Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Virus?


  • This topic is locked This topic is locked
7 replies to this topic

#1 thiswilldestroyyou

thiswilldestroyyou

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 09 July 2008 - 03:08 PM

I am having troubles on my Vista Home Premium system, My harddrive spins real fast with nothing open, windows explorer is slow and stops responding often and there are random pop ups including anti-spyware ads. I disabled the network because I did not want to infect any of my other computers, I also have McAfee and SpyBot running. I turned on User Account Control, Windows Firewall and have the McAfee firewall on lockdown. With all of this it seems to be running alright asides from being a little sluggish. SpyBot asks to allow/deny change on Msserver, cmds and Bmdb78b808 during startup. I had Resident/TeaTimer, Windows Firewall, and UAC disabled when I scanned.

I am posting this from my windows xp because I am avoiding connecting to the network on my vista:

Deckard's System Scanner v20071014.68
Run by Jeffrey on 2008-07-09 15:25:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-07-08 18:35:42 UTC - RP513 - Windows Update


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.18 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-09 15:36:11
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files\Lexmark 5200 Series\ezprint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Users\Jeffrey\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E64E841-2463-47C9-8797-DAF2810BBF61} - C:\Windows\System32\qoMdCust.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: (no name) - {C66BB55C-2895-46BD-9873-49CE26D2CABA} - C:\Windows\system32\geBrppPF.dll (file missing)
O2 - BHO: (no name) - {C85852E5-B868-4928-B07A-687BB00EC49F} - C:\Users\Jeffrey\AppData\Local\Temp\cbXRLeBs.dll (file missing)
O2 - BHO: (no name) - {E20A1A40-A296-4234-8D95-B05EE88423FA} - C:\Windows\system32\cbXNGvVp.dll (file missing)
O2 - BHO: {81d54545-e39f-6209-f5d4-b76c621f07ee} - {ee70f126-c67b-4d5f-9026-f93e54545d18} - C:\Windows\System32\qtleov.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [lxbtmon.exe] "C:\Program Files\Lexmark 5200 Series\lxbtmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5200 Series\ezprint.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCust.dll,#1
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [940e3e8e] rundll32.exe "C:\Windows\system32\tattnntg.dll",b
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [BM973d0d12] Rundll32.exe "C:\Users\Jeffrey\AppData\Local\Temp\qusjxhue.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe wingwn32.rom,aYTRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jeffrey\AppData\Local\Temp\fcccaXOH.dll,#1
O4 - HKCU\..\Run: [940e3e8e] rundll32.exe "C:\Windows\system32\tattnntg.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jeffrey\AppData\Local\Temp\cbXRLeBs.dll,c
O4 - HKCU\..\Run: [BM973d0d12] Rundll32.exe "C:\Users\Jeffrey\AppData\Local\Temp\qusjxhue.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HoudiniLicenseServer - Side Effects Software Inc. - C:\Windows\System32\sesinetd.exe
O23 - Service: HoudiniServer - Side Effects Software Inc. - C:\Windows\System32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Unknown owner - C:\Windows\System32\lxbtcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: PXVistaSvc - Prevx Ltd. - C:\Program Files\Prevx2\PXVistaSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 13342 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe","%1"
.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R1 ISODrive (ISO DVD/CD-ROM Device Driver) - \??\c:\program files\ultraiso\drivers\isodrive.sys
R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys
R2 Haspnt - \??\c:\windows\system32\drivers\haspnt.sys
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 HoudiniLicenseServer - c:\windows\system32\sesinetd.exe <Not Verified; Side Effects Software Inc.; >
R2 HoudiniServer - c:\windows\system32\hserver.exe <Not Verified; Side Effects Software Inc.; >
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S3 wampapache - "c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S3 wampmysqld - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: USBSTOR\CDROM&VEN_SANDISK&PROD_U3_CRUZER_MICRO&REV_2.18\00001779A962A3C4&1
Manufacturer: (Standard CD-ROM drives)
Name: SanDisk U3 Cruzer Micro USB Device
PNP Device ID: USBSTOR\CDROM&VEN_SANDISK&PROD_U3_CRUZER_MICRO&REV_2.18\00001779A962A3C4&1
Service: cdrom

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01ED1028&REV_02\4&DC268A3&0&3880
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01ED1028&REV_02\4&DC268A3&0&3880
Service: bcm4sbxp


-- Scheduled Tasks -------------------------------------------------------------

2008-07-09 15:35:32 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{E3E2641F-93E1-4E50-A919-D5F2AFC93282}.job
2008-07-04 21:17:10 412 --a------ C:\Windows\Tasks\Norton Security Scan.job
2008-07-01 01:00:41 334 --a------ C:\Windows\Tasks\McQcTask.job
2008-06-15 02:37:38 342 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-09 15:12:39 104448 --a------ C:\Windows\system32\qtleov.dll
2008-07-09 15:12:38 104448 --a------ C:\Windows\system32\vamdqmli.dll
2008-07-09 14:00:18 34304 --a------ C:\Windows\system32\hgGayyay.dll
2008-07-09 14:00:12 34304 --a------ C:\Windows\system32\qoMdCust.dll
2008-07-04 09:35:24 0 d-------- C:\Users\Jeffrey\CINEMA 4D
2008-07-04 02:09:56 0 d-------- C:\Users\Jeffrey\ar
2008-07-04 01:51:57 0 d-------- C:\Program Files\Prevx2
2008-07-03 20:49:42 87040 -----n--- C:\Windows\system32\tattnntg.dll
2008-07-03 20:46:41 656951 --ahs---- C:\Windows\system32\qXIhPqss.ini2
2008-07-03 11:47:58 104448 --a------ C:\Windows\system32\szovnl.dll
2008-07-03 11:47:56 104448 --a------ C:\Windows\system32\lntsxpny.dll
2008-07-03 11:47:12 345 --ahs---- C:\Windows\system32\FPpprBeg.ini2
2008-07-02 17:09:39 0 d-------- C:\Windows\system32\349168
2008-07-02 12:43:22 650743 --ahs---- C:\Windows\system32\kRutsBeg.ini2
2008-07-02 12:37:57 34304 --a------ C:\Windows\system32\geBstqNE.dll
2008-07-02 12:02:26 104448 --a------ C:\Windows\system32\ocaejo.dll
2008-07-02 12:02:24 104448 --a------ C:\Windows\system32\tohtlgrc.dll
2008-07-02 11:59:22 650738 --ahs---- C:\Windows\system32\yaHiPqru.ini2
2008-07-01 16:15:09 633282 --ahs---- C:\Windows\system32\TvCMWxbc.ini2
2008-07-01 15:09:52 34304 --a------ C:\Windows\system32\ljJARkhi.dll
2008-07-01 15:08:47 633282 --ahs---- C:\Windows\system32\XHilknpo.ini2
2008-06-30 22:18:05 94208 --a------ C:\Windows\system32\vqbgjawe.dll
2008-06-30 22:17:22 652984 --ahs---- C:\Windows\system32\vyGPVxbc.ini2
2008-06-30 20:48:44 345 --ahs---- C:\Windows\system32\tDKQtutv.ini2
2008-06-30 19:23:33 94208 --a------ C:\Windows\system32\jdephryf.dll
2008-06-30 19:22:49 652984 --ahs---- C:\Windows\system32\PYIRuvut.ini2
2008-06-30 19:17:35 34304 --a------ C:\Windows\system32\rqRKEtsP.dll
2008-06-30 16:28:45 104448 --a------ C:\Windows\system32\avutkq.dll
2008-06-30 16:28:43 104448 --a------ C:\Windows\system32\yrcbdylq.dll
2008-06-30 16:23:21 94208 --a------ C:\Windows\system32\pmvfiuwy.dll
2008-06-30 16:22:40 652984 --ahs---- C:\Windows\system32\VwFOonmp.ini2
2008-06-30 16:17:27 34304 --a------ C:\Windows\system32\vtUkHYom.dll
2008-06-30 12:53:41 104448 --a------ C:\Windows\system32\mabqbb.dll
2008-06-30 12:53:38 104448 --a------ C:\Windows\system32\rroarcrg.dll
2008-06-30 12:48:17 94208 --a------ C:\Windows\system32\eujypivk.dll
2008-06-30 12:47:36 652984 --ahs---- C:\Windows\system32\svDdeMoq.ini2
2008-06-29 18:57:38 104448 --a------ C:\Windows\system32\zhnolz.dll
2008-06-29 18:57:35 104448 --a------ C:\Windows\system32\gdwqqqyg.dll
2008-06-29 18:51:35 652984 --ahs---- C:\Windows\system32\HNVuDcdd.ini2
2008-06-29 17:46:22 34304 --a------ C:\Windows\system32\iiffCvtR.dll
2008-06-29 17:01:23 345 --ahs---- C:\Windows\system32\SrCIRqss.ini2
2008-06-29 16:56:04 34304 --a------ C:\Windows\system32\byXOecdD.dll
2008-06-29 08:56:14 345 --ahs---- C:\Windows\system32\XEfPoUvw.ini2
2008-06-29 08:53:09 0 d-------- C:\Windows\system32\371186
2008-06-27 22:12:29 104960 --a------ C:\Windows\system32\wnirct.dll
2008-06-27 22:12:27 104960 --a------ C:\Windows\system32\yealweyn.dll
2008-06-27 22:12:16 94208 --a------ C:\Windows\system32\frrrohwx.dll
2008-06-27 20:30:22 94208 --a------ C:\Windows\system32\oxruckeb.dll
2008-06-27 20:29:43 652984 --ahs---- C:\Windows\system32\tuxHNoYb.ini2
2008-06-27 20:24:31 34304 --a------ C:\Windows\system32\opNDTnlJ.dll
2008-06-27 11:18:41 652135 --ahs---- C:\Windows\system32\hiPYxyxx.ini2
2008-06-26 17:46:32 86016 --a------ C:\Windows\system32\oibroont.dll
2008-06-26 17:46:26 107008 --a------ C:\Windows\system32\qyltphrh.dll
2008-06-26 17:44:05 95232 --a------ C:\Windows\system32\imsxdqim.dll
2008-06-26 09:54:01 107008 --a------ C:\Windows\system32\qoeqfhyi.dll
2008-06-26 09:49:00 95232 --a------ C:\Windows\system32\yeantapp.dll
2008-06-26 09:38:04 95232 --a------ C:\Windows\system32\cropesmx.dll
2008-06-25 18:35:07 653408 --ahs---- C:\Windows\system32\pVvGNXbc.ini2
2008-06-24 12:08:45 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-06-24 11:56:30 197120 --a------ C:\Windows\patchw32.dll
2008-06-24 11:56:29 0 d-------- C:\Program Files\Common Files\PocketSoft
2008-06-24 11:51:42 0 d-------- C:\Program Files\Atari
2008-06-14 07:41:31 143360 --a------ C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>


-- Find3M Report ---------------------------------------------------------------

2008-07-09 13:58:08 12 --a------ C:\Windows\bthservsdp.dat
2008-07-09 13:45:07 262144 --a------ C:\ntuser.dat
2008-07-08 19:48:18 0 d-------- C:\Program Files\Lx_cats
2008-07-08 14:35:13 0 d-------- C:\Users\Jeffrey\AppData\Roaming\McAfee
2008-07-05 23:48:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-04 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2008-07-04 01:53:43 0 d-------- C:\Users\Jeffrey\AppData\Roaming\Prevx
2008-07-01 15:03:46 0 d-------- C:\Program Files\McAfee
2008-06-27 12:56:05 0 d-------- C:\Program Files\Common Files
2008-06-24 11:51:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 03:09:51 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-14 14:53:20 0 d-------- C:\Users\Jeffrey\AppData\Roaming\FileZilla
2008-06-14 14:26:13 0 d-------- C:\Program Files\FileZilla FTP Client
2008-06-12 16:20:47 0 d-------- C:\Users\Jeffrey\AppData\Roaming\Corel
2008-06-11 16:09:07 0 d-------- C:\Program Files\Windows Mail
2008-06-09 20:12:45 0 d-------- C:\Program Files\QuickTime
2008-06-09 14:56:12 232904 --a------ C:\Users\Jeffrey\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-30 21:07:29 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-23 23:18:15 0 d-------- C:\Users\Jeffrey\AppData\Roaming\uTorrent
2008-05-21 15:42:22 0 d-------- C:\Program Files\AIM6
2008-05-21 15:41:10 0 d-------- C:\Program Files\Viewpoint


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E64E841-2463-47C9-8797-DAF2810BBF61}]
06/25/2008 06:29 PM 34304 --a------ C:\Windows\system32\qoMdCust.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C66BB55C-2895-46BD-9873-49CE26D2CABA}]
C:\Windows\system32\geBrppPF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C85852E5-B868-4928-B07A-687BB00EC49F}]
C:\Users\Jeffrey\AppData\Local\Temp\cbXRLeBs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E20A1A40-A296-4234-8D95-B05EE88423FA}]
C:\Windows\system32\cbXNGvVp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ee70f126-c67b-4d5f-9026-f93e54545d18}]
07/09/2008 03:12 PM 104448 --a------ C:\Windows\system32\qtleov.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [02/08/2007 01:16 AM C:\Windows\sttray.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
"@"="" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [12/17/2001 11:18 AM]
"lxbtmon.exe"="C:\Program Files\Lexmark 5200 Series\lxbtmon.exe" [05/03/2007 03:50 AM]
"EzPrint"="C:\Program Files\Lexmark 5200 Series\ezprint.exe" [05/03/2007 03:53 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [09/11/2007 10:28 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/11/2007 10:28 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [09/11/2007 10:28 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [08/11/2005 04:30 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/15/2007 06:56 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"MSServer"="C:\Windows\system32\qoMdCust.dll" [06/25/2008 06:29 PM]
"LXBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [02/22/2007 05:46 AM]
"940e3e8e"="C:\Windows\system32\tattnntg.dll" [07/03/2008 08:49 PM]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [01/23/2008 12:32 PM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"BM973d0d12"="C:\Users\Jeffrey\AppData\Local\Temp\qusjxhue.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"Aim6"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [08/11/2005 04:30 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]
"@"="" []
"MSSMSGS"="wingwn32.rom,aYTRun" []
"MSServer"="C:\Users\Jeffrey\AppData\Local\Temp\fcccaXOH.dll,#1" []
"940e3e8e"="C:\Windows\system32\tattnntg.dll,b" []
"cmds"="C:\Users\Jeffrey\AppData\Local\Temp\cbXRLeBs.dll,c" []
"BM973d0d12"="C:\Users\Jeffrey\AppData\Local\Temp\qusjxhue.dll,s" []

C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/12/2007 6:15:05 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0E64E841-2463-47C9-8797-DAF2810BBF61}"= C:\Windows\system32\qoMdCust.dll [06/25/2008 06:29 PM 34304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Users\Jeffrey\AppData\Local\Temp\cbXRLeBs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=C:\Windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastSUPPORT]
C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
LPDService LPDSVC


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0aab017b-4a8f-11dd-9d0a-ef8b18c5742e}]
AutoRun\command- J:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-09 15:39:24 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4400+
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 2045.88 MiB / 925.11 MiB
Pagefile Memory (total/avail): 4306.57 MiB / 3176.56 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.23 MiB

