Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware/spyware


  • This topic is locked This topic is locked
14 replies to this topic

#1 mrsunnybones

mrsunnybones

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 25 June 2008 - 02:48 PM

Hi, Ive been getting a virus alert thing next to my clock all day, and i figured it was probably a type of virus (i cant access my task manager)
couldnt delete it via spybot or NoAdware, and also SmitFraudFix.exe (gotten from other websites but didnt work), so im sort of outa options
i would appreciate it if you guys would help,
Thanks

Deckard's System Scanner v20071014.68
Run by eric on 2008-06-25 15:10:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-06-25 16:35:49 UTC - RP360 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as eric.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:05, on 6/25/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\iftuyszv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\livecall.exe
c:\program files\aim6\anotify.exe
C:\Users\eric\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\eric.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {018C2511-A0F9-43CC-AB1B-B046B6D4564B} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: targetedbanner browser optimizer - {6b4f0b6f-d0ab-9d62-8855-d86c108069bb} - C:\Windows\system32\alrgtyqqcebop.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {C625967C-60C6-40FA-8A14-EF3256282582} - C:\Windows\system32\hgGayvuu.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkHBQii.dll,#1
O4 - HKLM\..\Run: [{7dc6b030-9c5d-3dcb-1955-c309f502ce62}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\alrgtyqqcebop.dll" DllStart
O4 - HKLM\..\Run: [84e6621b] rundll32.exe "C:\Windows\system32\xhwrewmi.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5193] command /c del "C:\Windows\System32\hgGayvuu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5003] cmd /c del "C:\Windows\System32\hgGayvuu.dll_old"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2808] command /c del "C:\PROGRAM FILES\NOADWARE5.0\NoAdware5.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5645] cmd /c del "C:\PROGRAM FILES\NOADWARE5.0\NoAdware5.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1246] command /c del "C:\PROGRAM FILES\NOADWARE5.0\nutils.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9366] cmd /c del "C:\PROGRAM FILES\NOADWARE5.0\nutils.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4159] command /c del "C:\Windows\System32\hgGayvuu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1245] cmd /c del "C:\Windows\System32\hgGayvuu.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: kzovqpwp - {211c8bc6-3bf0-479c-a553-61e90d414be8} - C:\ProgramData\kzovqpwp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13054 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys

S3 npkcrypt - \??\c:\program files\gravity\bwro\npkcrypt.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e980-e325-11ce-bfc1-08002be10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&2EB13F0&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&2EB13F0&0&0
Service: flpydisk


-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 20:00:00 486 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - lien.job


-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-25 15:03:38 14848 --a------ C:\Windows\systeem.exe
2008-06-25 15:03:38 19968 --a------ C:\Windows\olehelp.exe
2008-06-25 15:03:38 31488 --a------ C:\Windows\iexplorer.exe
2008-06-25 15:02:57 0 d-------- C:\Program Files\Trend Micro
2008-06-25 15:01:40 21760 --a------ C:\Windows\y.exe
2008-06-25 15:01:39 27904 --a------ C:\Windows\x.exe
2008-06-25 15:01:39 20480 --a------ C:\Windows\winmgnt.exe
2008-06-25 15:01:39 31232 --a------ C:\Windows\window.exe
2008-06-25 15:01:38 31232 --a------ C:\Windows\win64.exe
2008-06-25 15:01:38 9472 --a------ C:\Windows\win32e.exe
2008-06-25 15:01:38 16896 --a------ C:\Windows\waol.exe
2008-06-25 15:01:38 15616 --a------ C:\Windows\users32.exe
2008-06-25 15:01:38 14592 --a------ C:\Windows\systemcritical.exe
2008-06-25 15:01:38 30720 --a------ C:\Windows\clrssn.exe
2008-06-25 15:01:37 19968 --a------ C:\Windows\avpcc.dll
2008-06-25 15:01:37 13824 --a------ C:\Windows\accesss.exe
2008-06-25 14:59:37 22528 --a------ C:\Windows\notepad32.exe
2008-06-25 14:59:37 26624 --a------ C:\Windows\msupdate.exe
2008-06-25 14:59:37 19712 --a------ C:\Windows\mssys.exe
2008-06-25 14:59:37 24576 --a------ C:\Windows\loader.exe
2008-06-25 14:59:37 20736 --a------ C:\Windows\iedll.exe
2008-06-25 14:09:25 59392 --a------ C:\Windows\system32\jkkHBQii.dll
2008-06-25 13:51:44 32000 --a------ C:\Windows\xplugin.dll
2008-06-25 13:51:43 27392 --a------ C:\Windows\winajbm.dll
2008-06-25 13:51:42 24576 --a------ C:\Windows\time.exe
2008-06-25 13:51:41 15872 --a------ C:\Windows\mtwirl32.dll
2008-06-25 13:51:40 13312 --a------ C:\Windows\cpan.dll
2008-06-25 13:25:20 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-25 12:55:48 287965 --a------ C:\Pass2.cmd
2008-06-25 12:48:28 3576 --a------ C:\Windows\system32\tmp.reg
2008-06-25 12:48:09 81920 --a------ C:\Windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-25 12:48:08 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-06-25 12:48:08 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-25 12:48:08 82944 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-25 12:48:07 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-25 12:48:07 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-25 12:48:07 51200 --a------ C:\Windows\system32\dumphive.exe
2008-06-25 12:48:06 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-25 12:43:04 14336 --a------ C:\Windows\svcinit.exe
2008-06-25 12:43:04 20992 --a------ C:\Windows\svchost32.exe
2008-06-25 12:43:04 27648 --a------ C:\Windows\sistem.exe
2008-06-25 12:43:03 9984 --a------ C:\Windows\searchword.dll
2008-06-25 12:43:03 14592 --a------ C:\Windows\rundll16.exe
2008-06-25 12:43:03 22528 --a------ C:\Windows\quicken.exe
2008-06-25 12:43:02 19712 --a------ C:\Windows\qttasks.exe
2008-06-25 12:43:01 24064 --a------ C:\Windows\mswsc20.dll
2008-06-25 12:43:01 29952 --a------ C:\Windows\mswsc10.dll
2008-06-25 12:43:00 30976 --a------ C:\Windows\msspi.dll
2008-06-25 12:43:00 29696 --a------ C:\Windows\msconfd.dll
2008-06-25 12:42:59 32256 --a------ C:\Windows\internet.exe
2008-06-25 12:42:59 23040 --a------ C:\Windows\inetinf.exe
2008-06-25 12:42:58 11776 --a------ C:\Windows\helpcvs.exe
2008-06-25 12:42:58 24832 --a------ C:\Windows\gfmnaaa.dll
2008-06-25 12:42:57 11008 --a------ C:\Windows\funny.exe
2008-06-25 12:42:57 19200 --a------ C:\Windows\funniest.exe
2008-06-25 12:42:57 26880 --a------ C:\Windows\explorer32.exe
2008-06-25 12:42:57 24576 --a------ C:\Windows\explore.exe
2008-06-25 12:42:56 13312 --a------ C:\Windows\editpad.exe
2008-06-25 12:42:56 30464 --a------ C:\Windows\dnsrelay.dll
2008-06-25 12:42:56 28928 --a------ C:\Windows\directx32.exe
2008-06-25 12:42:55 10496 --a------ C:\Windows\ctrlpan.dll
2008-06-25 12:42:55 22016 --a------ C:\Windows\ctfmon32.exe
2008-06-25 12:32:11 9813 --ahs---- C:\Windows\system32\uuvyaGgh.ini2
2008-06-25 12:28:35 41984 --a------ C:\Windows\mrofinu1000106.exe
2008-06-25 12:28:24 0 d-------- C:\Windows\system32\eb10
2008-06-25 12:28:24 0 d-------- C:\Windows\system32\axc
2008-06-25 12:28:23 64179 --a------ C:\Windows\system32\udoefkrubz.exe
2008-06-25 12:28:23 0 d-------- C:\Windows\system32\bgi
2008-06-25 12:28:23 0 d-------- C:\Windows\system32\1049a
2008-06-25 12:28:19 122880 --a------ C:\Users\All Users\kzovqpwp.dll
2008-06-25 12:28:17 0 d-------- C:\Windows\system32\netrax06
2008-06-25 12:27:37 4 --a------ C:\Windows\system32\hljwugsf.bin
2008-06-25 12:27:35 88537 --a------ C:\Windows\system32\iftuyszv.exe <Not Verified; Microsoft; XML Media>
2008-06-25 12:27:35 88537 --a------ C:\Windows\lfn.exe <Not Verified; Microsoft; XML Media>
2008-06-24 10:10:14 372736 --a------ C:\Windows\system32\alrgtyqqcebop.dll
2008-06-24 00:28:05 0 d-------- C:\Program Files\PowerISO
2008-06-17 21:33:15 0 d-------- C:\perflogs
2008-06-12 02:28:49 56108 --a------ C:\Windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>


