04-11 01:03:54 0 d-------- C:\Program Files\AntiSpywareMaster
2008-04-11 01:00:28 86144 --a------ C:\WINDOWS\system32\drivers\symhhii.sys
2008-04-11 01:00:27 0 d-------- C:\WINDOWS\system32\pinz1
2008-04-11 01:00:26 0 d-------- C:\WINDOWS\system32\IDE2
2008-04-11 01:00:26 0 d-------- C:\WINDOWS\system32\ExTmp
2008-04-11 01:00:19 0 d-------- C:\WINDOWS\system32\bharebio01
2008-04-10 21:36:48 401754 --a------ C:\Documents and Settings\Jeremy\g34.exe
2008-04-08 19:33:56 68096 --a------ C:\WINDOWS\b155.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-08 12:42:51 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-08 10:05:18 78712 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-07 14:42:06 0 d-------- C:\Program Files\Common Files\WinAntiSpyware 2007
2008-05-01 16:20:34 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Roxio
2008-04-21 22:13:01 0 d-------- C:\Program Files\Common Files\?ecurity
2008-04-21 22:09:26 0 d-------- C:\Documents and Settings\Jeremy\Application Data\?ymbols
2008-04-21 22:04:16 0 d-------- C:\Program Files\??sembly
2008-04-21 21:56:15 0 d-------- C:\Program Files\Common Files
2008-04-14 11:11:15 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-11 12:20:29 909 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-11 03:48:39 0 d-------- C:\Program Files\Yahoo!
2008-04-11 03:19:21 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Yahoo!
2008-04-06 21:41:34 0 d-------- C:\Program Files\GetTiffany


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0c74760d-16a9-453d-bd5e-889d9442d1b2}]
05/08/2008 11:06 AM 106048 --a------ C:\WINDOWS\system32\clfhbobi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1950888C-C0A5-471E-95A6-2DEF5D2FE100}]
04/20/2008 09:58 AM 274432 --------- C:\WINDOWS\system32\xxyxvwwv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3cfd077f-5423-0d98-a2ac-f1306d5a29e3}]
05/05/2008 12:09 PM 330752 --a------ C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
04/20/2008 09:53 AM 34099 --a------ C:\WINDOWS\system32\byxurpqr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 07:48 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 06:56 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/12/2005 04:41 AM]
"SigmatelSysTrayApp"="stsystra.exe" [11/16/2005 11:35 PM C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [12/06/2005 12:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/24/2006 09:53 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 03:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [09/11/2006 04:40 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/11/2006 04:40 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/24/2006 09:59 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [07/14/2003 03:30 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/14/2005 08:38 PM]
"nwiz"="nwiz.exe" [12/14/2005 08:38 PM C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [06/25/2003 11:24 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 04:18 PM]
"DXDllRegExe"="dxdllreg.exe" []
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 03:42 PM]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [09/15/2004 04:52 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/06/2006 10:51 AM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [03/26/2007 07:07 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"spa_start"="C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll" [05/05/2008 12:09 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" []
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 03:11 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"runner1"="C:\WINDOWS\mrofinu572.exe" [05/06/2008 04:42 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"5cf2be13"="C:\WINDOWS\system32\hysrtsow.dll" [05/08/2008 11:04 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/07/2008 03:40 PM]
"BM5fc18d8f"="C:\WINDOWS\system32\psmvkhnr.dll" [05/08/2008 11:03 AM]
"{9ced4071-c942-d005-3222-093486202c37}"="C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll" [05/05/2008 12:09 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 04:24 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/15/2005 03:24 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/22/2007 08:17 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"SpeedRunner"="C:\Documents and Settings\Jeremy\Application Data\SpeedRunner\SpeedRunner.exe" [04/15/2008 11:03 AM]
"SfKg6wIP"="C:\Documents and Settings\Jeremy\Application Data\Microsoft\Windows\begqexu.exe" [04/15/2008 11:03 AM]
"SfKg6w"="C:\Documents and Settings\Jeremy\Application Data\Microsoft\Windows\ofgawr.exe" []
"WinTouch"="C:\Documents and Settings\Jeremy\Application Data\WinTouch\WinTouch.exe" [04/15/2008 11:26 AM]
"BM5fc18d8f"="C:\WINDOWS\system32\gjstffjc.dll,s" []
"Svconr"="C:\Program Files\Svconr\Svconr.exe" [05/08/2008 09:55 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Jeremy\Start Menu\Programs\Startup\
BlackBerry Desktop Redirector.lnk - C:\Program Files\Research In Motion\BlackBerry\Redirector.exe [3/28/2007 11:33:02 AM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [3/28/2007 11:32:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2/24/2006 9:48:37 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [7/7/2003 1:20:40 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/11/2004 1:59:36 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{24E9519B-3F70-429B-99BC-4B2B49B96F66}"= C:\WINDOWS\system32\cbXPgffg.dll [ ]
"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\system32\byxurpqr.dll [04/20/2008 09:53 AM 34099]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxurpqr]
byxurpqr.dll 04/20/2008 09:53 AM 34099 C:\WINDOWS\system32\byxurpqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXPgffg]
cbXPgffg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyxvwwv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-05-08 12:49:53 ------------




