Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Spyware CyberLog-X

  • 22-10-2007 10:44PM
    #1
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭


    Hi,

    I seem to have the followng spyware on my PC.

    http://www.adwarereport.com/mt/archives/000308.html

    Avast, adaware, and spybot do not seem to get rid of it. Does anyone know of any software that will get rid of this spyware? I have tried everything!:mad:


«1

Comments

  • #2
    numbnuts
    Closed Accounts Posts: 68 ✭✭numbnuts


    Baldie wrote: »
    Hi,

    I seem to have the followng spyware on my PC.

    http://www.adwarereport.com/mt/archives/000308.html

    Avast, adaware, and spybot do not seem to get rid of it. Does anyone know of any software that will get rid of this spyware? I have tried everything!:mad:

    Hi, Baldie sounds like you have the Zlob infection or a variant..
    Follow the instructions below...

    Download HiJack This from here: http://www.thespykiller.co.uk/files/HJTsetup.exe

    This will download HiJack This to your computer, choose "Save" and navigate to the folder where it´s saved and doubleclick upon it.
    This is a complete installer that installs Hijackthis onto your computer to C:\Program Files\HijackThis and makes an entry in the start menu & allows you to have a shortcut on desktop as well.

    then.......

    Doubleclick the HJT icon on your desktop, hit "Do a system scan and save logfile". Save the logfile and a txt-file will be produced.. Copy that one and paste it here http://www.landzdown.com/index.php?board=26.0 and we´ll have a HjT expert look at it for you.

    Regards ..Paddy..


  • #3
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do this as well please

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items
    • Now click the Run Scan button on the toolbar.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.


  • #4
    smithy3000
    Registered Users, Registered Users 2 Posts: 29 smithy3000


    Baldie wrote: »
    Hi,

    I seem to have the followng spyware on my PC.

    http://www.adwarereport.com/mt/archives/000308.html

    Avast, adaware, and spybot do not seem to get rid of it. Does anyone know of any software that will get rid of this spyware? I have tried everything!:mad:

    Did you get yours fixed? i have the same problem:mad:


  • #5
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do the step above


  • #6
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    ActorSeeksJob wrote: »
    Do this as well please

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items
    • Now click the Run Scan button on the toolbar.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

    Hi ASJ...

    I got rid of it for a while, but it seems to have come back. Anyway, here is the report:

    WinPFind3 logfile created on: 13/11/2007 22:45:24
    WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\*****\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    1022.73 Mb Total Physical Memory | 472.74 Mb Available Physical Memory | 46.22% Memory free
    2.41 Gb Paging File | 1.92 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19.53 Gb Total Space | 9.46 Gb Free Space | 48.43% Space Free
    Drive D: | 129.51 Gb Total Space | 67.87 Gb Free Space | 52.40% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: ***************
    Current User Name: *****
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
    ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 79224 bytes | Modified Date = 25/10/2007 16:20:44 | Attr = ]
    ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 247160 bytes | Modified Date = 25/10/2007 16:20:14 | Attr = ]
    ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 136568 bytes | Modified Date = 25/10/2007 16:20:38 | Attr = ]
    ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 345464 bytes | Modified Date = 25/10/2007 16:19:22 | Attr = ]
    asusprob.exe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 06/12/2002 15:07:48 | Attr = ]
    aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 17272 bytes | Modified Date = 25/10/2007 16:46:32 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5103 | Size = 335872 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    bluesoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 1, 4 | Size = 1183744 bytes | Modified Date = 06/06/2005 12:23:08 | Attr = ]
    btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr = ]
    easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 19/09/2007 03:33:46 | Attr = ]
    ezprint.exe -> %ProgramFiles%\Lexmark 4300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.11.0 | Size = 94208 bytes | Modified Date = 26/07/2005 12:17:18 | Attr = ]
    firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.9: 2007102514 | Size = 7649128 bytes | Modified Date = 03/11/2007 13:00:24 | Attr = ]
    hydradm.exe -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraDM.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 270336 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    hydramd.exe -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraMD.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 364544 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 1381376 bytes | Modified Date = 27/01/2005 17:17:32 | Attr = ]
    incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ]
    ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
    launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 14:10:32 | Attr = ]
    lxcecoms.exe -> %System32%\lxcecoms.exe -> Lexmark International, Inc. [Ver = 1.101.101.0 | Size = 471040 bytes | Modified Date = 06/07/2005 10:14:12 | Attr = ]
    lxcemon.exe -> %ProgramFiles%\Lexmark 4300 Series\lxcemon.exe -> Lexmark International, Inc. [Ver = 2.6.44.20 | Size = 192512 bytes | Modified Date = 02/08/2005 17:45:16 | Attr = ]
    rfpicon.exe -> %ProgramFiles%\VibrateGameDeviceDriver\rfpicon.exe -> Ruling Tec Pte Ltd [Ver = 1.0 | Size = 49152 bytes | Modified Date = 16/01/2003 11:32:40 | Attr = ]
    servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 15:55:00 | Attr = ]
    smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]
    smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 25 | Size = 585728 bytes | Modified Date = 30/05/2003 08:42:22 | Attr = ]
    smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 29/05/2003 15:28:32 | Attr = ]
    usrmlnka.exe -> %System32%\usrmlnka.exe -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 77891 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    usrmlnka.exe -> %System32%\usrmlnka.exe -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 77891 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    usrshuta.exe -> %System32%\usrshuta.exe -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 69700 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 29/09/2007 14:08:40 | Attr = ]
    vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]
    zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
    (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 17272 bytes | Modified Date = 25/10/2007 16:46:32 | Attr = ]
    (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 136568 bytes | Modified Date = 25/10/2007 16:20:38 | Attr = ]
    (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 247160 bytes | Modified Date = 25/10/2007 16:20:14 | Attr = ]
    (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 345464 bytes | Modified Date = 25/10/2007 16:19:22 | Attr = ]
    (BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 03/08/2004 23:56:50 | Attr = ]
    (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
    (InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    (InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ]
    (lxce_device) lxce_device [Win32_Own | On_Demand | Running] -> %System32%\lxcecoms.exe -> Lexmark International, Inc. [Ver = 1.101.101.0 | Size = 471040 bytes | Modified Date = 06/07/2005 10:14:12 | Attr = ]
    (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 15:55:00 | Attr = ]
    (SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]
    (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 02:06:32 | Attr = ]
    ASUS Probe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 06/12/2002 15:07:48 | Attr = ]
    ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5103 | Size = 335872 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 79224 bytes | Modified Date = 25/10/2007 16:20:44 | Attr = ]
    c8866ae6 -> %System32%\bpdhglee.dll [rundll32.exe "C:\WINDOWS\system32\bpdhglee.dll",b] -> [Ver = | Size = 85056 bytes | Modified Date = 13/11/2007 22:17:12 | Attr = ]
    EzPrint -> %ProgramFiles%\Lexmark 4300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.11.0 | Size = 94208 bytes | Modified Date = 26/07/2005 12:17:18 | Attr = ]
    FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 12/07/2005 09:36:32 | Attr = ]
    HydraVisionDesktopManager -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraDM.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 270336 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    HydraVisionViewport -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraMD.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 364544 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 1381376 bytes | Modified Date = 27/01/2005 17:17:32 | Attr = ]
    iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ]
    LXCECATS -> %System32%\spool\drivers\w32x86\3\lxcetime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 20/07/2005 13:46:26 | Attr = ]
    lxcemon.exe -> %ProgramFiles%\Lexmark 4300 Series\lxcemon.exe -> Lexmark International, Inc. [Ver = 2.6.44.20 | Size = 192512 bytes | Modified Date = 02/08/2005 17:45:16 | Attr = ]
    NeroFilterCheck -> %System32%\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 12/01/2006 15:40:44 | Attr = ]
    PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 14:10:32 | Attr = ]
    QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 05:24:52 | Attr = ]
    RTBatteryMeter -> %ProgramFiles%\VibrateGameDeviceDriver\rfpicon.exe -> Ruling Tec Pte Ltd [Ver = 1.0 | Size = 49152 bytes | Modified Date = 16/01/2003 11:32:40 | Attr = ]
    SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 25 | Size = 585728 bytes | Modified Date = 30/05/2003 08:42:22 | Attr = ]
    SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 29/05/2003 15:28:32 | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
    USRpdA -> -> File not found
    ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]
    < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
    IMAIL -> Installed = 1 ->
    MAPI -> Installed = 1 ->
    MSFS -> Installed = 1 ->
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 65 | Size = 2048000 bytes | Modified Date = 15/09/2006 13:27:00 | Attr = ]
    uTorrent -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 29/09/2007 14:08:40 | Attr = ]
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
    %AllUsersStartup%\BlueSoleil.lnk -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 1, 4 | Size = 1183744 bytes | Modified Date = 06/06/2005 12:23:08 | Attr = ]
    %AllUsersStartup%\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 19/09/2007 03:33:46 | Attr = ]
    < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
    C:\WINDOWS\system32\__c001E90.dat -> %System32%\__c001E90.dat -> [Ver = | Size = 10816 bytes | Modified Date = 13/11/2007 21:50:40 | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 21/02/2006 19:40:30 | Attr = ]
    cembuxjz -> %System32%\cembuxjz.dll -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    winjyp32 -> winjyp32.dll -> File not found
    < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
    < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
    127.0.0.1 localhost -> ->
    < Internet Explorer Settings > -> ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Local Page -> C:\windows\system32\blank.htm ->
    HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Local Page -> C:\windows\system32\blank.htm ->
    HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKCU: ProxyEnable -> 0 ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    msn.com [ - ] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {33465ed5-eca7-4e7d-8362-f52e90a10336} [HKLM] -> %System32%\ojkwqtpj.dll [Reg Data - Value does not exist] -> [Ver = | Size = 80448 bytes | Modified Date = 13/11/2007 21:51:06 | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 00:04:00 | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\cembuxjz.dll [Reg Data - Value does not exist] -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    {E928C6C8-A13C-4C25-A449-3EE0DFAE94F8} [HKLM] -> %System32%\jkhhg.dll [Reg Data - Value does not exist] -> [Ver = | Size = 309856 bytes | Modified Date = 20/10/2007 13:13:56 | Attr = ]
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
    {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    {11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\cembuxjz.dll [Security Toolbar] -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
    {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
    E&xport to Microsoft Excel -> -> File not found
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {3BB9887A-7CB8-4ED0-A62F-EE8872C191D4} -> (3Com Gigabit LOM (3C940)) ->
    {E975F870-F424-4215-B8ED-98206BCF8630} -> () ->
    {F7EEB0CF-F017-4CDD-A843-90A27FF9DA39} -> () ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab ->
    {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190929777716 ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191158134265 ->
    {6F750202-1362-4815-A476-88533DE61D0C} -> Kodak Gallery Easy Upload Manager Class - CodeBase = http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc4.cab ->
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ->
    Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