-- Find3M Report ---------------------------------------------------------------

2008-06-25 15:19:34 0 d-------- C:\Users\eric\AppData\Roaming\DNA
2008-06-25 14:10:35 0 d-------- C:\Program Files\Steam
2008-06-25 13:51:18 35 --a------ C:\Users\eric\AppData\Roaming\SetValue.bat
2008-06-25 13:51:18 691 --a------ C:\Users\eric\AppData\Roaming\GetValue.vbs
2008-06-25 12:37:11 0 d-------- C:\Users\eric\AppData\Roaming\BitTorrent
2008-06-24 00:39:46 0 d-------- C:\Program Files\Guitar Pro 5
2008-06-15 03:54:01 0 d-------- C:\Program Files\Common Files\Steam
2008-06-15 00:49:16 0 d-------- C:\Program Files\Gravity
2008-06-11 03:14:06 0 d-------- C:\Program Files\Windows Mail
2008-06-09 19:45:58 8450 --a------ C:\Users\eric\AppData\Roaming\wklnhst.dat
2008-04-26 20:01:22 0 d-------- C:\Users\eric\AppData\Roaming\U3
2008-04-26 13:44:58 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018C2511-A0F9-43CC-AB1B-B046B6D4564B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6b4f0b6f-d0ab-9d62-8855-d86c108069bb}]
06/24/2008 10:10 372736 --a------ C:\Windows\system32\alrgtyqqcebop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C625967C-60C6-40FA-8A14-EF3256282582}]
C:\Windows\system32\hgGayvuu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/16/2007 06:04]
"RtHDVCpl"="RtHDVCpl.exe" [05/11/2007 09:26 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [05/28/2007 00:59]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/28/2007 00:58]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/28/2007 00:59]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 11:37]
"@"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [12/03/2006 19:23]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [03/16/2007 06:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/15/2007 22:39]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 11:35]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 20:51]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [06/16/2008 04:52]
"MSServer"="C:\Windows\system32\jkkHBQii.dll" [06/25/2008 12:26]
"{7dc6b030-9c5d-3dcb-1955-c309f502ce62}"="C:\Windows\system32\alrgtyqqcebop.dll" [06/24/2008 10:10]
"84e6621b"="C:\Windows\system32\xhwrewmi.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 12:09]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 17:17]
"Steam"="c:\program files\steam\steam.exe" [04/07/2008 11:23]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/07/2008 20:23]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [01/30/2008 14:11]
"@"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB2808"=command /c del "C:\PROGRAM FILES\NOADWARE5.0\NoAdware5.exe"
"SpybotDeletingD5645"=cmd /c del "C:\PROGRAM FILES\NOADWARE5.0\NoAdware5.exe"
"SpybotDeletingB1246"=command /c del "C:\PROGRAM FILES\NOADWARE5.0\nutils.dll"
"SpybotDeletingD9366"=cmd /c del "C:\PROGRAM FILES\NOADWARE5.0\nutils.dll"
"SpybotDeletingB4159"=command /c del "C:\Windows\System32\hgGayvuu.dll_old"
"SpybotDeletingD1245"=cmd /c del "C:\Windows\System32\hgGayvuu.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
"SpybotDeletingA5193"=command /c del "C:\Windows\System32\hgGayvuu.dll_old"
"SpybotDeletingC5003"=cmd /c del "C:\Windows\System32\hgGayvuu.dll_old"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/15/2007 22:26:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F0E738CA-4E59-446F-B34A-6BC26FB2C735}"= C:\Windows\system32\jkkHBQii.dll [06/25/2008 12:26 59392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kzovqpwp"= {211c8bc6-3bf0-479c-a553-61e90d414be8} - C:\ProgramData\kzovqpwp.dll [06/25/2008 12:28 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\hgGayvuu

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{528f428a-1331-11dd-b098-001aa0899f2e}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f36ee3b-3341-11dc-aeff-806e6f6e6963}]
AutoRun\command- E:\Autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8754 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-25 15:24:51 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 4300 @ 1.80GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 2045.56 MiB / 948.87 MiB
Pagefile Memory (total/avail): 4306.42 MiB / 2907.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.1 MiB

C: is Fixed (NTFS) - 222.78 GiB total, 145.97 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6.06 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-75NCB3 ATA Device - 232.83 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 222.78 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation) Outdated
AS: Spyware Doctor v5.1.0.273 (PC Tools)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton Internet Security v2007 (Symantec Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\eric\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CANCUN
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\eric
LOCALAPPDATA=C:\Users\eric\AppData\Local
LOGONSERVER=\\CANCUN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\eric\AppData\Local\Temp
TMP=C:\Users\eric\AppData\Local\Temp
USERDOMAIN=CANCUN
USERNAME=eric
USERPROFILE=C:\Users\eric
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

eric (admin)
lien (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
[Mini]EuphRo2 Launcher 2.1 --> C:\Program Files\Regain Productions\[Mini]EuphRo2 Launcher\Uninstall.exe
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Install --> MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Conexant D850 PCI V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
Dell DataSafe Online --> MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Support Center --> MsiExec.exe /I{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
Enhancement Browser Tools Targetedbanner --> C:\Windows\system32\udoefkrubz.exe
Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Internet Service Offers Launcher --> MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Legends --> C:\Program Files\Legends\Uninstall Legends.exe
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 3.5 --> C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5 --> MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NoAdware v5.0 --> "C:\Program Files\NoAdware5.0\unins000.exe"
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton Security Scan --> MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
Novus Sector Patch --> C:\Program Files\Codemasters\RF Online\Uninstall.exe
Novus Sector Patch --> C:\Program Files\Codemasters\RF Online\Uninstall.exe
Novus Sector Patch --> C:\Program Files\Codemasters\Uninstall.exe
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Opposing Force --> "C:\Program Files\Steam\steam.exe" steam://uninstall/50
PANDA-glGo --> "C:\Program Files\glGo\uninstall.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
qRO Ragnarok Online All in 1 --> "C:\Windows\qRO Ragnarok Online All in 1\uninstall.exe" "/U:C:\Program Files\qRO Ragnarok Online All in 1\Uninstall\uninstall.xml"
Ragnarok Online --> "C:\Windows\IFinst27.exe" -UC:\Program Files\Gravity\passionRO\IFUE67A.inf
Ragnarok Sakray --> "C:\Windows\IFinst27.exe" -UC:\Program Files\Gravity\passionRO\IFU1D15.inf
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
RF Online Episode 2 --> "C:\Program Files\Codemasters\RF Online\unins000.exe"
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Team Fortress Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/20
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tribes 2 --> C:\Dynamix\Tribes2\UNWISE.EXE C:\Dynamix\Tribes2\INSTALL.LOG
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{C35BF80A-6284-485E-AE18-023AA8C43185}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}


-- Application Event Log -------------------------------------------------------

Event Record #/Type44546 / Error
Event Submitted/Written: 06/25/2008 03:10:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program dss.exe version 3.2.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c0c
Start Time: 01c8d6f690374f80
Termination Time: 3

Event Record #/Type44542 / Error
Event Submitted/Written: 06/25/2008 03:06:16 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program dss.exe version 3.2.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 114
Start Time: 01c8d6f64d5b5fd0
Termination Time: 4

Event Record #/Type44535 / Success
Event Submitted/Written: 06/25/2008 02:59:28 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type44526 / Success
Event Submitted/Written: 06/25/2008 02:09:03 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type44525 / Error
Event Submitted/Written: 06/25/2008 02:08:59 PM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type60341 / Error
Event Submitted/Written: 06/25/2008 01:50:26 PM
Event ID/Source: 10005 / DCOM
Event Description:
1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Event Record #/Type60340 / Error
Event Submitted/Written: 06/25/2008 01:50:22 PM
Event ID/Source: 10005 / DCOM
Event Description:
1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Event Record #/Type60339 / Error
Event Submitted/Written: 06/25/2008 01:49:47 PM
Event ID/Source: 10005 / DCOM
Event Description:
1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Event Record #/Type60338 / Error
Event Submitted/Written: 06/25/2008 01:49:47 PM
Event ID/Source: 10005 / DCOM
Event Description:
1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Event Record #/Type60337 / Error
Event Submitted/Written: 06/25/2008 01:49:47 PM
Event ID/Source: 10005 / DCOM
Event Description:
1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}



-- End of Deckard's System Scanner: finished at 2008-06-25 15:24:51 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:07 AM

Posted 26 June 2008 - 12:22 PM

Hello mrsunnybones,

couldnt delete it via spybot or NoAdware, and also SmitFraudFix.exe (gotten from other websites but didnt work), so im sort of outa options


SmitfruadFix is not designed to run on Vista comptuers. You have a nasty infection on this computer, so this will take several steps.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report along with a fresh DSS Main log in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

Edited by SifuMike, 26 June 2008 - 12:32 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 mrsunnybones

mrsunnybones
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 26 June 2008 - 08:58 PM