--------------------------------------------------Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1022.37 MiB / 498.38 MiB
Pagefile Memory (total/avail): 2461.04 MiB / 1939.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.27 MiB

C: is Fixed (NTFS) - 69.97 GiB total, 38.39 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS721080G9SA00 - 73.13 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 69.97 GiB - C:
\PARTITION2 - Unknown - 3.1 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"="C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"="C:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe:*:Enabled:MediaManager9 Module"
"C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"="C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"
"C:\\Program Files\\Sports Interactive\\Worldwide Soccer Manager 2007\\wsm.exe"="C:\\Program Files\\Sports Interactive\\Worldwide Soccer Manager 2007\\wsm.exe:*:Enabled:Worldwide Soccer Manager 2007"
"C:\\Program Files\\GetTiffany\\gettiffany.exe"="C:\\Program Files\\GetTiffany\\gettiffany.exe:*:Disabled:Macromedia Projector"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\kav\\kav7\\setup.exe"="C:\\kav\\kav7\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jeremy\Application Data
CLIENTNAME=Console
COLLECTIONID=COL7458
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JEREMY2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jeremy
ITEMID=ps-22563-2
LANG=1033
LOGONSERVER=\\JEREMY2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
OSVER=winXPH
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONID=1171467959329htx6056b44131:110c0ee20c0:f3e
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWUTVER=1.0.18.20030625
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jeremy\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Jeremy\LOCALS~1\Temp
TOOLPATH=/C:/Program%20Files/HP/HP%20Software%20Update/install.htm
UPDATEDIR=C:\DOCUME~1\Jeremy\LOCALS~1\Temp\rad2C36A.tmp
USERDOMAIN=JEREMY2
USERNAME=Jeremy
USERPROFILE=C:\Documents and Settings\Jeremy
VERSION=3.1.0
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jeremy (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\Temp{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{75D6745B-2239-4182-A31F-F95CEBB35099}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{75D6745B-2239-4182-A31F-F95CEBB35099}
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Caesar 3 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Caesar3\Uninst.isu
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CM4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll-uninst.exe
Google --> MsiExec.exe /I{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Photo & Imaging 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HP Unload DLL Patch --> MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
ImageMixer for Sony DVD Handycam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD350FC2-A972-427D-800B-A2D200ACFF41}\setup.exe" UNINSTALL
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PowerDVD 5.9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
QuickBooks Simple Start Special Edition --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
SBC Yahoo! DSL Home Networking Installer --> C:\Program Files\2Wire\Uninstaller.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony DVD Handycam USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F845B05-8B76-4302-A808-7FB21E2BC5E6}\Setup.exe" UNINSTALL
SpeedRunner --> C:\Documents and Settings\Jeremy\Application Data\SpeedRunner\SRUninstall.exe
Star Wars Empire at War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly
Super Collapse! 3 --> C:\PROGRA~1\YAHOO!~1\SUPERC~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\SUPERC~1\INSTALL.LOG
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
URL Assistant --> regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinTouch --> C:\Documents and Settings\Jeremy\Application Data\WinTouch\WTUninstaller.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Worldwide Soccer Manager 2007 --> C:\Program Files\Sports Interactive\Worldwide Soccer Manager 2007\uninstall\Uninstall WSM 2007.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4759 / Warning
Event Submitted/Written: 05/08/2008 00:30:39 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4756 / Warning
Event Submitted/Written: 05/08/2008 00:29:14 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4741 / Warning
Event Submitted/Written: 05/08/2008 00:24:51 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4740 / Error
Event Submitted/Written: 05/08/2008 00:24:34 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module xxyxvwwv.dll, version 0.0.0.0, fault address 0x00054ebd.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type4739 / Error
Event Submitted/Written: 05/08/2008 00:24:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module xxyxvwwv.dll, version 0.0.0.0, fault address 0x00054ebd.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type115746 / Error
Event Submitted/Written: 05/08/2008 00:48:59 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type115745 / Error
Event Submitted/Written: 05/08/2008 00:48:59 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type115744 / Warning
Event Submitted/Written: 05/08/2008 00:48:35 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0016CE194388. The IP address being used is 169.254.144.188.