    [Registry - Additional Scans - Non-Microsoft Only]

    [Files/Folders - Created Within 30 days]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 22/10/2007 22:23:43 | Attr = ]
    $NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 13/11/2007 19:05:02 | Attr = H ]
    cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 115 bytes | Created Date = 21/10/2007 11:15:15 | Attr = ]
    CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 22/10/2007 19:33:20 | Attr = HS]
    PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 22/10/2007 20:11:31 | Attr = H ]
    appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 22/10/2007 19:14:33 | Attr = ]
    atynfdql.dll -> %System32%\atynfdql.dll -> [Ver = | Size = 10816 bytes | Created Date = 12/11/2007 21:49:02 | Attr = ]
    aufncihi.ini -> %System32%\aufncihi.ini -> [Ver = | Size = 693592 bytes | Created Date = 24/10/2007 19:46:37 | Attr = HS]
    bpdhglee.dll -> %System32%\bpdhglee.dll -> [Ver = | Size = 85056 bytes | Created Date = 13/11/2007 22:17:10 | Attr = ]
    cembuxjz.dll -> %System32%\cembuxjz.dll -> [Ver = | Size = 145984 bytes | Created Date = 13/11/2007 20:23:20 | Attr = ]
    cembuxjz.dllbox -> %System32%\cembuxjz.dllbox -> [Ver = | Size = 20640 bytes | Created Date = 13/11/2007 20:23:22 | Attr = HS]
    coveubkq.ini -> %System32%\coveubkq.ini -> [Ver = | Size = 693541 bytes | Created Date = 21/10/2007 11:14:17 | Attr = HS]
    culigxhq.ini -> %System32%\culigxhq.ini -> [Ver = | Size = 1195408 bytes | Created Date = 12/11/2007 21:58:02 | Attr = HS]
    dextqyou.dll -> %System32%\dextqyou.dll -> [Ver = | Size = 10816 bytes | Created Date = 13/11/2007 21:47:38 | Attr = ]
    dqsmsvhc.dll -> %System32%\dqsmsvhc.dll -> [Ver = | Size = 10816 bytes | Created Date = 27/10/2007 09:07:18 | Attr = ]
    dtvbpljf.dll -> %System32%\dtvbpljf.dll -> [Ver = | Size = 10816 bytes | Created Date = 29/10/2007 16:48:19 | Attr = ]
    dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 22/10/2007 21:29:30 | Attr = ]
    eelghdpb.ini -> %System32%\eelghdpb.ini -> [Ver = | Size = 669053 bytes | Created Date = 13/11/2007 22:17:21 | Attr = HS]
    esurceql.dll -> %System32%\esurceql.dll -> [Ver = | Size = 10816 bytes | Created Date = 30/10/2007 18:31:11 | Attr = ]
    fgbfmfgo.exe -> %System32%\fgbfmfgo.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 13/11/2007 21:47:39 | Attr = ]
    fledgmkg.dll -> %System32%\fledgmkg.dll -> [Ver = | Size = 10816 bytes | Created Date = 06/11/2007 08:04:41 | Attr = ]
    fpoeykot.ini -> %System32%\fpoeykot.ini -> [Ver = | Size = 1090244 bytes | Created Date = 11/11/2007 14:41:01 | Attr = HS]
    ghhkj.bak1 -> %System32%\ghhkj.bak1 -> [Ver = | Size = 6465 bytes | Created Date = 20/10/2007 13:14:52 | Attr = HS]
    ghhkj.bak2 -> %System32%\ghhkj.bak2 -> [Ver = | Size = 127154 bytes | Created Date = 21/10/2007 11:12:19 | Attr = HS]
    ghhkj.ini -> %System32%\ghhkj.ini -> [Ver = | Size = 130998 bytes | Created Date = 20/10/2007 13:13:59 | Attr = HS]
    ghholedc.dll -> %System32%\ghholedc.dll -> [Ver = | Size = 10816 bytes | Created Date = 29/10/2007 16:50:31 | Attr = ]
    hdaetheo.dll -> %System32%\hdaetheo.dll -> [Ver = | Size = 10816 bytes | Created Date = 07/11/2007 21:38:21 | Attr = ]
    ilmrpxyk.dll -> %System32%\ilmrpxyk.dll -> [Ver = | Size = 10816 bytes | Created Date = 25/10/2007 19:57:45 | Attr = ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    jkhhg.dll -> %System32%\jkhhg.dll -> [Ver = | Size = 309856 bytes | Created Date = 20/10/2007 13:13:53 | Attr = ]
    jnydlcyf.dll -> %System32%\jnydlcyf.dll -> [Ver = | Size = 10816 bytes | Created Date = 06/11/2007 08:09:59 | Attr = ]
    kemudgnl.dll -> %System32%\kemudgnl.dll -> [Ver = | Size = 145984 bytes | Created Date = 13/11/2007 20:22:53 | Attr = ]