C: is Fixed (NTFS) - 138.96 GiB total, 4.18 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (FAT)
H: is Fixed (FAT32) - 232.83 GiB total, 41.84 GiB free.
I: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST316081 2AS SCSI Disk Device - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 138.96 GiB - C:

\\.\PHYSICALDRIVE3 - Memorex TD Classic 003B USB Device - 980.53 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 983.98 MiB - I:

\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 1953.22 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1952.88 MiB - G:

\\.\PHYSICALDRIVE2 - WD 2500JB External USB Device - 232.88 GiB - 1 partition
\PARTITION0 - Unknown - 232.88 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AV: Prevx 2.0 v1.0.1.33 (Prevx Ltd.) Disabled
AS: McAfee VirusScan v (McAfee)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Windows\\system32\\winver.exe"="C:\\Windows\\System32\\winver.exe:*:Enabled:winver"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Jeffrey\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VISTA
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Jeffrey
LOCALAPPDATA=C:\Users\Jeffrey\AppData\Local
LOGONSERVER=\\VISTA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Next Limit\RealFlow4\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RF4PATH=C:\Program Files\Next Limit\RealFlow4\
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Jeffrey\AppData\Local\Temp
TMP=C:\Users\Jeffrey\AppData\Local\Temp
USERDOMAIN=VISTA
USERNAME=Jeffrey
USERPROFILE=C:\Users\Jeffrey
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Jeffrey (admin)
Erin
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\Dell Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\Dell Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\Dell Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\Dell Games\Dell Game Console\Uninstall.exe"
--> "C:\Program Files\Dell Games\Dell Media Center Game Console\Uninstall.exe"
--> "C:\Program Files\Dell Games\FATE\Uninstall.exe"
--> "C:\Program Files\Dell Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\Dell Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\Dell Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\Dell Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\Dell Games\SCRABBLE\Uninstall.exe"
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Able Batch Converter 2.7 --> "C:\Program Files\AbleBatchConverter\unins000.exe"
Ableton Live v7.0.1 --> "C:\Program Files\Ableton\Live 7.0.1\unins000.exe"
Adobe After Effects 7.0 --> msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Reader Chinese Simplified Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2447-0000-705000000001}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Music Link 1.0.0.4 --> C:\PROGRA~1\AIMMUS~1\UNWISE.EXE C:\PROGRA~1\AIMMUS~1\INSTALL.LOG
AIM Music Link 1.0.0.5 --> C:\PROGRA~1\AIMMUS~1\UNWISE.EXE C:\PROGRA~1\AIMMUS~1\INSTALL.LOG
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Alcohol Toolbar --> "C:\Windows\Alcohol_Toolbar_Uninstaller_9994.exe" _?=C:\Program Files\Alcohol Toolbar
AndreaMosaic 3.21 --> C:\Windows\iun6002.exe "C:\Program Files\AndreaMosaic\irunin.ini"
Anvil Studio --> C:\Windows\system32\AsUninst.exe
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AOL Install --> MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Audacity 1.3.3 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Backyard Football --> C:\Windows\IsUninst.exe -fc:\hegames\football\Uninst.isu -c"c:\hegames\football\Uninst.dll
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
boujou 4.1.0 --> "C:\Program Files\2d3\boujou 4.1\unins000.exe"
BroadJump Client Foundation --> C:\Windows\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll"
Bryce 5.5c --> C:\Windows\unvise32.exe C:\Program Files\DAZ\Bryce 5.5\Bryce Uninstall.log
BuddyList Ops 1.0.0.1 --> C:\PROGRA~1\BUDDYL~1\UNWISE.EXE C:\PROGRA~1\BUDDYL~1\INSTALL.LOG
CD/DVD-ROM Generator 1.20 --> C:\Windows\IsUninst.exe -f"C:\Program Files\CD_DVD-ROM Generator 1.20\Uninst.isu"
Color Schemer Studio --> "C:\Program Files\Color Schemer Studio\unins000.exe"
Colorizer 1.0.0.1 --> C:\PROGRA~1\COLORI~1\UNWISE.EXE C:\PROGRA~1\COLORI~1\INSTALL.LOG
ComcastSUPPORT --> C:\PROGRA~1\Support.com\UNWISE.EXE C:\PROGRA~1\Support.com\INSTALL.LOG
Conexant D850 PCI V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
DAZ|Studio 1.5.1.0 --> C:\Windows\unvise32.exe C:\Program Files\DAZ\Studio\DAZ Studio Uninstall.log
Dell Games --> "C:\Program Files\Dell Games\Uninstall.exe"
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DeskSpace 1.5.1 Trial --> C:\Program Files\DeskSpace\uninst.exe
Desktop Doctor --> "C:\Program Files\Support.com\providerComcast\Uninstall.exe" /c "Remove Desktop Doctor?"
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
Drumsite 1.7 (demo) --> "C:\Program Files\Drumsite demo\Uninstall.exe" "C:\Program Files\Drumsite demo\install.log" -u
DVD Album 1.1.0 --> "C:\Program Files\DVD Album\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
Easy Video Joiner 5.21 --> "C:\Program Files\Easy Video Joiner\unins000.exe"
Enigma --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F145099-1224-4C5B-84F2-7AE6DC699F1A}\setup.exe" -l0x9 -removeonly
FileZilla Client 3.0.10 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
Final Draft 7 --> MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
FinePix Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\Setup.exe" -l0x9
FinePixViewer Resource --> C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\setup.exe -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.4 --> C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\Setup.exe -runfromtemp -l0x0009 -removeonly
FL Studio v7.0 --> "C:\Program Files\Image-Line\FL Studio 7\unins000.exe"
FlashGet 1.9.0.1012 --> C:\Program Files\FlashGet\uninst.exe
FLV Player --> "C:\Windows\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Freetar --> C:\Windows\system32\javaws.exe -uninstall -prompt "http://www.freetar.net/webstart/Freetar_Hero.jnlp"
Freetar Editor --> C:\Windows\system32\javaws.exe -uninstall -prompt "http://www.freetar.net/webstart/Freetar_Editor.jnlp"
Fruity Loops Studio Producer Edition XXL v6.04 Patcher --> C:\PROGRA~1\IMAGE-~1\UNWISE.EXE C:\PROGRA~1\IMAGE-~1\INSTALL.LOG
Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 Exporters --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly
Google SketchUp LayOut 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly
Google SketchUp Pro 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HASP Device Drivers --> C:\Windows\system32\UNWISE.EXE C:\Windows\system32\HDD32.LOG
Hex Workshop v4.23 --> C:\Windows\IsUninst.exe -f"C:\Program Files\BreakPoint Software\Hex Workshop 4.2\hw41unin.isu"
Houdini 9.0.719 --> C:\Program Files\Side Effects Software\Houdini 9.0.719\Uninstall.exe
ImageMixer3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB19A235-66D4-47F7-9904-BAF84ED25BB6}\SETUP.EXE" -l0x9 UNINSTALL -removeonly
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Internet Service Offers Launcher --> MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
IsoBuster 2.1 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark 5200 Series --> C:\Program Files\Lexmark 5200 Series\Install\x86\Uninst.exe
LWAway 1.0.0.1 --> C:\PROGRA~1\LWAway\UNWISE.EXE C:\PROGRA~1\LWAway\INSTALL.LOG
M-Audio Reason Control Surface --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F72DD596-F857-463C-AA43-647B45FCE14D}\setup.exe" -l0x9 -removeonly
Magic ISO Maker v5.4 (build 0237) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Make Your Own Jigsaw Puzzle --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Make Your Own Jigsaw Puzzle\ST6UNST.LOG"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mid2ChartConverter --> MsiExec.exe /I{7FDF45CF-0794-4A9B-8AE6-E19E81B532A1}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MixMeister BPM Analyzer 1.0 --> "C:\Program Files\MixMeister BPM Analyzer\unins000.exe"
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Motorola Driver Installation 3.2.0 --> MsiExec.exe /I{D6A1E429-CCE1-4140-A615-710B806D12BA}
Mozilla Firefox (2.0.0.15) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
Netflix Movie Viewer --> MsiExec.exe /X{B6272BAC-1A51-4418-933D-E6FC6C7DC42D}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton Security Scan --> MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Pcsx2 0.9.2 Watermoose --> "C:\Program Files\Pcsx2\unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Poser 7 --> C:\Windows\unvise32.exe C:\Program Files\e frontier\Poser 7\uninstal.log
Prevx 2.0 Agent --> MsiExec.exe /X{3DEBCFB2-389E-419C-842E-15501ACC8C93}
PSS Plex 1.1.0 --> C:\Windows\iun506.exe C:\Program Files\PSS Plex\irunin.ini
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealFlow --> MsiExec.exe /I{ECB5F4EA-D7DD-4423-B1E5-CD14A30A3732}
Reason 4.0 --> "C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
RMX Automation (remove only) --> C:\Program Files\RMX Automation\rmx_uninstall.exe
RollerCoaster Tycoon 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Series II MIDI --> C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe -runfromtemp -l0x0009 -removeonly
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sothink SWF Decompiler --> "C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
Springboard --> "C:\Program Files\Springboard\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TabIt version 2.03 (Trial) --> "C:\Program Files\TabIt\unins000.exe"
Total Video Converter 3.10 --> "C:\Program Files\Total Video Converter\unins000.exe"
Turtle Beach AD FullCap --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD5C67C9-1DC9-438A-9019-ECB4D382FFF4}\setup.exe" -l0x9 -removeonly
UltraISO Premium V8.63 --> "C:\Program Files\UltraISO\unins000.exe"
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoAdvantage USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E662A98E-8A02-4158-9047-4EBFA4F9F2ED}\setup.exe" -l0x9 -removeonly
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
WalkerFX 2.2 Professional Edition --> MsiExec.exe /I{EC6EDCB1-2379-482F-9A93-293DFF7B1226}
WampServer 2.0 --> "c:\wamp\unins000.exe"
Whiz FTP 1.0 --> C:\Program Files\Whiz FTP\uninst.exe
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
WIDCOMM Bluetooth Software 6.0.1.3400 --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Wii Play the Drums --> MsiExec.exe /I{45833D08-FB60-47EE-86DC-868EC31ADB50}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Resource Kit Tools - SubInAcl.exe --> MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}


-- Application Event Log -------------------------------------------------------

Event Record #/Type39044 / Success
Event Submitted/Written: 07/09/2008 02:00:37 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type39043 / Success
Event Submitted/Written: 07/09/2008 02:00:30 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type39035 / Success
Event Submitted/Written: 07/09/2008 02:00:04 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type39026 / Warning
Event Submitted/Written: 07/09/2008 01:58:05 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4140534091-3874047049-753865750-1000_Classes:
Process 952 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4140534091-3874047049-753865750-1000_CLASSES

Event Record #/Type39025 / Warning
Event Submitted/Written: 07/09/2008 01:58:05 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-4140534091-3874047049-753865750-1000:
Process 952 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4140534091-3874047049-753865750-1000
Process 1792 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-4140534091-3874047049-753865750-1000\Software\Microsoft\Windows\CurrentVersion\Run



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type237627 / Warning
Event Submitted/Written: 07/09/2008 03:24:23 PM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type237626 / Error
Event Submitted/Written: 07/09/2008 03:21:23 PM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}VISTAJeffreyS-1-5-21-4140534091-3874047049-753865750-1000LocalHost (Using LRPC)

Event Record #/Type237625 / Error
Event Submitted/Written: 07/09/2008 03:21:22 PM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}VISTAJeffreyS-1-5-21-4140534091-3874047049-753865750-1000LocalHost (Using LRPC)

Event Record #/Type237624 / Error
Event Submitted/Written: 07/09/2008 03:21:01 PM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}VISTAJeffreyS-1-5-21-4140534091-3874047049-753865750-1000LocalHost (Using LRPC)

Event Record #/Type237623 / Error
Event Submitted/Written: 07/09/2008 03:20:54 PM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}VISTAJeffreyS-1-5-21-4140534091-3874047049-753865750-1000LocalHost (Using LRPC)



-- End of Deckard's System Scanner: finished at 2008-07-09 15:39:24 ------------

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:57 PM

Posted 10 July 2008 - 08:26 AM

Hello thiswilldestroyyou,

Please disable Spybot Teamtimer, and UAC as they will prevent Malwarebytes' Anti-Malware from working.


To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh DSS Main-txt log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 10 July 2008 - 08:27 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 thiswilldestroyyou

thiswilldestroyyou
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 July 2008 - 04:04 PM

Thank you for your response, just an FYI I downloaded and ran the Kaspersky Anti-Virus trial because I could not complete the online scan with the current state of the computer. So first is information from Kaspersky and then everything else:

deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\cbXQhGVN.dll//UPX
not found: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\system32\tattnntg.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: Trojan program Trojan.Win32.Obfuscated.drb File: C:\Windows\System32\wingwn32.rom
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yeb Running module: C:\Windows\system32\tattnntg.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.xae Running module: C:\Windows\system32\cbXQhGVN.dll
deleted: adware not-a-virus:AdWare.Win32.E404.ag File: c:\windows\system32\349168\349168.dll//PE_Patch.UPX//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\byXRlJaY.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aafe File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\cbXRLeBs.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\ddcCVNEw.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\hgGywUoP.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\mlJDuvuS.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\mlJDvVpO.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\nnnoLBsp.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aaex File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\qusjxhue.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp0000b79b//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp00014c2c//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp000150be//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp0001619f//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp00016392//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp0001645d//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp00016778//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp000168df//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp00016b4f//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp00016beb//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp00017b56//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp00017cbd//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp000189d7//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp00019701//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp0001c2f0//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp0001d94d//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp0001e5eb//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp00027741//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp0005031b//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp00055762//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp001296b3//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\tmp00247149//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\vtUkllkI.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Deckard\System Scanner\backup\Users\Jeffrey\AppData\Local\Temp\wvUmjjjg.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\zhnolz.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Erin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24BY5HML\css4[1]//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Erin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AU1J2N2G\css4[1]//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Erin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FV0NUW9P\css4[1]//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Erin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FV0NUW9P\css4[2]//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Erin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZ1JX5XU\css4[1]//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Erin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZ1JX5XU\css4[2]//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Erin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJMAGTUT\css4[1]//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Erin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTJ3W54T\kb767887[1]//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Erin\AppData\Local\Temp\nnnoMGWm.dll//UPX
deleted: Trojan program Trojan-Proxy.Win32.Ranky.jh File: C:\Users\Erin\AppData\Local\Temp\SIntfNT.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Jeffrey\AppData\Local\Temp\tmp000195c9//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Jeffrey\AppData\Local\Temp\tmp0001d1cf//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Users\Jeffrey\AppData\Local\Temp\tmp0001dcf5//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\avutkq.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\byXOecdD.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\cropesmx.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.zjn File: C:\Windows\System32\eujypivk.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\frrrohwx.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\gdwqqqyg.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\geBstqNE.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\hgGayyay.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\iiffCvtR.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\imsxdqim.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.zjn File: C:\Windows\System32\jdephryf.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\ljJARkhi.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\lntsxpny.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\mabqbb.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\ocaejo.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\opNDTnlJ.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\oxruckeb.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.zjn File: C:\Windows\System32\pmvfiuwy.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\qoeqfhyi.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\qtleov.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\qyltphrh.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\rqRKEtsP.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\rroarcrg.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\szovnl.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\tohtlgrc.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\vamdqmli.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.zjn File: C:\Windows\System32\vqbgjawe.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\vtUkHYom.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\wnirct.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Windows\System32\yealweyn.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.E404.ag File: C:\Windows\System32\371186\371186.dll//PE_Patch.UPX//UPX












Scan type: Quick Scan
Objects scanned: 47685
Time elapsed: 7 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\vtUkhIca.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c199966e-da45-4d3a-94bf-f9acdb24e926} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c199966e-da45-4d3a-94bf-f9acdb24e926} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{72b76b57-6f12-4931-9910-b04b5e8a8268} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtukhica -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.vundo) -> Data: c:\windows\system32\vtukhica -> Delete on reboot.