Event Record #/Type115743 / Warning
Event Submitted/Written: 05/08/2008 00:48:18 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JEREMY227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JEREMY227 can't undo changes that you allow.

For more information please see the following:
%JEREMY2275

Scan ID: {5040E17B-8B62-440A-BAB9-4514B2498B73}

User: JEREMY2\Jeremy

Name: %JEREMY2271

ID: %JEREMY2272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JEREMY2276

Alert Type: %JEREMY2278

Detection Type: 1.1.1593.02

Event Record #/Type115742 / Warning
Event Submitted/Written: 05/08/2008 00:48:18 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JEREMY227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JEREMY227 can't undo changes that you allow.

For more information please see the following:
%JEREMY2275

Scan ID: {826BF135-C87F-4492-98F0-6C7F334FE96C}

User: JEREMY2\Jeremy

Name: %JEREMY2271

ID: %JEREMY2272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JEREMY2276

Alert Type: %JEREMY2278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-05-08 12:49:53 ------------



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 08, 2008 11:59:24 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/05/2008
Kaspersky Anti-Virus database records: 746691
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 101180
Number of viruses found: 55
Number of infected objects: 150
Number of suspicious objects: 9
Duration of the scan process: 00:55:45

Infected Object Name / Virus Name / Last Action
C:\75c1674009827274be677e774e1d\update\update.exe Object is locked skipped
C:\75c1674009827274be677e774e1d\update\wpdinstallutil.dll Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\b116.exe.bac_a01508 Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\b152.exe.bac_a01508 Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\b153.exe.bac_a01508 Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\bharebio011065.exe.bac_a01508 Infected: Trojan-Downloader.Win32.VB.dsf skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\cegmgr76.exe.bac_a01508 Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\cuqvkooh.dll.bac_a01508 Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\fqcjrach.dll.bac_a01508 Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\gjstffjc.dll.bac_a01508 Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\InsiDERInst.exe.bac_a01508 Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\jnpinsxl.dll.bac_a01508 Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\knthexad.dll.bac_a01508 Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mit166.tmp.bac_a01644/NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mit166.tmp.bac_a01644 CAB: infected - 1 skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mit166.tmp.bac_a01644 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mit166.tmp.cab.bac_a01644/NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mit166.tmp.cab.bac_a01644 CAB: infected - 1 skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mit166.tmp.cab.bac_a01644 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mit166.tmp.cab.bac_a02028/NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mit166.tmp.cab.bac_a02028 CAB: infected - 1 skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mit166.tmp.cab.bac_a02028 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mlJCVnki.dll.bac_a01508 Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mrofinu1000106.exe.bac_a01508 Infected: Trojan-Downloader.Win32.Homles.bc skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mxmjsbqu.dll.bac_a01508 Infected: not-a-virus:AdWare.Win32.Virtumonde.pmx skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\ofgawr.exe.bac_a00464 Infected: Trojan-Downloader.Win32.Agent.lhu skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\pjtucqab.dll.bac_a01508 Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\rmpptmsa.dll.bac_a01508 Infected: not-a-virus:AdWare.Win32.Virtumonde.qok skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\srcpdmyl.dll.bac_a01508 Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\tmcskyft.dll.bac_a01508 Infected: not-a-virus:AdWare.Win32.Virtumonde.qgr skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\uwas7cw.exe.bac_a01508 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\vaxxyfpw.dll.bac_a01508 Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\wdpqgqft.dll.bac_a01508 Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\xxyxvwwv.dll.bac_a01508 Infected: not-a-virus:AdWare.Win32.Virtumonde.qfq skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\yazzsnet.exe.bac_a01508/data0003 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\yazzsnet.exe.bac_a01508 NSIS: infected - 1 skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\yazzsnet.exe.bac_a01508 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\ylfnawvm.dll.bac_a01508 Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xk1gykwb.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xk1gykwb.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xk1gykwb.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xk1gykwb.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xk1gykwb.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xk1gykwb.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\xk1gykwb.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\xk1gykwb.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\xk1gykwb.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\xk1gykwb.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04112008-040328.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recovered Data\2007 Email Files.dbx/[From CitiBank <alerts@citibank.com>][Date Fri, 27 Oct 2006 09:23:15 +0300]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Documents\Recovered Data\2007 Email Files.dbx/[From CitiBank <alerts@citibank.com>][Date Fri, 27 Oct 2006 09:23:15 +0300]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Documents\Recovered Data\2007 Email Files.dbx/[From postcards1001 <postcards@postcards1001.com>][Date Sat, 16 Dec 2006 19:59:18 -0800 (PST)]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Documents\Recovered Data\2007 Email Files.dbx/[From "service@membernotifier.com" <service@membernotifier.com>][Date Sun, 31 Dec 2006 10:53:49 -0800]/UNNAMED/html/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Documents\Recovered Data\2007 Email Files.dbx/[From "service@membernotifier.com" <service@membernotifier.com>][Date Sun, 31 Dec 2006 10:53:49 -0800]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Documents\Recovered Data\2007 Email Files.dbx/[From "service@membernotifier.com" <service@membernotifier.com>][Date Sun, 31 Dec 2006 10:53:49 -0800]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Documents\Recovered Data\2007 Email Files.dbx/[From "service@membernotifier.com" <service@membernotifier.com>][Date Sun, 31 Dec 2006 00:00:30 -0800]/html/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Documents\Recovered Data\2007 Email Files.dbx/[From "service@membernotifier.com" <service@membernotifier.com>][Date Sun, 31 Dec 2006 00:00:30 -0800]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Documents\Recovered Data\2007 Email Files.dbx MailMSOutlook5: suspicious - 8 skipped
C:\Documents and Settings\Jeremy\Application Data\SpeedRunner\SpeedRunner.exe Infected: Trojan-Downloader.Win32.Agent.ndt skipped
C:\Documents and Settings\Jeremy\Application Data\WinTouch\WinTouch.exe Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\sdexe.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\snapsnet.exe/data0006 Infected: Trojan-Downloader.Win32.VB.edw skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\snapsnet.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\winvsnet.exe Infected: not-a-virus:FraudTool.Win32.AntiSpywareMaster skipped
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\E6NY643L\snapsnet[1].exe/data0006 Infected: Trojan-Downloader.Win32.VB.edw skipped
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\E6NY643L\snapsnet[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\G0LH13DS\mrofinu[1].zip/mrofinu.exe Infected: Trojan-Downloader.Win32.Homles.bm skipped
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\G0LH13DS\mrofinu[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\REIXP70Q\3cd898b13299cb4bc0d5dc64745518ed[1].zip/b156.exe Infected: not-a-virus:AdWare.Win32.Insider.f skipped