Hello SifuMike, and thankyou for the help!
This is the DSS

Deckard's System Scanner v20071014.68
Run by eric on 2008-06-26 21:54:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as eric.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:52, on 6/26/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Users\eric\Desktop\dss.exe
C:\Program Files\Common Files\Steam\SteamService.exe
c:\program files\aim6\anotify.exe
C:\Windows\system32\wbem\wmiprvse.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\eric.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {018C2511-A0F9-43CC-AB1B-B046B6D4564B} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {0BEDAB93-B591-44DC-91CC-53E7AC3E1C4B} - C:\Windows\system32\xxYOhFWN.dll (file missing)
O2 - BHO: {1e827d0b-55e7-a6db-17e4-2a0a304d71e1} - {1e17d403-a0a2-4e71-bd6a-7e55b0d728e1} - C:\Windows\system32\fifsnytk.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: targetedbanner browser optimizer - {6b4f0b6f-d0ab-9d62-8855-d86c108069bb} - C:\Windows\system32\alrgtyqqcebop.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BB5D116A-8942-46EF-BBB3-3D9C096E796C} - (no file)
O2 - BHO: (no name) - {C076D19B-ED06-4DCF-9E72-C958C9DD2DE3} - C:\Windows\system32\mlJaYrsT.dll (file missing)
O2 - BHO: (no name) - {C625967C-60C6-40FA-8A14-EF3256282582} - C:\Windows\system32\hgGayvuu.dll (file missing)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [{7dc6b030-9c5d-3dcb-1955-c309f502ce62}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\alrgtyqqcebop.dll" DllStart
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khffFyWO.dll,#1
O4 - HKLM\..\Run: [84e6621b] rundll32.exe "C:\Windows\system32\xhwrewmi.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5193] command /c del "C:\Windows\System32\hgGayvuu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5003] cmd /c del "C:\Windows\System32\hgGayvuu.dll_old"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2808] command /c del "C:\PROGRAM FILES\NOADWARE5.0\NoAdware5.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: kzovqpwp - {211c8bc6-3bf0-479c-a553-61e90d414be8} - C:\ProgramData\kzovqpwp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12578 bytes

-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-26 21:39:15 106496 --a------ C:\Windows\system32\fifsnytk.dll
2008-06-26 21:33:12 653256 --ahs---- C:\Windows\system32\TsrYaJlm.ini2
2008-06-26 21:28:16 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-26 21:28:15 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 23:22:24 9012 --ahs---- C:\Windows\system32\NWFhOYxx.ini2
2008-06-25 21:59:36 1168 --ahs---- C:\Windows\system32\RtAJmUtv.ini2
2008-06-25 15:02:57 0 d-------- C:\Program Files\Trend Micro
2008-06-25 13:25:20 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-25 12:55:48 287965 --a------ C:\Pass2.cmd
2008-06-25 12:48:28 3704 --a------ C:\Windows\system32\tmp.reg
2008-06-25 12:48:09 81920 --a------ C:\Windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-25 12:48:08 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-06-25 12:48:08 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-25 12:48:08 82944 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-25 12:48:07 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-25 12:48:07 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-25 12:48:07 51200 --a------ C:\Windows\system32\dumphive.exe
2008-06-25 12:48:06 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-25 12:32:11 9836 --ahs---- C:\Windows\system32\uuvyaGgh.ini2
2008-06-25 12:28:23 64179 --a------ C:\Windows\system32\udoefkrubz.exe
2008-06-25 12:28:19 122880 --a------ C:\Users\All Users\kzovqpwp.dll
2008-06-25 12:27:37 4 --a------ C:\Windows\system32\hljwugsf.bin
2008-06-24 10:10:14 372736 --a------ C:\Windows\system32\alrgtyqqcebop.dll
2008-06-24 00:28:05 0 d-------- C:\Program Files\PowerISO
2008-06-17 21:33:15 0 d-------- C:\perflogs
2008-06-12 02:28:49 56108 --a------ C:\Windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>


-- Find3M Report ---------------------------------------------------------------

2008-06-26 21:54:01 0 d-------- C:\Program Files\Spyware Doctor
2008-06-26 21:51:33 0 d-------- C:\Program Files\Steam
2008-06-26 21:47:20 0 d-------- C:\Users\eric\AppData\Roaming\DNA
2008-06-26 21:28:54 0 d-------- C:\Users\eric\AppData\Roaming\Malwarebytes
2008-06-25 23:49:48 35 --a------ C:\Users\eric\AppData\Roaming\SetValue.bat
2008-06-25 23:49:48 691 --a------ C:\Users\eric\AppData\Roaming\GetValue.vbs
2008-06-25 12:37:11 0 d-------- C:\Users\eric\AppData\Roaming\BitTorrent
2008-06-24 00:39:46 0 d-------- C:\Program Files\Guitar Pro 5
2008-06-15 03:54:01 0 d-------- C:\Program Files\Common Files\Steam
2008-06-15 00:49:16 0 d-------- C:\Program Files\Gravity
2008-06-11 03:14:06 0 d-------- C:\Program Files\Windows Mail
2008-06-09 19:45:58 8450 --a------ C:\Users\eric\AppData\Roaming\wklnhst.dat
2008-04-26 20:01:22 0 d-------- C:\Users\eric\AppData\Roaming\U3
2008-04-26 13:44:58 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018C2511-A0F9-43CC-AB1B-B046B6D4564B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BEDAB93-B591-44DC-91CC-53E7AC3E1C4B}]
C:\Windows\system32\xxYOhFWN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1e17d403-a0a2-4e71-bd6a-7e55b0d728e1}]
06/26/2008 21:39 106496 --a------ C:\Windows\system32\fifsnytk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6b4f0b6f-d0ab-9d62-8855-d86c108069bb}]
06/24/2008 10:10 372736 --a------ C:\Windows\system32\alrgtyqqcebop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB5D116A-8942-46EF-BBB3-3D9C096E796C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C076D19B-ED06-4DCF-9E72-C958C9DD2DE3}]
C:\Windows\system32\mlJaYrsT.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C625967C-60C6-40FA-8A14-EF3256282582}]
C:\Windows\system32\hgGayvuu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/16/2007 06:04]
"RtHDVCpl"="RtHDVCpl.exe" [05/11/2007 09:26 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [05/28/2007 00:59]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/28/2007 00:58]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/28/2007 00:59]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 11:37]
"@"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [12/03/2006 19:23]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [03/16/2007 06:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/15/2007 22:39]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 11:35]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 20:51]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [06/16/2008 04:52]
"{7dc6b030-9c5d-3dcb-1955-c309f502ce62}"="C:\Windows\system32\alrgtyqqcebop.dll" [06/24/2008 10:10]
"MSServer"="C:\Windows\system32\khffFyWO.dll" []
"84e6621b"="C:\Windows\system32\xhwrewmi.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 12:09]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 17:17]
"Steam"="c:\program files\steam\steam.exe" [04/07/2008 11:23]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/07/2008 20:23]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [01/30/2008 14:11]
"@"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB2808"=command /c del "C:\PROGRAM FILES\NOADWARE5.0\NoAdware5.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
"SpybotDeletingA5193"=command /c del "C:\Windows\System32\hgGayvuu.dll_old"
"SpybotDeletingC5003"=cmd /c del "C:\Windows\System32\hgGayvuu.dll_old"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/15/2007 22:26:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kzovqpwp"= {211c8bc6-3bf0-479c-a553-61e90d414be8} - C:\ProgramData\kzovqpwp.dll [06/25/2008 12:28 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\mlJaYrsT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{528f428a-1331-11dd-b098-001aa0899f2e}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f36ee3b-3341-11dc-aeff-806e6f6e6963}]
AutoRun\command- E:\Autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-26 21:55:54 ------------



MBAM Log

Malwarebytes' Anti-Malware 1.18
Database version: 894

21:45:49 6/26/2008
mbam-log-6-26-2008 (21-45-49).txt

Scan type: Quick Scan
Objects scanned: 40451
Time elapsed: 14 minute(s), 13 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 9
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 5
Files Infected: 77

Memory Processes Infected:
C:\Windows\System32\iftuyszv.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\Windows\System32\jkKCtQkL.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\mlJaYrsT.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f0e738ca-4e59-446f-b34a-6bc26fb2c735} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f0e738ca-4e59-446f-b34a-6bc26fb2c735} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\84e6621b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM87d55187 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\netrax06 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\1049a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\axc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\bgi (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\eb10 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\flytrpqk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\kqprtylf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkKCtQkL.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\444.470 (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Windows\mrofinu1000106.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Users\lien\Local Settings\Temporary Internet Files\Content.IE5\AQ96IW3B\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\lien\Local Settings\Temporary Internet Files\Content.IE5\IP3QKGT3\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\netrax06\netrax061083.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\1049a\hinacomDE.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\axc\ashcom3e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\bgi\pidam2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\eb10\zvuxderr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\lfn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\iftuyszv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32\{2b5900f3-c96e-5e80-acd2-d4eb905d71b1}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\cejsjbyn.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\dbopieto.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32\mlJaYrsT.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ljJCvSkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\eric\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\eric\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\eric\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:07 AM

Posted 27 June 2008 - 12:46 AM

Hi mrsunnybones,

Before running a new scan let's clean out the temporary folders. :thumbsup:

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post.

If the file is too big to post, then you can upload it to me here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 mrsunnybones

mrsunnybones
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 28 June 2008 - 10:42 AM

Hello again, and once again thanks for the help
The notepad was too large so i sent it through the link you gave me

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:07 AM

Posted 28 June 2008 - 12:37 PM

Hi mrsunnybones,

Step #1

Please disable Spyware Doctor and Spybot Teatimer, as they prevent us from making registry changes.

To disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.