Folders Infected:
C:\Windows\System32\349168 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\371186 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\vtUkhIca.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\acIhkUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\acIhkUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.









Deckard's System Scanner v20071014.68
Run by Jeffrey on 2008-07-10 16:55:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.96 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-10 16:55:43
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Users\Jeffrey\Desktop\dss.exe
C:\Users\Jeffrey\Desktop\dss.exe
C:\Program Files\McAfee\MPF\MC\MpfAlert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: (no name) - {C66BB55C-2895-46BD-9873-49CE26D2CABA} - C:\Windows\system32\geBrppPF.dll (file missing)
O2 - BHO: (no name) - {C85852E5-B868-4928-B07A-687BB00EC49F} - C:\Users\Jeffrey\AppData\Local\Temp\cbXRLeBs.dll (file missing)
O2 - BHO: {02f7c4e0-e131-b6c9-2dc4-3f085fb4e69c} - {c96e4bf5-80f3-4cd2-9c6b-131e0e4c7f20} - C:\Windows\System32\hghmus.dll
O2 - BHO: (no name) - {E20A1A40-A296-4234-8D95-B05EE88423FA} - C:\Windows\system32\cbXNGvVp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [lxbtmon.exe] "C:\Program Files\Lexmark 5200 Series\lxbtmon.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HoudiniLicenseServer - Side Effects Software Inc. - C:\Windows\System32\sesinetd.exe
O23 - Service: HoudiniServer - Side Effects Software Inc. - C:\Windows\System32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Unknown owner - C:\Windows\System32\lxbtcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 11582 bytes

-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 16:16:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-10 08:22:32 96966 --a------ C:\Windows\system32\drivers\klin.dat
2008-07-10 08:22:32 88774 --a------ C:\Windows\system32\drivers\klick.dat
2008-07-10 08:19:29 135186720 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-07-10 08:19:28 0 d-------- C:\Program Files\Kaspersky Lab
2008-07-10 08:16:19 0 d-------- C:\kav
2008-07-10 08:09:49 294 ---hs---- C:\Windows\system32\gtnnttat.ini2
2008-07-10 01:44:52 101888 --a------ C:\Windows\system32\hghmus.dll
2008-07-10 01:44:50 101888 --a------ C:\Windows\system32\rtbxldvb.dll
2008-07-10 01:44:40 92160 --a------ C:\Windows\system32\kamubwlq.dll
2008-07-10 01:43:50 282624 -----n--- C:\Windows\system32\vtUkhIca.dll
2008-07-09 18:35:14 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-04 09:35:24 0 d-------- C:\Users\Jeffrey\CINEMA 4D
2008-07-04 02:09:56 0 d-------- C:\Users\Jeffrey\ar
2008-07-03 20:46:41 656951 --ahs---- C:\Windows\system32\qXIhPqss.ini2
2008-07-03 11:47:12 345 --ahs---- C:\Windows\system32\FPpprBeg.ini2
2008-07-02 12:43:22 650743 --ahs---- C:\Windows\system32\kRutsBeg.ini2
2008-07-02 11:59:22 650738 --ahs---- C:\Windows\system32\yaHiPqru.ini2
2008-07-01 16:15:09 633282 --ahs---- C:\Windows\system32\TvCMWxbc.ini2
2008-07-01 15:08:47 633282 --ahs---- C:\Windows\system32\XHilknpo.ini2
2008-06-30 22:17:22 652984 --ahs---- C:\Windows\system32\vyGPVxbc.ini2
2008-06-30 20:48:44 345 --ahs---- C:\Windows\system32\tDKQtutv.ini2
2008-06-30 19:22:49 652984 --ahs---- C:\Windows\system32\PYIRuvut.ini2
2008-06-30 16:22:40 652984 --ahs---- C:\Windows\system32\VwFOonmp.ini2
2008-06-30 12:47:36 652984 --ahs---- C:\Windows\system32\svDdeMoq.ini2
2008-06-29 18:51:35 652984 --ahs---- C:\Windows\system32\HNVuDcdd.ini2
2008-06-29 17:01:23 345 --ahs---- C:\Windows\system32\SrCIRqss.ini2
2008-06-29 08:56:14 345 --ahs---- C:\Windows\system32\XEfPoUvw.ini2
2008-06-27 20:29:43 652984 --ahs---- C:\Windows\system32\tuxHNoYb.ini2
2008-06-27 11:18:41 652135 --ahs---- C:\Windows\system32\hiPYxyxx.ini2
2008-06-25 18:35:07 653408 --ahs---- C:\Windows\system32\pVvGNXbc.ini2
2008-06-24 12:08:45 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-06-24 11:56:30 197120 --a------ C:\Windows\patchw32.dll
2008-06-24 11:56:29 0 d-------- C:\Program Files\Common Files\PocketSoft
2008-06-24 11:51:42 0 d-------- C:\Program Files\Atari
2008-06-14 07:41:31 143360 --a------ C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>


-- Find3M Report ---------------------------------------------------------------

2008-07-10 16:17:03 0 d-------- C:\Users\Jeffrey\AppData\Roaming\Malwarebytes
2008-07-10 15:28:19 12 --a------ C:\Windows\bthservsdp.dat
2008-07-10 00:56:53 0 d-------- C:\Program Files\DeskSpace
2008-07-10 00:56:23 0 d-------- C:\Program Files\Image-Line
2008-07-10 00:56:15 0 d-------- C:\Program Files\FlashGet
2008-07-10 00:54:36 0 d-------- C:\Program Files\Turtle Beach
2008-07-10 00:54:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 00:53:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-10 00:50:16 0 d-------- C:\Program Files\Norton Security Scan
2008-07-10 00:49:26 0 d-------- C:\Program Files\mIRC
2008-07-09 16:01:47 262144 --a------ C:\ntuser.dat
2008-07-08 19:48:18 0 d-------- C:\Program Files\Lx_cats
2008-07-08 14:35:13 0 d-------- C:\Users\Jeffrey\AppData\Roaming\McAfee
2008-07-05 23:48:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-01 15:03:46 0 d-------- C:\Program Files\McAfee
2008-06-27 12:56:05 0 d-------- C:\Program Files\Common Files
2008-06-15 03:09:51 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-14 14:53:20 0 d-------- C:\Users\Jeffrey\AppData\Roaming\FileZilla
2008-06-14 14:26:13 0 d-------- C:\Program Files\FileZilla FTP Client
2008-06-12 16:20:47 0 d-------- C:\Users\Jeffrey\AppData\Roaming\Corel
2008-06-11 16:09:07 0 d-------- C:\Program Files\Windows Mail
2008-06-09 20:12:45 0 d-------- C:\Program Files\QuickTime
2008-06-09 14:56:12 232904 --a------ C:\Users\Jeffrey\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-30 21:07:29 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-23 23:18:15 0 d-------- C:\Users\Jeffrey\AppData\Roaming\uTorrent
2008-05-21 15:42:22 0 d-------- C:\Program Files\AIM6
2008-05-21 15:41:10 0 d-------- C:\Program Files\Viewpoint


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C66BB55C-2895-46BD-9873-49CE26D2CABA}]
C:\Windows\system32\geBrppPF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C85852E5-B868-4928-B07A-687BB00EC49F}]
C:\Users\Jeffrey\AppData\Local\Temp\cbXRLeBs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c96e4bf5-80f3-4cd2-9c6b-131e0e4c7f20}]
07/10/2008 01:44 AM 101888 --a------ C:\Windows\system32\hghmus.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E20A1A40-A296-4234-8D95-B05EE88423FA}]
C:\Windows\system32\cbXNGvVp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [02/08/2007 01:16 AM C:\Windows\sttray.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
"@"="" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [12/17/2001 11:18 AM]
"lxbtmon.exe"="C:\Program Files\Lexmark 5200 Series\lxbtmon.exe" [05/03/2007 03:50 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [09/11/2007 10:28 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/11/2007 10:28 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [09/11/2007 10:28 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [08/11/2005 04:30 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/15/2007 06:56 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"LXBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [02/22/2007 05:46 AM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"Aim6"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [08/11/2005 04:30 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/12/2007 6:15:05 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=C:\Windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastSUPPORT]
C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
LPDService LPDSVC


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0aab017b-4a8f-11dd-9d0a-ef8b18c5742e}]
AutoRun\command- J:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-10 16:56:39 ------------

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:57 PM

Posted 10 July 2008 - 05:05 PM

Hello thiswilldestroyyou,

I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection.

In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove one of these.
Kaspersky Antivirus or McAfee Antivirus


You are still heavily infected, so we will use OTScanIt.

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post. If the file is too big to post, then you can upload it to me here. Let me know when you upload the log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:57 PM

Posted 10 July 2008 - 10:41 PM

Hi thiswilldestroyyou,

This is the most infected computer I have seen this month. :thumbsup:


Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%allusersprofile%\bm973d0d12.xml
%allusersprofile%\pskt.ini
%systemroot%\system32\dnbcdqwl.ini
%systemroot%\system32\dpvbcncv.ini
%systemroot%\system32\dunzip32.dll
%systemroot%\system32\fppprbeg.ini
%systemroot%\system32\fppprbeg.ini2
%systemroot%\system32\ggkbbcgx.ini
%systemroot%\system32\gonbkrho.ini
%systemroot%\system32\gtnnttat.ini
%systemroot%\system32\gtnnttat.ini2
%systemroot%\system32\hghmus.dll
%systemroot%\system32\hipyxyxx.ini
%systemroot%\system32\hipyxyxx.ini2
%systemroot%\system32\hnvudcdd.ini
%systemroot%\system32\hnvudcdd.ini2
%systemroot%\system32\juvmqymm.ini
%systemroot%\system32\kamubwlq.dll
%systemroot%\system32\krutsbeg.ini
%systemroot%\system32\krutsbeg.ini2
%systemroot%\system32\miwyeglo.ini
%systemroot%\system32\nltbsjly.ini
%systemroot%\system32\plardqtq.ini
%systemroot%\system32\ppfckwdf.ini
%systemroot%\system32\pvvgnxbc.ini
%systemroot%\system32\pvvgnxbc.ini2
%systemroot%\system32\pyiruvut.ini
%systemroot%\system32\pyiruvut.ini2
%systemroot%\system32\qxihpqss.ini
%systemroot%\system32\qxihpqss.ini2
%systemroot%\system32\rgopyjej.ini
%systemroot%\system32\rtbxldvb.dll
%systemroot%\system32\srcirqss.ini
%systemroot%\system32\srcirqss.ini2
%systemroot%\system32\svddemoq.ini
%systemroot%\system32\svddemoq.ini2
%systemroot%\system32\tdkqtutv.ini
%systemroot%\system32\tdkqtutv.ini2
%systemroot%\system32\tuxhnoyb.ini
%systemroot%\system32\tuxhnoyb.ini2
%systemroot%\system32\tvcmwxbc.ini
%systemroot%\system32\tvcmwxbc.ini2
%systemroot%\system32\ubqgnnkr.ini
%systemroot%\system32\vtukhica.dll
%systemroot%\system32\vvodpkip.ini
%systemroot%\system32\vwfoonmp.ini
%systemroot%\system32\vwfoonmp.ini2
%systemroot%\system32\vygpvxbc.ini
%systemroot%\system32\vygpvxbc.ini2
%systemroot%\system32\xefpouvw.ini
%systemroot%\system32\xefpouvw.ini2
%systemroot%\system32\xhilknpo.ini
%systemroot%\system32\xhilknpo.ini2
%systemroot%\system32\yahipqru.ini
%systemroot%\system32\yahipqru.ini2

