Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Vundo


  • This topic is locked This topic is locked
14 replies to this topic

#1 flamerwiz

flamerwiz

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 06 July 2008 - 08:45 PM

Hey all, I'm quite new to this forum.

I've tried the 2 basic steps to try to remove Vundo. Using the Vundofix method, it worked for the first time, or at least I thought it did. Vundo disappeared for a couple of hours, and then came back. Right after that I utilised the Vundobegone program, however, the search came up with a clean system. At that point of time I was quite convinced that Vundo was still around, so I decided to use Vundofix again. However, this time, right after I scan the system and press the Fix Files button, instead of my monitor blanking out like the first time I used Vundofix, nothing happened. It just stayed there with my cursor showing that its processing something. I've left it alone for more than 30minutes and still not results, the program just stays like that all the time.

My Windows Defender still detects the presence of Vundo, so I'm quite sure that its still around.

-----------------

On a side note, I've been having some problems with my internet surfing. It seems that after a period of time, I can't seem to load certain websites. I can easily get to the google main page, but whenever I search for something and press enter, the page simply refuses to load. I can't search with yahoo or any other search engine at all. In fact, I can't even enter my own wordpress site. This problem only seems to disappear for a short amount of time whenever I reboot my computer.

Does anyone know of a way to diagnose the problem?

Thanks in advance.

------------

Here are my hijackthis logs:

Main.txt:

Deckard's System Scanner v20071014.68
Run by Lee on 2008-07-07 09:39:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Lee.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:34 AM, on 7/7/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\PLFSetI.exe
C:\Windows\PLFSetL.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Lee\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Lee\Desktop\dss.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lee.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1176D039-65B7-4B0F-BD9E-F7C966AAF2B2} - C:\Windows\system32\oPiJBRJy.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7F46176F-79C8-47F7-83F7-2CFE499E5BEC} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D0CF1B45-4933-4725-A741-2E9C17A19768} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [240e997e] rundll32.exe "C:\Windows\system32\eolhgvtn.dll",b
O4 - HKLM\..\Run: [BM273daae2] Rundll32.exe "C:\Windows\system32\csieccbi.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10538 bytes

-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-07 09:39:23 0 d-------- C:\Program Files\Trend Micro
2008-07-06 15:13:21 80896 --a------ C:\Windows\system32\eolhgvtn.dll
2008-07-06 14:21:15 1712 --a------ C:\Windows\system32\lgbamuyr.dll
2008-07-04 21:19:40 1713 --a------ C:\Windows\system32\biahhcru.dll
2008-07-04 20:51:32 1712 --a------ C:\Windows\system32\twtpsqqi.dll
2008-07-03 20:32:11 1713 --a------ C:\Windows\system32\tehuypmy.dll
2008-07-03 20:26:24 1712 --a------ C:\Windows\system32\pmakkfsa.dll
2008-07-02 20:09:22 1713 --a------ C:\Windows\system32\cbwdfxao.dll
2008-07-02 20:08:42 95232 --a------ C:\Windows\system32\csieccbi.dll
2008-07-01 21:01:53 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-07-01 20:43:20 0 d-------- C:\VundoFix Backups
2008-06-29 21:49:46 1713 --a------ C:\Windows\system32\rrcorwyo.dll
2008-06-29 21:43:46 1712 --a------ C:\Windows\system32\dybddexi.dll
2008-06-28 21:40:58 1713 --a------ C:\Windows\system32\cwsdywyp.dll
2008-06-28 21:40:57 1712 --a------ C:\Windows\system32\skricrob.dll
2008-06-27 19:34:38 1713 --a------ C:\Windows\system32\lhgxwtrj.dll
2008-06-27 19:28:54 1712 --a------ C:\Windows\system32\qjqxrxka.dll
2008-06-25 23:34:46 1713 --a------ C:\Windows\system32\khojceod.dll
2008-06-25 23:28:59 1712 --a------ C:\Windows\system32\uukldgat.dll
2008-06-24 13:23:32 1713 --a------ C:\Windows\system32\hlewbmvr.dll
2008-06-24 13:17:45 1712 --a------ C:\Windows\system32\oumcntva.dll
2008-06-23 13:04:05 1713 --a------ C:\Windows\system32\scyqkrhk.dll
2008-06-23 12:58:06 1712 --a------ C:\Windows\system32\upbjhbre.dll
2008-06-22 13:05:35 1713 --a------ C:\Windows\system32\boyfoppt.dll
2008-06-22 12:59:35 1712 --a------ C:\Windows\system32\gdqgkcbk.dll
2008-06-21 12:53:55 56 --ah----- C:\Windows\system32\ezsidmv.dat
2008-06-21 12:49:16 0 d-------- C:\Program Files\Skype
2008-06-21 12:49:16 0 d-------- C:\Program Files\Common Files\Skype
2008-06-21 12:49:10 0 d-------- C:\Users\All Users\Skype
2008-06-18 10:55:40 0 d-------- C:\Program Files\Lavasoft
2008-06-18 10:55:39 0 d-------- C:\Users\All Users\Lavasoft
2008-06-18 10:54:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 09:41:04 459305 --ahs---- C:\Windows\system32\yJRBJiPo.ini2
2008-06-18 09:40:56 285696 -----n--- C:\Windows\system32\oPiJBRJy.dll
2008-06-14 05:47:44 888832 --a------ C:\Windows\system32\securenet.dll
2008-06-13 04:36:40 0 d-------- C:\Program Files\Red Kawa
2008-06-13 04:29:55 0 d-------- C:\Temp
2008-06-13 04:28:35 0 d-------- C:\Program Files\Winnydows
2008-06-13 04:06:19 0 d-------- C:\Program Files\danny_kay1710
2008-06-12 14:14:25 5870 --ahs---- C:\Windows\system32\uwGiPqss.ini2
2008-06-12 11:10:41 0 d-------- C:\Program Files\PQDVD
2008-06-12 08:41:36 408576 --a------ C:\Windows\system32\Smab.dll
2008-06-12 08:41:33 66560 --a------ C:\Windows\MOTA113.exe
2008-06-12 08:41:32 27648 --a------ C:\Windows\system32\AVSredirect.dll
2008-06-12 08:41:28 217073 --a------ C:\Windows\meta4.exe
2008-06-12 08:41:28 0 d-------- C:\Program Files\AviSynth 2.5
2008-06-12 06:23:04 52913 --ahs---- C:\Windows\system32\aKUCLnpo.ini2


-- Find3M Report ---------------------------------------------------------------

2008-07-07 09:36:21 0 d-------- C:\Users\Lee\AppData\Roaming\Skype
2008-07-07 09:31:13 12 --a------ C:\Windows\bthservsdp.dat
2008-07-07 09:31:04 0 d-------- C:\Users\Lee\AppData\Roaming\uTorrent
2008-07-07 09:01:38 0 d-------- C:\Users\Lee\AppData\Roaming\skypePM
2008-07-05 21:06:48 0 d-------- C:\Users\Lee\AppData\Roaming\WinRAR
2008-06-21 12:49:16 0 d-------- C:\Program Files\Common Files
2008-06-21 01:58:19 0 d-------- C:\Program Files\Blaze Media Pro
2008-06-19 09:17:47 0 d-------- C:\Users\Lee\AppData\Roaming\Mozilla
2008-06-02 13:15:44 0 d-------- C:\Program Files\EA GAMES
2008-06-02 11:24:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-02 10:54:13 0 d-------- C:\Program Files\Firaxis Games
2008-05-30 12:53:03 0 d-------- C:\Program Files\Launch Manager
2008-05-30 12:40:22 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-29 14:09:26 0 d-------- C:\Program Files\PC Tools Firewall Plus
2008-05-29 05:07:34 0 d-------- C:\Users\Lee\AppData\Roaming\Ubisoft
2008-05-29 04:51:22 0 d-------- C:\Users\Lee\AppData\Roaming\Adobe
2008-05-29 04:49:41 0 d-------- C:\Program Files\Ubisoft
2008-05-28 06:01:37 0 d-------- C:\Program Files\Lionhead Studios
2008-05-27 11:03:28 0 d-------- C:\Program Files\Bonjour
2008-05-27 08:18:22 0 d-------- C:\Users\Lee\AppData\Roaming\Apple Computer
2008-05-27 08:17:57 0 d-------- C:\Program Files\iTunes
2008-05-27 08:17:37 0 d-------- C:\Program Files\iPod
2008-05-27 08:16:55 0 d-------- C:\Program Files\QuickTime
2008-05-27 08:15:10 0 d-------- C:\Program Files\Apple Software Update
2008-05-27 08:14:07 0 d-------- C:\Program Files\Common Files\Apple
2008-05-26 12:45:14 0 d-------- C:\Users\Lee\AppData\Roaming\Uniblue
2008-05-26 12:45:08 0 d-------- C:\Program Files\Uniblue
2008-05-25 23:11:20 0 d-------- C:\Program Files\AVG
2008-05-25 23:00:33 0 d-------- C:\Program Files\Microsoft Games
2008-05-25 22:58:13 1704 --a------ C:\Windows\17PHolmes1535.exe
2008-05-24 13:27:55 0 d-------- C:\Program Files\MagicISO
2008-05-24 12:25:25 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-05-24 12:02:27 0 d-------- C:\Users\Lee\AppData\Roaming\PCToolsFirewallPlus
2008-05-24 11:59:20 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-24 09:25:28 0 -rahs---- C:\MSDOS.SYS
2008-05-24 09:25:28 0 -rahs---- C:\IO.SYS
2008-05-24 09:23:32 0 d-------- C:\Program Files\VistaCodecPack
2008-05-23 09:49:28 0 d-------- C:\Users\Lee\AppData\Roaming\acccore
2008-05-23 09:48:36 0 d-------- C:\Program Files\AIM6
2008-05-23 09:48:16 0 d-------- C:\Program Files\Viewpoint
2008-05-23 09:47:47 0 d-------- C:\Program Files\Common Files\AOL
2008-05-22 14:17:31 0 d-------- C:\Users\Lee\AppData\Roaming\Acer
2008-05-22 14:13:29 0 d-------- C:\Program Files\Windows Mail
2008-05-22 13:51:24 0 d-------- C:\Program Files\Windows Live
2008-05-22 13:51:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-22 13:48:38 1160 --a------ C:\Windows\mozver.dat
2008-05-22 13:47:42 0 d-------- C:\Users\Lee\AppData\Roaming\DAEMON Tools
2008-05-22 13:47:14 0 d-------- C:\Program Files\IZArc
2008-05-22 13:42:30 0 d-------- C:\Program Files\uTorrent
2008-05-22 13:25:57 0 --a------ C:\Windows\nsreg.dat
2008-05-22 13:10:10 0 d-------- C:\Users\Lee\AppData\Roaming\Yahoo!
2008-05-22 13:04:17 0 d-------- C:\Program Files\MSXML 4.0
2008-05-22 12:59:17 0 d-------- C:\Users\Lee\AppData\Roaming\ATI
2008-05-22 12:59:08 0 d-------- C:\Users\Lee\AppData\Roaming\Macromedia
2008-05-22 12:58:31 0 d-------- C:\Users\Lee\AppData\Roaming\Identities
2008-05-22 12:58:02 0 d-------- C:\Users\Lee\AppData\Roaming\InstallShield
2008-04-12 22:41:20 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-04-12 22:30:20 765952 --a------ C:\Windows\system32\xvidcore.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1176D039-65B7-4B0F-BD9E-F7C966AAF2B2}]
18/06/2008 09:41 AM 285696 --------- C:\Windows\system32\oPiJBRJy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F46176F-79C8-47F7-83F7-2CFE499E5BEC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0CF1B45-4933-4725-A741-2E9C17A19768}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/01/2008 10:23 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [04/10/2007 06:44 AM]
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [08/03/2007 07:38 PM]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/11/2006 03:35 AM]
"RtHDVCpl"="RtHDVCpl.exe" [08/01/2008 08:25 AM C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [19/01/2008 03:31 AM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [03/01/2008 04:55 PM]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [10/10/2007 09:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [08/01/2008 08:32 AM]
"PLFSetI"="C:\Windows\PLFSetI.exe" [24/10/2007 01:56 AM]
"PLFSetL"="C:\Windows\PLFSetL.exe" [06/07/2007 03:35 AM]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [29/03/2008 05:37 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [01/09/2007 03:01 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/07/2008 07:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/03/2008 02:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [31/03/2008 01:36 AM]
"240e997e"="C:\Windows\system32\eolhgvtn.dll" [06/07/2008 03:13 PM]
"BM273daae2"="C:\Windows\system32\csieccbi.dll" [02/07/2008 08:08 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [19/10/2007 02:34 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 05:39 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [21/01/2008 10:25 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [21/01/2008 10:25 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [31/05/2008 06:54 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [4/2/2008 9:15:36 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/29/2007 9:23:22 AM]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [3/20/2008 3:24:36 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\oPiJBRJy