    knrpjdrt.exe -> %System32%\knrpjdrt.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/11/2007 14:40:58 | Attr = ]
    lpivgmvq.exe -> %System32%\lpivgmvq.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 09/11/2007 20:04:13 | Attr = ]
    mbtatcfj.ini -> %System32%\mbtatcfj.ini -> [Ver = | Size = 1145961 bytes | Created Date = 07/11/2007 21:47:24 | Attr = HS]
    mfcpotlj.dll -> %System32%\mfcpotlj.dll -> [Ver = | Size = 77376 bytes | Created Date = 22/10/2007 22:28:27 | Attr = ]
    nhuodkfl.dllbox -> %System32%\nhuodkfl.dllbox -> [Ver = | Size = 17006 bytes | Created Date = 21/10/2007 11:13:06 | Attr = HS]
    nnnljhi.dll -> %System32%\nnnljhi.dll -> [Ver = | Size = 33280 bytes | Created Date = 20/10/2007 13:08:48 | Attr = ]
    nudxculp.exe -> %System32%\nudxculp.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 12/11/2007 21:47:30 | Attr = ]
    ojkwqtpj.dll -> %System32%\ojkwqtpj.dll -> [Ver = | Size = 80448 bytes | Created Date = 13/11/2007 21:51:04 | Attr = ]
    okcxtsdo.dll -> %System32%\okcxtsdo.dll -> [Ver = | Size = 10816 bytes | Created Date = 04/11/2007 12:40:06 | Attr = ]
    oktmnuxr.ini -> %System32%\oktmnuxr.ini -> [Ver = | Size = 1156813 bytes | Created Date = 04/11/2007 12:45:24 | Attr = HS]
    oslehegq.dll -> %System32%\oslehegq.dll -> [Ver = | Size = 10816 bytes | Created Date = 12/11/2007 21:52:01 | Attr = ]
    pjcbhlgb.dll -> %System32%\pjcbhlgb.dll -> [Ver = | Size = 10816 bytes | Created Date = 09/11/2007 20:06:26 | Attr = ]
    pkgkrypj.dll -> %System32%\pkgkrypj.dll -> [Ver = | Size = 10816 bytes | Created Date = 28/10/2007 15:04:52 | Attr = ]
    pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 27/10/2007 09:32:59 | Attr = ]
    Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 22/10/2007 21:29:26 | Attr = ]
    pvwckqyj.ini -> %System32%\pvwckqyj.ini -> [Ver = | Size = 1290658 bytes | Created Date = 29/10/2007 16:56:41 | Attr = HS]
    qhxgiluc.dll -> %System32%\qhxgiluc.dll -> [Ver = | Size = 89664 bytes | Created Date = 12/11/2007 21:58:01 | Attr = ]
    qisoaeby.ini -> %System32%\qisoaeby.ini -> [Ver = | Size = 1175904 bytes | Created Date = 30/10/2007 18:35:49 | Attr = HS]
    qnfarejo.ini -> %System32%\qnfarejo.ini -> [Ver = | Size = 1172591 bytes | Created Date = 25/10/2007 20:03:06 | Attr = HS]
    qsrmewsg.dll -> %System32%\qsrmewsg.dll -> [Ver = | Size = 10816 bytes | Created Date = 07/11/2007 21:36:18 | Attr = ]
    rxrjrkex.ini -> %System32%\rxrjrkex.ini -> [Ver = | Size = 1132968 bytes | Created Date = 06/11/2007 08:15:59 | Attr = HS]
    saufwvyg.dll -> %System32%\saufwvyg.dll -> [Ver = | Size = 10816 bytes | Created Date = 28/10/2007 15:07:51 | Attr = ]
    sixavujb.dll -> %System32%\sixavujb.dll -> [Ver = | Size = 10816 bytes | Created Date = 11/11/2007 14:37:58 | Attr = ]
    SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 22/10/2007 21:29:29 | Attr = ]
    swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 22/10/2007 21:29:27 | Attr = ]
    swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 22/10/2007 21:29:28 | Attr = ]
    swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 22/10/2007 21:29:31 | Attr = ]
    tjbiimnt.ini -> %System32%\tjbiimnt.ini -> [Ver = | Size = 1183402 bytes | Created Date = 28/10/2007 15:13:52 | Attr = HS]
    tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4738 bytes | Created Date = 22/10/2007 21:32:42 | Attr = ]
    ubgiugbu.dll -> %System32%\ubgiugbu.dll -> [Ver = | Size = 10816 bytes | Created Date = 13/11/2007 21:50:36 | Attr = ]
    udgtruiw.ini -> %System32%\udgtruiw.ini -> [Ver = | Size = 1177059 bytes | Created Date = 27/10/2007 09:12:11 | Attr = HS]
    VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 22/10/2007 21:29:32 | Attr = ]