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {C66BB55C-2895-46BD-9873-49CE26D2CABA} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geBrppPF.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {C85852E5-B868-4928-B07A-687BB00EC49F} [HKEY_LOCAL_MACHINE] -> %UserProfile%\AppData\Local\Temp\cbXRLeBs.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {E20A1A40-A296-4234-8D95-B05EE88423FA} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cbXNGvVp.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
YN -> {E19ADC6E-3909-43E4-9A89-B7B676377EE3}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sothink SWF Catcher]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> {ACB49C92-878D-4769-8434-CAB327C277D7}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {ACB49C92-878D-4769-8434-CAB327C277D7}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {ACB49C92-878D-4769-8434-CAB327C277D7}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {ACB49C92-878D-4769-8434-CAB327C277D7}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {ACB49C92-878D-4769-8434-CAB327C277D7}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {ACB49C92-878D-4769-8434-CAB327C277D7}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {EA977922-6C95-44E6-990C-DD22496818B7}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {EA977922-6C95-44E6-990C-DD22496818B7}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {EA977922-6C95-44E6-990C-DD22496818B7}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {EA977922-6C95-44E6-990C-DD22496818B7}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {EA977922-6C95-44E6-990C-DD22496818B7}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {EA977922-6C95-44E6-990C-DD22496818B7}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> dnbcdqwl.ini -> %SystemRoot%\System32\dnbcdqwl.ini
NY -> dpvbcncv.ini -> %SystemRoot%\System32\dpvbcncv.ini
NY -> dunzip32.dll -> %SystemRoot%\System32\dunzip32.dll
NY -> FPpprBeg.ini -> %SystemRoot%\System32\FPpprBeg.ini
NY -> FPpprBeg.ini2 -> %SystemRoot%\System32\FPpprBeg.ini2
NY -> ggkbbcgx.ini -> %SystemRoot%\System32\ggkbbcgx.ini
NY -> gonbkrho.ini -> %SystemRoot%\System32\gonbkrho.ini
NY -> gtnnttat.ini -> %SystemRoot%\System32\gtnnttat.ini
NY -> gtnnttat.ini2 -> %SystemRoot%\System32\gtnnttat.ini2
NY -> hghmus.dll -> %SystemRoot%\System32\hghmus.dll
NY -> hiPYxyxx.ini -> %SystemRoot%\System32\hiPYxyxx.ini
NY -> hiPYxyxx.ini2 -> %SystemRoot%\System32\hiPYxyxx.ini2
NY -> HNVuDcdd.ini -> %SystemRoot%\System32\HNVuDcdd.ini
NY -> HNVuDcdd.ini2 -> %SystemRoot%\System32\HNVuDcdd.ini2
NY -> juvmqymm.ini -> %SystemRoot%\System32\juvmqymm.ini
NY -> kamubwlq.dll -> %SystemRoot%\System32\kamubwlq.dll
NY -> kRutsBeg.ini -> %SystemRoot%\System32\kRutsBeg.ini
NY -> kRutsBeg.ini2 -> %SystemRoot%\System32\kRutsBeg.ini2
NY -> miwyeglo.ini -> %SystemRoot%\System32\miwyeglo.ini
NY -> nltbsjly.ini -> %SystemRoot%\System32\nltbsjly.ini
NY -> plardqtq.ini -> %SystemRoot%\System32\plardqtq.ini
NY -> ppfckwdf.ini -> %SystemRoot%\System32\ppfckwdf.ini
NY -> pVvGNXbc.ini -> %SystemRoot%\System32\pVvGNXbc.ini
NY -> pVvGNXbc.ini2 -> %SystemRoot%\System32\pVvGNXbc.ini2
NY -> PYIRuvut.ini -> %SystemRoot%\System32\PYIRuvut.ini
NY -> PYIRuvut.ini2 -> %SystemRoot%\System32\PYIRuvut.ini2
NY -> qXIhPqss.ini -> %SystemRoot%\System32\qXIhPqss.ini
NY -> qXIhPqss.ini2 -> %SystemRoot%\System32\qXIhPqss.ini2
NY -> rgopyjej.ini -> %SystemRoot%\System32\rgopyjej.ini
NY -> rtbxldvb.dll -> %SystemRoot%\System32\rtbxldvb.dll
NY -> SrCIRqss.ini -> %SystemRoot%\System32\SrCIRqss.ini
NY -> SrCIRqss.ini2 -> %SystemRoot%\System32\SrCIRqss.ini2
NY -> svDdeMoq.ini -> %SystemRoot%\System32\svDdeMoq.ini
NY -> svDdeMoq.ini2 -> %SystemRoot%\System32\svDdeMoq.ini2
NY -> tDKQtutv.ini -> %SystemRoot%\System32\tDKQtutv.ini
NY -> tDKQtutv.ini2 -> %SystemRoot%\System32\tDKQtutv.ini2
NY -> tuxHNoYb.ini -> %SystemRoot%\System32\tuxHNoYb.ini
NY -> tuxHNoYb.ini2 -> %SystemRoot%\System32\tuxHNoYb.ini2
NY -> TvCMWxbc.ini -> %SystemRoot%\System32\TvCMWxbc.ini
NY -> TvCMWxbc.ini2 -> %SystemRoot%\System32\TvCMWxbc.ini2
NY -> ubqgnnkr.ini -> %SystemRoot%\System32\ubqgnnkr.ini
NY -> vtUkhIca.dll -> %SystemRoot%\System32\vtUkhIca.dll
NY -> vvodpkip.ini -> %SystemRoot%\System32\vvodpkip.ini
NY -> VwFOonmp.ini -> %SystemRoot%\System32\VwFOonmp.ini
NY -> VwFOonmp.ini2 -> %SystemRoot%\System32\VwFOonmp.ini2
NY -> vyGPVxbc.ini -> %SystemRoot%\System32\vyGPVxbc.ini
NY -> vyGPVxbc.ini2 -> %SystemRoot%\System32\vyGPVxbc.ini2
NY -> XEfPoUvw.ini -> %SystemRoot%\System32\XEfPoUvw.ini
NY -> XEfPoUvw.ini2 -> %SystemRoot%\System32\XEfPoUvw.ini2
NY -> XHilknpo.ini -> %SystemRoot%\System32\XHilknpo.ini
NY -> XHilknpo.ini2 -> %SystemRoot%\System32\XHilknpo.ini2
NY -> yaHiPqru.ini -> %SystemRoot%\System32\yaHiPqru.ini
NY -> yaHiPqru.ini2 -> %SystemRoot%\System32\yaHiPqru.ini2
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> BM973d0d12.xml -> %AllUsersProfile%\BM973d0d12.xml
NY -> BM973d0d? -> %AllUsersProfile%\BM973d0d?
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
[Files/Folders - Modified Within 30 days]
NY -> dnbcdqwl.ini -> %SystemRoot%\System32\dnbcdqwl.ini
NY -> dpvbcncv.ini -> %SystemRoot%\System32\dpvbcncv.ini
NY -> FPpprBeg.ini -> %SystemRoot%\System32\FPpprBeg.ini
NY -> FPpprBeg.ini2 -> %SystemRoot%\System32\FPpprBeg.ini2
NY -> ggkbbcgx.ini -> %SystemRoot%\System32\ggkbbcgx.ini
NY -> gonbkrho.ini -> %SystemRoot%\System32\gonbkrho.ini
NY -> gtnnttat.ini -> %SystemRoot%\System32\gtnnttat.ini
NY -> gtnnttat.ini2 -> %SystemRoot%\System32\gtnnttat.ini2
NY -> hghmus.dll -> %SystemRoot%\System32\hghmus.dll
NY -> hiPYxyxx.ini -> %SystemRoot%\System32\hiPYxyxx.ini
NY -> hiPYxyxx.ini2 -> %SystemRoot%\System32\hiPYxyxx.ini2
NY -> HNVuDcdd.ini -> %SystemRoot%\System32\HNVuDcdd.ini
NY -> HNVuDcdd.ini2 -> %SystemRoot%\System32\HNVuDcdd.ini2
NY -> juvmqymm.ini -> %SystemRoot%\System32\juvmqymm.ini
NY -> kamubwlq.dll -> %SystemRoot%\System32\kamubwlq.dll
NY -> kRutsBeg.ini -> %SystemRoot%\System32\kRutsBeg.ini
NY -> kRutsBeg.ini2 -> %SystemRoot%\System32\kRutsBeg.ini2
NY -> miwyeglo.ini -> %SystemRoot%\System32\miwyeglo.ini
NY -> nltbsjly.ini -> %SystemRoot%\System32\nltbsjly.ini
NY -> plardqtq.ini -> %SystemRoot%\System32\plardqtq.ini
NY -> ppfckwdf.ini -> %SystemRoot%\System32\ppfckwdf.ini
NY -> pVvGNXbc.ini -> %SystemRoot%\System32\pVvGNXbc.ini
NY -> pVvGNXbc.ini2 -> %SystemRoot%\System32\pVvGNXbc.ini2
NY -> PYIRuvut.ini -> %SystemRoot%\System32\PYIRuvut.ini
NY -> PYIRuvut.ini2 -> %SystemRoot%\System32\PYIRuvut.ini2
NY -> qXIhPqss.ini -> %SystemRoot%\System32\qXIhPqss.ini
NY -> qXIhPqss.ini2 -> %SystemRoot%\System32\qXIhPqss.ini2
NY -> rgopyjej.ini -> %SystemRoot%\System32\rgopyjej.ini
NY -> rtbxldvb.dll -> %SystemRoot%\System32\rtbxldvb.dll
NY -> SrCIRqss.ini -> %SystemRoot%\System32\SrCIRqss.ini
NY -> SrCIRqss.ini2 -> %SystemRoot%\System32\SrCIRqss.ini2
NY -> svDdeMoq.ini -> %SystemRoot%\System32\svDdeMoq.ini
NY -> svDdeMoq.ini2 -> %SystemRoot%\System32\svDdeMoq.ini2
NY -> tDKQtutv.ini -> %SystemRoot%\System32\tDKQtutv.ini
NY -> tDKQtutv.ini2 -> %SystemRoot%\System32\tDKQtutv.ini2
NY -> tuxHNoYb.ini -> %SystemRoot%\System32\tuxHNoYb.ini
NY -> tuxHNoYb.ini2 -> %SystemRoot%\System32\tuxHNoYb.ini2
NY -> TvCMWxbc.ini -> %SystemRoot%\System32\TvCMWxbc.ini
NY -> TvCMWxbc.ini2 -> %SystemRoot%\System32\TvCMWxbc.ini2
NY -> ubqgnnkr.ini -> %SystemRoot%\System32\ubqgnnkr.ini
NY -> vvodpkip.ini -> %SystemRoot%\System32\vvodpkip.ini
NY -> VwFOonmp.ini -> %SystemRoot%\System32\VwFOonmp.ini
NY -> VwFOonmp.ini2 -> %SystemRoot%\System32\VwFOonmp.ini2
NY -> vyGPVxbc.ini -> %SystemRoot%\System32\vyGPVxbc.ini
NY -> vyGPVxbc.ini2 -> %SystemRoot%\System32\vyGPVxbc.ini2
NY -> XEfPoUvw.ini -> %SystemRoot%\System32\XEfPoUvw.ini
NY -> XEfPoUvw.ini2 -> %SystemRoot%\System32\XEfPoUvw.ini2
NY -> XHilknpo.ini -> %SystemRoot%\System32\XHilknpo.ini
NY -> XHilknpo.ini2 -> %SystemRoot%\System32\XHilknpo.ini2
NY -> yaHiPqru.ini -> %SystemRoot%\System32\yaHiPqru.ini
NY -> yaHiPqru.ini2 -> %SystemRoot%\System32\yaHiPqru.ini2
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> BM973d0d12.xml -> %AllUsersProfile%\BM973d0d12.xml
NY -> BM973d0d? -> %AllUsersProfile%\BM973d0d?
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:


    • File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:
1. The Avenger report (c:\Avenger.txt). This will be a small file and you will be able to post it.

2. The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. ) This will be a small file and you will be able to post it.

3. The new OTScanIt scan log. This may be a small enough to post, but if you are not able to post it then upload it to me here.
Let me know if you upload the OTScanIt scan log by posting a message here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 thiswilldestroyyou

thiswilldestroyyou
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 11 July 2008 - 09:29 AM

Wow, well I have no idea how it got so bad, and I would like to thank you for all the support.

F Secure Online Scan
Avenger Report
OTScanIt fix log
OTScanIt Scan log





Computer name: VISTA
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ H:\
Result: 14 malware found
Suspicious_F.gen (virus)

* H:\LOOPS\34 PLUG-INS FOR FRUITY LOOPS 5+ALL CRACK\VSTI\WAVE ARTS TRACKPLUG V3.03\WAVEARTS TRACKPLUG V3.03 KEYGEN.EXE (Submitted)
* H:\LOOPS\34 PLUG-INS FOR FRUITY LOOPS 5+ALL CRACK\VSTI\WAVE ARTS MASTERVERB V3.02\MASTERVERB V3.02 KEYGEN.EXE (Submitted)
* H:\PLUGINS\TRAPCODE STARGLOW V1.03\TRAPCODE.MULTIKEYGEN.V1.2.EXE (Submitted)
* H:\PLUGINS\TRAPCODE PARTICULAR V1.50\TRAPCODE.MULTIKEYGEN.V1.2.EXE (Submitted)
* H:\PLUGINS\TRAPCODE LUX V1.01\TRAPCODE.MULTIKEYGEN.V1.2.EXE (Submitted)
* H:\PLUGINS\TRAPCODE ECHOSPACE V1.0.1\TRAPCODE.MULTIKEYGEN.V1.2.EXE (Submitted)
* H:\PLUGINS\TRAPCODE 3DSTROKE V2.04\TRAPCODE.MULTIKEYGEN.V1.2.EXE (Submitted)
* H:\PLUGINS\STAGETOOLS MOVING PICTURE V5.06\STAGETOOLS.V5.X.MULTIKEYGEN.EXE (Submitted)
* H:\PLUGINS\PANOPTICUM WATER V1.03\PANOPTICUM.WATER.V1.03.FOR.AE.KEYGEN.EXE (Submitted)
* H:\DOWNLOADSSEPTEMBER\FINAL\FINAL DRAFT 7.1.3\FINALDRAFT713\KEYMAKER\ACTIVATION KEYMAKER.EXE (Submitted)
* H:\DOWNLOADSSEPTEMBER\FINAL\FINAL DRAFT 7.1.3\FINALDRAFT713\KEYMAKER\REGISTRATION KEYMAKER.EXE (Submitted)
* H:\DOWNLOADSSEPTEMBER\FINALDRAFT7KEYGENSND\ACTIVATION KEYMAKER.EXE (Submitted)
* H:\DOWNLOADSSEPTEMBER\FINALDRAFT7KEYGENSND\REGISTRATION KEYMAKER.EXE (Submitted)

Tracking Cookie (spyware)

* System

Statistics
Scanned:

* Files: 118382
* System: 7375
* Not scanned: 25

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 14
* Submitted: 13

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\HLKTMP
* C:\WINDOWS\TEMP\MCAFEE_04KZDIX67TFQEZP
* C:\WINDOWS\TEMP\MCMSC_7UHYWLHYYQFBGRY
* C:\WINDOWS\TEMP\MCMSC_BCHWBAFDZECHPGM
* C:\WINDOWS\TEMP\MCMSC_YOG9DFKVCHV9WNN
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F0510F2B7877D7709E74804F5377674_A5FBA298-F3A8-4827-A326-B8CB5105E0D3
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81B8384A05BC9D643DBDB8A5B8E0499C_A5FBA298-F3A8-4827-A326-B8CB5105E0D3
* C:\PROGRAM FILES\E FRONTIER\POSER 7\RUNTIME\PYTHON\LIB\TCL8.3\REG1.0\TCLREG83.DLL
* C:\BOOT\BCD

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-07-11
* F-Secure AVP: 7.0.171, 2008-07-10
* F-Secure Pegasus: 1.20.0, 2008-04-14

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics






Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\ProgramData\bm973d0d12.xml" deleted successfully.
File "C:\ProgramData\pskt.ini" deleted successfully.
File "C:\Windows\system32\dnbcdqwl.ini" deleted successfully.
File "C:\Windows\system32\dpvbcncv.ini" deleted successfully.
File "C:\Windows\system32\dunzip32.dll" deleted successfully.
File "C:\Windows\system32\fppprbeg.ini" deleted successfully.
File "C:\Windows\system32\fppprbeg.ini2" deleted successfully.
File "C:\Windows\system32\ggkbbcgx.ini" deleted successfully.
File "C:\Windows\system32\gonbkrho.ini" deleted successfully.
File "C:\Windows\system32\gtnnttat.ini" deleted successfully.
File "C:\Windows\system32\gtnnttat.ini2" deleted successfully.
File "C:\Windows\system32\hghmus.dll" deleted successfully.
File "C:\Windows\system32\hipyxyxx.ini" deleted successfully.
File "C:\Windows\system32\hipyxyxx.ini2" deleted successfully.
File "C:\Windows\system32\hnvudcdd.ini" deleted successfully.
File "C:\Windows\system32\hnvudcdd.ini2" deleted successfully.
File "C:\Windows\system32\juvmqymm.ini" deleted successfully.
File "C:\Windows\system32\kamubwlq.dll" deleted successfully.
File "C:\Windows\system32\krutsbeg.ini" deleted successfully.
File "C:\Windows\system32\krutsbeg.ini2" deleted successfully.
File "C:\Windows\system32\miwyeglo.ini" deleted successfully.
File "C:\Windows\system32\nltbsjly.ini" deleted successfully.
File "C:\Windows\system32\plardqtq.ini" deleted successfully.
File "C:\Windows\system32\ppfckwdf.ini" deleted successfully.
File "C:\Windows\system32\pvvgnxbc.ini" deleted successfully.
File "C:\Windows\system32\pvvgnxbc.ini2" deleted successfully.
File "C:\Windows\system32\pyiruvut.ini" deleted successfully.
File "C:\Windows\system32\pyiruvut.ini2" deleted successfully.
File "C:\Windows\system32\qxihpqss.ini" deleted successfully.
File "C:\Windows\system32\qxihpqss.ini2" deleted successfully.
File "C:\Windows\system32\rgopyjej.ini" deleted successfully.
File "C:\Windows\system32\rtbxldvb.dll" deleted successfully.
File "C:\Windows\system32\srcirqss.ini" deleted successfully.
File "C:\Windows\system32\srcirqss.ini2" deleted successfully.
File "C:\Windows\system32\svddemoq.ini" deleted successfully.
File "C:\Windows\system32\svddemoq.ini2" deleted successfully.
File "C:\Windows\system32\tdkqtutv.ini" deleted successfully.
File "C:\Windows\system32\tdkqtutv.ini2" deleted successfully.
File "C:\Windows\system32\tuxhnoyb.ini" deleted successfully.
File "C:\Windows\system32\tuxhnoyb.ini2" deleted successfully.
File "C:\Windows\system32\tvcmwxbc.ini" deleted successfully.
File "C:\Windows\system32\tvcmwxbc.ini2" deleted successfully.
File "C:\Windows\system32\ubqgnnkr.ini" deleted successfully.
File "C:\Windows\system32\vtukhica.dll" deleted successfully.
File "C:\Windows\system32\vvodpkip.ini" deleted successfully.
File "C:\Windows\system32\vwfoonmp.ini" deleted successfully.
File "C:\Windows\system32\vwfoonmp.ini2" deleted successfully.
File "C:\Windows\system32\vygpvxbc.ini" deleted successfully.
File "C:\Windows\system32\vygpvxbc.ini2" deleted successfully.
File "C:\Windows\system32\xefpouvw.ini" deleted successfully.
File "C:\Windows\system32\xefpouvw.ini2" deleted successfully.
File "C:\Windows\system32\xhilknpo.ini" deleted successfully.
File "C:\Windows\system32\xhilknpo.ini2" deleted successfully.
File "C:\Windows\system32\yahipqru.ini" deleted successfully.
File "C:\Windows\system32\yahipqru.ini2" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.







Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C66BB55C-2895-46BD-9873-49CE26D2CABA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C66BB55C-2895-46BD-9873-49CE26D2CABA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C85852E5-B868-4928-B07A-687BB00EC49F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C85852E5-B868-4928-B07A-687BB00EC49F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E20A1A40-A296-4234-8D95-B05EE88423FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E20A1A40-A296-4234-8D95-B05EE88423FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E19ADC6E-3909-43E4-9A89-B7B676377EE3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E19ADC6E-3909-43E4-9A89-B7B676377EE3}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{ACB49C92-878D-4769-8434-CAB327C277D7}\\ButtonText deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{ACB49C92-878D-4769-8434-CAB327C277D7}\\CLSID deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{ACB49C92-878D-4769-8434-CAB327C277D7}\\Default Visible deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{ACB49C92-878D-4769-8434-CAB327C277D7}\\Exec deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{ACB49C92-878D-4769-8434-CAB327C277D7}\\HotIcon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{ACB49C92-878D-4769-8434-CAB327C277D7}\\Icon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\ButtonText deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\CLSID deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\Default Visible deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\Exec deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\HotIcon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C0B3994C-2493-4F40-B6F6-3E5BD915A0B0}\\Icon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{EA977922-6C95-44E6-990C-DD22496818B7}\\ButtonText deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{EA977922-6C95-44E6-990C-DD22496818B7}\\CLSID deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{EA977922-6C95-44E6-990C-DD22496818B7}\\Default Visible deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{EA977922-6C95-44E6-990C-DD22496818B7}\\Exec deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{EA977922-6C95-44E6-990C-DD22496818B7}\\HotIcon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{EA977922-6C95-44E6-990C-DD22496818B7}\\Icon deleted successfully.
[Files/Folders - Created Within 30 days]
File C:\Windows\System32\dnbcdqwl.ini not found!
File C:\Windows\System32\dpvbcncv.ini not found!
File C:\Windows\System32\dunzip32.dll not found!
File C:\Windows\System32\FPpprBeg.ini not found!
File C:\Windows\System32\FPpprBeg.ini2 not found!
File C:\Windows\System32\ggkbbcgx.ini not found!
File C:\Windows\System32\gonbkrho.ini not found!
File C:\Windows\System32\gtnnttat.ini not found!
File C:\Windows\System32\gtnnttat.ini2 not found!
File C:\Windows\System32\hghmus.dll not found!
File C:\Windows\System32\hiPYxyxx.ini not found!
File C:\Windows\System32\hiPYxyxx.ini2 not found!
File C:\Windows\System32\HNVuDcdd.ini not found!
File C:\Windows\System32\HNVuDcdd.ini2 not found!
File C:\Windows\System32\juvmqymm.ini not found!
File C:\Windows\System32\kamubwlq.dll not found!
File C:\Windows\System32\kRutsBeg.ini not found!
File C:\Windows\System32\kRutsBeg.ini2 not found!
File C:\Windows\System32\miwyeglo.ini not found!
File C:\Windows\System32\nltbsjly.ini not found!
File C:\Windows\System32\plardqtq.ini not found!
File C:\Windows\System32\ppfckwdf.ini not found!
File C:\Windows\System32\pVvGNXbc.ini not found!
File C:\Windows\System32\pVvGNXbc.ini2 not found!
File C:\Windows\System32\PYIRuvut.ini not found!
File C:\Windows\System32\PYIRuvut.ini2 not found!
File C:\Windows\System32\qXIhPqss.ini not found!
File C:\Windows\System32\qXIhPqss.ini2 not found!
File C:\Windows\System32\rgopyjej.ini not found!
File C:\Windows\System32\rtbxldvb.dll not found!
File C:\Windows\System32\SrCIRqss.ini not found!
File C:\Windows\System32\SrCIRqss.ini2 not found!
File C:\Windows\System32\svDdeMoq.ini not found!
File C:\Windows\System32\svDdeMoq.ini2 not found!
File C:\Windows\System32\tDKQtutv.ini not found!
File C:\Windows\System32\tDKQtutv.ini2 not found!
File C:\Windows\System32\tuxHNoYb.ini not found!
File C:\Windows\System32\tuxHNoYb.ini2 not found!
File C:\Windows\System32\TvCMWxbc.ini not found!
File C:\Windows\System32\TvCMWxbc.ini2 not found!
File C:\Windows\System32\ubqgnnkr.ini not found!
File C:\Windows\System32\vtUkhIca.dll not found!
File C:\Windows\System32\vvodpkip.ini not found!
File C:\Windows\System32\VwFOonmp.ini not found!
File C:\Windows\System32\VwFOonmp.ini2 not found!
File C:\Windows\System32\vyGPVxbc.ini not found!
File C:\Windows\System32\vyGPVxbc.ini2 not found!
File C:\Windows\System32\XEfPoUvw.ini not found!
File C:\Windows\System32\XEfPoUvw.ini2 not found!
File C:\Windows\System32\XHilknpo.ini not found!
File C:\Windows\System32\XHilknpo.ini2 not found!
File C:\Windows\System32\yaHiPqru.ini not found!
File C:\Windows\System32\yaHiPqru.ini2 not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\BM973d0d12.xml not found!
File C:\ProgramData\BM973d0d? not found!
File C:\ProgramData\pskt.ini not found!
[Files/Folders - Modified Within 30 days]
File C:\Windows\System32\dnbcdqwl.ini not found!
File C:\Windows\System32\dpvbcncv.ini not found!
File C:\Windows\System32\FPpprBeg.ini not found!
File C:\Windows\System32\FPpprBeg.ini2 not found!
File C:\Windows\System32\ggkbbcgx.ini not found!
File C:\Windows\System32\gonbkrho.ini not found!
File C:\Windows\System32\gtnnttat.ini not found!
File C:\Windows\System32\gtnnttat.ini2 not found!
File C:\Windows\System32\hghmus.dll not found!
File C:\Windows\System32\hiPYxyxx.ini not found!
File C:\Windows\System32\hiPYxyxx.ini2 not found!
File C:\Windows\System32\HNVuDcdd.ini not found!
File C:\Windows\System32\HNVuDcdd.ini2 not found!
File C:\Windows\System32\juvmqymm.ini not found!
File C:\Windows\System32\kamubwlq.dll not found!
File C:\Windows\System32\kRutsBeg.ini not found!
File C:\Windows\System32\kRutsBeg.ini2 not found!
File C:\Windows\System32\miwyeglo.ini not found!
File C:\Windows\System32\nltbsjly.ini not found!
File C:\Windows\System32\plardqtq.ini not found!
File C:\Windows\System32\ppfckwdf.ini not found!
File C:\Windows\System32\pVvGNXbc.ini not found!
File C:\Windows\System32\pVvGNXbc.ini2 not found!
File C:\Windows\System32\PYIRuvut.ini not found!
File C:\Windows\System32\PYIRuvut.ini2 not found!
File C:\Windows\System32\qXIhPqss.ini not found!
File C:\Windows\System32\qXIhPqss.ini2 not found!
File C:\Windows\System32\rgopyjej.ini not found!
File C:\Windows\System32\rtbxldvb.dll not found!
File C:\Windows\System32\SrCIRqss.ini not found!
File C:\Windows\System32\SrCIRqss.ini2 not found!
File C:\Windows\System32\svDdeMoq.ini not found!
File C:\Windows\System32\svDdeMoq.ini2 not found!
File C:\Windows\System32\tDKQtutv.ini not found!
File C:\Windows\System32\tDKQtutv.ini2 not found!
File C:\Windows\System32\tuxHNoYb.ini not found!
File C:\Windows\System32\tuxHNoYb.ini2 not found!
File C:\Windows\System32\TvCMWxbc.ini not found!
File C:\Windows\System32\TvCMWxbc.ini2 not found!
File C:\Windows\System32\ubqgnnkr.ini not found!
File C:\Windows\System32\vvodpkip.ini not found!
File C:\Windows\System32\VwFOonmp.ini not found!
File C:\Windows\System32\VwFOonmp.ini2 not found!
File C:\Windows\System32\vyGPVxbc.ini not found!
File C:\Windows\System32\vyGPVxbc.ini2 not found!
File C:\Windows\System32\XEfPoUvw.ini not found!
File C:\Windows\System32\XEfPoUvw.ini2 not found!
File C:\Windows\System32\XHilknpo.ini not found!
File C:\Windows\System32\XHilknpo.ini2 not found!
File C:\Windows\System32\yaHiPqru.ini not found!
File C:\Windows\System32\yaHiPqru.ini2 not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\BM973d0d12.xml not found!
File C:\ProgramData\BM973d0d? not found!
File C:\ProgramData\pskt.ini not found!
[Empty Temp Folders]
File delete failed. C:\Users\Jeffrey\AppData\Local\Temp\fb_992.lck scheduled to be deleted on reboot.
File delete failed. C:\Users\Jeffrey\AppData\Local\Temp\~DF71E4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jeffrey\AppData\Local\Temp\~DF721F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jeffrey\AppData\Local\Temp\~DF972B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\hlktmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcafee_mB2hpQMcOepNSo8 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_4FMkl5YY5QRZdcL scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_FZCDS2vmCmkP1kc scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_pNugLpg5U6wBSWd scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.1 fix logfile created on 07112008_002238

Files moved on Reboot...
File C:\Users\Jeffrey\AppData\Local\Temp\fb_992.lck not found!
File C:\Users\Jeffrey\AppData\Local\Temp\~DF71E4.tmp not found!
File C:\Users\Jeffrey\AppData\Local\Temp\~DF721F.tmp not found!
C:\Users\Jeffrey\AppData\Local\Temp\~DF972B.tmp moved successfully.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
File C:\Windows\temp\mcafee_mB2hpQMcOepNSo8 not found!
File C:\Windows\temp\mcmsc_4FMkl5YY5QRZdcL not found!
File C:\Windows\temp\mcmsc_FZCDS2vmCmkP1kc not found!
File C:\Windows\temp\mcmsc_pNugLpg5U6wBSWd not found!