To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts


Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%allusersprofile%\bm87d55187.xml
%allusersprofile%\kzovqpwp.dll
%allusersprofile%\pskt.ini
%systemroot%\444.471
%systemroot%\system32\alrgtyqqcebop.dll
%systemroot%\system32\fifsnytk.dll
%systemroot%\system32\hljwugsf.bin
%systemroot%\system32\imwerwhx.ini
%systemroot%\system32\jbeiwvbm.ini
%systemroot%\system32\nwfhoyxx.ini
%systemroot%\system32\nwfhoyxx.ini2
%systemroot%\system32\nybjsjec.ini
%systemroot%\system32\rtajmutv.ini
%systemroot%\system32\rtajmutv.ini2
%systemroot%\system32\tsryajlm.ini
%systemroot%\system32\tsryajlm.ini2
%systemroot%\system32\udoefkrubz.exe
%systemroot%\system32\uuvyaggh.ini
%systemroot%\system32\uuvyaggh.ini2

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> {7dc6b030-9c5d-3dcb-1955-c309f502ce62} -> %SystemRoot%\System32\alrgtyqqcebop.dll [C:\Windows\System32\Rundll32.exe "C:\Windows\system32\alrgtyqqcebop.dll" DllStart]
YN -> 84e6621b -> %SystemRoot%\system32\xhwrewmi.DLL [rundll32.exe "C:\Windows\system32\xhwrewmi.dll",b]
YN -> MSServer -> %SystemRoot%\system32\khffFyWO.DLL [rundll32.exe C:\Windows\system32\khffFyWO.dll,#1]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {018C2511-A0F9-43CC-AB1B-B046B6D4564B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {0BEDAB93-B591-44DC-91CC-53E7AC3E1C4B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\xxYOhFWN.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {1e17d403-a0a2-4e71-bd6a-7e55b0d728e1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\fifsnytk.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {6b4f0b6f-d0ab-9d62-8855-d86c108069bb} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\alrgtyqqcebop.dll [targetedbanner browser optimizer]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {BB5D116A-8942-46EF-BBB3-3D9C096E796C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {C076D19B-ED06-4DCF-9E72-C958C9DD2DE3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mlJaYrsT.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {C625967C-60C6-40FA-8A14-EF3256282582} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hgGayvuu.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> alrgtyqqcebop.dll -> %SystemRoot%\System32\alrgtyqqcebop.dll
NY -> fifsnytk.dll -> %SystemRoot%\System32\fifsnytk.dll
NY -> hljwugsf.bin -> %SystemRoot%\System32\hljwugsf.bin
NY -> imwerwhx.ini -> %SystemRoot%\System32\imwerwhx.ini
NY -> jbeiwvbm.ini -> %SystemRoot%\System32\jbeiwvbm.ini
NY -> NWFhOYxx.ini -> %SystemRoot%\System32\NWFhOYxx.ini
NY -> NWFhOYxx.ini2 -> %SystemRoot%\System32\NWFhOYxx.ini2
NY -> nybjsjec.ini -> %SystemRoot%\System32\nybjsjec.ini
NY -> RtAJmUtv.ini -> %SystemRoot%\System32\RtAJmUtv.ini
NY -> RtAJmUtv.ini2 -> %SystemRoot%\System32\RtAJmUtv.ini2
NY -> TsrYaJlm.ini -> %SystemRoot%\System32\TsrYaJlm.ini
NY -> TsrYaJlm.ini2 -> %SystemRoot%\System32\TsrYaJlm.ini2
NY -> udoefkrubz.exe -> %SystemRoot%\System32\udoefkrubz.exe
NY -> uuvyaGgh.ini -> %SystemRoot%\System32\uuvyaGgh.ini
NY -> uuvyaGgh.ini2 -> %SystemRoot%\System32\uuvyaGgh.ini2
NY -> 444.471 -> %SystemRoot%\444.471
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> BM87d55187.xml -> %AllUsersProfile%\BM87d55187.xml
NY -> kzovqpwp.dll -> %AllUsersProfile%\kzovqpwp.dll
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
[Files/Folders - Modified Within 30 days]
NY -> alrgtyqqcebop.dll -> %SystemRoot%\System32\alrgtyqqcebop.dll
NY -> fifsnytk.dll -> %SystemRoot%\System32\fifsnytk.dll
NY -> hljwugsf.bin -> %SystemRoot%\System32\hljwugsf.bin
NY -> imwerwhx.ini -> %SystemRoot%\System32\imwerwhx.ini
NY -> jbeiwvbm.ini -> %SystemRoot%\System32\jbeiwvbm.ini
NY -> NWFhOYxx.ini -> %SystemRoot%\System32\NWFhOYxx.ini
NY -> NWFhOYxx.ini2 -> %SystemRoot%\System32\NWFhOYxx.ini2
NY -> nybjsjec.ini -> %SystemRoot%\System32\nybjsjec.ini
NY -> RtAJmUtv.ini -> %SystemRoot%\System32\RtAJmUtv.ini
NY -> RtAJmUtv.ini2 -> %SystemRoot%\System32\RtAJmUtv.ini2
NY -> TsrYaJlm.ini -> %SystemRoot%\System32\TsrYaJlm.ini
NY -> TsrYaJlm.ini2 -> %SystemRoot%\System32\TsrYaJlm.ini2
NY -> udoefkrubz.exe -> %SystemRoot%\System32\udoefkrubz.exe
NY -> uuvyaGgh.ini -> %SystemRoot%\System32\uuvyaGgh.ini
NY -> uuvyaGgh.ini2 -> %SystemRoot%\System32\uuvyaGgh.ini2
NY -> 444.471 -> %SystemRoot%\444.471
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> BM87d55187.xml -> %AllUsersProfile%\BM87d55187.xml
NY -> kzovqpwp.dll -> %AllUsersProfile%\kzovqpwp.dll
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:


    • File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt). This will be small report, so you will be able to post it.

The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. ) This will be small report, so you will be able to post it.

The new OTScanIt scan log. You may be able to post it. If the file is too big to post, then you can upload it to me here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Edited by SifuMike, 28 June 2008 - 12:43 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 mrsunnybones

mrsunnybones
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 28 June 2008 - 05:38 PM

hello again SifuMike
This is the OT Fix

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{7dc6b030-9c5d-3dcb-1955-c309f502ce62} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7dc6b030-9c5d-3dcb-1955-c309f502ce62}\ not found.
File C:\Windows\System32\alrgtyqqcebop.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\84e6621b deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSServer deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{018C2511-A0F9-43CC-AB1B-B046B6D4564B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{018C2511-A0F9-43CC-AB1B-B046B6D4564B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BEDAB93-B591-44DC-91CC-53E7AC3E1C4B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BEDAB93-B591-44DC-91CC-53E7AC3E1C4B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e17d403-a0a2-4e71-bd6a-7e55b0d728e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e17d403-a0a2-4e71-bd6a-7e55b0d728e1}\ deleted successfully.
File C:\Windows\System32\fifsnytk.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b4f0b6f-d0ab-9d62-8855-d86c108069bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b4f0b6f-d0ab-9d62-8855-d86c108069bb}\ deleted successfully.
File C:\Windows\System32\alrgtyqqcebop.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB5D116A-8942-46EF-BBB3-3D9C096E796C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB5D116A-8942-46EF-BBB3-3D9C096E796C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C076D19B-ED06-4DCF-9E72-C958C9DD2DE3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C076D19B-ED06-4DCF-9E72-C958C9DD2DE3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C625967C-60C6-40FA-8A14-EF3256282582}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C625967C-60C6-40FA-8A14-EF3256282582}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
[Files/Folders - Created Within 30 days]
File C:\Windows\System32\alrgtyqqcebop.dll not found!
File C:\Windows\System32\fifsnytk.dll not found!
File C:\Windows\System32\hljwugsf.bin not found!
File C:\Windows\System32\imwerwhx.ini not found!
File C:\Windows\System32\jbeiwvbm.ini not found!
File C:\Windows\System32\NWFhOYxx.ini not found!
File C:\Windows\System32\NWFhOYxx.ini2 not found!
File C:\Windows\System32\nybjsjec.ini not found!
File C:\Windows\System32\RtAJmUtv.ini not found!
File C:\Windows\System32\RtAJmUtv.ini2 not found!
File C:\Windows\System32\TsrYaJlm.ini not found!
File C:\Windows\System32\TsrYaJlm.ini2 not found!
File C:\Windows\System32\udoefkrubz.exe not found!
File C:\Windows\System32\uuvyaGgh.ini not found!
File C:\Windows\System32\uuvyaGgh.ini2 not found!
File C:\Windows\444.471 not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\BM87d55187.xml not found!
File C:\ProgramData\kzovqpwp.dll not found!
File C:\ProgramData\pskt.ini not found!
[Files/Folders - Modified Within 30 days]
File C:\Windows\System32\alrgtyqqcebop.dll not found!
File C:\Windows\System32\fifsnytk.dll not found!
File C:\Windows\System32\hljwugsf.bin not found!
File C:\Windows\System32\imwerwhx.ini not found!
File C:\Windows\System32\jbeiwvbm.ini not found!
File C:\Windows\System32\NWFhOYxx.ini not found!
File C:\Windows\System32\NWFhOYxx.ini2 not found!
File C:\Windows\System32\nybjsjec.ini not found!
File C:\Windows\System32\RtAJmUtv.ini not found!
File C:\Windows\System32\RtAJmUtv.ini2 not found!
File C:\Windows\System32\TsrYaJlm.ini not found!
File C:\Windows\System32\TsrYaJlm.ini2 not found!
File C:\Windows\System32\udoefkrubz.exe not found!
File C:\Windows\System32\uuvyaGgh.ini not found!
File C:\Windows\System32\uuvyaGgh.ini2 not found!
File C:\Windows\444.471 not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\BM87d55187.xml not found!
File C:\ProgramData\kzovqpwp.dll not found!
File C:\ProgramData\pskt.ini not found!
[Empty Temp Folders]
File delete failed. C:\Users\eric\AppData\Local\Temp\~DF7592.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\eric\AppData\Local\Temp\~DFEE9.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\eric\AppData\Local\Mozilla\Firefox\Profiles\480bplyf.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\eric\AppData\Local\Mozilla\Firefox\Profiles\480bplyf.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\eric\AppData\Local\Mozilla\Firefox\Profiles\480bplyf.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\eric\AppData\Local\Mozilla\Firefox\Profiles\480bplyf.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.18 fix logfile created on 06282008_182916