    vjjyhwmi.ini -> %System32%\vjjyhwmi.ini -> [Ver = | Size = 1159357 bytes | Created Date = 03/11/2007 12:42:16 | Attr = HS]
    vnwkevog.ini -> %System32%\vnwkevog.ini -> [Ver = | Size = 1083617 bytes | Created Date = 09/11/2007 20:12:27 | Attr = HS]
    wqbdysmk.dll -> %System32%\wqbdysmk.dll -> [Ver = | Size = 10816 bytes | Created Date = 30/10/2007 16:05:48 | Attr = ]
    WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 22/10/2007 21:29:34 | Attr = ]
    wxfrllgo.dll -> %System32%\wxfrllgo.dll -> [Ver = | Size = 10816 bytes | Created Date = 11/11/2007 14:36:32 | Attr = ]
    xqurfxxa.ini -> %System32%\xqurfxxa.ini -> [Ver = | Size = 693472 bytes | Created Date = 23/10/2007 19:55:11 | Attr = HS]
    yaktlqvb.dll -> %System32%\yaktlqvb.dll -> [Ver = | Size = 10816 bytes | Created Date = 03/11/2007 12:34:03 | Attr = ]
    ygixutlw.dll -> %System32%\ygixutlw.dll -> [Ver = | Size = 10816 bytes | Created Date = 26/10/2007 20:00:16 | Attr = ]
    ylrbrqkh.dll -> %System32%\ylrbrqkh.dll -> [Ver = | Size = 10816 bytes | Created Date = 03/11/2007 12:36:15 | Attr = ]
    __c001E90.dat -> %System32%\__c001E90.dat -> [Ver = | Size = 10816 bytes | Created Date = 13/11/2007 21:50:38 | Attr = ]
    __c002AD3E.dat -> %System32%\__c002AD3E.dat -> [Ver = | Size = 10816 bytes | Created Date = 25/10/2007 19:57:46 | Attr = ]
    __c0035629.dat -> %System32%\__c0035629.dat -> [Ver = | Size = 10816 bytes | Created Date = 30/10/2007 18:31:12 | Attr = ]
    __c003C29E.dat -> %System32%\__c003C29E.dat -> [Ver = | Size = 10816 bytes | Created Date = 27/10/2007 09:07:19 | Attr = ]
    __c006E3A0.dat -> %System32%\__c006E3A0.dat -> [Ver = | Size = 10816 bytes | Created Date = 09/11/2007 20:06:27 | Attr = ]
    __c006F425.dat -> %System32%\__c006F425.dat -> [Ver = | Size = 10816 bytes | Created Date = 11/11/2007 14:37:59 | Attr = ]
    __c0079CE7.dat -> %System32%\__c0079CE7.dat -> [Ver = | Size = 10816 bytes | Created Date = 28/10/2007 15:07:52 | Attr = ]
    __c00922F.dat -> %System32%\__c00922F.dat -> [Ver = | Size = 10816 bytes | Created Date = 29/10/2007 16:50:32 | Attr = ]
    __c0098D90.dat -> %System32%\__c0098D90.dat -> [Ver = | Size = 10816 bytes | Created Date = 03/11/2007 12:36:16 | Attr = ]
    __c00BCC4A.dat -> %System32%\__c00BCC4A.dat -> [Ver = | Size = 10816 bytes | Created Date = 07/11/2007 21:38:22 | Attr = ]
    __c00EF994.dat -> %System32%\__c00EF994.dat -> [Ver = | Size = 10816 bytes | Created Date = 12/11/2007 21:52:02 | Attr = ]
    __c00F6321.dat -> %System32%\__c00F6321.dat -> [Ver = | Size = 10816 bytes | Created Date = 06/11/2007 08:10:00 | Attr = ]
    __c00FFE10.dat -> %System32%\__c00FFE10.dat -> [Ver = | Size = 10816 bytes | Created Date = 04/11/2007 12:40:07 | Attr = ]
    bg_bg.gif -> %System32%\drivers\bg_bg.gif -> [Ver = | Size = 72 bytes | Created Date = 20/10/2007 13:09:13 | Attr = ]
    blank.gif -> %System32%\drivers\blank.gif -> [Ver = | Size = 837 bytes | Created Date = 20/10/2007 13:09:22 | Attr = ]
    box_1.gif -> %System32%\drivers\box_1.gif -> [Ver = | Size = 12313 bytes | Created Date = 20/10/2007 13:09:23 | Attr = ]
    box_2.gif -> %System32%\drivers\box_2.gif -> [Ver = | Size = 11927 bytes | Created Date = 20/10/2007 13:09:23 | Attr = ]
    box_3.gif -> %System32%\drivers\box_3.gif -> [Ver = | Size = 12326 bytes | Created Date = 20/10/2007 13:09:25 | Attr = ]
    button_buynow.gif -> %System32%\drivers\button_buynow.gif -> [Ver = | Size = 1619 bytes | Created Date = 20/10/2007 13:09:25 | Attr = ]
    button_freescan.gif -> %System32%\drivers\button_freescan.gif -> [Ver = | Size = 1647 bytes | Created Date = 20/10/2007 13:09:26 | Attr = ]
    cell_bg.gif -> %System32%\drivers\cell_bg.gif -> [Ver = | Size = 1342 bytes | Created Date = 20/10/2007 13:09:04 | Attr = ]