OTScanIt logfile created on: 7/11/2008 10:15:17 AM
OTScanIt by OldTimer - Version 1.0.16.1	 Folder = C:\Users\Jeffrey\Desktop\OTScanIt
Windows Vista   (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16681)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.37% Memory free
4.00 Gb Paging File | 3.32 Gb Available in Paging File | 83.09% Paging File free
Paging file location(s): ?:\pagefile.sys;
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 4.17 Gb Free Space | 3.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.00 Gb Free Space | 60.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.91 Gb Total Space | 0.01 Gb Free Space | 0.63% Space Free | Partition Type: FAT
Drive H: | 232.83 Gb Total Space | 41.84 Gb Free Space | 17.97% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: VISTA
Current User Name: Jeffrey
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
btwdins.exe -> %ProgramFiles%\MSI\Star Key Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.2900 | Size = 258103 bytes | Modified Date = 9/19/2005 4:56:06 PM | Attr =	]
lxbtcoms.exe -> %SystemRoot%\System32\lxbtcoms.exe ->   [Ver = 6.4.29.0 | Size = 537520 bytes | Modified Date = 5/3/2007 3:48:52 AM | Attr =	]
mbackmonitor.exe -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> McAfee [Ver = 1.0.2564.29819 | Size = 71208 bytes | Modified Date = 1/16/2007 1:59:46 PM | Attr =	]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr =	]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr =	]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr =	]
stacsv.exe -> %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stacsv.exe -> SigmaTel, Inc. [Ver = 1.0.5343.1  nd544 cp1 | Size = 90112 bytes | Modified Date = 2/8/2007 1:16:22 AM | Attr =	]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 8/4/2006 8:39:20 PM | Attr =	]
sdwinsec.exe -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 11 | Size = 810320 bytes | Modified Date = 1/28/2008 11:43:32 AM | Attr =	]
sttray.exe -> %SystemRoot%\sttray.exe -> SigmaTel, Inc. [Ver = 1.0.5343.1  nd544 cp1 | Size = 303104 bytes | Modified Date = 2/8/2007 1:16:24 AM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr =	]
cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> BroadJump, Inc. [Ver = 1, 0, 6, 0 | Size = 483394 bytes | Modified Date = 12/17/2001 11:18:06 AM | Attr =	]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr =	]
mcafeedatabackup.exe -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe -> McAfee [Ver = 0.9.2575.40163 | Size = 4838952 bytes | Modified Date = 1/16/2007 1:59:50 PM | Attr =	]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software  [Ver = 1, 0, 0, 2 | Size = 45056 bytes | Modified Date = 9/22/2006 9:35:58 AM | Attr =	]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr =	]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr =	]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr =	]
mcuimgr.exe -> %ProgramFiles%\McAfee\MSC\mcuimgr.exe -> McAfee, Inc. [Ver = 8,0,226,0 | Size = 265040 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.1 | Size = 396800 bytes | Modified Date = 7/5/2008 11:19:06 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 4/18/2007 8:14:59 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\MSI\Star Key Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.2900 | Size = 258103 bytes | Modified Date = 9/19/2005 4:56:06 PM | Attr =	]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 70656 bytes | Modified Date = 11/7/2006 1:27:02 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 4/23/2007 6:34:04 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 4/15/2007 4:09:15 PM | Attr =	]
(HoudiniLicenseServer) HoudiniLicenseServer [Win32_Own | Disabled | Stopped] -> %SystemRoot%\System32\sesinetd.exe -> Side Effects Software Inc. [Ver = 9, 0, 0, 719 | Size = 2138112 bytes | Modified Date = 9/14/2007 2:49:06 AM | Attr =	]
(HoudiniServer) HoudiniServer [Win32_Own | Disabled | Stopped] -> %SystemRoot%\System32\hserver.exe -> Side Effects Software Inc. [Ver = 9, 0, 0, 719 | Size = 2060288 bytes | Modified Date = 9/14/2007 3:46:56 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 2:10:24 PM | Attr =	]
(lxbt_device) lxbt_device [Win32_Own | Auto | Running] -> %SystemRoot%\System32\lxbtcoms.exe ->   [Ver = 6.4.29.0 | Size = 537520 bytes | Modified Date = 5/3/2007 3:48:52 AM | Attr =	]
(MBackMonitor) MBackMonitor [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> McAfee [Ver = 1.0.2564.29819 | Size = 71208 bytes | Modified Date = 1/16/2007 1:59:46 PM | Attr =	]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr =	]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr =	]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 11/7/2007 9:35:40 AM | Attr =	]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr =	]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr =	]
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr =	]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr =	]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 2, 0 | Size = 774144 bytes | Modified Date = 11/10/2006 7:18:02 PM | Attr =	]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 880640 bytes | Modified Date = 11/5/2006 11:15:12 AM | Attr =	]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 11/5/2006 11:13:00 AM | Attr =	]
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 11 | Size = 810320 bytes | Modified Date = 1/28/2008 11:43:32 AM | Attr =	]
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stacsv.exe -> SigmaTel, Inc. [Ver = 1.0.5343.1  nd544 cp1 | Size = 90112 bytes | Modified Date = 2/8/2007 1:16:22 AM | Attr =	]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 9/14/2006 2:54:34 PM | Attr =	]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(wampapache) wampapache [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\wamp\bin\apache\apache2.2.6\bin\httpd.exe -> Apache Software Foundation [Ver = 2.2.6 | Size = 24635 bytes | Modified Date = 9/5/2007 9:59:02 AM | Attr =	]
(wampmysqld) wampmysqld [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe ->  [Ver =  | Size = 5730304 bytes | Modified Date = 7/6/2007 2:14:02 PM | Attr =	]
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 8/4/2006 8:39:20 PM | Attr =	]
(0065301215765137mcinstcleanup) McAfee Application Installer Cleanup (0065301215765137) [Win32_Own | Auto | Stopped] -> %SystemRoot%\TEMP\006530~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 8:51:56 PM | Attr =	]
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe [C:\Program Files\BroadJump\Client Foundation\CFD.exe] -> BroadJump, Inc. [Ver = 1, 0, 6, 0 | Size = 483394 bytes | Modified Date = 12/17/2001 11:18:06 AM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr =	]
LXBTCATS -> %SystemRoot%\System32\spool\drivers\w32x86\3\lxbttime.dll [rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16] ->  [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 2/22/2007 5:46:50 AM | Attr =	]
lxbtmon.exe -> %ProgramFiles%\Lexmark 5200 Series\lxbtmon.exe ["C:\Program Files\Lexmark 5200 Series\lxbtmon.exe"] -> Lexmark International, Inc. [Ver = 3.124.0.0 | Size = 230320 bytes | Modified Date = 5/3/2007 3:50:24 AM | Attr =	]
MBkLogOnHook -> %ProgramFiles%\McAfee\MBK\LogonHook.exe [C:\Program Files\McAfee\MBK\LogOnHook.exe] -> McAfee [Ver = 1.0.2563.24415 | Size = 20480 bytes | Modified Date = 1/8/2007 11:22:46 AM | Attr =	]
McAfee Backup -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe [C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe] -> McAfee [Ver = 0.9.2575.40163 | Size = 4838952 bytes | Modified Date = 1/16/2007 1:59:50 PM | Attr =	]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr =	]
NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.11.6369 | Size = 8497696 bytes | Modified Date = 9/11/2007 10:28:00 PM | Attr =	]
NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.11.6369 | Size = 81920 bytes | Modified Date = 9/11/2007 10:28:00 PM | Attr =	]
NvSvc -> %SystemRoot%\System32\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.11.6369 | Size = 86016 bytes | Modified Date = 9/11/2007 10:28:00 PM | Attr =	]
SigmatelSysTrayApp -> %SystemRoot%\sttray.exe [sttray.exe] -> SigmaTel, Inc. [Ver = 1.0.5343.1  nd544 cp1 | Size = 303104 bytes | Modified Date = 2/8/2007 1:16:24 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Aim6 ->  [] -> File not found
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2923520 bytes | Modified Date = 10/24/2007 3:17:59 PM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 24576 bytes | Modified Date = 11/2/2006 5:45:50 AM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 11315200 bytes | Modified Date = 8/30/2007 9:06:14 AM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 238080 bytes | Modified Date = 11/2/2006 5:44:42 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
TORiSAN CD-ROM CDR_C36 ->  -> File not found
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 67072 bytes | Modified Date = 11/2/2006 4:51:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> SCSI\CdRom&Ven_HL-DT-ST&Prod_DVD+-RW_GSA-H31N\4&21479b0c&0&000100 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> USBSTOR\CdRom&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_2.18\00001779A962A3C4&1 -> 
< Drives - Autoruns > ->  -> 
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] ->  [Ver =  | Size = 24 bytes | Modified Date = 9/18/2006 5:43:36 PM | Attr =	]
autorun [] -> H:\autorun [ FAT32 ] ->  [Folder | Modified Date = 4/24/2006 12:44:54 AM | Attr =	]
autorun.inf [[autorun] | ICON=AUTORUN\WDLOGO.ICO | ] -> H:\autorun.inf [ FAT32 ] ->  [Ver =  | Size = 36 bytes | Modified Date = 11/15/2005 11:08:04 AM | Attr =  H ]
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> 
::1			 localhost -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.comcast.net -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www6.comcast.net/a/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
free_aol.com [http] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr =	]
{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [Alcohol Toolbar Helper] ->  [Ver = 3,2,0,0 | Size = 798720 bytes | Modified Date = 6/17/2007 4:28:07 PM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 4/15/2007 4:09:13 PM | Attr = R  ]
{c96e4bf5-80f3-4cd2-9c6b-131e0e4c7f20} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hghmus.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 4/15/2007 4:09:13 PM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 4/15/2007 4:09:13 PM | Attr = R  ]
WebBrowser\\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [Alcohol Toolbar] ->  [Ver = 3,2,0,0 | Size = 798720 bytes | Modified Date = 6/17/2007 4:28:07 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr =	]
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:BandCLSID -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 516096 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Send image to &Bluetooth Device... -> %ProgramFiles%\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ->  [Ver =  | Size = 1320 bytes | Modified Date = 5/29/2003 2:53:12 PM | Attr =	]
Send page to &Bluetooth Device... -> %ProgramFiles%\MSI\Star Key Bluetooth Software\btsendto_ie.htm ->  [Ver =  | Size = 2681 bytes | Modified Date = 5/29/2003 2:53:08 PM | Attr =	]
Sothink SWF Catcher -> %CommonProgramFiles%\SourceTec\SWF Catcher\InternetExplorer.htm ->  [Ver =  | Size = 191 bytes | Modified Date = 2/9/2007 10:00:00 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{28313D46-8C2C-43DD-B94A-5D4BE76BC426} ->	() -> 
{BBDC249A-7A4A-4C2D-88C9-24493F2386F3} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
ldap -> 4 = Restricted sites (Not a Default Protocol) -> 
news -> 4 = Restricted sites (Not a Default Protocol) -> 
nntp -> 4 = Restricted sites (Not a Default Protocol) -> 
oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 
snews -> 4 = Restricted sites (Not a Default Protocol) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 7/11/2008 12:14:10 AM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 7/10/2008 7:08:13 PM | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 7/9/2008 3:24:51 PM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 7/11/2008 12:28:22 AM | Attr =	]
kav -> %SystemDrive%\kav ->  [Folder | Created Date = 7/10/2008 8:16:19 AM | Attr =	]
ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TM.blf -> %SystemDrive%\ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TM.blf ->  [Ver =  | Size = 65536 bytes | Created Date = 7/2/2008 9:37:36 PM | Attr =  HS]
ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TMContainer00000000000000000001.regtrans-ms -> %SystemDrive%\ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TMContainer00000000000000000001.regtrans-ms ->  [Ver =  | Size = 524288 bytes | Created Date = 7/2/2008 9:37:36 PM | Attr =  HS]
ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TMContainer00000000000000000002.regtrans-ms -> %SystemDrive%\ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TMContainer00000000000000000002.regtrans-ms ->  [Ver =  | Size = 524288 bytes | Created Date = 7/2/2008 9:37:36 PM | Attr =  HS]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 7/10/2008 4:16:58 PM | Attr =	]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Created Date = 7/10/2008 4:16:57 PM | Attr =	]
CmdLineExt03.dll -> %SystemRoot%\System32\CmdLineExt03.dll ->  [Ver =  | Size = 43520 bytes | Created Date = 6/24/2008 12:08:45 PM | Attr =	]
dunzip32.dll -> %SystemRoot%\System32\dunzip32.dll -> Inner Media, Inc. [Ver = 5.00.06 | Size = 143360 bytes | Created Date = 7/11/2008 4:31:42 AM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 7/9/2008 3:25:18 PM | Attr =	]
2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
patchw32.dll -> %SystemRoot%\patchw32.dll ->  [Ver =  | Size = 197120 bytes | Created Date = 6/24/2008 11:56:30 AM | Attr =	]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 342 bytes | Created Date = 6/14/2008 7:39:29 AM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 334 bytes | Created Date = 6/14/2008 7:39:26 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
BM973d0d? -> %AllUsersProfile%\BM973d0d蠱 ->  [Ver =  | Size = 102425 bytes | Modified Date = 6/26/2008 9:52:29 PM | Attr =	]
Kaspersky Lab -> %AllUsersProfile%\Kaspersky Lab ->  [Folder | Created Date = 7/10/2008 8:19:28 AM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Malwarebytes ->  [Folder | Created Date = 7/10/2008 4:16:58 PM | Attr =	]
ntuser.pol -> %AllUsersProfile%\ntuser.pol ->  [Ver =  | Size = 258 bytes | Created Date = 7/4/2008 1:55:01 AM | Attr = RHS]
Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy ->  [Folder | Created Date = 7/2/2008 9:37:07 PM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com ->  [Folder | Created Date = 7/9/2008 6:35:58 PM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 7/10/2008 4:17:03 PM | Attr =	]
McAfee -> %AppData%\McAfee ->  [Folder | Created Date = 7/8/2008 2:35:13 PM | Attr =	]
ApplicationHistory -> %UserProfile%\AppData\Local\ApplicationHistory ->  [Folder | Created Date = 7/8/2008 2:34:32 PM | Attr =	]
fusioncache.dat -> %UserProfile%\AppData\Local\fusioncache.dat ->  [Ver =  | Size = 95 bytes | Created Date = 7/8/2008 2:34:49 PM | Attr =	]
computers.xls -> %UserProfile%\Documents\computers.xls ->  [Ver =  | Size = 15360 bytes | Created Date = 6/22/2008 3:30:18 PM | Attr =	]
erin's!!!.doc -> %UserProfile%\Documents\erin's!!!.doc ->  [Ver =  | Size = 3263488 bytes | Created Date = 6/12/2008 4:24:18 PM | Attr =	]
FileZilla_3.0.10_win32-setup.exe -> %UserProfile%\Documents\FileZilla_3.0.10_win32-setup.exe ->  [Ver =  | Size = 3193272 bytes | Created Date = 6/14/2008 2:25:51 PM | Attr =	]
invoice -> %UserProfile%\Documents\invoice ->  [Folder | Created Date = 6/22/2008 2:46:50 PM | Attr =	]
2 C:\Users\Jeffrey\Documents\*.tmp files -> C:\Users\Jeffrey\Documents\*.tmp -> 
riddle.doc -> %UserProfile%\Documents\riddle.doc ->  [Ver =  | Size = 7056896 bytes | Created Date = 6/15/2008 11:43:14 AM | Attr =	]
scan.html -> %UserProfile%\Documents\scan.html ->  [Ver =  | Size = 13643 bytes | Created Date = 7/10/2008 7:59:29 AM | Attr =	]
vocabchartback1.doc -> %UserProfile%\Documents\vocabchartback1.doc ->  [Ver =  | Size = 39936 bytes | Created Date = 6/12/2008 10:51:11 PM | Attr =	]
vocabchartfront1.doc -> %UserProfile%\Documents\vocabchartfront1.doc ->  [Ver =  | Size = 39936 bytes | Created Date = 6/12/2008 9:56:24 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 820 bytes | Created Date = 7/10/2008 4:16:59 PM | Attr =	]