Files moved on Reboot...
C:\Users\eric\AppData\Local\Temp\~DF7592.tmp moved successfully.
C:\Users\eric\AppData\Local\Temp\~DFEE9.tmp moved successfully.
C:\Users\eric\AppData\Local\Mozilla\Firefox\Profiles\480bplyf.default\Cache\_CACHE_001_ moved successfully.
C:\Users\eric\AppData\Local\Mozilla\Firefox\Profiles\480bplyf.default\Cache\_CACHE_002_ moved successfully.
C:\Users\eric\AppData\Local\Mozilla\Firefox\Profiles\480bplyf.default\Cache\_CACHE_003_ moved successfully.
C:\Users\eric\AppData\Local\Mozilla\Firefox\Profiles\480bplyf.default\Cache\_CACHE_MAP_ moved successfully.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:07 AM

Posted 28 June 2008 - 05:56 PM

Hi,

You forgot to post the The Avenger report (c:\Avenger.txt) and The new OTScanIt scan log.

Edited by SifuMike, 28 June 2008 - 06:00 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 mrsunnybones

mrsunnybones
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 29 June 2008 - 01:05 PM

hello again, sorry about that, i had all the notepads open, guess i only copy and pasted one
OTScanIt

OTScanIt logfile created on: 6/29/2008 14:00:34
OTScanIt by OldTimer - Version 1.0.15.18	 Folder = C:\Users\eric\Desktop\OTScanIt
Windows Vista   (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16681)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.21% Memory free
4.00 Gb Paging File | 3.40 Gb Available in Paging File | 85.02% Paging File free
Paging file location(s): ?:\pagefile.sys;
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 130.89 Gb Free Space | 58.76% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.06 Gb Free Space | 60.55% Space Free | Partition Type: NTFS
Drive E: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CANCUN
Current User Name: eric
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 22:59:32 | Attr =	]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.00.7 | Size = 46736 bytes | Modified Date = 12/3/2006 19:24:46 | Attr =	]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 18:27:24 | Attr =	]
pnkbstra.exe -> %SystemRoot%\System32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 10/2/2007 18:09:23 | Attr =	]
roxwatch9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 11/5/2006 11:13:00 | Attr =	]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 8/4/2006 20:39:20 | Attr =	]
sdwinsec.exe -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 11 | Size = 810320 bytes | Modified Date = 1/28/2008 11:43:32 | Attr =	]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 57 | Size = 4452352 bytes | Modified Date = 5/11/2007 09:26:44 | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 10/3/2006 11:37:04 | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 22:59:52 | Attr =	]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.15317 | Size = 1862144 bytes | Modified Date = 7/15/2007 22:39:41 | Attr =	]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 12:09:36 | Attr =	]
btdna.exe -> %ProgramFiles%\DNA\btdna.exe -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 5/7/2008 20:23:41 | Attr =	]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software  [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/3/2006 18:02:14 | Attr =	]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.15317 | Size = 1862144 bytes | Modified Date = 7/15/2007 22:39:41 | Attr =	]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1252232 bytes | Modified Date = 11/1/2007 19:44:19 | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.18 | Size = 397312 bytes | Modified Date = 6/27/2008 15:53:14 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 18:27:24 | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 22:59:32 | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 22:59:32 | Attr =	]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 22:59:32 | Attr =	]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.1.0.9 | Size = 49296 bytes | Modified Date = 12/3/2006 19:24:04 | Attr =	]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 9 | Size = 70656 bytes | Modified Date = 3/19/2007 12:44:44 | Attr =	]
(GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.15317 | Size = 1862144 bytes | Modified Date = 7/15/2007 22:39:41 | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 8/21/2007 21:54:04 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 03:24:18 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.1.0.38 | Size = 80552 bytes | Modified Date = 12/3/2006 19:23:32 | Attr =	]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 18:27:24 | Attr =	]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 22:59:32 | Attr =	]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 20:51:10 | Attr =	]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\System32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 10/2/2007 18:09:23 | Attr =	]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 880640 bytes | Modified Date = 11/5/2006 11:15:12 | Attr =	]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 11/5/2006 11:13:00 | Attr =	]
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 11 | Size = 810320 bytes | Modified Date = 1/28/2008 11:43:32 | Attr =	]
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 2 | Size = 356920 bytes | Modified Date = 6/5/2008 14:44:46 | Attr =	]
(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 6.0.0.10 | Size = 1072008 bytes | Modified Date = 6/10/2008 21:22:56 | Attr =	]
(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Steam\SteamService.exe -> Valve Corporation [Ver = 1, 0, 0, 1 | Size = 87288 bytes | Modified Date = 6/11/2008 18:43:15 | Attr =	]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 9/14/2006 14:54:34 | Attr =	]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1252232 bytes | Modified Date = 11/1/2007 19:44:19 | Attr =	]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.00.7 | Size = 46736 bytes | Modified Date = 12/3/2006 19:24:46 | Attr =	]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 8/4/2006 20:39:20 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 22:59:52 | Attr =	]
ECenter -> %SystemDrive%\DELL\E-Center\EULALauncher.exe [c:\dell\E-Center\EULALauncher.exe] ->   [Ver = 1.0.2489.24404 | Size = 17920 bytes | Modified Date = 3/16/2007 06:20:42 | Attr =	]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.1.703.15317 | Size = 1862144 bytes | Modified Date = 7/15/2007 22:39:41 | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 221184 bytes | Modified Date = 10/3/2006 11:35:42 | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 10/3/2006 11:37:04 | Attr =	]
NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.11.5828 | Size = 8429568 bytes | Modified Date = 5/28/2007 00:58:40 | Attr =	]
NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.11.5828 | Size = 81920 bytes | Modified Date = 5/28/2007 00:59:00 | Attr =	]
NvSvc -> %SystemRoot%\System32\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.11.5828 | Size = 86016 bytes | Modified Date = 5/28/2007 00:59:08 | Attr =	]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe ["C:\Program Files\Norton Internet Security\osCheck.exe"] -> Symantec Corporation [Ver = 10.1.0.38 | Size = 22696 bytes | Modified Date = 12/3/2006 19:23:34 | Attr =	]
PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE [C:\Program Files\PowerISO\PWRISOVM.EXE] -> PowerISO Computing, Inc. [Ver = 4, 1, 0, 0 | Size = 167936 bytes | Modified Date = 6/16/2008 04:52:29 | Attr =	]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1, 0, 0, 57 | Size = 4452352 bytes | Modified Date = 5/11/2007 09:26:44 | Attr =	]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 20:51:10 | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 17:17:26 | Attr =	]
BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ["C:\Program Files\DNA\btdna.exe"] -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 5/7/2008 20:23:41 | Attr =	]
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 12:09:36 | Attr =	]
Steam -> %ProgramFiles%\Steam\Steam.exe ["c:\program files\steam\steam.exe" -silent] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 4/7/2008 11:23:14 | Attr =	]
Veoh -> %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe ["C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide] -> Veoh Networks [Ver = 3.8.1.1011 | Size = 3497984 bytes | Modified Date = 1/30/2008 14:11:10 | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.703.15317 | Size = 143360 bytes | Modified Date = 7/15/2007 22:39:41 | Attr =	]
*MultiFile Done* -> -> 
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
{211c8bc6-3bf0-479c-a553-61e90d414be8} [HKEY_LOCAL_MACHINE] -> %AllUsersProfile%\kzovqpwp.dll [kzovqpwp] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 24576 bytes | Modified Date = 11/2/2006 05:45:50 | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
TORiSAN CD-ROM CDR_C36 ->  -> File not found
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 67072 bytes | Modified Date = 11/2/2006 04:51:44 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVD+-RW_GSA-H31N_______________B109____\5&384a886&0&1.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] ->  [Ver =  | Size = 24 bytes | Modified Date = 9/18/2006 17:43:36 | Attr =	]
autorun [] -> E:\autorun.exe [ UDF ] ->  [Ver = 1, 0, 0, 1 | Size = 4386816 bytes | Modified Date = 9/25/2006 12:01:39 | Attr = R  ]
Autorun.exe [MZ | ] -> E:\Autorun.exe [ UDF ] ->  [Ver = 1, 0, 0, 1 | Size = 4386816 bytes | Modified Date = 9/25/2006 12:01:39 | Attr = R  ]
Autorun.inf [[autorun] | icon=bf2142.ico | open=Autorun.exe | ] -> E:\Autorun.inf [ UDF ] ->  [Ver =  | Size = 46 bytes | Modified Date = 9/25/2006 12:01:39 | Attr = R  ]
< HOSTS File > (250728 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> 
::1			 localhost -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4608 domain(s) found. -> 
40 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4646 domain(s) found. -> 
40 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 104 range(s) found. -> 
GD [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\NppBHO.dll [Reg Error: Value  does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.3.6 | Size = 96984 bytes | Modified Date = 12/3/2006 19:26:02 | Attr = R  ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 501384 bytes | Modified Date = 7/15/2007 22:22:32 | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 8/21/2007 21:54:03 | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 8/21/2007 21:54:05 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 8/21/2007 21:54:03 | Attr = R  ]
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.3.6 | Size = 565960 bytes | Modified Date = 12/3/2006 19:26:04 | Attr = R  ]
{D0943516-5076-4020-A3B5-AEFAF26AB263} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [Veoh Browser Plug-in] -> Veoh Networks Inc [Ver = 1.0.1.6 | Size = 352256 bytes | Modified Date = 1/30/2008 14:00:02 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 8/21/2007 21:54:03 | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 132744 bytes | Modified Date = 7/15/2007 22:22:32 | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5D722B2D-31C5-4C63-95BF-3000E2FF1F97} ->	(Intel(R) 82562V-2 10/100 Network Connection) -> 
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
ldap -> 4 = Restricted sites (Not a Default Protocol) -> 
news -> 4 = Restricted sites (Not a Default Protocol) -> 
nntp -> 4 = Restricted sites (Not a Default Protocol) -> 
oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 
snews -> 4 = Restricted sites (Not a Default Protocol) -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 6/28/2008 18:21:48 | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 6/25/2008 15:04:33 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 6/28/2008 18:40:00 | Attr =	]
Pass2.cmd -> %SystemDrive%\Pass2.cmd ->  [Ver =  | Size = 287965 bytes | Created Date = 6/25/2008 12:55:48 | Attr =	]
perflogs -> %SystemDrive%\perflogs ->  [Folder | Created Date = 6/17/2008 21:33:15 | Attr =	]
tmp.hiv -> %SystemDrive%\tmp.hiv ->  [Ver =  | Size = 16384 bytes | Created Date = 6/25/2008 12:58:49 | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 6/26/2008 21:28:16 | Attr =	]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Created Date = 6/26/2008 21:28:16 | Attr =	]