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
Auto\command- AdobeR.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a3b920e-27bd-11dd-8b88-a3ede3cac414}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-07 09:40:00 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:18 AM

Posted 07 July 2008 - 11:13 PM

Hello flamerwiz,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire report in your next reply along with a fresh DSS Main.txt log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 flamerwiz

flamerwiz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 08 July 2008 - 05:39 AM

Deckard's System Scanner v20071014.68
Run by Lee on 2008-07-08 18:37:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Lee.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:14 PM, on 8/7/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\PLFSetI.exe
C:\Windows\PLFSetL.exe
C:\Users\Lee\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lee\Desktop\Misc\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lee.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7F46176F-79C8-47F7-83F7-2CFE499E5BEC} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D0CF1B45-4933-4725-A741-2E9C17A19768} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10311 bytes

-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-08 18:22:59 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-08 18:22:58 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 22:04:12 1713 --a------ C:\Windows\system32\grpoqhni.dll
2008-07-07 21:58:23 1712 --a------ C:\Windows\system32\csqwlcqc.dll
2008-07-07 09:39:23 0 d-------- C:\Program Files\Trend Micro
2008-07-06 15:13:21 80896 -----n--- C:\Windows\system32\eolhgvtn.dll
2008-07-06 14:21:15 1712 --a------ C:\Windows\system32\lgbamuyr.dll
2008-07-04 21:19:40 1713 --a------ C:\Windows\system32\biahhcru.dll
2008-07-04 20:51:32 1712 --a------ C:\Windows\system32\twtpsqqi.dll
2008-07-03 20:32:11 1713 --a------ C:\Windows\system32\tehuypmy.dll
2008-07-03 20:26:24 1712 --a------ C:\Windows\system32\pmakkfsa.dll
2008-07-02 20:09:22 1713 --a------ C:\Windows\system32\cbwdfxao.dll
2008-07-02 20:08:42 95232 -----n--- C:\Windows\system32\csieccbi.dll
2008-07-01 21:01:53 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-06-29 21:49:46 1713 --a------ C:\Windows\system32\rrcorwyo.dll
2008-06-29 21:43:46 1712 --a------ C:\Windows\system32\dybddexi.dll
2008-06-28 21:40:58 1713 --a------ C:\Windows\system32\cwsdywyp.dll
2008-06-28 21:40:57 1712 --a------ C:\Windows\system32\skricrob.dll
2008-06-27 19:34:38 1713 --a------ C:\Windows\system32\lhgxwtrj.dll
2008-06-27 19:28:54 1712 --a------ C:\Windows\system32\qjqxrxka.dll
2008-06-25 23:34:46 1713 --a------ C:\Windows\system32\khojceod.dll
2008-06-25 23:28:59 1712 --a------ C:\Windows\system32\uukldgat.dll
2008-06-24 13:23:32 1713 --a------ C:\Windows\system32\hlewbmvr.dll
2008-06-24 13:17:45 1712 --a------ C:\Windows\system32\oumcntva.dll
2008-06-23 13:04:05 1713 --a------ C:\Windows\system32\scyqkrhk.dll
2008-06-23 12:58:06 1712 --a------ C:\Windows\system32\upbjhbre.dll
2008-06-22 13:05:35 1713 --a------ C:\Windows\system32\boyfoppt.dll
2008-06-22 12:59:35 1712 --a------ C:\Windows\system32\gdqgkcbk.dll
2008-06-21 12:53:55 56 --ah----- C:\Windows\system32\ezsidmv.dat
2008-06-21 12:49:16 0 d-------- C:\Program Files\Skype
2008-06-21 12:49:16 0 d-------- C:\Program Files\Common Files\Skype
2008-06-21 12:49:10 0 d-------- C:\Users\All Users\Skype
2008-06-18 10:55:40 0 d-------- C:\Program Files\Lavasoft
2008-06-18 10:55:39 0 d-------- C:\Users\All Users\Lavasoft
2008-06-18 10:54:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 05:47:44 888832 --a------ C:\Windows\system32\securenet.dll
2008-06-13 04:36:40 0 d-------- C:\Program Files\Red Kawa
2008-06-13 04:29:55 0 d-------- C:\Temp
2008-06-13 04:28:35 0 d-------- C:\Program Files\Winnydows
2008-06-13 04:06:19 0 d-------- C:\Program Files\danny_kay1710
2008-06-12 14:14:25 5870 --ahs---- C:\Windows\system32\uwGiPqss.ini2
2008-06-12 11:10:41 0 d-------- C:\Program Files\PQDVD
2008-06-12 08:41:36 408576 --a------ C:\Windows\system32\Smab.dll
2008-06-12 08:41:33 66560 --a------ C:\Windows\MOTA113.exe
2008-06-12 08:41:32 27648 --a------ C:\Windows\system32\AVSredirect.dll
2008-06-12 08:41:28 217073 --a------ C:\Windows\meta4.exe
2008-06-12 08:41:28 0 d-------- C:\Program Files\AviSynth 2.5
2008-06-12 06:23:04 52913 --ahs---- C:\Windows\system32\aKUCLnpo.ini2