McAfee Security Center.lnk -> %SystemDrive%\Users\Public\Desktop\McAfee Security Center.lnk ->  [Ver =  | Size = 813 bytes | Created Date = 6/30/2008 9:15:48 PM | Attr =	]
RollerCoaster Tycoon 3.lnk -> %SystemDrive%\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk ->  [Ver =  | Size = 1880 bytes | Created Date = 6/24/2008 11:56:55 AM | Attr =	]
.DS_Store -> %UserProfile%\Desktop\.DS_Store ->  [Ver =  | Size = 6148 bytes | Created Date = 6/30/2008 5:59:40 PM | Attr =  H ]
370_iPhone___iPod_Wallpapers_by_manicho.zip -> %UserProfile%\Desktop\370_iPhone___iPod_Wallpapers_by_manicho.zip ->  [Ver =  | Size = 29516079 bytes | Created Date = 6/23/2008 10:40:06 AM | Attr =	]
43ba009eb60d944a0f24982e53284281 -> %UserProfile%\Desktop\43ba009eb60d944a0f24982e53284281 ->  [Folder | Created Date = 6/23/2008 3:03:47 PM | Attr =	]
43ba009eb60d944a0f24982e53284281.zip -> %UserProfile%\Desktop\43ba009eb60d944a0f24982e53284281.zip ->  [Ver =  | Size = 2909622 bytes | Created Date = 6/23/2008 10:42:04 AM | Attr =	]
4dtire -> %UserProfile%\Desktop\4dtire ->  [Folder | Created Date = 7/4/2008 2:03:21 AM | Attr =	]
Ace-Enders -> %UserProfile%\Desktop\Ace-Enders ->  [Folder | Created Date = 6/20/2008 8:21:24 PM | Attr =	]
Ace-Enders.zip -> %UserProfile%\Desktop\Ace-Enders.zip ->  [Ver =  | Size = 38899210 bytes | Created Date = 6/18/2008 9:50:39 AM | Attr =	]
acecovervr7.jpg -> %UserProfile%\Desktop\acecovervr7.jpg ->  [Ver =  | Size = 203956 bytes | Created Date = 6/22/2008 1:01:57 PM | Attr =	]
AR text logo.tif -> %UserProfile%\Desktop\AR text logo.tif ->  [Ver =  | Size = 2613924 bytes | Created Date = 7/5/2008 2:05:41 PM | Attr =	]
ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 7/9/2008 6:27:23 PM | Attr =	]
autoruns.chm -> %UserProfile%\Desktop\autoruns.chm ->  [Ver =  | Size = 48476 bytes | Created Date = 7/9/2008 6:11:37 PM | Attr =	]
autoruns.exe -> %UserProfile%\Desktop\autoruns.exe -> Sysinternals - www.sysinternals.com [Ver = 9.21 | Size = 622632 bytes | Created Date = 7/9/2008 6:11:37 PM | Attr =	]
Autoruns.zip -> %UserProfile%\Desktop\Autoruns.zip ->  [Ver =  | Size = 559050 bytes | Created Date = 7/9/2008 6:11:31 PM | Attr =	]
autorunsc.exe -> %UserProfile%\Desktop\autorunsc.exe -> Sysinternals - www.sysinternals.com [Ver = 9.20 | Size = 520232 bytes | Created Date = 7/9/2008 6:11:38 PM | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Created Date = 7/11/2008 12:12:22 AM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 724952 bytes | Created Date = 7/11/2008 12:11:53 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
Capture.JPG -> %UserProfile%\Desktop\Capture.JPG ->  [Ver =  | Size = 46847 bytes | Created Date = 6/22/2008 2:38:23 PM | Attr =	]
defaultVistaHomePremium.bat -> %UserProfile%\Desktop\defaultVistaHomePremium.bat ->  [Ver =  | Size = 7772 bytes | Created Date = 7/3/2008 8:53:58 PM | Attr =	]
defaultVistaHomePremium.reg -> %UserProfile%\Desktop\defaultVistaHomePremium.reg ->  [Ver =  | Size = 13980 bytes | Created Date = 7/3/2008 8:43:04 PM | Attr =	]
Download_mbam-setup.exe -> %UserProfile%\Desktop\Download_mbam-setup.exe -> Digital River [Ver = 1.0.0.1 | Size = 128368 bytes | Created Date = 7/9/2008 6:28:47 PM | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 7/9/2008 3:24:45 PM | Attr =	]
free_invoice_template -> %UserProfile%\Desktop\free_invoice_template ->  [Folder | Created Date = 6/22/2008 1:05:11 PM | Attr =	]
free_invoice_template.zip -> %UserProfile%\Desktop\free_invoice_template.zip ->  [Ver =  | Size = 39942 bytes | Created Date = 6/22/2008 1:00:16 PM | Attr =	]
kav7.0.1.325en.exe -> %UserProfile%\Desktop\kav7.0.1.325en.exe -> Kaspersky Lab												[Ver = 7.0.1.325													| Size = 29143641 bytes | Created Date = 7/10/2008 8:15:22 AM | Attr =	]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation									 [Ver = 1.20				 | Size = 1774048 bytes | Created Date = 7/10/2008 4:16:05 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 7/10/2008 7:13:55 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568114 bytes | Created Date = 7/10/2008 7:05:56 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Prevx2Agent.1.0.2.127.Vista.exe -> %UserProfile%\Desktop\Prevx2Agent.1.0.2.127.Vista.exe ->  [Ver =  | Size = 15378520 bytes | Created Date = 7/4/2008 1:50:26 AM | Attr =	]
Prom -> %UserProfile%\Desktop\Prom ->  [Folder | Created Date = 6/22/2008 12:09:06 AM | Attr =	]
pstix.jpg -> %UserProfile%\Desktop\pstix.jpg ->  [Ver =  | Size = 488059 bytes | Created Date = 7/6/2008 9:34:05 PM | Attr =	]
pstix.psd -> %UserProfile%\Desktop\pstix.psd ->  [Ver =  | Size = 3551863 bytes | Created Date = 7/6/2008 9:13:42 PM | Attr =	]
pstix2.psd -> %UserProfile%\Desktop\pstix2.psd ->  [Ver =  | Size = 4184672 bytes | Created Date = 7/6/2008 9:22:25 PM | Attr =	]
Reggie and the Full Effect~Last Stop Crappy Town-2008 (V0).rar -> %UserProfile%\Desktop\Reggie and the Full Effect~Last Stop Crappy Town-2008 (V0).rar ->  [Ver =  | Size = 79250363 bytes | Created Date = 6/23/2008 2:42:24 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 1057 bytes | Created Date = 7/2/2008 9:37:12 PM | Attr =	]
SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5797152 bytes | Created Date = 7/9/2008 6:27:22 PM | Attr =	]
Untitled-1.psd -> %UserProfile%\Desktop\Untitled-1.psd ->  [Ver =  | Size = 2775827 bytes | Created Date = 7/6/2008 9:33:42 PM | Attr =	]
PocketSoft -> %CommonProgramFiles%\PocketSoft ->  [Folder | Created Date = 6/24/2008 11:56:29 AM | Attr =	]
Atari -> %ProgramFiles%\Atari ->  [Folder | Created Date = 6/24/2008 11:51:42 AM | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 7/10/2008 4:16:56 PM | Attr =	]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 7/2/2008 9:37:07 PM | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware ->  [Folder | Created Date = 7/9/2008 6:35:14 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 7/11/2008 12:15:31 AM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 7/10/2008 7:10:37 PM | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 7/9/2008 3:24:51 PM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 7/11/2008 12:28:22 AM | Attr =	]
kav -> %SystemDrive%\kav ->  [Folder | Modified Date = 7/10/2008 8:16:19 AM | Attr =	]
ntuser.dat -> %SystemDrive%\ntuser.dat ->  [Ver =  | Size = 262144 bytes | Modified Date = 7/9/2008 4:01:47 PM | Attr =	]
ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TM.blf -> %SystemDrive%\ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TM.blf ->  [Ver =  | Size = 65536 bytes | Modified Date = 7/2/2008 10:45:33 PM | Attr =  HS]
ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TMContainer00000000000000000001.regtrans-ms -> %SystemDrive%\ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TMContainer00000000000000000001.regtrans-ms ->  [Ver =  | Size = 524288 bytes | Modified Date = 7/2/2008 10:45:33 PM | Attr =  HS]
ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TMContainer00000000000000000002.regtrans-ms -> %SystemDrive%\ntuser.dat{ed7c0a33-484e-11dd-a331-00188b6ea3a9}.TMContainer00000000000000000002.regtrans-ms ->  [Ver =  | Size = 524288 bytes | Modified Date = 7/2/2008 10:45:33 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 7/11/2008 12:14:10 AM | Attr = R  ]
ProgramData -> %AllUsersProfile% ->  [Folder | Modified Date = 7/11/2008 12:14:10 AM | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 7/11/2008 4:00:05 AM | Attr =  HS]
Tyler -> %SystemDrive%\Tyler ->  [Folder | Modified Date = 7/4/2008 11:09:00 AM | Attr =	]
Windows -> %SystemRoot% ->  [Folder | Modified Date = 7/11/2008 12:25:19 AM | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/7/2008 5:35:30 PM | Attr =	]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 34296 bytes | Modified Date = 7/7/2008 5:35:36 PM | Attr =	]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3584 bytes | Modified Date = 7/11/2008 9:24:47 AM | Attr =  H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3584 bytes | Modified Date = 7/11/2008 9:24:47 AM | Attr =  H ]
catroot -> %SystemRoot%\System32\catroot ->  [Folder | Modified Date = 7/10/2008 7:08:43 PM | Attr =	]
1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> 
catroot2 -> %SystemRoot%\System32\catroot2 ->  [Folder | Modified Date = 7/10/2008 8:18:48 AM | Attr =	]
CmdLineExt03.dll -> %SystemRoot%\System32\CmdLineExt03.dll ->  [Ver =  | Size = 43520 bytes | Modified Date = 6/24/2008 1:06:21 PM | Attr =	]
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 3384 bytes | Modified Date = 7/11/2008 12:25:34 AM | Attr =	]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 7/11/2008 12:14:10 AM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 6/27/2008 12:56:22 PM | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 7/10/2008 1:01:46 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 776328 bytes | Modified Date = 7/8/2008 2:13:33 PM | Attr =	]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Modified Date = 7/4/2008 1:55:00 AM | Attr =  H ]
migration -> %SystemRoot%\System32\migration ->  [Folder | Modified Date = 6/11/2008 4:09:04 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 107508 bytes | Modified Date = 7/6/2008 7:46:04 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 626738 bytes | Modified Date = 7/6/2008 7:46:04 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 729436 bytes | Modified Date = 7/6/2008 7:46:04 PM | Attr =	]
Tasks -> %SystemRoot%\System32\Tasks ->  [Folder | Modified Date = 7/8/2008 2:26:58 PM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 6/11/2008 4:09:03 PM | Attr =	]
2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 6/15/2008 3:15:12 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 67584 bytes | Modified Date = 7/11/2008 12:24:42 AM | Attr =   S]
bthservsdp.dat -> %SystemRoot%\bthservsdp.dat ->  [Ver =  | Size = 12 bytes | Modified Date = 7/11/2008 12:23:05 AM | Attr =	]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Modified Date = 7/10/2008 12:53:30 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 7/11/2008 10:14:03 AM | Attr =   S]
ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 7/3/2008 9:05:03 PM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 7/9/2008 3:25:18 PM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 7/6/2008 9:16:44 PM | Attr = R S]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 7/11/2008 12:10:13 AM | Attr =	]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 7/10/2008 7:09:43 PM | Attr =  HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 6/15/2008 3:15:13 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 7/11/2008 10:13:16 AM | Attr =	]
System32 -> %SystemRoot%\System32 ->  [Folder | Modified Date = 7/11/2008 4:31:42 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 7/10/2008 12:50:11 AM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 7/11/2008 10:14:30 AM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 1181 bytes | Modified Date = 7/3/2008 9:37:34 PM | Attr =	]
winsxs -> %SystemRoot%\winsxs ->  [Folder | Modified Date = 7/10/2008 1:01:47 AM | Attr =	]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 342 bytes | Modified Date = 6/15/2008 2:37:38 AM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 334 bytes | Modified Date = 7/1/2008 1:00:41 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 7/11/2008 12:24:46 AM | Attr =  H ]
User_Feed_Synchronization-{E3E2641F-93E1-4E50-A919-D5F2AFC93282}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{E3E2641F-93E1-4E50-A919-D5F2AFC93282}.job ->  [Ver =  | Size = 422 bytes | Modified Date = 7/11/2008 10:15:08 AM | Attr =  H ]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys ->  [Folder | Modified Date = 7/11/2008 12:24:46 AM | Attr =	]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat ->  [Ver =  | Size = 8 bytes | Modified Date = 4/15/2007 6:55:22 PM | Attr =	]
C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader ->  [Folder | Modified Date = 11/2/2006 9:04:06 AM | Attr =	]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 13656 bytes | Modified Date = 7/9/2008 1:56:36 PM | Attr =	]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 15134 bytes | Modified Date = 7/9/2008 1:56:36 PM | Attr =	]
C:\ProgramData\Microsoft\Office\Data\ -> C:\ProgramData\Microsoft\Office\Data ->  [Folder | Modified Date = 4/15/2007 6:20:03 PM | Attr =	]
data.dat -> C:\ProgramData\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 3804 bytes | Modified Date = 6/5/2007 6:13:46 PM | Attr =	]
C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData ->  [Folder | Modified Date = 4/16/2007 3:24:19 PM | Attr =	]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT ->  [Ver =  | Size = 209760 bytes | Modified Date = 7/11/2008 12:40:46 AM | Attr =	]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 7/11/2008 12:40:49 AM | Attr =	]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 7/11/2008 12:40:46 AM | Attr =	]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT ->  [Ver =  | Size = 8760 bytes | Modified Date = 7/11/2008 12:40:42 AM | Attr =	]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT ->  [Ver =  | Size = 9108 bytes | Modified Date = 7/11/2008 12:40:49 AM | Attr =	]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT ->  [Ver =  | Size = 134048 bytes | Modified Date = 7/11/2008 12:40:45 AM | Attr =	]
C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures ->  [Folder | Modified Date = 5/4/2007 8:26:39 PM | Attr =	]
Erin.dat -> C:\ProgramData\Microsoft\User Account Pictures\Erin.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 5/4/2007 8:26:39 PM | Attr =	]
Jeffrey.dat -> C:\ProgramData\Microsoft\User Account Pictures\Jeffrey.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 4/15/2007 1:55:37 PM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\ -> C:\Users\Jeffrey\AppData\Local\Temp ->  [Folder | Modified Date = 7/11/2008 10:15:14 AM | Attr =	]
fsgk32.exe -> C:\Users\Jeffrey\AppData\Local\Temp\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
fssm32.exe -> C:\Users\Jeffrey\AppData\Local\Temp\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
2 C:\Users\Jeffrey\AppData\Local\Temp\*.tmp files -> C:\Users\Jeffrey\AppData\Local\Temp\*.tmp -> 
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/11/2008 12:31:31 AM | Attr =	]
fsgk32.exe -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
fssm32.exe -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
fsgk32.exe -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
fssm32.exe -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\ -> C:\Users\Jeffrey\AppData\Local\Temp ->  [Folder | Modified Date = 7/11/2008 10:15:14 AM | Attr =	]
daas_s.dll -> C:\Users\Jeffrey\AppData\Local\Temp\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 7/11/2008 12:31:25 AM | Attr =	]
fm4av.dll -> C:\Users\Jeffrey\AppData\Local\Temp\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
2 C:\Users\Jeffrey\AppData\Local\Temp\*.tmp files -> C:\Users\Jeffrey\AppData\Local\Temp\*.tmp -> 
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/11/2008 12:31:31 AM | Attr =	]
AVPFPI0.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 7/11/2008 12:30:56 AM | Attr =	]
avpproxy.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 7/11/2008 12:30:56 AM | Attr =	]
daas_s.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr =	]
fm4av.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
fpinor.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
fsbl.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
fsblu.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 7/11/2008 12:30:36 AM | Attr =	]
fsecr32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsgkiapi.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
fsmart.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 7/11/2008 12:30:54 AM | Attr =	]
fspe32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fssubmit.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 7/11/2008 12:30:48 AM | Attr =	]
fsup32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupcx32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupfg32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupmw32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupnp32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupux32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupwu32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsusscr.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 7/11/2008 12:30:54 AM | Attr =	]