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\REIXP70Q\3cd898b13299cb4bc0d5dc64745518ed[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\e95a16d2a56034c0995d\update\update.exe Object is locked skipped
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe NSIS: infected - 1 skipped
C:\Program Files\Outerinfo\FF\components\FF.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Program Files\Svconr\Svconr.exe Infected: not-a-virus:AdWare.Win32.Rond.e skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP399\A0122076.exe Infected: Trojan-Downloader.Win32.Homles.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP399\A0122077.exe Infected: Trojan-Downloader.Win32.Homles.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401\A0122184.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401\A0122185.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP405\A0122343.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.aw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP405\A0122364.exe Infected: not-a-virus:FraudTool.Win32.AntiSpywareMaster skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP406\A0122406.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.aw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP407\A0122424.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.av skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP407\A0122426.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP408\A0122445.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP408\A0122455.exe Infected: Trojan-Downloader.Win32.Homles.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP408\A0122459.exe Infected: Trojan-Downloader.Win32.Homles.bf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP409\A0122462.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP409\A0122464.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP409\A0122466.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP409\A0122466.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP409\A0122467.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP409\A0122469.dll Infected: not-a-virus:AdWare.Win32.Mirar.r skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP410\A0122476.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP410\A0122481.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122500.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122502.exe Infected: Trojan-Downloader.Win32.Agent.ktb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122504.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122505.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.aa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122506.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122507.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122508.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122508.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122508.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122508.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122509.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122509.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122509.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0122509.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP412\A0122541.exe Infected: Trojan-Downloader.Win32.Homles.bg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP412\A0122542.exe Infected: Trojan-Downloader.Win32.Agent.ltf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP412\A0122544.exe Infected: Trojan-Downloader.Win32.Homles.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP413\A0122588.exe Infected: Trojan-Downloader.Win32.VB.dza skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP413\A0122589.exe Infected: not-a-virus:FraudTool.Win32.AntiSpywareMaster skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP413\A0123486.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP413\A0123487.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP413\A0123488.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP414\A0123509.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP414\A0124486.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP415\A0124507.exe Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP416\A0124555.exe Infected: not-a-virus:FraudTool.Win32.AntiSpywareMaster skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP416\A0125530.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP416\A0125564.exe Infected: Trojan-Downloader.Win32.Homles.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP416\A0125566.exe Infected: Trojan.Win32.BHO.bhg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP417\A0126581.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP417\A0126600.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP417\A0126601.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP418\A0126617.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP418\A0126629.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP418\A0127600.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129671.exe Infected: Trojan-Downloader.Win32.Agent.lhu skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129672.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129673.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129674.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129675.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129676.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129677.exe Infected: Trojan-Downloader.Win32.Homles.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129678.exe Infected: Trojan-Downloader.Win32.VB.dsf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129679.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129680.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129681.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129682.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129683.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129684.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129685.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129686.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129687.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129688.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qok skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129689.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129690.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129691.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qgr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129692.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129693.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129694.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0129722.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0129725.exe Infected: not-a-virus:AdWare.Win32.Insider.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\change.log Object is locked skipped
C:\WINDOWS\17PHolmes572.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\WINDOWS\b155.exe Infected: Trojan.Win32.BHO.bhg skipped
C:\WINDOWS\b156.exe Infected: not-a-virus:AdWare.Win32.Insider.f skipped
C:\WINDOWS\b157.exe Infected: Trojan-Downloader.Win32.Agent.jih skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\mrofinu572.exe Infected: Trojan-Downloader.Win32.Homles.bm skipped
C:\WINDOWS\system32\bkEur01\bkEur011065.exe Infected: Trojan-Downloader.Win32.VB.edw skipped
C:\WINDOWS\system32\byxurpqr.dll Infected: Trojan.Win32.Agent.eek skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\clfhbobi.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\hysrtsow.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\IDE2\mdllcom2.exe Infected: Trojan.Win32.Agent.lke skipped
C:\WINDOWS\system32\mljklkll.dll Infected: Trojan.Win32.Agent.eek skipped
C:\WINDOWS\system32\psmvkhnr.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ssqNGWpM.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xcsDd01\xcsDd011065.exe Infected: Trojan-Downloader.Win32.VB.dza skipped
C:\WINDOWS\system32\xxyxvwwv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qfq skipped
C:\WINDOWS\system32\yayWpppQ.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