-- Find3M Report ---------------------------------------------------------------

2008-07-08 18:34:02 0 d-------- C:\Users\Lee\AppData\Roaming\Skype
2008-07-08 18:29:02 12 --a------ C:\Windows\bthservsdp.dat
2008-07-08 18:23:03 0 d-------- C:\Users\Lee\AppData\Roaming\Malwarebytes
2008-07-08 18:15:57 0 d-------- C:\Users\Lee\AppData\Roaming\uTorrent
2008-07-08 17:57:20 0 d-------- C:\Users\Lee\AppData\Roaming\skypePM
2008-07-05 21:06:48 0 d-------- C:\Users\Lee\AppData\Roaming\WinRAR
2008-06-21 12:49:16 0 d-------- C:\Program Files\Common Files
2008-06-21 01:58:19 0 d-------- C:\Program Files\Blaze Media Pro
2008-06-19 09:17:47 0 d-------- C:\Users\Lee\AppData\Roaming\Mozilla
2008-06-02 13:15:44 0 d-------- C:\Program Files\EA GAMES
2008-06-02 11:24:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-02 10:54:13 0 d-------- C:\Program Files\Firaxis Games
2008-05-30 12:53:03 0 d-------- C:\Program Files\Launch Manager
2008-05-30 12:40:22 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-29 14:09:26 0 d-------- C:\Program Files\PC Tools Firewall Plus
2008-05-29 05:07:34 0 d-------- C:\Users\Lee\AppData\Roaming\Ubisoft
2008-05-29 04:51:22 0 d-------- C:\Users\Lee\AppData\Roaming\Adobe
2008-05-29 04:49:41 0 d-------- C:\Program Files\Ubisoft
2008-05-28 06:01:37 0 d-------- C:\Program Files\Lionhead Studios
2008-05-27 11:03:28 0 d-------- C:\Program Files\Bonjour
2008-05-27 08:18:22 0 d-------- C:\Users\Lee\AppData\Roaming\Apple Computer
2008-05-27 08:17:57 0 d-------- C:\Program Files\iTunes
2008-05-27 08:17:37 0 d-------- C:\Program Files\iPod
2008-05-27 08:16:55 0 d-------- C:\Program Files\QuickTime
2008-05-27 08:15:10 0 d-------- C:\Program Files\Apple Software Update
2008-05-27 08:14:07 0 d-------- C:\Program Files\Common Files\Apple
2008-05-26 12:45:14 0 d-------- C:\Users\Lee\AppData\Roaming\Uniblue
2008-05-26 12:45:08 0 d-------- C:\Program Files\Uniblue
2008-05-25 23:11:20 0 d-------- C:\Program Files\AVG
2008-05-25 23:00:33 0 d-------- C:\Program Files\Microsoft Games
2008-05-24 13:27:55 0 d-------- C:\Program Files\MagicISO
2008-05-24 12:25:25 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-05-24 12:02:27 0 d-------- C:\Users\Lee\AppData\Roaming\PCToolsFirewallPlus
2008-05-24 11:59:20 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-24 09:25:28 0 -rahs---- C:\MSDOS.SYS
2008-05-24 09:25:28 0 -rahs---- C:\IO.SYS
2008-05-24 09:23:32 0 d-------- C:\Program Files\VistaCodecPack
2008-05-23 09:49:28 0 d-------- C:\Users\Lee\AppData\Roaming\acccore
2008-05-23 09:48:36 0 d-------- C:\Program Files\AIM6
2008-05-23 09:48:16 0 d-------- C:\Program Files\Viewpoint
2008-05-23 09:47:47 0 d-------- C:\Program Files\Common Files\AOL
2008-05-22 14:17:31 0 d-------- C:\Users\Lee\AppData\Roaming\Acer
2008-05-22 14:13:29 0 d-------- C:\Program Files\Windows Mail
2008-05-22 13:51:24 0 d-------- C:\Program Files\Windows Live
2008-05-22 13:51:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-22 13:48:38 1160 --a------ C:\Windows\mozver.dat
2008-05-22 13:47:42 0 d-------- C:\Users\Lee\AppData\Roaming\DAEMON Tools
2008-05-22 13:47:14 0 d-------- C:\Program Files\IZArc
2008-05-22 13:42:30 0 d-------- C:\Program Files\uTorrent
2008-05-22 13:25:57 0 --a------ C:\Windows\nsreg.dat
2008-05-22 13:10:10 0 d-------- C:\Users\Lee\AppData\Roaming\Yahoo!
2008-05-22 13:04:17 0 d-------- C:\Program Files\MSXML 4.0
2008-05-22 12:59:17 0 d-------- C:\Users\Lee\AppData\Roaming\ATI
2008-05-22 12:59:08 0 d-------- C:\Users\Lee\AppData\Roaming\Macromedia
2008-05-22 12:58:31 0 d-------- C:\Users\Lee\AppData\Roaming\Identities
2008-05-22 12:58:02 0 d-------- C:\Users\Lee\AppData\Roaming\InstallShield
2008-04-12 22:41:20 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-04-12 22:30:20 765952 --a------ C:\Windows\system32\xvidcore.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F46176F-79C8-47F7-83F7-2CFE499E5BEC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0CF1B45-4933-4725-A741-2E9C17A19768}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/01/2008 10:23 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [04/10/2007 06:44 AM]
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [08/03/2007 07:38 PM]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/11/2006 03:35 AM]
"RtHDVCpl"="RtHDVCpl.exe" [08/01/2008 08:25 AM C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [19/01/2008 03:31 AM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [03/01/2008 04:55 PM]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [10/10/2007 09:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [08/01/2008 08:32 AM]
"PLFSetI"="C:\Windows\PLFSetI.exe" [24/10/2007 01:56 AM]
"PLFSetL"="C:\Windows\PLFSetL.exe" [06/07/2007 03:35 AM]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [29/03/2008 05:37 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [01/09/2007 03:01 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/07/2008 07:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/03/2008 02:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [31/03/2008 01:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [19/10/2007 02:34 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 05:39 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [21/01/2008 10:25 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [21/01/2008 10:25 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [31/05/2008 06:54 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [4/2/2008 9:15:36 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/29/2007 9:23:22 AM]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [3/20/2008 3:24:36 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
Auto\command- AdobeR.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a3b920e-27bd-11dd-8b88-a3ede3cac414}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

*Newly Created Service* - MBAMCATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-08 18:37:46 ------------

I did 2 scans with the above mentioned software.

Malwarebytes' Anti-Malware 1.20
Database version: 931
Windows 6.0.6001 Service Pack 1

6:28:38 PM 8/7/2008
mbam-log-7-8-2008 (18-28-38).txt

Scan type: Quick Scan
Objects scanned: 40298
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\eolhgvtn.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\oPiJBRJy.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9403de1-6afc-4cbd-bfc2-e11ec2f27102} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e9403de1-6afc-4cbd-bfc2-e11ec2f27102} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87862e26-bda0-4a78-b94c-86bcb9428a6f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\240e997e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{87862e26-bda0-4a78-b94c-86bcb9428a6f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm273daae2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\opijbrjy -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opijbrjy -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\oPiJBRJy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\yJRBJiPo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yJRBJiPo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\eolhgvtn.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ntvghloe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\csieccbi.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\17PHolmes1535.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.20
Database version: 931
Windows 6.0.6001 Service Pack 1

6:35:58 PM 8/7/2008
mbam-log-7-8-2008 (18-35-58).txt

Scan type: Quick Scan
Objects scanned: 39910
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\oPiJBRJy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:18 AM

Posted 08 July 2008 - 11:56 AM

flamerwiz,

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post.

If the file is too big to post, then you can upload it to me here.

Edited by SifuMike, 08 July 2008 - 11:57 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:18 AM

Posted 10 July 2008 - 03:00 PM

Hi flamerwiz,

Sorry for the delay, I did not know you posted your log.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%allusersprofile%\bm273daae2.xml
%allusersprofile%\pskt.ini
%systemroot%\system32\akuclnpo.ini
%systemroot%\system32\akuclnpo.ini2
%systemroot%\system32\biahhcru.dll
%systemroot%\system32\blrwfyfw.ini
%systemroot%\system32\boyfoppt.dll
%systemroot%\system32\cbwdfxao.dll
%systemroot%\system32\cewkoros.ini
%systemroot%\system32\csieccbi.dll
%systemroot%\system32\csqwlcqc.dll
%systemroot%\system32\cwsdywyp.dll
%systemroot%\system32\dybddexi.dll
%systemroot%\system32\eolhgvtn.dll
%systemroot%\system32\ezsidmv.dat
%systemroot%\system32\gdqgkcbk.dll
%systemroot%\system32\grpoqhni.dll
%systemroot%\system32\hlewbmvr.dll
%systemroot%\system32\khojceod.dll
%systemroot%\system32\ksvsxaor.ini
%systemroot%\system32\lgbamuyr.dll
%systemroot%\system32\lhgxwtrj.dll
%systemroot%\system32\oumcntva.dll
%systemroot%\system32\pmakkfsa.dll
%systemroot%\system32\qjqxrxka.dll
%systemroot%\system32\rrcorwyo.dll
%systemroot%\system32\scyqkrhk.dll
%systemroot%\system32\skricrob.dll
%systemroot%\system32\tehuypmy.dll
%systemroot%\system32\twtpsqqi.dll
%systemroot%\system32\upbjhbre.dll
%systemroot%\system32\uukldgat.dll
%systemroot%\system32\uwgipqss.ini
%systemroot%\system32\uwgipqss.ini2
%systemroot%\system32\wwmqqijg.ini
%systemroot%\system32\xrcxawnw.ini

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {7F46176F-79C8-47F7-83F7-2CFE499E5BEC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value  does not exist or could not be read.]
YN -> {D0CF1B45-4933-4725-A741-2E9C17A19768} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015]
[Files/Folders - Created Within 30 days]
NY -> aKUCLnpo.ini -> %SystemRoot%\System32\aKUCLnpo.ini
NY -> aKUCLnpo.ini2 -> %SystemRoot%\System32\aKUCLnpo.ini2
NY -> biahhcru.dll -> %SystemRoot%\System32\biahhcru.dll
NY -> blrwfyfw.ini -> %SystemRoot%\System32\blrwfyfw.ini
NY -> boyfoppt.dll -> %SystemRoot%\System32\boyfoppt.dll
NY -> cbwdfxao.dll -> %SystemRoot%\System32\cbwdfxao.dll
NY -> cewkoros.ini -> %SystemRoot%\System32\cewkoros.ini
NY -> csieccbi.dll -> %SystemRoot%\System32\csieccbi.dll
NY -> csqwlcqc.dll -> %SystemRoot%\System32\csqwlcqc.dll
NY -> cwsdywyp.dll -> %SystemRoot%\System32\cwsdywyp.dll
NY -> dybddexi.dll -> %SystemRoot%\System32\dybddexi.dll
NY -> eolhgvtn.dll -> %SystemRoot%\System32\eolhgvtn.dll
NY -> gdqgkcbk.dll -> %SystemRoot%\System32\gdqgkcbk.dll
NY -> grpoqhni.dll -> %SystemRoot%\System32\grpoqhni.dll
NY -> hlewbmvr.dll -> %SystemRoot%\System32\hlewbmvr.dll
NY -> khojceod.dll -> %SystemRoot%\System32\khojceod.dll
NY -> ksvsxaor.ini -> %SystemRoot%\System32\ksvsxaor.ini
NY -> lgbamuyr.dll -> %SystemRoot%\System32\lgbamuyr.dll
NY -> lhgxwtrj.dll -> %SystemRoot%\System32\lhgxwtrj.dll
NY -> oumcntva.dll -> %SystemRoot%\System32\oumcntva.dll
NY -> pmakkfsa.dll -> %SystemRoot%\System32\pmakkfsa.dll
NY -> qjqxrxka.dll -> %SystemRoot%\System32\qjqxrxka.dll
NY -> rrcorwyo.dll -> %SystemRoot%\System32\rrcorwyo.dll
NY -> scyqkrhk.dll -> %SystemRoot%\System32\scyqkrhk.dll
NY -> skricrob.dll -> %SystemRoot%\System32\skricrob.dll
NY -> tehuypmy.dll -> %SystemRoot%\System32\tehuypmy.dll
NY -> twtpsqqi.dll -> %SystemRoot%\System32\twtpsqqi.dll
NY -> upbjhbre.dll -> %SystemRoot%\System32\upbjhbre.dll
NY -> uukldgat.dll -> %SystemRoot%\System32\uukldgat.dll
NY -> uwGiPqss.ini -> %SystemRoot%\System32\uwGiPqss.ini
NY -> uwGiPqss.ini2 -> %SystemRoot%\System32\uwGiPqss.ini2
NY -> wwmqqijg.ini -> %SystemRoot%\System32\wwmqqijg.ini
NY -> xrcxawnw.ini -> %SystemRoot%\System32\xrcxawnw.ini
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> BM273daae2.xml -> %AllUsersProfile%\BM273daae2.xml
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
[Files/Folders - Modified Within 30 days]
NY -> aKUCLnpo.ini -> %SystemRoot%\System32\aKUCLnpo.ini
NY -> aKUCLnpo.ini2 -> %SystemRoot%\System32\aKUCLnpo.ini2
NY -> biahhcru.dll -> %SystemRoot%\System32\biahhcru.dll
NY -> blrwfyfw.ini -> %SystemRoot%\System32\blrwfyfw.ini
NY -> boyfoppt.dll -> %SystemRoot%\System32\boyfoppt.dll
NY -> cbwdfxao.dll -> %SystemRoot%\System32\cbwdfxao.dll
NY -> cewkoros.ini -> %SystemRoot%\System32\cewkoros.ini
NY -> csieccbi.dll -> %SystemRoot%\System32\csieccbi.dll
NY -> csqwlcqc.dll -> %SystemRoot%\System32\csqwlcqc.dll
NY -> cwsdywyp.dll -> %SystemRoot%\System32\cwsdywyp.dll
NY -> dybddexi.dll -> %SystemRoot%\System32\dybddexi.dll
NY -> eolhgvtn.dll -> %SystemRoot%\System32\eolhgvtn.dll
NY -> ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat
NY -> gdqgkcbk.dll -> %SystemRoot%\System32\gdqgkcbk.dll
NY -> grpoqhni.dll -> %SystemRoot%\System32\grpoqhni.dll
NY -> hlewbmvr.dll -> %SystemRoot%\System32\hlewbmvr.dll
NY -> khojceod.dll -> %SystemRoot%\System32\khojceod.dll
NY -> ksvsxaor.ini -> %SystemRoot%\System32\ksvsxaor.ini
NY -> lgbamuyr.dll -> %SystemRoot%\System32\lgbamuyr.dll
NY -> lhgxwtrj.dll -> %SystemRoot%\System32\lhgxwtrj.dll
NY -> oumcntva.dll -> %SystemRoot%\System32\oumcntva.dll
NY -> pmakkfsa.dll -> %SystemRoot%\System32\pmakkfsa.dll
NY -> qjqxrxka.dll -> %SystemRoot%\System32\qjqxrxka.dll
NY -> rrcorwyo.dll -> %SystemRoot%\System32\rrcorwyo.dll
NY -> scyqkrhk.dll -> %SystemRoot%\System32\scyqkrhk.dll
NY -> skricrob.dll -> %SystemRoot%\System32\skricrob.dll
NY -> tehuypmy.dll -> %SystemRoot%\System32\tehuypmy.dll
NY -> twtpsqqi.dll -> %SystemRoot%\System32\twtpsqqi.dll
NY -> upbjhbre.dll -> %SystemRoot%\System32\upbjhbre.dll
NY -> uukldgat.dll -> %SystemRoot%\System32\uukldgat.dll
NY -> uwGiPqss.ini -> %SystemRoot%\System32\uwGiPqss.ini
NY -> uwGiPqss.ini2 -> %SystemRoot%\System32\uwGiPqss.ini2
NY -> wwmqqijg.ini -> %SystemRoot%\System32\wwmqqijg.ini
NY -> xrcxawnw.ini -> %SystemRoot%\System32\xrcxawnw.ini
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> BM273daae2.xml -> %AllUsersProfile%\BM273daae2.xml
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:


    • File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:1. The Avenger report (c:\Avenger.txt) This should be a short report, so no need to send me the file.

2. The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. ) This should be a short report, so no need to send me the file.

3. The new OTScanIt scan log . This should be a short report, so no need to send me the file. If fit will not fit on the page, then you can upload the new scan log to me here. Let me know if you post the file.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Edited by SifuMike, 11 July 2008 - 11:43 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 flamerwiz

flamerwiz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 11 July 2008 - 05:13 AM

Hey, thanks for everything. However, it seems that I have met with a problem with step 1. It says "Error: Invalid script. A valid script must begin with a command directive. Aborting execution!"

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:18 AM

Posted 11 July 2008 - 11:18 AM

OK, its fixed now and Step 1 will work. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 flamerwiz

flamerwiz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 11 July 2008 - 09:03 PM

Scanning Report
Saturday, July 12, 2008 09:17:18 - 10:02:26

Computer name: LEE-PC
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 1 malware found
Tracking Cookie (spyware)

* System

Statistics
Scanned:

* Files: 32527
* System: 4293
* Not scanned: 21

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\USERS\LEE\APPDATA\LOCAL\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{22BA1186-740F-4771-8D41-3194044B64D8}
* C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\189DED31D040BA25840FCE4C3658B76C_26311C74-EFAE-4595-B134-C737EF9561B3
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\189DED31D040BA25840FCE4C3658B76C_26311C74-EFAE-4595-B134-C737EF9561B3
* C:\BOOT\BCD

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-07-11
* F-Secure AVP: 7.0.171, 2008-07-11
* F-Secure Pegasus: 1.20.0, 2008-04-15

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#9 flamerwiz

flamerwiz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 11 July 2008 - 09:05 PM

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Fri Jul 11 18:09:41 2008

18:09:41: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Fri Jul 11 18:13:59 2008

18:13:59: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\ProgramData\bm273daae2.xml" deleted successfully.
File "C:\ProgramData\pskt.ini" deleted successfully.
File "C:\Windows\system32\akuclnpo.ini" deleted successfully.
File "C:\Windows\system32\akuclnpo.ini2" deleted successfully.
File "C:\Windows\system32\biahhcru.dll" deleted successfully.
File "C:\Windows\system32\blrwfyfw.ini" deleted successfully.
File "C:\Windows\system32\boyfoppt.dll" deleted successfully.
File "C:\Windows\system32\cbwdfxao.dll" deleted successfully.
File "C:\Windows\system32\cewkoros.ini" deleted successfully.
File "C:\Windows\system32\csieccbi.dll" deleted successfully.
File "C:\Windows\system32\csqwlcqc.dll" deleted successfully.
File "C:\Windows\system32\cwsdywyp.dll" deleted successfully.
File "C:\Windows\system32\dybddexi.dll" deleted successfully.
File "C:\Windows\system32\eolhgvtn.dll" deleted successfully.
File "C:\Windows\system32\ezsidmv.dat" deleted successfully.
File "C:\Windows\system32\gdqgkcbk.dll" deleted successfully.
File "C:\Windows\system32\grpoqhni.dll" deleted successfully.
File "C:\Windows\system32\hlewbmvr.dll" deleted successfully.
File "C:\Windows\system32\khojceod.dll" deleted successfully.
File "C:\Windows\system32\ksvsxaor.ini" deleted successfully.
File "C:\Windows\system32\lgbamuyr.dll" deleted successfully.
File "C:\Windows\system32\lhgxwtrj.dll" deleted successfully.
File "C:\Windows\system32\oumcntva.dll" deleted successfully.
File "C:\Windows\system32\pmakkfsa.dll" deleted successfully.
File "C:\Windows\system32\qjqxrxka.dll" deleted successfully.
File "C:\Windows\system32\rrcorwyo.dll" deleted successfully.
File "C:\Windows\system32\scyqkrhk.dll" deleted successfully.
File "C:\Windows\system32\skricrob.dll" deleted successfully.
File "C:\Windows\system32\tehuypmy.dll" deleted successfully.
File "C:\Windows\system32\twtpsqqi.dll" deleted successfully.
File "C:\Windows\system32\upbjhbre.dll" deleted successfully.
File "C:\Windows\system32\uukldgat.dll" deleted successfully.
File "C:\Windows\system32\uwgipqss.ini" deleted successfully.
File "C:\Windows\system32\uwgipqss.ini2" deleted successfully.
File "C:\Windows\system32\wwmqqijg.ini" deleted successfully.
File "C:\Windows\system32\xrcxawnw.ini" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F46176F-79C8-47F7-83F7-2CFE499E5BEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F46176F-79C8-47F7-83F7-2CFE499E5BEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0CF1B45-4933-4725-A741-2E9C17A19768}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0CF1B45-4933-4725-A741-2E9C17A19768}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
[Files/Folders - Created Within 30 days]
File C:\Windows\System32\aKUCLnpo.ini not found!
File C:\Windows\System32\aKUCLnpo.ini2 not found!
File C:\Windows\System32\biahhcru.dll not found!
File C:\Windows\System32\blrwfyfw.ini not found!
File C:\Windows\System32\boyfoppt.dll not found!
File C:\Windows\System32\cbwdfxao.dll not found!
File C:\Windows\System32\cewkoros.ini not found!
File C:\Windows\System32\csieccbi.dll not found!
File C:\Windows\System32\csqwlcqc.dll not found!
File C:\Windows\System32\cwsdywyp.dll not found!
File C:\Windows\System32\dybddexi.dll not found!
File C:\Windows\System32\eolhgvtn.dll not found!
File C:\Windows\System32\gdqgkcbk.dll not found!
File C:\Windows\System32\grpoqhni.dll not found!
File C:\Windows\System32\hlewbmvr.dll not found!
File C:\Windows\System32\khojceod.dll not found!
File C:\Windows\System32\ksvsxaor.ini not found!
File C:\Windows\System32\lgbamuyr.dll not found!
File C:\Windows\System32\lhgxwtrj.dll not found!
File C:\Windows\System32\oumcntva.dll not found!
File C:\Windows\System32\pmakkfsa.dll not found!
File C:\Windows\System32\qjqxrxka.dll not found!
File C:\Windows\System32\rrcorwyo.dll not found!
File C:\Windows\System32\scyqkrhk.dll not found!
File C:\Windows\System32\skricrob.dll not found!
File C:\Windows\System32\tehuypmy.dll not found!
File C:\Windows\System32\twtpsqqi.dll not found!
File C:\Windows\System32\upbjhbre.dll not found!
File C:\Windows\System32\uukldgat.dll not found!
File C:\Windows\System32\uwGiPqss.ini not found!
File C:\Windows\System32\uwGiPqss.ini2 not found!
File C:\Windows\System32\wwmqqijg.ini not found!
File C:\Windows\System32\xrcxawnw.ini not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\BM273daae2.xml not found!
File C:\ProgramData\pskt.ini not found!
[Files/Folders - Modified Within 30 days]
File C:\Windows\System32\aKUCLnpo.ini not found!
File C:\Windows\System32\aKUCLnpo.ini2 not found!
File C:\Windows\System32\biahhcru.dll not found!
File C:\Windows\System32\blrwfyfw.ini not found!
File C:\Windows\System32\boyfoppt.dll not found!
File C:\Windows\System32\cbwdfxao.dll not found!
File C:\Windows\System32\cewkoros.ini not found!
File C:\Windows\System32\csieccbi.dll not found!
File C:\Windows\System32\csqwlcqc.dll not found!
File C:\Windows\System32\cwsdywyp.dll not found!
File C:\Windows\System32\dybddexi.dll not found!
File C:\Windows\System32\eolhgvtn.dll not found!
C:\Windows\System32\ezsidmv.dat moved successfully.
File C:\Windows\System32\gdqgkcbk.dll not found!
File C:\Windows\System32\grpoqhni.dll not found!
File C:\Windows\System32\hlewbmvr.dll not found!
File C:\Windows\System32\khojceod.dll not found!
File C:\Windows\System32\ksvsxaor.ini not found!
File C:\Windows\System32\lgbamuyr.dll not found!
File C:\Windows\System32\lhgxwtrj.dll not found!
File C:\Windows\System32\oumcntva.dll not found!
File C:\Windows\System32\pmakkfsa.dll not found!
File C:\Windows\System32\qjqxrxka.dll not found!
File C:\Windows\System32\rrcorwyo.dll not found!
File C:\Windows\System32\scyqkrhk.dll not found!
File C:\Windows\System32\skricrob.dll not found!
File C:\Windows\System32\tehuypmy.dll not found!
File C:\Windows\System32\twtpsqqi.dll not found!
File C:\Windows\System32\upbjhbre.dll not found!
File C:\Windows\System32\uukldgat.dll not found!
File C:\Windows\System32\uwGiPqss.ini not found!
File C:\Windows\System32\uwGiPqss.ini2 not found!
File C:\Windows\System32\wwmqqijg.ini not found!
File C:\Windows\System32\xrcxawnw.ini not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\BM273daae2.xml not found!
File C:\ProgramData\pskt.ini not found!
[Empty Temp Folders]
File delete failed. C:\Users\Lee\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\Lee\AppData\Local\Temp\~DF6B53.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Lee\AppData\Local\Temp\~DF766E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Lee\AppData\Local\Temp\~DF7940.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Lee\AppData\Local\Temp\~DF7B35.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Lee\AppData\Local\Temp\~DF7B51.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.1 fix logfile created on 07122008_090848