Nse_w32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 7/11/2008 12:30:45 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
AVPFPI0.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 7/11/2008 12:30:56 AM | Attr =	]
avpproxy.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 7/11/2008 12:30:56 AM | Attr =	]
fm4av.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
fpinor.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
fsbl.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
fsgkiapi.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsecr32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fspe32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsup32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupcx32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupfg32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupmw32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupnp32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupux32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupwu32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 7/11/2008 12:30:54 AM | Attr =	]
fsmart.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 7/11/2008 12:30:54 AM | Attr =	]
fsusscr.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 7/11/2008 12:30:54 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 7/11/2008 12:30:45 AM | Attr =	]
Nse_w32.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 7/11/2008 12:30:45 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 7/11/2008 12:30:48 AM | Attr =	]
fssubmit.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 7/11/2008 12:30:48 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 7/11/2008 12:30:36 AM | Attr =	]
fsblu.dll -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 7/11/2008 12:30:36 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/11/2008 12:31:31 AM | Attr =	]
ext.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 7/11/2008 12:30:34 AM | Attr =	]
fsedb.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 998106 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupdllb.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupplgn.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsuptmpl.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
perf.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 7/11/2008 10:14:02 AM | Attr =	]
sae.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 7/11/2008 12:30:34 AM | Attr =	]
sai.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 7/11/2008 12:30:34 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 7/11/2008 12:30:34 AM | Attr =	]
ext.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 7/11/2008 12:30:34 AM | Attr =	]
sae.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 7/11/2008 12:30:34 AM | Attr =	]
sai.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 7/11/2008 12:30:34 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsedb.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 998106 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupdllb.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsupplgn.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
fsuptmpl.dat -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/11/2008 12:31:31 AM | Attr =	]
FS@av.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 7/11/2008 12:30:34 AM | Attr =	]
FS@avpe.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 7/11/2008 12:30:19 AM | Attr =	]
FS@bleng.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 7/11/2008 12:30:36 AM | Attr =	]
FS@corp.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
FS@hydra.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
FS@mlc.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/11/2008 12:30:54 AM | Attr =	]
FS@ols.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 7/11/2008 12:30:47 AM | Attr =	]
FS@peg.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/11/2008 12:30:45 AM | Attr =	]
verdicts.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 7/11/2008 12:30:21 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 7/11/2008 12:30:34 AM | Attr =	]
FS@av.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 7/11/2008 12:30:34 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avpe\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 7/11/2008 12:30:34 AM | Attr =	]
FS@avpe.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 7/11/2008 12:30:19 AM | Attr =	]
verdicts.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 7/11/2008 12:30:21 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
FS@corp.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 7/11/2008 12:30:57 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
FS@hydra.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 7/11/2008 12:30:51 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 7/11/2008 12:30:54 AM | Attr =	]
FS@mlc.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/11/2008 12:30:54 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 7/11/2008 12:30:45 AM | Attr =	]
FS@peg.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/11/2008 12:30:45 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 7/11/2008 12:30:48 AM | Attr =	]
FS@ols.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 7/11/2008 12:30:47 AM | Attr =	]
C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 7/11/2008 12:30:36 AM | Attr =	]
FS@bleng.ini -> C:\Users\Jeffrey\AppData\Local\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 7/11/2008 12:30:36 AM | Attr =	]
C:\Windows\Temp\ -> C:\Windows\Temp ->  [Folder | Modified Date = 7/11/2008 10:14:30 AM | Attr =	]
0065301215765137mcinst.exe -> C:\Windows\Temp\0065301215765137mcinst.exe -> McAfee, Inc. [Ver = 3,0,121,0 | Size = 309096 bytes | Modified Date = 2/23/2008 2:50:32 PM | Attr =	]
3 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
BM973d0d? -> %AllUsersProfile%\BM973d0d蠱 ->  [Ver =  | Size = 102425 bytes | Modified Date = 6/26/2008 9:52:29 PM | Attr =	]
Kaspersky Lab -> %AllUsersProfile%\Kaspersky Lab ->  [Folder | Modified Date = 7/10/2008 7:10:37 PM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Malwarebytes ->  [Folder | Modified Date = 7/10/2008 4:16:58 PM | Attr =	]
McAfee -> %AllUsersProfile%\McAfee ->  [Folder | Modified Date = 7/8/2008 2:34:54 PM | Attr =	]
ntuser.pol -> %AllUsersProfile%\ntuser.pol ->  [Ver =  | Size = 258 bytes | Modified Date = 7/4/2008 1:55:01 AM | Attr = RHS]
Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy ->  [Folder | Modified Date = 7/2/2008 10:38:45 PM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 7/9/2008 6:35:58 PM | Attr =	]
Symantec -> %AllUsersProfile%\Symantec ->  [Folder | Modified Date = 7/10/2008 12:50:15 AM | Attr =	]
Corel -> %AppData%\Corel ->  [Folder | Modified Date = 6/12/2008 4:20:47 PM | Attr =	]
FileZilla -> %AppData%\FileZilla ->  [Folder | Modified Date = 6/14/2008 2:53:20 PM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 7/10/2008 4:17:03 PM | Attr =	]
McAfee -> %AppData%\McAfee ->  [Folder | Modified Date = 7/8/2008 2:35:13 PM | Attr =	]
ApplicationHistory -> %UserProfile%\AppData\Local\ApplicationHistory ->  [Folder | Modified Date = 7/11/2008 12:25:21 AM | Attr =	]
fusioncache.dat -> %UserProfile%\AppData\Local\fusioncache.dat ->  [Ver =  | Size = 95 bytes | Modified Date = 7/8/2008 2:34:49 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 234112 bytes | Modified Date = 7/8/2008 2:34:33 PM | Attr =	]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db ->  [Ver =  | Size = 3655924 bytes | Modified Date = 7/11/2008 12:23:00 AM | Attr =  H ]
Temp -> %UserProfile%\AppData\Local\Temp ->  [Folder | Modified Date = 7/11/2008 10:15:14 AM | Attr =	]
alaska -> %UserProfile%\Documents\alaska ->  [Folder | Modified Date = 6/11/2008 6:37:01 PM | Attr =	]
2 C:\Users\Jeffrey\Documents\*.tmp files -> C:\Users\Jeffrey\Documents\*.tmp -> 
computers.xls -> %UserProfile%\Documents\computers.xls ->  [Ver =  | Size = 15360 bytes | Modified Date = 6/22/2008 3:46:18 PM | Attr =	]
erin's!!!.doc -> %UserProfile%\Documents\erin's!!!.doc ->  [Ver =  | Size = 3263488 bytes | Modified Date = 6/12/2008 4:24:18 PM | Attr =	]
FileZilla_3.0.10_win32-setup.exe -> %UserProfile%\Documents\FileZilla_3.0.10_win32-setup.exe ->  [Ver =  | Size = 3193272 bytes | Modified Date = 6/14/2008 2:25:53 PM | Attr =	]
invoice -> %UserProfile%\Documents\invoice ->  [Folder | Modified Date = 6/22/2008 2:46:58 PM | Attr =	]
riddle.doc -> %UserProfile%\Documents\riddle.doc ->  [Ver =  | Size = 7056896 bytes | Modified Date = 6/15/2008 11:43:16 AM | Attr =	]
scan.html -> %UserProfile%\Documents\scan.html ->  [Ver =  | Size = 13643 bytes | Modified Date = 7/10/2008 7:59:29 AM | Attr =	]
vocabchartback1.doc -> %UserProfile%\Documents\vocabchartback1.doc ->  [Ver =  | Size = 39936 bytes | Modified Date = 6/12/2008 11:32:54 PM | Attr =	]
vocabchartfront1.doc -> %UserProfile%\Documents\vocabchartfront1.doc ->  [Ver =  | Size = 39936 bytes | Modified Date = 6/12/2008 10:49:31 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 820 bytes | Modified Date = 7/10/2008 4:16:59 PM | Attr =	]
McAfee Security Center.lnk -> %SystemDrive%\Users\Public\Desktop\McAfee Security Center.lnk ->  [Ver =  | Size = 813 bytes | Modified Date = 6/30/2008 9:15:48 PM | Attr =	]
RollerCoaster Tycoon 3.lnk -> %SystemDrive%\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk ->  [Ver =  | Size = 1880 bytes | Modified Date = 6/24/2008 11:56:55 AM | Attr =	]
.DS_Store -> %UserProfile%\Desktop\.DS_Store ->  [Ver =  | Size = 6148 bytes | Modified Date = 6/30/2008 5:59:45 PM | Attr =  H ]
370_iPhone___iPod_Wallpapers_by_manicho.zip -> %UserProfile%\Desktop\370_iPhone___iPod_Wallpapers_by_manicho.zip ->  [Ver =  | Size = 29516079 bytes | Modified Date = 6/23/2008 10:40:31 AM | Attr =	]
43ba009eb60d944a0f24982e53284281 -> %UserProfile%\Desktop\43ba009eb60d944a0f24982e53284281 ->  [Folder | Modified Date = 6/23/2008 3:03:47 PM | Attr =	]
43ba009eb60d944a0f24982e53284281.zip -> %UserProfile%\Desktop\43ba009eb60d944a0f24982e53284281.zip ->  [Ver =  | Size = 2909622 bytes | Modified Date = 6/23/2008 10:42:07 AM | Attr =	]
4dtire -> %UserProfile%\Desktop\4dtire ->  [Folder | Modified Date = 7/4/2008 10:17:52 AM | Attr =	]
Ace-Enders -> %UserProfile%\Desktop\Ace-Enders ->  [Folder | Modified Date = 6/20/2008 8:21:27 PM | Attr =	]
Ace-Enders.zip -> %UserProfile%\Desktop\Ace-Enders.zip ->  [Ver =  | Size = 38899210 bytes | Modified Date = 6/18/2008 9:51:41 AM | Attr =	]
acecovervr7.jpg -> %UserProfile%\Desktop\acecovervr7.jpg ->  [Ver =  | Size = 203956 bytes | Modified Date = 6/22/2008 1:01:57 PM | Attr =	]
AR text logo.tif -> %UserProfile%\Desktop\AR text logo.tif ->  [Ver =  | Size = 2613924 bytes | Modified Date = 7/5/2008 2:05:48 PM | Attr =	]
ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 7/9/2008 6:30:36 PM | Attr =	]
Autoruns.zip -> %UserProfile%\Desktop\Autoruns.zip ->  [Ver =  | Size = 559050 bytes | Modified Date = 7/9/2008 6:16:56 PM | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Modified Date = 7/11/2008 12:12:22 AM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 724952 bytes | Modified Date = 7/11/2008 12:11:54 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
Capture.JPG -> %UserProfile%\Desktop\Capture.JPG ->  [Ver =  | Size = 46847 bytes | Modified Date = 6/22/2008 2:38:26 PM | Attr =	]
defaultVistaHomePremium.bat -> %UserProfile%\Desktop\defaultVistaHomePremium.bat ->  [Ver =  | Size = 7772 bytes | Modified Date = 7/3/2008 8:57:02 PM | Attr =	]
defaultVistaHomePremium.reg -> %UserProfile%\Desktop\defaultVistaHomePremium.reg ->  [Ver =  | Size = 13980 bytes | Modified Date = 7/3/2008 8:41:56 PM | Attr =	]
Download_mbam-setup.exe -> %UserProfile%\Desktop\Download_mbam-setup.exe -> Digital River [Ver = 1.0.0.1 | Size = 128368 bytes | Modified Date = 7/9/2008 6:31:02 PM | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 7/9/2008 3:28:36 PM | Attr =	]
free_invoice_template -> %UserProfile%\Desktop\free_invoice_template ->  [Folder | Modified Date = 6/22/2008 1:05:11 PM | Attr =	]
free_invoice_template.zip -> %UserProfile%\Desktop\free_invoice_template.zip ->  [Ver =  | Size = 39942 bytes | Modified Date = 6/22/2008 1:00:16 PM | Attr =	]
kav7.0.1.325en.exe -> %UserProfile%\Desktop\kav7.0.1.325en.exe -> Kaspersky Lab												[Ver = 7.0.1.325													| Size = 29143641 bytes | Modified Date = 7/10/2008 8:15:50 AM | Attr =	]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation									 [Ver = 1.20				 | Size = 1774048 bytes | Modified Date = 7/10/2008 4:16:09 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
node-video.tpl.php -> %UserProfile%\Desktop\node-video.tpl.php ->  [Ver =  | Size = 397 bytes | Modified Date = 6/14/2008 2:28:21 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 7/11/2008 12:22:38 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568114 bytes | Modified Date = 7/10/2008 7:05:56 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Prevx2Agent.1.0.2.127.Vista.exe -> %UserProfile%\Desktop\Prevx2Agent.1.0.2.127.Vista.exe ->  [Ver =  | Size = 15378520 bytes | Modified Date = 7/4/2008 1:54:38 AM | Attr =	]
Prom -> %UserProfile%\Desktop\Prom ->  [Folder | Modified Date = 6/30/2008 5:40:58 PM | Attr =	]
pstix.jpg -> %UserProfile%\Desktop\pstix.jpg ->  [Ver =  | Size = 488059 bytes | Modified Date = 7/6/2008 9:34:07 PM | Attr =	]
pstix.psd -> %UserProfile%\Desktop\pstix.psd ->  [Ver =  | Size = 3551863 bytes | Modified Date = 7/6/2008 9:13:43 PM | Attr =	]
pstix2.psd -> %UserProfile%\Desktop\pstix2.psd ->  [Ver =  | Size = 4184672 bytes | Modified Date = 7/6/2008 9:22:27 PM | Attr =	]
Reggie and the Full Effect~Last Stop Crappy Town-2008 (V0).rar -> %UserProfile%\Desktop\Reggie and the Full Effect~Last Stop Crappy Town-2008 (V0).rar ->  [Ver =  | Size = 79250363 bytes | Modified Date = 6/23/2008 2:46:51 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 1057 bytes | Modified Date = 7/2/2008 9:37:12 PM | Attr =	]
style.css -> %UserProfile%\Desktop\style.css ->  [Ver =  | Size = 4064 bytes | Modified Date = 6/14/2008 2:44:05 PM | Attr =	]
SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5797152 bytes | Modified Date = 7/9/2008 6:31:58 PM | Attr =	]
Tyler Gardosh -> %UserProfile%\Desktop\Tyler Gardosh ->  [Folder | Modified Date = 6/30/2008 5:59:35 PM | Attr =	]
Untitled-1.psd -> %UserProfile%\Desktop\Untitled-1.psd ->  [Ver =  | Size = 2775827 bytes | Modified Date = 7/6/2008 9:33:45 PM | Attr =	]
McAfee -> %CommonProgramFiles%\McAfee ->  [Folder | Modified Date = 6/15/2008 3:09:51 AM | Attr =	]
PocketSoft -> %CommonProgramFiles%\PocketSoft ->  [Folder | Modified Date = 6/24/2008 11:56:29 AM | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 7/5/2008 11:48:49 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 7/10/2008 12:54:05 AM | Attr =	]

< End of report >


#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:57 PM

Posted 11 July 2008 - 11:30 AM

Hi thiswilldestroyyou,

That log looks fine. :thumbsup:

If there aren't any other issues then go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues.

If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

As a side note - I see you're not afraid of visiting crack sites - using illegal software. :)
From the logs I can see that you installed some plug ins that appear on crack sites to get access to the cracks. They install the malware on your system.
If you visit crack sites, use cracks, you'll ALWAYS get infected.

This not only because of the crack itself, but because one single click entering that site may already download and install a huge malware bundle.

You really have to change your surfing habits, because these malware bundles may contain a key logger, collecting all your passwords and installing other random malware, compromising your system including infecting other computers. And this all, because you visited some illegal sites.

Also, keep in mind, malware DAMAGES A LOT! And the damage can't always be repaired, so a format and reinstall is the only solution in such cases.
So is it really worth it? Get illegal software for "free", but compromise/break your computer instead....

Better to avoid this instead and change your surfing habits. Then this wouldn't have happened.

Edited by SifuMike, 11 July 2008 - 11:34 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:57 PM

Posted 17 July 2008 - 06:08 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users