scdemu.sys -> %SystemRoot%\System32\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 4, 1, 0, 0 | Size = 56108 bytes | Created Date = 6/12/2008 02:28:49 | Attr =	]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver =  | Size = 81920 bytes | Created Date = 6/25/2008 12:48:09 | Attr =	]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 6/25/2008 12:48:07 | Attr =	]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 6/25/2008 12:48:09 | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Created Date = 6/25/2008 12:48:08 | Attr =	]
OTScanIt -> %SystemRoot%\System32\OTScanIt ->  [Folder | Created Date = 6/28/2008 11:35:09 | Attr =	]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 6/25/2008 12:48:06 | Attr =	]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 6/25/2008 12:48:07 | Attr =	]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 6/25/2008 12:48:06 | Attr =	]
swsc.exe -> %SystemRoot%\System32\swsc.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 6/25/2008 12:48:07 | Attr =	]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 6/25/2008 12:48:07 | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3704 bytes | Created Date = 6/25/2008 12:48:28 | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 6/25/2008 12:48:08 | Attr =	]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 6/25/2008 12:48:07 | Attr =	]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 6/25/2008 12:48:08 | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 6/25/2008 15:04:46 | Attr =	]
mainms.vpi -> %SystemRoot%\mainms.vpi ->  [Ver =  | Size = 252 bytes | Created Date = 6/25/2008 12:27:32 | Attr = RHS]
megavid.cdt -> %SystemRoot%\megavid.cdt ->  [Ver =  | Size = 4 bytes | Created Date = 6/25/2008 12:27:21 | Attr = RHS]
muotr.so -> %SystemRoot%\muotr.so ->  [Ver =  | Size = 33 bytes | Created Date = 6/25/2008 12:27:20 | Attr = RHS]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 539 bytes | Created Date = 6/25/2008 15:00:37 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Malwarebytes ->  [Folder | Created Date = 6/26/2008 21:28:16 | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy ->  [Folder | Created Date = 6/25/2008 13:25:20 | Attr =	]
GetValue.vbs -> %AppData%\GetValue.vbs ->  [Ver =  | Size = 691 bytes | Created Date = 6/25/2008 12:54:59 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 6/26/2008 21:28:54 | Attr =	]
SetValue.bat -> %AppData%\SetValue.bat ->  [Ver =  | Size = 35 bytes | Created Date = 6/25/2008 12:54:59 | Attr =	]
AOL OCP -> %UserProfile%\AppData\Local\AOL OCP ->  [Folder | Created Date = 6/28/2008 18:13:18 | Attr =	]
SmitfraudFix -> %UserProfile%\Documents\SmitfraudFix ->  [Folder | Created Date = 6/25/2008 12:48:00 | Attr =	]
zsdf.wps -> %UserProfile%\Documents\zsdf.wps ->  [Ver =  | Size = 12288 bytes | Created Date = 6/2/2008 20:10:56 | Attr =	]
zsdf2.wps -> %UserProfile%\Documents\zsdf2.wps ->  [Ver =  | Size = 9216 bytes | Created Date = 6/9/2008 18:39:15 | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 820 bytes | Created Date = 6/26/2008 21:28:18 | Attr =	]
PowerISO.lnk -> %SystemDrive%\Users\Public\Desktop\PowerISO.lnk ->  [Ver =  | Size = 806 bytes | Created Date = 6/24/2008 00:28:06 | Attr =	]
Spyware Doctor.lnk -> %SystemDrive%\Users\Public\Desktop\Spyware Doctor.lnk ->  [Ver =  | Size = 1761 bytes | Created Date = 6/25/2008 23:09:53 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 6/28/2008 11:31:42 | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 6/25/2008 13:36:44 | Attr =	]
ewido_micro.exe -> %UserProfile%\Desktop\ewido_micro.exe -> Antimalware Development a.s. [Ver = 4, 0, 0, 1 | Size = 153144 bytes | Created Date = 6/25/2008 13:04:06 | Attr =	]
guitarpro -> %UserProfile%\Desktop\guitarpro ->  [Folder | Created Date = 6/24/2008 00:30:01 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1876 bytes | Created Date = 6/25/2008 15:02:58 | Attr =	]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes												 [Ver = 1.0.0.0			  | Size = 1665344 bytes | Created Date = 6/26/2008 21:27:45 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 6/28/2008 11:35:22 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568544 bytes | Created Date = 6/28/2008 11:34:27 | Attr =	]
sdsetup.exe -> %UserProfile%\Desktop\sdsetup.exe -> PC Tools													 [Ver = 6.0.0.354			| Size = 13380712 bytes | Created Date = 6/25/2008 23:08:28 | Attr =	]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix ->  [Folder | Created Date = 6/25/2008 12:54:41 | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 6/26/2008 21:28:15 | Attr =	]
PowerISO -> %ProgramFiles%\PowerISO ->  [Folder | Created Date = 6/24/2008 00:28:05 | Attr =	]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 6/25/2008 13:25:20 | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 6/25/2008 15:02:57 | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 6/28/2008 18:26:02 | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 6/25/2008 15:04:33 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 6/28/2008 18:40:00 | Attr =	]
Pass2.cmd -> %SystemDrive%\Pass2.cmd ->  [Ver =  | Size = 287965 bytes | Modified Date = 6/25/2008 23:50:15 | Attr =	]
perflogs -> %SystemDrive%\perflogs ->  [Folder | Modified Date = 6/17/2008 21:33:15 | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 6/28/2008 18:21:48 | Attr = R  ]
ProgramData -> %AllUsersProfile% ->  [Folder | Modified Date = 6/28/2008 18:21:48 | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 6/28/2008 21:13:35 | Attr =  HS]
temp -> %SystemDrive%\temp ->  [Folder | Modified Date = 6/25/2008 12:28:33 | Attr =	]
tmp.hiv -> %SystemDrive%\tmp.hiv ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/25/2008 23:53:47 | Attr =	]
Windows -> %SystemRoot% ->  [Folder | Modified Date = 6/28/2008 18:33:53 | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 6/25/2008 13:29:48 | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 250728 bytes | Modified Date = 6/25/2008 23:49:42 | Attr =	]
hosts.20080625-132948.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080625-132948.backup ->  [Ver =  | Size = 761 bytes | Modified Date = 6/25/2008 12:54:55 | Attr =	]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1042 built by: WinDDK | Size = 42376 bytes | Modified Date = 6/2/2008 15:19:12 | Attr =	]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 6/2/2008 15:19:16 | Attr =	]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1033 | Size = 81288 bytes | Modified Date = 6/10/2008 21:22:52 | Attr =	]
kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Modified Date = 6/2/2008 15:19:24 | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 6/19/2008 17:47:58 | Attr =	]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Modified Date = 6/19/2008 17:48:04 | Attr =	]
scdemu.sys -> %SystemRoot%\System32\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 4, 1, 0, 0 | Size = 56108 bytes | Modified Date = 6/12/2008 02:28:49 | Attr =	]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3456 bytes | Modified Date = 6/29/2008 13:32:16 | Attr =  H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3456 bytes | Modified Date = 6/29/2008 13:32:16 | Attr =  H ]
catroot -> %SystemRoot%\System32\catroot ->  [Folder | Modified Date = 6/25/2008 03:01:58 | Attr =	]
catroot2 -> %SystemRoot%\System32\catroot2 ->  [Folder | Modified Date = 6/15/2008 19:21:02 | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 6/8/2008 22:37:24 | Attr =	]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 6/28/2008 18:21:47 | Attr =	]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 6/23/2008 23:34:46 | Attr =	]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 6/8/2008 22:35:14 | Attr =	]
migration -> %SystemRoot%\System32\migration ->  [Folder | Modified Date = 6/11/2008 03:14:03 | Attr =	]
OTScanIt -> %SystemRoot%\System32\OTScanIt ->  [Folder | Modified Date = 6/28/2008 11:35:09 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 107508 bytes | Modified Date = 6/28/2008 18:39:19 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 626738 bytes | Modified Date = 6/28/2008 18:39:19 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 729436 bytes | Modified Date = 6/28/2008 18:39:19 | Attr =	]
spool -> %SystemRoot%\System32\spool ->  [Folder | Modified Date = 6/8/2008 22:37:17 | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3704 bytes | Modified Date = 6/25/2008 23:49:48 | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 6/8/2008 22:37:16 | Attr =	]
WDI -> %SystemRoot%\System32\WDI ->  [Folder | Modified Date = 6/26/2008 21:27:31 | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 6/11/2008 03:13:59 | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 6/15/2008 03:50:05 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 67584 bytes | Modified Date = 6/28/2008 18:32:11 | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 6/29/2008 13:59:36 | Attr =   S]
ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 6/25/2008 03:02:04 | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 6/25/2008 15:04:46 | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 6/24/2008 00:39:44 | Attr = R S]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 6/28/2008 18:39:19 | Attr =	]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 6/13/2008 01:17:53 | Attr =  HS]
mainms.vpi -> %SystemRoot%\mainms.vpi ->  [Ver =  | Size = 252 bytes | Modified Date = 6/25/2008 12:27:32 | Attr = RHS]
megavid.cdt -> %SystemRoot%\megavid.cdt ->  [Ver =  | Size = 4 bytes | Modified Date = 6/25/2008 12:28:37 | Attr = RHS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP ->  [Ver =  | Size = 176831037 bytes | Modified Date = 6/20/2008 15:38:52 | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 6/15/2008 03:50:29 | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 6/20/2008 15:38:58 | Attr =	]
muotr.so -> %SystemRoot%\muotr.so ->  [Ver =  | Size = 33 bytes | Modified Date = 6/25/2008 12:28:34 | Attr = RHS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 6/29/2008 11:45:33 | Attr =	]
registration -> %SystemRoot%\registration ->  [Folder | Modified Date = 6/8/2008 22:37:16 | Attr =	]
System32 -> %SystemRoot%\System32 ->  [Folder | Modified Date = 6/28/2008 18:39:19 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 6/8/2008 22:37:17 | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 6/29/2008 13:12:43 | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 539 bytes | Modified Date = 6/26/2008 00:29:04 | Attr =	]
winsxs -> %SystemRoot%\winsxs ->  [Folder | Modified Date = 6/25/2008 03:02:04 | Attr =	]
Norton Internet Security - Run Full System Scan - lien.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - lien.job ->  [Ver =  | Size = 486 bytes | Modified Date = 6/20/2008 20:00:00 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 6/28/2008 18:32:18 | Attr =  H ]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys ->  [Folder | Modified Date = 6/28/2008 18:32:18 | Attr =	]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat ->  [Ver =  | Size = 8 bytes | Modified Date = 7/16/2007 06:06:02 | Attr =	]
C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader ->  [Folder | Modified Date = 11/2/2006 09:04:06 | Attr =	]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6471 bytes | Modified Date = 6/25/2008 15:00:16 | Attr =	]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6471 bytes | Modified Date = 6/25/2008 15:00:08 | Attr =	]
C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData ->  [Folder | Modified Date = 7/25/2007 00:48:10 | Attr =	]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT ->  [Ver =  | Size = 60168 bytes | Modified Date = 6/29/2008 00:47:27 | Attr =	]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 6/29/2008 00:47:27 | Attr =	]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 6/29/2008 00:47:27 | Attr =	]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT ->  [Ver =  | Size = 8184 bytes | Modified Date = 6/29/2008 00:47:27 | Attr =	]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT ->  [Ver =  | Size = 12972 bytes | Modified Date = 6/29/2008 00:47:27 | Attr =	]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT ->  [Ver =  | Size = 83780 bytes | Modified Date = 6/29/2008 00:47:27 | Attr =	]
C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures ->  [Folder | Modified Date = 7/24/2007 22:07:37 | Attr =	]
eric.dat -> C:\ProgramData\Microsoft\User Account Pictures\eric.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 7/24/2007 21:38:53 | Attr =	]
lien.dat -> C:\ProgramData\Microsoft\User Account Pictures\lien.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 7/24/2007 22:07:37 | Attr =	]
C:\ProgramData\Microsoft\Works\ -> C:\ProgramData\Microsoft\Works ->  [Folder | Modified Date = 6/11/2008 00:00:20 | Attr =	]