    cell_footer.gif -> %System32%\drivers\cell_footer.gif -> [Ver = | Size = 1373 bytes | Created Date = 20/10/2007 13:09:04 | Attr = ]
    cell_header_block.gif -> %System32%\drivers\cell_header_block.gif -> [Ver = | Size = 3313 bytes | Created Date = 20/10/2007 13:09:05 | Attr = ]
    cell_header_remove.gif -> %System32%\drivers\cell_header_remove.gif -> [Ver = | Size = 3552 bytes | Created Date = 20/10/2007 13:09:06 | Attr = ]
    cell_header_scan.gif -> %System32%\drivers\cell_header_scan.gif -> [Ver = | Size = 3479 bytes | Created Date = 20/10/2007 13:09:06 | Attr = ]
    close_ico.gif -> %System32%\drivers\close_ico.gif -> [Ver = | Size = 64 bytes | Created Date = 20/10/2007 13:09:13 | Attr = ]
    detect.htm -> %System32%\drivers\detect.htm -> [Ver = | Size = 12471 bytes | Created Date = 20/10/2007 13:09:03 | Attr = ]
    download_box.gif -> %System32%\drivers\download_box.gif -> [Ver = | Size = 2238 bytes | Created Date = 20/10/2007 13:09:27 | Attr = ]
    download_btn.jpg -> %System32%\drivers\download_btn.jpg -> [Ver = | Size = 8852 bytes | Created Date = 20/10/2007 13:09:07 | Attr = ]
    download_now_btn.gif -> %System32%\drivers\download_now_btn.gif -> [Ver = | Size = 4448 bytes | Created Date = 20/10/2007 13:09:07 | Attr = ]
    footer_back.jpg -> %System32%\drivers\footer_back.jpg -> [Ver = | Size = 2922 bytes | Created Date = 20/10/2007 13:09:28 | Attr = ]
    header_1.gif -> %System32%\drivers\header_1.gif -> [Ver = | Size = 28459 bytes | Created Date = 20/10/2007 13:09:29 | Attr = ]
    header_2.gif -> %System32%\drivers\header_2.gif -> [Ver = | Size = 15421 bytes | Created Date = 20/10/2007 13:09:30 | Attr = ]
    header_3.gif -> %System32%\drivers\header_3.gif -> [Ver = | Size = 10193 bytes | Created Date = 20/10/2007 13:09:31 | Attr = ]
    header_4.gif -> %System32%\drivers\header_4.gif -> [Ver = | Size = 11077 bytes | Created Date = 20/10/2007 13:09:32 | Attr = ]
    header_red_bg.gif -> %System32%\drivers\header_red_bg.gif -> [Ver = | Size = 877 bytes | Created Date = 20/10/2007 13:09:08 | Attr = ]
    header_red_free_scan.gif -> %System32%\drivers\header_red_free_scan.gif -> [Ver = | Size = 3216 bytes | Created Date = 20/10/2007 13:09:08 | Attr = ]
    header_red_free_scan_bg.gif -> %System32%\drivers\header_red_free_scan_bg.gif -> [Ver = | Size = 838 bytes | Created Date = 20/10/2007 13:09:09 | Attr = ]
    header_red_protect_your_pc.gif -> %System32%\drivers\header_red_protect_your_pc.gif -> [Ver = | Size = 16977 bytes | Created Date = 20/10/2007 13:09:10 | Attr = ]
    icon_warning_big.gif -> %System32%\drivers\icon_warning_big.gif -> [Ver = | Size = 16941 bytes | Created Date = 20/10/2007 13:09:14 | Attr = ]
    imagedrv.sys -> %System32%\drivers\imagedrv.sys -> Ahead Software AG [Ver = 2.29.0.0 built by: WinDDK | Size = 5888 bytes | Created Date = 13/11/2007 21:28:43 | Attr = ]
    imagesrv.sys -> %System32%\drivers\imagesrv.sys -> Ahead Software AG [Ver = 2.29.0.0 built by: WinDDK | Size = 127488 bytes | Created Date = 13/11/2007 21:28:43 | Attr = ]
    infected.gif -> %System32%\drivers\infected.gif -> [Ver = | Size = 1204 bytes | Created Date = 20/10/2007 13:09:33 | Attr = ]
    main_back.gif -> %System32%\drivers\main_back.gif -> [Ver = | Size = 215 bytes | Created Date = 20/10/2007 13:09:33 | Attr = ]
    perfect_cleaner_box.jpg -> %System32%\drivers\perfect_cleaner_box.jpg -> [Ver = | Size = 10260 bytes | Created Date = 20/10/2007 13:09:34 | Attr = ]
    product_1_header.gif -> %System32%\drivers\product_1_header.gif -> [Ver = | Size = 2604 bytes | Created Date = 20/10/2007 13:09:35 | Attr = ]
    product_1_name_small.gif -> %System32%\drivers\product_1_name_small.gif -> [Ver = | Size = 1253 bytes | Created Date = 20/10/2007 13:09:37 | Attr = ]