Scan process completed.

-----------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:03 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll" DllInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662E902BC
9ED7286138F75F2F0C8D6E84A1EF7F506DCD610837FC16E1DCD66A47
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [5cf2be13] rundll32.exe "C:\WINDOWS\system32\hysrtsow.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [{9ced4071-c942-d005-3222-093486202c37}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll" DllInit
O4 - HKLM\..\Run: [BM5fc18d8f] Rundll32.exe "C:\WINDOWS\system32\psmvkhnr.dll",s
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200608968046
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11259 bytes
-------------------------------------------------

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:41 AM

Posted 22 May 2008 - 10:50 AM

Hello Indigoblue47 and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 22 May 2008 - 11:32 AM

OTScan log is attached.
Thanks.

Attached Files



#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:41 AM

Posted 22 May 2008 - 12:58 PM

Hi Indigoblue47. Ok, let's see what we can do. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
symhhii
Files to delete:
%appdata%\microsoft\windows\begqexu.exe
%appdata%\speedrunner\speedrunner.exe
%appdata%\wintouch\wintouch.exe
%programfiles%\spcron\spc.dll
%programfiles%\svconr\svconr.exe
%systemroot%\b155.exe
%systemroot%\b156.exe
%systemroot%\bm5fc18d8f.xml
%systemroot%\mrofinu572.exe
%systemroot%\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll
%systemroot%\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll-uninst.exe
%systemroot%\system32\baikdqhi.dll
%systemroot%\system32\byxurpqr.dll
%systemroot%\system32\ceojvink.dll
%systemroot%\system32\clfhbobi.dll
%systemroot%\system32\comnqwjm.ini
%systemroot%\system32\drivers\symhhii.sys
%systemroot%\system32\ehcybouw.ini
%systemroot%\system32\frbpmhom.exe
%systemroot%\system32\gcuiadqf.ini
%systemroot%\system32\hysrtsow.dll
%systemroot%\system32\ilysufct.ini
%systemroot%\system32\jtnvhprp.dll
%systemroot%\system32\lkdobkeq.dll
%systemroot%\system32\lummfweg.exe
%systemroot%\system32\mjwqnmoc.dll
%systemroot%\system32\mosbpwfo.ini
%systemroot%\system32\mvwanfly.ini
%systemroot%\system32\npoduyuo.ini
%systemroot%\system32\ojeplwks.exe
%systemroot%\system32\pool.bin
%systemroot%\system32\psmvkhnr.dll
%systemroot%\system32\vsylhdgv.dll
%systemroot%\system32\vwwvxyxx.ini
%systemroot%\system32\vwwvxyxx.ini2
%systemroot%\system32\wostrsyh.ini
%systemroot%\system32\xxyxvwwv.dll
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
Folders to delete:
%appdata%\speedrunner
%commonprogramfiles%\winantispyware 2007
%programfiles%\spcron
%programfiles%\svconr
%systemroot%\system32\bharebio01
%systemroot%\system32\bkeur01
%systemroot%\system32\pinz1
%systemroot%\system32\t9