wkcalcat.dat -> C:\ProgramData\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/19/2007 19:43:35 | Attr =	]
wklntsk1.dat -> C:\ProgramData\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 155262 bytes | Modified Date = 8/19/2007 20:02:32 | Attr =	]
C:\Users\eric\AppData\Local\Temp\ -> C:\Users\eric\AppData\Local\Temp ->  [Folder | Modified Date = 6/29/2008 14:00:07 | Attr =	]
fsgk32.exe -> C:\Users\eric\AppData\Local\Temp\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fssm32.exe -> C:\Users\eric\AppData\Local\Temp\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
2 C:\Users\eric\AppData\Local\Temp\*.tmp files -> C:\Users\eric\AppData\Local\Temp\*.tmp -> 
C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 6/29/2008 11:48:50 | Attr =	]
fsgk32.exe -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fssm32.exe -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fsgk32.exe -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fssm32.exe -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
C:\Users\eric\AppData\Local\Temp\ -> C:\Users\eric\AppData\Local\Temp ->  [Folder | Modified Date = 6/29/2008 14:00:07 | Attr =	]
daas_s.dll -> C:\Users\eric\AppData\Local\Temp\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 6/29/2008 11:49:06 | Attr =	]
fm4av.dll -> C:\Users\eric\AppData\Local\Temp\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
2 C:\Users\eric\AppData\Local\Temp\*.tmp files -> C:\Users\eric\AppData\Local\Temp\*.tmp -> 
C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 6/29/2008 11:48:50 | Attr =	]
AVPFPI0.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
avpproxy.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
daas_s.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 15:59:28 | Attr =	]
fm4av.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fpinor.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fsbl.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fsblu.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 6/28/2008 18:41:40 | Attr =	]
fsecr32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsgkiapi.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fsmart.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 6/28/2008 18:42:01 | Attr =	]
fspe32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fssubmit.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 6/28/2008 18:41:46 | Attr =	]
fsup32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupcx32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupfg32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupmw32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupnp32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupux32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupwu32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsusscr.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 6/28/2008 18:42:01 | Attr =	]
Nse_w32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 6/28/2008 18:41:43 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 6/28/2008 18:42:03 | Attr =	]
AVPFPI0.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
avpproxy.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fm4av.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fpinor.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fsbl.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
fsgkiapi.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsecr32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fspe32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsup32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupcx32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupfg32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupmw32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupnp32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupux32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupwu32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 6/28/2008 18:42:01 | Attr =	]
fsmart.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 6/28/2008 18:42:01 | Attr =	]
fsusscr.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 6/28/2008 18:42:01 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 6/28/2008 18:41:44 | Attr =	]
Nse_w32.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 6/28/2008 18:41:43 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 6/28/2008 18:41:46 | Attr =	]
fssubmit.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 6/28/2008 18:41:46 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 6/28/2008 18:41:40 | Attr =	]
fsblu.dll -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 6/28/2008 18:41:40 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 6/29/2008 11:48:50 | Attr =	]
ext.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 6/28/2008 18:41:38 | Attr =	]
fsedb.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 967442 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupdllb.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupplgn.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsuptmpl.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
perf.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 6/29/2008 13:59:36 | Attr =	]
sae.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 6/28/2008 18:41:38 | Attr =	]
sai.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 6/28/2008 18:41:38 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 6/28/2008 18:41:38 | Attr =	]
ext.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 6/28/2008 18:41:38 | Attr =	]
sae.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 6/28/2008 18:41:38 | Attr =	]
sai.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 6/28/2008 18:41:38 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsedb.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 967442 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupdllb.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsupplgn.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
fsuptmpl.dat -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 6/29/2008 11:48:50 | Attr =	]
FS@av.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 6/28/2008 18:41:38 | Attr =	]
FS@avpe.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 6/29/2008 11:48:43 | Attr =	]
FS@bleng.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 6/28/2008 18:41:40 | Attr =	]
FS@corp.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
FS@hydra.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
FS@mlc.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 6/28/2008 18:42:01 | Attr =	]
FS@ols.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 6/28/2008 18:41:46 | Attr =	]
FS@peg.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 6/28/2008 18:41:43 | Attr =	]
verdicts.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 6/28/2008 18:41:31 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 6/28/2008 18:41:38 | Attr =	]
FS@av.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 6/28/2008 18:41:38 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avpe\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 6/29/2008 11:48:44 | Attr =	]
FS@avpe.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 6/29/2008 11:48:43 | Attr =	]
verdicts.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 6/28/2008 18:41:31 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 6/28/2008 18:42:03 | Attr =	]
FS@corp.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 6/28/2008 18:42:03 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 6/28/2008 18:41:57 | Attr =	]
FS@hydra.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 6/28/2008 18:41:57 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 6/28/2008 18:42:01 | Attr =	]
FS@mlc.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 6/28/2008 18:42:01 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 6/28/2008 18:41:44 | Attr =	]
FS@peg.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 6/28/2008 18:41:43 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 6/28/2008 18:41:46 | Attr =	]
FS@ols.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 6/28/2008 18:41:46 | Attr =	]
C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 6/28/2008 18:41:40 | Attr =	]
FS@bleng.ini -> C:\Users\eric\AppData\Local\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 6/28/2008 18:41:40 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Malwarebytes ->  [Folder | Modified Date = 6/26/2008 21:28:17 | Attr =	]
Roxio -> %AllUsersProfile%\Roxio ->  [Folder | Modified Date = 6/23/2008 20:45:28 | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy ->  [Folder | Modified Date = 6/25/2008 13:42:28 | Attr =	]
TEMP -> %AllUsersProfile%\TEMP ->  [Folder | Modified Date = 6/28/2008 18:19:15 | Attr =	]
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2
BitTorrent -> %AppData%\BitTorrent ->  [Folder | Modified Date = 6/25/2008 12:37:11 | Attr =	]
DNA -> %AppData%\DNA ->  [Folder | Modified Date = 6/29/2008 13:55:29 | Attr =	]
GetValue.vbs -> %AppData%\GetValue.vbs ->  [Ver =  | Size = 691 bytes | Modified Date = 6/25/2008 23:49:48 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 6/26/2008 21:28:54 | Attr =	]
SetValue.bat -> %AppData%\SetValue.bat ->  [Ver =  | Size = 35 bytes | Modified Date = 6/25/2008 23:49:48 | Attr =	]
wklnhst.dat -> %AppData%\wklnhst.dat ->  [Ver =  | Size = 8450 bytes | Modified Date = 6/9/2008 19:45:58 | Attr =	]
AOL OCP -> %UserProfile%\AppData\Local\AOL OCP ->  [Folder | Modified Date = 6/28/2008 18:13:18 | Attr =	]
ApplicationHistory -> %UserProfile%\AppData\Local\ApplicationHistory ->  [Folder | Modified Date = 6/28/2008 18:34:17 | Attr =	]
d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat ->  [Ver =  | Size = 680 bytes | Modified Date = 6/21/2008 01:41:59 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 52224 bytes | Modified Date = 6/25/2008 12:16:17 | Attr =	]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db ->  [Ver =  | Size = 6291456 bytes | Modified Date = 6/28/2008 18:29:49 | Attr =  H ]
Microsoft -> %UserProfile%\AppData\Local\Microsoft ->  [Folder | Modified Date = 6/25/2008 22:53:03 | Attr =	]
Temp -> %UserProfile%\AppData\Local\Temp ->  [Folder | Modified Date = 6/29/2008 14:00:07 | Attr =	]
Downloads -> %UserProfile%\Documents\Downloads ->  [Folder | Modified Date = 6/25/2008 12:37:01 | Attr =	]
My Sharing Folders.lnk -> %UserProfile%\Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 507 bytes | Modified Date = 6/25/2008 14:59:34 | Attr =	]
SmitfraudFix -> %UserProfile%\Documents\SmitfraudFix ->  [Folder | Modified Date = 6/25/2008 12:49:53 | Attr =	]
zsdf.wps -> %UserProfile%\Documents\zsdf.wps ->  [Ver =  | Size = 12288 bytes | Modified Date = 6/9/2008 19:45:56 | Attr =	]
zsdf2.wps -> %UserProfile%\Documents\zsdf2.wps ->  [Ver =  | Size = 9216 bytes | Modified Date = 6/9/2008 19:45:58 | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 820 bytes | Modified Date = 6/26/2008 21:28:18 | Attr =	]
PowerISO.lnk -> %SystemDrive%\Users\Public\Desktop\PowerISO.lnk ->  [Ver =  | Size = 806 bytes | Modified Date = 6/24/2008 00:28:06 | Attr =	]
Spyware Doctor.lnk -> %SystemDrive%\Users\Public\Desktop\Spyware Doctor.lnk ->  [Ver =  | Size = 1761 bytes | Modified Date = 6/25/2008 23:09:53 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 6/28/2008 11:31:21 | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 6/25/2008 13:36:41 | Attr =	]
ewido_micro.exe -> %UserProfile%\Desktop\ewido_micro.exe -> Antimalware Development a.s. [Ver = 4, 0, 0, 1 | Size = 153144 bytes | Modified Date = 6/25/2008 13:04:00 | Attr =	]
guitarpro -> %UserProfile%\Desktop\guitarpro ->  [Folder | Modified Date = 6/24/2008 00:31:56 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1876 bytes | Modified Date = 6/25/2008 15:02:58 | Attr =	]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes												 [Ver = 1.0.0.0			  | Size = 1665344 bytes | Modified Date = 6/26/2008 21:27:40 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 6/28/2008 18:29:16 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568544 bytes | Modified Date = 6/28/2008 11:34:23 | Attr =	]
sdsetup.exe -> %UserProfile%\Desktop\sdsetup.exe -> PC Tools													 [Ver = 6.0.0.354			| Size = 13380712 bytes | Modified Date = 6/25/2008 23:08:21 | Attr =	]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix ->  [Folder | Modified Date = 6/29/2008 13:58:45 | Attr =	]
Steam -> %CommonProgramFiles%\Steam ->  [Folder | Modified Date = 6/15/2008 03:54:01 | Attr =	]