    product_2_header.gif -> %System32%\drivers\product_2_header.gif -> [Ver = | Size = 2214 bytes | Created Date = 20/10/2007 13:09:41 | Attr = ]
    product_2_name_small.gif -> %System32%\drivers\product_2_name_small.gif -> [Ver = | Size = 979 bytes | Created Date = 20/10/2007 13:09:44 | Attr = ]
    product_3_header.gif -> %System32%\drivers\product_3_header.gif -> [Ver = | Size = 3080 bytes | Created Date = 20/10/2007 13:09:45 | Attr = ]
    product_3_name_small.gif -> %System32%\drivers\product_3_name_small.gif -> [Ver = | Size = 1714 bytes | Created Date = 20/10/2007 13:09:46 | Attr = ]
    product_features.gif -> %System32%\drivers\product_features.gif -> [Ver = | Size = 1330 bytes | Created Date = 20/10/2007 13:09:48 | Attr = ]
    pt.htm -> %System32%\drivers\pt.htm -> [Ver = | Size = 36801 bytes | Created Date = 20/10/2007 13:09:20 | Attr = ]
    rating.gif -> %System32%\drivers\rating.gif -> [Ver = | Size = 4008 bytes | Created Date = 20/10/2007 13:09:10 | Attr = ]
    remove_spyware_header.gif -> %System32%\drivers\remove_spyware_header.gif -> [Ver = | Size = 1743 bytes | Created Date = 20/10/2007 13:09:15 | Attr = ]
    screenshot.jpg -> %System32%\drivers\screenshot.jpg -> [Ver = | Size = 26487 bytes | Created Date = 20/10/2007 13:09:11 | Attr = ]
    sep_hor.gif -> %System32%\drivers\sep_hor.gif -> [Ver = | Size = 65 bytes | Created Date = 20/10/2007 13:09:48 | Attr = ]
    sep_vert.gif -> %System32%\drivers\sep_vert.gif -> [Ver = | Size = 53 bytes | Created Date = 20/10/2007 13:09:50 | Attr = ]
    shadow.jpg -> %System32%\drivers\shadow.jpg -> [Ver = | Size = 2798 bytes | Created Date = 20/10/2007 13:09:12 | Attr = ]
    shadow_bg.gif -> %System32%\drivers\shadow_bg.gif -> [Ver = | Size = 821 bytes | Created Date = 20/10/2007 13:09:12 | Attr = ]
    spacer.gif -> %System32%\drivers\spacer.gif -> [Ver = | Size = 49 bytes | Created Date = 20/10/2007 13:09:52 | Attr = ]
    spyware_detected.gif -> %System32%\drivers\spyware_detected.gif -> [Ver = | Size = 3031 bytes | Created Date = 20/10/2007 13:09:15 | Attr = ]
    spy_away_box.jpg -> %System32%\drivers\spy_away_box.jpg -> [Ver = | Size = 13618 bytes | Created Date = 20/10/2007 13:09:54 | Attr = ]
    star.gif -> %System32%\drivers\star.gif -> [Ver = | Size = 639 bytes | Created Date = 20/10/2007 13:09:55 | Attr = ]
    star_gray.gif -> %System32%\drivers\star_gray.gif -> [Ver = | Size = 425 bytes | Created Date = 20/10/2007 13:09:56 | Attr = ]
    star_gray_small.gif -> %System32%\drivers\star_gray_small.gif -> [Ver = | Size = 223 bytes | Created Date = 20/10/2007 13:09:58 | Attr = ]
    star_small.gif -> %System32%\drivers\star_small.gif -> [Ver = | Size = 550 bytes | Created Date = 20/10/2007 13:10:00 | Attr = ]
    style.css -> %System32%\drivers\style.css -> [Ver = | Size = 835 bytes | Created Date = 20/10/2007 13:09:21 | Attr = ]
    s_detect.htm -> %System32%\drivers\s_detect.htm -> [Ver = | Size = 5418 bytes | Created Date = 20/10/2007 13:09:13 | Attr = ]
    v.gif -> %System32%\drivers\v.gif -> [Ver = | Size = 291 bytes | Created Date = 20/10/2007 13:10:01 | Attr = ]
    warning_ico.gif -> %System32%\drivers\warning_ico.gif -> [Ver = | Size = 1381 bytes | Created Date = 20/10/2007 13:09:17 | Attr = ]
    warning_icon.gif -> %System32%\drivers\warning_icon.gif -> [Ver = | Size = 3877 bytes | Created Date = 20/10/2007 13:10:05 | Attr = ]
    win_logo.gif -> %System32%\drivers\win_logo.gif -> [Ver = | Size = 1791 bytes | Created Date = 20/10/2007 13:10:06 | Attr = ]
    x.gif -> %System32%\drivers\x.gif -> [Ver = | Size = 283 bytes | Created Date = 20/10/2007 13:10:08 | Attr = ]
    yellow_warning_ico.gif -> %System32%\drivers\yellow_warning_ico.gif -> [Ver = | Size = 1014 bytes | Created Date = 20/10/2007 13:09:18 | Attr = ]