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> begqexu.exe -> %AppData%\Microsoft\Windows\begqexu.exe
YY -> svconr.exe -> %ProgramFiles%\Svconr\Svconr.exe
YN -> mrofinu.exe -> %SystemRoot%\mrofinu.exe
[Driver Services - Non-Microsoft Only]
YY -> (symhhii) symhhii [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symhhii.sys
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ~EmptyValue -> []
YY -> {9ced4071-c942-d005-3222-093486202c37} -> %SystemRoot%\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll [C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll" DllInit]
YY -> 5cf2be13 -> %SystemRoot%\system32\mjwqnmoc.dll [rundll32.exe "C:\WINDOWS\system32\mjwqnmoc.dll",b]
YY -> BM5fc18d8f -> %SystemRoot%\system32\jtnvhprp.dll [Rundll32.exe "C:\WINDOWS\system32\jtnvhprp.dll",s]
YN -> DXDllRegExe -> dxdllreg.exe [dxdllreg.exe]
YN -> IS CfgWiz -> cltUIStb.exe ["C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"]
YY -> runner1 -> %SystemRoot%\mrofinu572.exe [C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662E901F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E6C5813C477ACE]
YY -> spa_start -> %SystemRoot%\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll [C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll" DllInit]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> BM5fc18d8f -> [Rundll32.exe "C:\WINDOWS\system32\gjstffjc.dll",s]
YN -> SfKg6w -> ofgawr.exe [C:\Documents and Settings\Jeremy\Application Data\Microsoft\Windows\ofgawr.exe]
YY -> SfKg6wIP -> %AppData%\Microsoft\Windows\begqexu.exe [C:\Documents and Settings\Jeremy\Application Data\Microsoft\Windows\begqexu.exe]
YY -> SpeedRunner -> %AppData%\SpeedRunner\SpeedRunner.exe [C:\Documents and Settings\Jeremy\Application Data\SpeedRunner\SpeedRunner.exe]
YY -> Svconr -> %ProgramFiles%\Svconr\Svconr.exe [C:\Program Files\Svconr\Svconr.exe]
YY -> WinTouch -> %AppData%\WinTouch\WinTouch.exe [C:\Documents and Settings\Jeremy\Application Data\WinTouch\WinTouch.exe]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {24E9519B-3F70-429B-99BC-4B2B49B96F66} [HKEY_LOCAL_MACHINE] -> cbXPgffg.dll []
YY -> {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\byxurpqr.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> byxurpqr -> %SystemRoot%\system32\byxurpqr.dll
YN -> cbXPgffg -> cbXPgffg.dll
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {15421B84-3488-49A7-AD18-CBF84A3EFAF6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spcron\Spc.dll [BHO Class]
YY -> {3cfd077f-5423-0d98-a2ac-f1306d5a29e3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll [gooochi browser optimizer]
YY -> {3f18842a-edbb-499f-ade8-e9daa06c740b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\baikdqhi.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\byxurpqr.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {FE361630-32F4-4219-98E4-725611D179F4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\xxyxvwwv.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> yhexbmes.dll [&Yahoo! Messenger]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> yhexbmes.dll [&Yahoo! Messenger]
YN -> {B28BB341-2C37-4711-BF95-9DDB4CE55F4A} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {CAFB2180-BA09-11DC-95FF-0800200C9A66} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{07AA283A-43D7-4CBE-A064-32A21112D94D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\xxyxvwwv -> %SystemRoot%\system32\xxyxvwwv.dll
< BotCheck > -> 
[Files/Folders - Created Within 30 days]
NY -> baikdqhi.dll -> %SystemRoot%\System32\baikdqhi.dll
NY -> bkEur01 -> %SystemRoot%\System32\bkEur01
NY -> 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> ceojvink.dll -> %SystemRoot%\System32\ceojvink.dll
NY -> clfhbobi.dll -> %SystemRoot%\System32\clfhbobi.dll
NY -> comnqwjm.ini -> %SystemRoot%\System32\comnqwjm.ini
NY -> ehcybouw.ini -> %SystemRoot%\System32\ehcybouw.ini
NY -> frbpmhom.exe -> %SystemRoot%\System32\frbpmhom.exe
NY -> gcuiadqf.ini -> %SystemRoot%\System32\gcuiadqf.ini
NY -> hysrtsow.dll -> %SystemRoot%\System32\hysrtsow.dll