Files moved on Reboot...
C:\Users\Lee\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File C:\Users\Lee\AppData\Local\Temp\~DF6B53.tmp not found!
File C:\Users\Lee\AppData\Local\Temp\~DF766E.tmp not found!
File C:\Users\Lee\AppData\Local\Temp\~DF7940.tmp not found!
C:\Users\Lee\AppData\Local\Temp\~DF7B35.tmp moved successfully.
File C:\Users\Lee\AppData\Local\Temp\~DF7B51.tmp not found!
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\urlclassifier3.sqlite moved successfully.
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\28c8kiir.default\XUL.mfl moved successfully.

#10 flamerwiz

flamerwiz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 11 July 2008 - 09:07 PM

OTScanIt logfile created on: 12/7/2008 10:06:23 AM

OTScanIt by OldTimer - Version 1.0.16.1	 Folder = C:\Users\Lee\Desktop\Misc\Antivirus\OTScanIt

Windows Vista  Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

 

2.00 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 77.94% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): ?:\pagefile.sys;

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 110.05 Gb Total Space | 33.28 Gb Free Space | 30.24% Space Free | Partition Type: NTFS

Drive D: | 110.07 Gb Total Space | 49.51 Gb Free Space | 44.98% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: LEE-PC

Current User Name: Lee

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

fwservice.exe -> %ProgramFiles%\PC Tools Firewall Plus\FWService.exe -> PC Tools [Ver = 3, 0, 1, 13 | Size = 92056 bytes | Modified Date = 20/3/2008 2:25:24 AM | Attr =	]

ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 610304 bytes | Modified Date = 4/10/2007 3:00:44 PM | Attr =	]

ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 610304 bytes | Modified Date = 4/10/2007 3:00:44 PM | Attr =	]

aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 18/6/2008 10:56:37 AM | Attr =	]

agrsmsvc.exe -> %SystemRoot%\System32\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 6/10/2006 2:10:12 AM | Attr =	]

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 19/2/2008 2:16:30 AM | Attr =	]

avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 4/7/2008 7:55:03 PM | Attr =	]

mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 25/7/2007 6:17:08 AM | Attr =	]

edsservice.exe -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -> Egis Incorporated [Ver = 3, 0, 88, 4 | Size = 506416 bytes | Modified Date = 3/1/2008 4:55:52 PM | Attr =	]

elockserv.exe -> %SystemDrive%\Acer\Empowering Technology\eLock\Service\eLockServ.exe -> Acer Inc. [Ver = 2.5.4011.0 | Size = 24576 bytes | Modified Date = 2/10/2007 7:42:36 AM | Attr =	]

enet service.exe -> %SystemDrive%\Acer\Empowering Technology\eNet\eNet Service.exe -> Acer Inc. [Ver = 2, 6, 4, 303 | Size = 131072 bytes | Modified Date = 21/12/2007 2:32:04 AM | Attr =	]

iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.8.0.1013 | Size = 358936 bytes | Modified Date = 4/10/2007 6:45:02 AM | Attr =	]

lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.142.1 | Size = 61440 bytes | Modified Date = 18/1/2007 2:20:10 AM | Attr =	]

mobilityservice.exe -> %SystemDrive%\Acer\Mobility Center\MobilityService.exe ->  [Ver = 1, 0, 4301, 0 | Size = 110592 bytes | Modified Date = 28/11/2007 9:54:36 AM | Attr =	]

o2flash.exe -> %ProgramFiles%\O2Micro Oz128 Driver\o2flash.exe -> O2Micro International [Ver = 1, 0, 0, 3 | Size = 65536 bytes | Modified Date = 13/2/2007 7:43:44 AM | Attr =	]

rs_service.exe -> %ProgramFiles%\Acer\Acer VCM\RS_Service.exe -> Acer Inc. [Ver = 2, 5, 3101, 7395 | Size = 233472 bytes | Modified Date = 29/9/2007 10:18:24 AM | Attr =	]

erecoveryservice.exe -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> Acer Inc. [Ver = 2.5.4.4 | Size = 57344 bytes | Modified Date = 11/9/2007 6:28:18 AM | Attr =	]

capuserv.exe -> %SystemDrive%\Acer\Empowering Technology\eSettings\Service\capuserv.exe ->  [Ver = 2.05.4302 | Size = 24576 bytes | Modified Date = 20/12/2007 9:09:22 AM | Attr =	]

epowersvc.exe -> %SystemDrive%\Acer\Empowering Technology\ePower\ePowerSvc.exe -> acer [Ver = 2, 5, 4301, 0 | Size = 167936 bytes | Modified Date = 21/9/2007 4:57:28 AM | Attr =	]

avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 4/7/2008 7:55:01 PM | Attr =	]

avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 4/7/2008 7:55:05 PM | Attr =	]

iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.8.0.1013 | Size = 178712 bytes | Modified Date = 4/10/2007 6:44:58 AM | Attr =	]

mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> Advanced Micro Devices Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 18/7/2007 2:13:56 AM | Attr =	]

rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 123 | Size = 4853760 bytes | Modified Date = 8/1/2008 8:25:14 AM | Attr =	]

syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 10.2.4 18Jan08 | Size = 1033512 bytes | Modified Date = 19/1/2008 3:31:22 AM | Attr =	]

edsloader.exe -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe -> Egis Incorporated [Ver = 3, 0, 329, 0 | Size = 521776 bytes | Modified Date = 3/1/2008 4:55:48 PM | Attr =	]

eaudio.exe -> %SystemDrive%\Acer\Empowering Technology\eAudio\eAudio.exe -> CyberLink [Ver = 2.5.4303 | Size = 1286144 bytes | Modified Date = 10/10/2007 9:41:54 PM | Attr =	]

lmanager.exe -> %ProgramFiles%\Launch Manager\LManager.exe -> Dritek System Inc. [Ver = 1, 2, 0, 3007 | Size = 842248 bytes | Modified Date = 8/1/2008 8:32:54 AM | Attr =	]

plfseti.exe -> %SystemRoot%\PLFSetI.exe ->  [Ver = 1, 0, 1, 0 | Size = 200704 bytes | Modified Date = 24/10/2007 1:56:18 AM | Attr =	]

plfsetl.exe -> %SystemRoot%\PLFSetL.exe -> sonix [Ver = 1, 0, 0, 0 | Size = 94208 bytes | Modified Date = 6/7/2007 3:35:54 AM | Attr =	]

firewallgui.exe -> %ProgramFiles%\PC Tools Firewall Plus\FirewallGUI.exe -> PC Tools [Ver = 3, 0, 1, 14 | Size = 2598808 bytes | Modified Date = 29/3/2008 5:37:34 AM | Attr =	]

avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 4/7/2008 7:55:08 PM | Attr =	]

ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 31/3/2008 1:36:40 AM | Attr =	]

daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.12.3.0 | Size = 486856 bytes | Modified Date = 1/4/2008 5:39:48 PM | Attr =	]

skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.8.0.139 | Size = 21718312 bytes | Modified Date = 31/5/2008 6:54:14 AM | Attr = R  ]

acervcm.exe -> %ProgramFiles%\Acer\Acer VCM\AcerVCM.exe -> Acer Inc. [Ver = 2.5.3101.7463 | Size = 1216512 bytes | Modified Date = 15/11/2007 12:51:06 AM | Attr =	]

bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 6.1.0.2000 | Size = 739880 bytes | Modified Date = 29/8/2007 9:23:22 AM | Attr =	]

enmtray.exe -> %SystemDrive%\Acer\Empowering Technology\eNet\eNMTray.exe -> Acer Inc. [Ver = 2, 6, 4, 303 | Size = 761856 bytes | Modified Date = 21/12/2007 2:33:14 AM | Attr =	]

epower_dmc.exe -> %SystemDrive%\Acer\Empowering Technology\ePower\ePower_DMC.exe -> Acer Inc. [Ver = 2, 5, 4309, 0 | Size = 458752 bytes | Modified Date = 6/2/2008 12:47:12 AM | Attr =	]

acer.empowering.framework.supervisor.exe -> %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe -> Acer Inc. [Ver = 2.5.4301.0 | Size = 323584 bytes | Modified Date = 10/1/2008 9:43:28 AM | Attr =	]

eragent.exe -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRAgent.exe -> Acer Inc. [Ver = 2.5.5.3 | Size = 393216 bytes | Modified Date = 7/9/2007 3:02:04 AM | Attr =	]

rtkbtmnt.exe -> %UserProfile%\AppData\Local\Temp\RtkBtMnt.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.9 | Size = 208896 bytes | Modified Date = 12/7/2008 9:10:56 AM | Attr =	]

ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 31/3/2008 1:36:30 AM | Attr =	]

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9 | Size = 307712 bytes | Modified Date = 30/5/2008 4:50:52 AM | Attr =	]

ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 18/7/2007 2:13:34 AM | Attr =	]

acp2hid.exe -> %ProgramFiles%\Acer\Acer VCM\acp2HID.exe -> Acer Inc. [Ver = 1.2.0.0 | Size = 196608 bytes | Modified Date = 28/3/2007 3:00:32 AM | Attr =	]

vc.exe -> %ProgramFiles%\Acer\Acer VCM\VC.exe -> Acer Inc. [Ver = 2, 5, 3050, 7395 | Size = 1028096 bytes | Modified Date = 2/10/2007 1:55:20 AM | Attr =	]

syntphelper.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPHelper.exe -> Synaptics, Inc. [Ver = 10.2.4 18Jan08 | Size = 95528 bytes | Modified Date = 19/1/2008 3:31:32 AM | Attr =	]

skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 2.0.0.58 | Size = 76744 bytes | Modified Date = 31/5/2008 6:54:16 AM | Attr = R  ]

itunes.exe -> %ProgramFiles%\iTunes\iTunes.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 31/3/2008 1:36:34 AM | Attr =	]

distnoted.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\distnoted.exe ->  [Ver = 7, 6, 440, 48 | Size = 14864 bytes | Modified Date = 19/2/2008 2:24:40 AM | Attr =	]

applemobiledevicehelper.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe ->  [Ver = 7, 6, 332, 0 | Size = 141048 bytes | Modified Date = 19/2/2008 2:24:06 AM | Attr =	]

utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 22/5/2008 1:42:30 PM | Attr =	]

otscanit.exe -> %UserProfile%\Desktop\Misc\Antivirus\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.1 | Size = 396800 bytes | Modified Date = 5/7/2008 11:19:06 AM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 18/6/2008 10:56:37 AM | Attr =	]

(AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> %SystemRoot%\System32\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 6/10/2006 2:10:12 AM | Attr =	]

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 19/2/2008 2:16:30 AM | Attr =	]

(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 610304 bytes | Modified Date = 4/10/2007 3:00:44 PM | Attr =	]

(avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 4/7/2008 7:55:05 PM | Attr =	]

(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 4/7/2008 7:55:03 PM | Attr =	]

(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 25/7/2007 6:17:08 AM | Attr =	]

(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found

(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found

(eDataSecurity Service) eDataSecurity Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -> Egis Incorporated [Ver = 3, 0, 88, 4 | Size = 506416 bytes | Modified Date = 3/1/2008 4:55:52 PM | Attr =	]

(eLockService) eLock Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eLock\Service\eLockServ.exe -> Acer Inc. [Ver = 2.5.4011.0 | Size = 24576 bytes | Modified Date = 2/10/2007 7:42:36 AM | Attr =	]

(eNet Service) eNet Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eNet\eNet Service.exe -> Acer Inc. [Ver = 2, 6, 4, 303 | Size = 131072 bytes | Modified Date = 21/12/2007 2:32:04 AM | Attr =	]

(eRecoveryService) eRecovery Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> Acer Inc. [Ver = 2.5.4.4 | Size = 57344 bytes | Modified Date = 11/9/2007 6:28:18 AM | Attr =	]

(eSettingsService) eSettings Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eSettings\Service\capuserv.exe ->  [Ver = 2.05.4302 | Size = 24576 bytes | Modified Date = 20/12/2007 9:09:22 AM | Attr =	]

(IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.8.0.1013 | Size = 358936 bytes | Modified Date = 4/10/2007 6:45:02 AM | Attr =	]

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 6:24:18 PM | Attr =	]

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found

(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 31/3/2008 1:36:30 AM | Attr =	]

(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.142.1 | Size = 61440 bytes | Modified Date = 18/1/2007 2:20:10 AM | Attr =	]

(MobilityService) MobilityService [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Mobility Center\MobilityService.exe ->  [Ver = 1, 0, 4301, 0 | Size = 110592 bytes | Modified Date = 28/11/2007 9:54:36 AM | Attr =	]

(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found

(o2flash) O2Micro Flash Memory Card Service [Win32_Own | Auto | Running] -> %ProgramFiles%\O2Micro Oz128 Driver\o2flash.exe -> O2Micro International [Ver = 1, 0, 0, 3 | Size = 65536 bytes | Modified Date = 13/2/2007 7:43:44 AM | Attr =	]

(PCToolsFirewallPlus) PC Tools Firewall Plus [Win32_Own | Auto | Running] -> %ProgramFiles%\PC Tools Firewall Plus\FWService.exe -> PC Tools [Ver = 3, 0, 1, 13 | Size = 92056 bytes | Modified Date = 20/3/2008 2:25:24 AM | Attr =	]

(RS_Service) Raw Socket Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Acer\Acer VCM\RS_Service.exe -> Acer Inc. [Ver = 2, 5, 3101, 7395 | Size = 233472 bytes | Modified Date = 29/9/2007 10:18:24 AM | Attr =	]

(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found

(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found

(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found

(VundoFixSvc) VundoFix Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Modified Date = 1/7/2008 9:01:53 PM | Attr =	]

(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found

(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found

(WMIService) ePower Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\ePower\ePowerSvc.exe -> acer [Ver = 2, 5, 4301, 0 | Size = 167936 bytes | Modified Date = 21/9/2007 4:57:28 AM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

00PCTFW -> %ProgramFiles%\PC Tools Firewall Plus\FirewallGUI.exe ["C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s] -> PC Tools [Ver = 3, 0, 1, 14 | Size = 2598808 bytes | Modified Date = 29/3/2008 5:37:34 AM | Attr =	]

Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 8/3/2007 7:38:54 PM | Attr =	]

AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 4/7/2008 7:55:08 PM | Attr =	]

eAudio -> %SystemDrive%\Acer\Empowering Technology\eAudio\eAudio.exe ["C:\Acer\Empowering Technology\eAudio\eAudio.exe"] -> CyberLink [Ver = 2.5.4303 | Size = 1286144 bytes | Modified Date = 10/10/2007 9:41:54 PM | Attr =	]

eDataSecurity Loader -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe [C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe] -> Egis Incorporated [Ver = 3, 0, 329, 0 | Size = 521776 bytes | Modified Date = 3/1/2008 4:55:48 PM | Attr =	]

IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe ["C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"] -> Intel Corporation [Ver = 7.8.0.1013 | Size = 178712 bytes | Modified Date = 4/10/2007 6:44:58 AM | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 31/3/2008 1:36:40 AM | Attr =	]

LManager -> %ProgramFiles%\Launch Manager\LManager.exe [C:\PROGRA~1\LAUNCH~1\LManager.exe] -> Dritek System Inc. [Ver = 1, 2, 0, 3007 | Size = 842248 bytes | Modified Date = 8/1/2008 8:32:54 AM | Attr =	]

PLFSetI -> %SystemRoot%\PLFSetI.exe [C:\Windows\PLFSetI.exe] ->  [Ver = 1, 0, 1, 0 | Size = 200704 bytes | Modified Date = 24/10/2007 1:56:18 AM | Attr =	]

PLFSetL -> %SystemRoot%\PLFSetL.exe [C:\Windows\PLFSetL.exe] -> sonix [Ver = 1, 0, 0, 0 | Size = 94208 bytes | Modified Date = 6/7/2007 3:35:54 AM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 29/3/2008 2:37:20 PM | Attr =	]

RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1, 0, 0, 123 | Size = 4853760 bytes | Modified Date = 8/1/2008 8:25:14 AM | Attr =	]

StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] ->  [Ver =  | Size = 90112 bytes | Modified Date = 11/11/2006 3:35:24 AM | Attr =	]

SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 10.2.4 18Jan08 | Size = 1033512 bytes | Modified Date = 19/1/2008 3:31:22 AM | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.12.3.0 | Size = 486856 bytes | Modified Date = 1/4/2008 5:39:48 PM | Attr =	]

Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.8.0.139 | Size = 21718312 bytes | Modified Date = 31/5/2008 6:54:14 AM | Attr = R  ]

< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 

*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 

avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 4/7/2008 7:55:01 PM | Attr =	]

*MultiFile Done* -> -> 

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2927104 bytes | Modified Date = 21/1/2008 10:24:24 AM | Attr =	]

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 25088 bytes | Modified Date = 21/1/2008 10:24:49 AM | Attr =	]

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 11580416 bytes | Modified Date = 21/1/2008 10:23:46 AM | Attr =	]

Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 242688 bytes | Modified Date = 21/1/2008 10:24:23 AM | Attr =	]

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 

*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 

TORiSAN CD-ROM CDR_C36 ->  -> File not found

NEC	 MBR-7	->  -> File not found

NEC	 MBR-7.4  ->  -> File not found

PIONEER CHANGR DRM-1804X ->  -> File not found

PIONEER CD-ROM DRM-6324X ->  -> File not found

PIONEER CD-ROM DRM-624X  ->  -> File not found

TORiSAN CD-ROM CDR_C36 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 21/1/2008 10:23:02 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDDVDW_TS-L632H________________AC01____\5&38f9ab08&0&0.0.0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_GY1408K&Prod_ESA355N&Rev_1.01\5&36e5972&0&000000 -> 

< Drives - Autoruns > ->  -> 

autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] ->  [Ver =  | Size = 24 bytes | Modified Date = 19/9/2006 5:43:36 AM | Attr =	]

< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> 

::1			 localhost -> -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://en.sg.acer.yahoo.com -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 2:08:42 PM | Attr =	]

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.136 | Size = 455960 bytes | Modified Date = 5/7/2008 7:02:43 PM | Attr =	]

{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [ShowBarObj Class] -> HiTRUST [Ver = 2, 6, 4, 0 | Size = 312368 bytes | Modified Date = 3/1/2008 5:00:26 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [Acer eDataSecurity Management] -> Egis Incorporated. [Ver = 3, 0, 2, 7 | Size = 155184 bytes | Modified Date = 3/1/2008 5:00:34 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [Acer eDataSecurity Management] -> Egis Incorporated. [Ver = 3, 0, 2, 7 | Size = 155184 bytes | Modified Date = 3/1/2008 5:00:34 PM | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

Send image to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ->  [Ver =  | Size = 1199 bytes | Modified Date = 24/1/2007 3:57:50 AM | Attr =	]