< End of report >


2nd report(avenger)
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\ProgramData\bm87d55187.xml" deleted successfully.
File "C:\ProgramData\kzovqpwp.dll" deleted successfully.
File "C:\ProgramData\pskt.ini" deleted successfully.
File "C:\Windows\444.471" deleted successfully.
File "C:\Windows\system32\alrgtyqqcebop.dll" deleted successfully.
File "C:\Windows\system32\fifsnytk.dll" deleted successfully.
File "C:\Windows\system32\hljwugsf.bin" deleted successfully.
File "C:\Windows\system32\imwerwhx.ini" deleted successfully.
File "C:\Windows\system32\jbeiwvbm.ini" deleted successfully.
File "C:\Windows\system32\nwfhoyxx.ini" deleted successfully.
File "C:\Windows\system32\nwfhoyxx.ini2" deleted successfully.
File "C:\Windows\system32\nybjsjec.ini" deleted successfully.
File "C:\Windows\system32\rtajmutv.ini" deleted successfully.
File "C:\Windows\system32\rtajmutv.ini2" deleted successfully.
File "C:\Windows\system32\tsryajlm.ini" deleted successfully.
File "C:\Windows\system32\tsryajlm.ini2" deleted successfully.
File "C:\Windows\system32\udoefkrubz.exe" deleted successfully.
File "C:\Windows\system32\uuvyaggh.ini" deleted successfully.
File "C:\Windows\system32\uuvyaggh.ini2" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

FSecure scanner

Scanning Report
Sunday, June 29, 2008 11:49:05 - 13:58:51

Computer name: CANCUN
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 3 malware found
RiskTool.Win32.Reboot (spyware)

* System

Tracking Cookie (spyware)

* System

Vundo.gen179 (virus)

* C:\DECKARD\SYSTEM SCANNER\20080626215142\BACKUP\USERS\ERIC\APPDATA\LOCAL\TEMP\TMP00015D3C (Submitted)

Statistics
Scanned:

* Files: 55953
* System: 4540
* Not scanned: 22

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 3
* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\USERS\ERIC\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\5C78FFCA2C99\DBDAM
* C:\USERS\ERIC\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\5C78FFCA2C99\DBDAO
* C:\USERS\ERIC\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\5C78FFCA2C99\DBEAM
* C:\USERS\ERIC\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\5C78FFCA2C99\DBEAO
* C:\USERS\ERIC\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\5C78FFCA2C99\DBM
* C:\USERS\ERIC\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\5C78FFCA2C99\HP
* C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-06-28
* F-Secure Pegasus: 1.20.0, 2008-04-14
* F-Secure AVP: 7.0.171, 2008-06-29

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:07 AM

Posted 29 June 2008 - 02:19 PM

Hi mrsunnybones,

Everything looks good. Go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing problems.

If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 mrsunnybones

mrsunnybones
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 30 June 2008 - 06:40 PM

Thanks alot for your help and patience SifuMike
my computers been running smoothly since =)

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:07 AM

Posted 30 June 2008 - 06:43 PM

Hi mrsunnybones,

Your very welcome. :thumbsup:

Now let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.


Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check Turn off System Restore.

Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start OTScanIt

    Click the CleanUp button
  • OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go. :)
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 mrsunnybones

mrsunnybones
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 03 July 2008 - 05:02 PM

Thanks a lot for the help SifuMike
i think my computers in top shape again!

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:07 AM

Posted 03 July 2008 - 05:19 PM

You are very welcome. I hope your computer continues to run smoothly. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:07 AM

Posted 09 July 2008 - 03:40 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users