NY -> ilysufct.ini -> %SystemRoot%\System32\ilysufct.ini
NY -> jtnvhprp.dll -> %SystemRoot%\System32\jtnvhprp.dll
NY -> lkdobkeq.dll -> %SystemRoot%\System32\lkdobkeq.dll
NY -> lummfweg.exe -> %SystemRoot%\System32\lummfweg.exe
NY -> mjwqnmoc.dll -> %SystemRoot%\System32\mjwqnmoc.dll
NY -> mosbpwfo.ini -> %SystemRoot%\System32\mosbpwfo.ini
NY -> mvwanfly.ini -> %SystemRoot%\System32\mvwanfly.ini
NY -> ojeplwks.exe -> %SystemRoot%\System32\ojeplwks.exe
NY -> psmvkhnr.dll -> %SystemRoot%\System32\psmvkhnr.dll
NY -> vsylhdgv.dll -> %SystemRoot%\System32\vsylhdgv.dll
NY -> wostrsyh.ini -> %SystemRoot%\System32\wostrsyh.ini
NY -> {3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll -> %SystemRoot%\System32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll
NY -> b155.exe -> %SystemRoot%\b155.exe
NY -> b156.exe -> %SystemRoot%\b156.exe
NY -> mrofinu572.exe -> %SystemRoot%\mrofinu572.exe
NY -> ?ymbols -> %SystemRoot%\ѕymbols
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ?ymbols -> %AppData%\ѕymbols
NY -> ?ecurity -> %CommonProgramFiles%\ѕecurity
NY -> Spcron -> %ProgramFiles%\Spcron
NY -> Svconr -> %ProgramFiles%\Svconr
NY -> ??sembly -> %ProgramFiles%\аѕsembly
[Files/Folders - Modified Within 30 days]
NY -> baikdqhi.dll -> %SystemRoot%\System32\baikdqhi.dll
NY -> bharebio01 -> %SystemRoot%\System32\bharebio01
NY -> 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> bkEur01 -> %SystemRoot%\System32\bkEur01
NY -> ceojvink.dll -> %SystemRoot%\System32\ceojvink.dll
NY -> clfhbobi.dll -> %SystemRoot%\System32\clfhbobi.dll
NY -> comnqwjm.ini -> %SystemRoot%\System32\comnqwjm.ini
NY -> ehcybouw.ini -> %SystemRoot%\System32\ehcybouw.ini
NY -> frbpmhom.exe -> %SystemRoot%\System32\frbpmhom.exe
NY -> gcuiadqf.ini -> %SystemRoot%\System32\gcuiadqf.ini
NY -> hysrtsow.dll -> %SystemRoot%\System32\hysrtsow.dll
NY -> ilysufct.ini -> %SystemRoot%\System32\ilysufct.ini
NY -> jtnvhprp.dll -> %SystemRoot%\System32\jtnvhprp.dll
NY -> lkdobkeq.dll -> %SystemRoot%\System32\lkdobkeq.dll
NY -> lummfweg.exe -> %SystemRoot%\System32\lummfweg.exe
NY -> mjwqnmoc.dll -> %SystemRoot%\System32\mjwqnmoc.dll
NY -> mosbpwfo.ini -> %SystemRoot%\System32\mosbpwfo.ini
NY -> mvwanfly.ini -> %SystemRoot%\System32\mvwanfly.ini
NY -> npoduyuo.ini -> %SystemRoot%\System32\npoduyuo.ini
NY -> ojeplwks.exe -> %SystemRoot%\System32\ojeplwks.exe
NY -> pinz1 -> %SystemRoot%\System32\pinz1
NY -> pool.bin -> %SystemRoot%\System32\pool.bin
NY -> psmvkhnr.dll -> %SystemRoot%\System32\psmvkhnr.dll
NY -> T9 -> %SystemRoot%\System32\T9
NY -> vsylhdgv.dll -> %SystemRoot%\System32\vsylhdgv.dll
NY -> vwwvxyxx.ini -> %SystemRoot%\System32\vwwvxyxx.ini
NY -> vwwvxyxx.ini2 -> %SystemRoot%\System32\vwwvxyxx.ini2
NY -> wostrsyh.ini -> %SystemRoot%\System32\wostrsyh.ini
NY -> {3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll -> %SystemRoot%\System32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll
NY -> {3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll-uninst.exe -> %SystemRoot%\System32\{3276ef04-ea89-1b31-5bc2-24262a6c526c}.dll-uninst.exe
NY -> b155.exe -> %SystemRoot%\b155.exe
NY -> b156.exe -> %SystemRoot%\b156.exe
NY -> BM5fc18d8f.xml -> %SystemRoot%\BM5fc18d8f.xml
NY -> mrofinu572.exe -> %SystemRoot%\mrofinu572.exe
NY -> ?ymbols -> %SystemRoot%\ѕymbols
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> SpeedRunner -> %AppData%\SpeedRunner
NY -> ?ymbols -> %AppData%\ѕymbols
NY -> WinAntiSpyware 2007 -> %CommonProgramFiles%\WinAntiSpyware 2007
NY -> ?ecurity -> %CommonProgramFiles%\ѕecurity
[Extra Files]
%SystemRoot%\mrofinu.exe
%AppData%\WinTouch\
Purity
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Just use the default settings.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
Note: If there is an Update XX in the name then the "XX" in the version will be whatever the latest version is.
  • Download the latest version of Java Runtime Environment (JRE) 6.0 Update XX (if present).
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_6_0_XX-windowsi586-p.exe to install the newest version.
Step #6