Send page to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm ->  [Ver =  | Size = 2758 bytes | Modified Date = 24/1/2007 3:57:52 AM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{288E1B6A-E69C-46C2-8476-BB60EC862021} ->	() -> 

{7C3314D5-2912-4BC0-AF81-8761B647A5FA} ->	(Broadcom NetLink (TM) Gigabit Ethernet) -> 

{C0A9F9F5-C214-452D-A246-500CA6AEAE5E} ->	(Intel(R) Wireless WiFi Link 4965AGN) -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 25/7/2007 6:17:08 AM | Attr =	]

< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 

ldap -> 4 = Restricted sites (Not a Default Protocol) -> 

news -> 4 = Restricted sites (Not a Default Protocol) -> 

nntp -> 4 = Restricted sites (Not a Default Protocol) -> 

oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 

snews -> 4 = Restricted sites (Not a Default Protocol) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver =  | Size = 79128 bytes | Modified Date = 4/7/2008 7:55:05 PM | Attr =	]

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 31/5/2008 6:54:14 AM | Attr = R  ]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 







[Files/Folders - Created Within 30 days]

Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 12/7/2008 9:06:17 AM | Attr =	]

Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 7/7/2008 9:06:40 AM | Attr =	]

fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 12/7/2008 9:13:19 AM | Attr =	]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 3219578880 bytes | Created Date = 6/7/2008 3:10:34 PM | Attr =  HS]

Temp -> %SystemDrive%\Temp ->  [Folder | Created Date = 13/6/2008 4:29:55 AM | Attr =	]

mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/7/2008 6:23:00 PM | Attr =	]

mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Created Date = 8/7/2008 6:22:59 PM | Attr =	]

ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat ->  [Ver =  | Size = 56 bytes | Created Date = 12/7/2008 9:12:04 AM | Attr =  H ]

securenet.dll -> %SystemRoot%\System32\securenet.dll ->  [Ver =  | Size = 888832 bytes | Created Date = 14/6/2008 5:47:44 AM | Attr =	]

VundoFixSVC.exe -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Created Date = 1/7/2008 9:01:53 PM | Attr =	]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 7/7/2008 9:07:09 AM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Lavasoft -> %AllUsersProfile%\Lavasoft ->  [Folder | Created Date = 18/6/2008 10:55:39 AM | Attr =	]

Malwarebytes -> %AllUsersProfile%\Malwarebytes ->  [Folder | Created Date = 8/7/2008 6:22:59 PM | Attr =	]

Skype -> %AllUsersProfile%\Skype ->  [Folder | Created Date = 21/6/2008 12:49:10 PM | Attr =	]

Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 8/7/2008 6:23:03 PM | Attr =	]

Skype -> %AppData%\Skype ->  [Folder | Created Date = 21/6/2008 12:50:18 PM | Attr =	]

skypePM -> %AppData%\skypePM ->  [Folder | Created Date = 21/6/2008 12:53:55 PM | Attr =	]

WinRAR -> %AppData%\WinRAR ->  [Folder | Created Date = 5/7/2008 9:06:48 PM | Attr =	]

acer eNM -> %UserProfile%\AppData\Local\acer eNM ->  [Folder | Created Date = 11/7/2008 5:42:35 PM | Attr =  H ]

AOL -> %UserProfile%\AppData\Local\AOL ->  [Folder | Created Date = 10/7/2008 6:33:22 PM | Attr =	]

AOL OCP -> %UserProfile%\AppData\Local\AOL OCP ->  [Folder | Created Date = 10/7/2008 6:33:22 PM | Attr =	]

Apple Computer -> %UserProfile%\AppData\Local\Apple Computer ->  [Folder | Created Date = 10/7/2008 9:55:37 PM | Attr =	]

IconCache.db -> %UserProfile%\AppData\Local\IconCache.db ->  [Ver =  | Size = 1542066 bytes | Created Date = 6/7/2008 5:09:22 PM | Attr =  H ]

Converted Videos -> %UserProfile%\Documents\Converted Videos ->  [Folder | Created Date = 13/6/2008 4:36:40 AM | Attr =	]

Video Downloads -> %UserProfile%\Documents\Video Downloads ->  [Folder | Created Date = 13/6/2008 4:36:40 AM | Attr =	]

Skype -> %CommonProgramFiles%\Skype ->  [Folder | Created Date = 21/6/2008 12:49:16 PM | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 18/6/2008 10:54:58 AM | Attr =	]

danny_kay1710 -> %ProgramFiles%\danny_kay1710 ->  [Folder | Created Date = 13/6/2008 4:06:19 AM | Attr =	]

Lavasoft -> %ProgramFiles%\Lavasoft ->  [Folder | Created Date = 18/6/2008 10:55:40 AM | Attr =	]

Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 8/7/2008 6:22:58 PM | Attr =	]

PQDVD -> %ProgramFiles%\PQDVD ->  [Folder | Created Date = 12/6/2008 11:10:41 AM | Attr =	]

Red Kawa -> %ProgramFiles%\Red Kawa ->  [Folder | Created Date = 13/6/2008 4:36:40 AM | Attr =	]

Skype -> %ProgramFiles%\Skype ->  [Folder | Created Date = 21/6/2008 12:49:16 PM | Attr =	]

Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 7/7/2008 9:39:23 AM | Attr =	]

Winnydows -> %ProgramFiles%\Winnydows ->  [Folder | Created Date = 13/6/2008 4:28:35 AM | Attr =	]

WinRAR -> %ProgramFiles%\WinRAR ->  [Folder | Created Date = 5/7/2008 9:06:36 PM | Attr =	]

Yacc Yet Another CSO Compressor -> %ProgramFiles%\Yacc Yet Another CSO Compressor ->  [Folder | Created Date = 11/7/2008 6:30:02 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Modified Date = 4/7/2008 10:15:47 PM | Attr =  H ]

Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 12/7/2008 9:07:00 AM | Attr =	]

Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 7/7/2008 9:06:40 AM | Attr =	]

fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 12/7/2008 9:13:19 AM | Attr =	]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 3219578880 bytes | Modified Date = 12/7/2008 9:10:09 AM | Attr =  HS]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 12/7/2008 9:06:17 AM | Attr =	]

ProgramData -> %AllUsersProfile% ->  [Folder | Modified Date = 12/7/2008 9:06:17 AM | Attr =	]

System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 7/7/2008 9:04:24 AM | Attr =  HS]

Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 13/6/2008 4:31:25 AM | Attr =	]

Windows -> %SystemRoot% ->  [Folder | Modified Date = 8/7/2008 6:28:38 PM | Attr =	]

Avg -> %SystemRoot%\System32\drivers\Avg ->  [Folder | Modified Date = 12/7/2008 8:59:00 AM | Attr =	]

1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> 

incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 25398680 bytes | Modified Date = 12/7/2008 8:59:00 AM | Attr =	]

microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 105441 bytes | Modified Date = 12/7/2008 8:59:00 AM | Attr =	]

miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 116658 bytes | Modified Date = 19/6/2008 9:10:32 AM | Attr =	]

avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Modified Date = 4/7/2008 7:55:01 PM | Attr =	]

avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 4/7/2008 7:55:01 PM | Attr =	]

avgwfpx.sys -> %SystemRoot%\System32\drivers\avgwfpx.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.108 | Size = 69128 bytes | Modified Date = 4/7/2008 7:55:11 PM | Attr =	]

mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/7/2008 5:35:30 PM | Attr =	]

mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Modified Date = 7/7/2008 5:35:36 PM | Attr =	]

7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3344 bytes | Modified Date = 12/7/2008 9:10:20 AM | Attr =  H ]

7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3344 bytes | Modified Date = 12/7/2008 9:10:20 AM | Attr =  H ]

avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 4/7/2008 7:55:01 PM | Attr =	]

catroot2 -> %SystemRoot%\System32\catroot2 ->  [Folder | Modified Date = 1/7/2008 9:04:20 PM | Attr =	]

1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> 

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 12/7/2008 9:06:16 AM | Attr =	]

ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat ->  [Ver =  | Size = 56 bytes | Modified Date = 12/7/2008 9:12:04 AM | Attr =  H ]

perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 1711058 bytes | Modified Date = 12/7/2008 9:24:55 AM | Attr =	]

perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 3708272 bytes | Modified Date = 12/7/2008 9:24:55 AM | Attr =	]

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 4884 bytes | Modified Date = 12/7/2008 9:24:55 AM | Attr =	]

VundoFixSVC.exe -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Modified Date = 1/7/2008 9:01:53 PM | Attr =	]

WDI -> %SystemRoot%\System32\WDI ->  [Folder | Modified Date = 6/7/2008 2:22:06 PM | Attr =	]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 67584 bytes | Modified Date = 12/7/2008 9:10:14 AM | Attr =   S]

bthservsdp.dat -> %SystemRoot%\bthservsdp.dat ->  [Ver =  | Size = 12 bytes | Modified Date = 12/7/2008 9:09:27 AM | Attr =	]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 12/7/2008 9:17:17 AM | Attr =   S]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 7/7/2008 9:07:09 AM | Attr =	]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 21/6/2008 12:49:30 PM | Attr =  HS]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 12/7/2008 9:21:42 AM | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 12/7/2008 9:11:04 AM | Attr =  H ]

system -> %SystemRoot%\system ->  [Folder | Modified Date = 15/6/2008 11:54:20 AM | Attr =	]

System32 -> %SystemRoot%\System32 ->  [Folder | Modified Date = 12/7/2008 9:24:55 AM | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 12/7/2008 10:06:32 AM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 12/7/2008 9:10:21 AM | Attr =  H ]

C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader ->  [Folder | Modified Date = 2/11/2006 9:04:06 PM | Attr =	]

qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4194304 bytes | Modified Date = 12/6/2008 5:26:00 AM | Attr =	]

qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4194304 bytes | Modified Date = 12/6/2008 5:26:00 AM | Attr =	]

C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 27/5/2008 11:03:02 AM | Attr =	]

opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8308 bytes | Modified Date = 17/6/2008 1:09:36 PM | Attr =	]

C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData ->  [Folder | Modified Date = 27/6/2008 7:41:46 PM | Attr =	]

PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT ->  [Ver =  | Size = 28704 bytes | Modified Date = 12/7/2008 9:25:29 AM | Attr =	]

PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 12/7/2008 9:25:29 AM | Attr =	]

PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 12/7/2008 9:25:29 AM | Attr =	]

PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT ->  [Ver =  | Size = 1224 bytes | Modified Date = 12/7/2008 9:25:28 AM | Attr =	]

PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT ->  [Ver =  | Size = 2760 bytes | Modified Date = 12/7/2008 9:25:29 AM | Attr =	]

PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT ->  [Ver =  | Size = 43168 bytes | Modified Date = 12/7/2008 9:25:28 AM | Attr =	]

C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures ->  [Folder | Modified Date = 22/5/2008 12:57:56 PM | Attr =	]

Lee.dat -> C:\ProgramData\Microsoft\User Account Pictures\Lee.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 22/5/2008 12:57:56 PM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\ -> C:\Users\Lee\AppData\Local\Temp ->  [Folder | Modified Date = 12/7/2008 10:03:57 AM | Attr =	]

fsgk32.exe -> C:\Users\Lee\AppData\Local\Temp\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fssm32.exe -> C:\Users\Lee\AppData\Local\Temp\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

RtkBtMnt.exe -> C:\Users\Lee\AppData\Local\Temp\RtkBtMnt.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.9 | Size = 208896 bytes | Modified Date = 12/7/2008 9:10:56 AM | Attr =	]

7 C:\Users\Lee\AppData\Local\Temp\*.tmp files -> C:\Users\Lee\AppData\Local\Temp\*.tmp -> 

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 12/7/2008 9:17:28 AM | Attr =	]

fsgk32.exe -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fssm32.exe -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fsgk32.exe -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fssm32.exe -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\ -> C:\Users\Lee\AppData\Local\Temp ->  [Folder | Modified Date = 12/7/2008 10:03:57 AM | Attr =	]

daas_s.dll -> C:\Users\Lee\AppData\Local\Temp\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 12/7/2008 9:17:18 AM | Attr =	]

fm4av.dll -> C:\Users\Lee\AppData\Local\Temp\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

7 C:\Users\Lee\AppData\Local\Temp\*.tmp files -> C:\Users\Lee\AppData\Local\Temp\*.tmp -> 

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 12/7/2008 9:17:28 AM | Attr =	]

AVPFPI0.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

avpproxy.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

daas_s.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 27/2/2008 3:59:28 PM | Attr =	]

fm4av.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fpinor.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fsbl.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fsblu.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 12/7/2008 9:16:30 AM | Attr =	]

fsecr32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsgkiapi.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fsmart.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 12/7/2008 9:17:00 AM | Attr =	]

fspe32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fssubmit.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 12/7/2008 9:16:45 AM | Attr =	]

fsup32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupcx32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupfg32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupmw32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupnp32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupux32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupwu32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsusscr.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 12/7/2008 9:17:00 AM | Attr =	]

Nse_w32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 12/7/2008 9:16:43 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

AVPFPI0.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

avpproxy.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fm4av.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fpinor.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fsbl.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

fsgkiapi.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsecr32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fspe32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsup32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupcx32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupfg32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupmw32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupnp32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupux32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupwu32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 12/7/2008 9:17:00 AM | Attr =	]

fsmart.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 12/7/2008 9:17:00 AM | Attr =	]

fsusscr.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 12/7/2008 9:17:00 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 12/7/2008 9:16:43 AM | Attr =	]

Nse_w32.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 12/7/2008 9:16:43 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 12/7/2008 9:16:45 AM | Attr =	]

fssubmit.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 12/7/2008 9:16:45 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 12/7/2008 9:16:30 AM | Attr =	]

fsblu.dll -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 12/7/2008 9:16:30 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 12/7/2008 9:17:28 AM | Attr =	]

ext.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 12/7/2008 9:16:28 AM | Attr =	]

fsedb.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 1002802 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupdllb.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupplgn.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsuptmpl.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

perf.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 12/7/2008 9:17:30 AM | Attr =	]

sae.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 12/7/2008 9:16:28 AM | Attr =	]

sai.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 12/7/2008 9:16:28 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 12/7/2008 9:16:28 AM | Attr =	]

ext.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 12/7/2008 9:16:28 AM | Attr =	]

sae.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 12/7/2008 9:16:28 AM | Attr =	]

sai.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 12/7/2008 9:16:28 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsedb.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 1002802 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupdllb.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsupplgn.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

fsuptmpl.dat -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 12/7/2008 9:17:28 AM | Attr =	]

FS@av.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 12/7/2008 9:16:28 AM | Attr =	]

FS@avpe.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 12/7/2008 9:16:24 AM | Attr =	]

FS@bleng.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 12/7/2008 9:16:30 AM | Attr =	]

FS@corp.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

FS@hydra.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

FS@mlc.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 12/7/2008 9:17:00 AM | Attr =	]

FS@ols.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 12/7/2008 9:16:45 AM | Attr =	]

FS@peg.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 12/7/2008 9:16:43 AM | Attr =	]

verdicts.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 12/7/2008 9:16:24 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 12/7/2008 9:16:28 AM | Attr =	]

FS@av.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 12/7/2008 9:16:28 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avpe\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 12/7/2008 9:16:25 AM | Attr =	]

FS@avpe.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 12/7/2008 9:16:24 AM | Attr =	]

verdicts.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 12/7/2008 9:16:24 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

FS@corp.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 12/7/2008 9:17:09 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

FS@hydra.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 12/7/2008 9:16:56 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 12/7/2008 9:17:00 AM | Attr =	]

FS@mlc.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 12/7/2008 9:17:00 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 12/7/2008 9:16:43 AM | Attr =	]

FS@peg.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 12/7/2008 9:16:43 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 12/7/2008 9:16:45 AM | Attr =	]

FS@ols.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 12/7/2008 9:16:45 AM | Attr =	]

C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 12/7/2008 9:16:30 AM | Attr =	]

FS@bleng.ini -> C:\Users\Lee\AppData\Local\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 12/7/2008 9:16:30 AM | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

Lavasoft -> %AllUsersProfile%\Lavasoft ->  [Folder | Modified Date = 18/6/2008 11:03:31 AM | Attr =	]

Malwarebytes -> %AllUsersProfile%\Malwarebytes ->  [Folder | Modified Date = 8/7/2008 6:22:59 PM | Attr =	]

Skype -> %AllUsersProfile%\Skype ->  [Folder | Modified Date = 21/6/2008 12:49:17 PM | Attr =	]

TEMP -> %AllUsersProfile%\TEMP ->  [Folder | Modified Date = 12/7/2008 9:10:59 AM | Attr =	]

@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\TEMP:C31F31E6

Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 8/7/2008 6:23:03 PM | Attr =	]

Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 25/6/2008 11:29:30 AM | Attr =   S]

Mozilla -> %AppData%\Mozilla ->  [Folder | Modified Date = 19/6/2008 9:17:47 AM | Attr =	]

Skype -> %AppData%\Skype ->  [Folder | Modified Date = 12/7/2008 9:52:48 AM | Attr =	]

skypePM -> %AppData%\skypePM ->  [Folder | Modified Date = 12/7/2008 9:03:05 AM | Attr =	]

uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 12/7/2008 10:06:22 AM | Attr =	]

WinRAR -> %AppData%\WinRAR ->  [Folder | Modified Date = 5/7/2008 9:06:48 PM | Attr =	]

acer eNM -> %UserProfile%\AppData\Local\acer eNM ->  [Folder | Modified Date = 11/7/2008 5:42:50 PM | Attr =  H ]

AOL -> %UserProfile%\AppData\Local\AOL ->  [Folder | Modified Date = 10/7/2008 6:33:22 PM | Attr =	]

AOL OCP -> %UserProfile%\AppData\Local\AOL OCP ->  [Folder | Modified Date = 10/7/2008 6:33:22 PM | Attr =	]

Apple Computer -> %UserProfile%\AppData\Local\Apple Computer ->  [Folder | Modified Date = 10/7/2008 9:55:37 PM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 23552 bytes | Modified Date = 4/7/2008 9:55:27 PM | Attr =	]

IconCache.db -> %UserProfile%\AppData\Local\IconCache.db ->  [Ver =  | Size = 1542066 bytes | Modified Date = 12/7/2008 9:09:24 AM | Attr =  H ]

Microsoft -> %UserProfile%\AppData\Local\Microsoft ->  [Folder | Modified Date = 17/6/2008 1:15:53 PM | Attr =	]

Temp -> %UserProfile%\AppData\Local\Temp ->  [Folder | Modified Date = 12/7/2008 10:03:57 AM | Attr =	]

Converted Videos -> %UserProfile%\Documents\Converted Videos ->  [Folder | Modified Date = 13/6/2008 4:36:40 AM | Attr =	]

Downloads -> %UserProfile%\Documents\Downloads ->  [Folder | Modified Date = 11/7/2008 9:17:34 PM | Attr =	]

My Sharing Folders.lnk -> %UserProfile%\Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 502 bytes | Modified Date = 12/7/2008 9:11:53 AM | Attr =	]

Video Downloads -> %UserProfile%\Documents\Video Downloads ->  [Folder | Modified Date = 13/6/2008 4:36:40 AM | Attr =	]

Mozilla Firefox.lnk -> %SystemDrive%\Users\Public\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1688 bytes | Modified Date = 19/6/2008 9:17:38 AM | Attr =	]

Games -> %UserProfile%\Desktop\Games ->  [Folder | Modified Date = 24/6/2008 3:19:11 AM | Attr =	]

Installers -> %UserProfile%\Desktop\Installers ->  [Folder | Modified Date = 18/6/2008 11:45:03 AM | Attr =	]

Misc -> %UserProfile%\Desktop\Misc ->  [Folder | Modified Date = 11/7/2008 6:32:20 PM | Attr =	]

PSP CFW -> %UserProfile%\Desktop\PSP CFW ->  [Folder | Modified Date = 11/7/2008 6:32:12 PM | Attr =	]

Skype -> %CommonProgramFiles%\Skype ->  [Folder | Modified Date = 21/6/2008 12:49:16 PM | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 18/6/2008 10:54:58 AM | Attr =	]



< End of report >


#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:18 AM

Posted 11 July 2008 - 09:11 PM

never mind I see it. :thumbsup: It was in transit.

Edited by SifuMike, 11 July 2008 - 09:12 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 flamerwiz

flamerwiz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 11 July 2008 - 09:12 PM

Isn't post #10 it?

#13 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:18 AM

Posted 11 July 2008 - 09:21 PM

Yes, it was in transit when I wrote my message and it here now. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:18 AM

Posted 11 July 2008 - 09:50 PM

Hi,

That log looks fine. :thumbsup:

If there aren't any other issues then go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues.

If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:18 AM

Posted 17 July 2008 - 06:10 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users