Post the following back here by copy/pasting them into the reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in the reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 22 May 2008 - 02:26 PM

Here are the results so far.
Avenger log is attached.
When running OTScanIT, thr following error occurred:
List index out of bounds (1).
Log attached nonetheless
I am continuing with the further steps.

Attached Files



#6 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 23 May 2008 - 08:34 AM

The complete OTScanIT log, and Kaspersky log are attached

Attached Files



#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:41 AM

Posted 23 May 2008 - 11:53 AM

Hi Indigoblue47. That looks better. Just a few leftovers to take care of yet.

From the Kaspersky report it appears that there are a number of infected emails in whatever email program is being used. Thsi could be where the infection started from. Be very cautious about opening any emails from sources that are unfamiliar. Never open emails from banks. Banks do not send out emails. The senders from the emails that are infected are:CitiBank
postcards1001
"service@membernotifier.com"
They appear to be in an email folder named "2007 Email Files". Do not open or preview any of those. Just delete them.

Follow the steps below in order:

Step #1

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\b157.exe
C:\WINDOWS\system32\mljklkll.dll
C:\WINDOWS\system32\ssqNGWpM.dll
C:\WINDOWS\system32\yayWpppQ.dll
Folders to delete:
C:\Program Files\Temporary\
C:\WINDOWS\system32\IDE2\
C:\WINDOWS\system32\xcsDd01\

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {126ADA6A-1226-440A-BCF9-4667EE5D0BE0} [HKEY_LOCAL_MACHINE] -> xxyxvwwv.dll [Reg Error: Value  does not exist or could not be read.]
[Extra Files]
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\b157.exe
C:\WINDOWS\system32\mljklkll.dll
C:\WINDOWS\system32\ssqNGWpM.dll
C:\WINDOWS\system32\yayWpppQ.dll
C:\Program Files\Temporary\
C:\WINDOWS\system32\IDE2\
C:\WINDOWS\system32\xcsDd01\
Purity
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Post the following back here by copy/pasting them into the reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 23 May 2008 - 12:42 PM

Avenger report & OTScanIt fix log are attached.
Gettin' happy, here... :-)

Attached Files



#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:41 AM

Posted 23 May 2008 - 12:55 PM

Hi Indigoblue47. Everything looks good. Go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues. If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 23 May 2008 - 02:33 PM

Thanks very much for your help, OT!
This is 2x you guys have saved my bacon (on different systems, of course, pfff!)
Best regards,
Indi




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users