    [Files/Folders - Modified Within 30 days]
    Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 28/10/2007 15:28:30 | Attr = ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/11/2007 15:44:28 | Attr = R ]
    System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 13/11/2007 22:28:00 | Attr = HS]
    Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 13/11/2007 21:26:32 | Attr = ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 13/11/2007 19:31:06 | Attr = ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 13/11/2007 22:28:36 | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 13/11/2007 19:04:44 | Attr = H ]
    $NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 13/11/2007 19:05:04 | Attr = H ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 13/11/2007 22:27:34 | Attr = S]
    cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 115 bytes | Modified Date = 13/11/2007 20:25:42 | Attr = ]
    CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 22/10/2007 19:33:22 | Attr = HS]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 13/11/2007 21:10:30 | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 13/11/2007 19:05:14 | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 13/11/2007 19:04:38 | Attr = HS]
    Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 13/11/2007 22:35:12 | Attr = ]
    mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1447 bytes | Modified Date = 11/11/2007 15:45:24 | Attr = ]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 13/11/2007 21:34:40 | Attr = ]
    PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 22/10/2007 20:11:32 | Attr = H ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 13/11/2007 22:45:14 | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 13/11/2007 22:31:42 | Attr = H ]
    security -> %SystemRoot%\security -> [Folder | Modified Date = 22/10/2007 20:44:18 | Attr = ]
    SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 21/10/2007 19:27:20 | Attr = ]
    system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 22/10/2007 21:29:04 | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 13/11/2007 22:45:28 | Attr = ]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 13/11/2007 22:31:44 | Attr = ]
    AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 24/10/2007 20:26:06 | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 13/11/2007 22:27:46 | Attr = H ]
    appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 22/10/2007 19:14:34 | Attr = ]
    aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 815480 bytes | Modified Date = 25/10/2007 16:24:46 | Attr = ]
    atynfdql.dll -> %System32%\atynfdql.dll -> [Ver = | Size = 10816 bytes | Modified Date = 12/11/2007 21:49:04 | Attr = ]
    aufncihi.ini -> %System32%\aufncihi.ini -> [Ver = | Size = 693592 bytes | Modified Date = 25/10/2007 19:47:20 | Attr = HS]
    AVASTSS.scr -> %System32%\AVASTSS.scr -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 95608 bytes | Modified Date = 25/10/2007 16:14:26 | Attr = ]
    bpdhglee.dll -> %System32%\bpdhglee.dll -> [Ver = | Size = 85056 bytes | Modified Date = 13/11/2007 22:17:12 | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 13/11/2007 19:05:14 | Attr = ]
    cembuxjz.dll -> %System32%\cembuxjz.dll -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    cembuxjz.dllbox -> %System32%\cembuxjz.dllbox -> [Ver = | Size = 20640 bytes | Modified Date = 13/11/2007 22:45:34 | Attr = HS]
    CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 13/11/2007 19:11:00 | Attr = ]
    coveubkq.ini -> %System32%\coveubkq.ini -> [Ver = | Size = 693541 bytes | Modified Date = 22/10/2007 18:41:14 | Attr = HS]
    culigxhq.ini -> %System32%\culigxhq.ini -> [Ver = | Size = 1195408 bytes | Modified Date = 13/11/2007 20:25:38 | Attr = HS]
    dextqyou.dll -> %System32%\dextqyou.dll -> [Ver = | Size = 10816 bytes | Modified Date = 13/11/2007 21:47:40 | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 13/11/2007 19:07:34 | Attr = RHS]
    dqsmsvhc.dll -> %System32%\dqsmsvhc.dll -> [Ver = | Size = 10816 bytes | Modified Date = 27/10/2007 09:07:20 | Attr = ]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 13/11/2007 21:28:44 | Attr = ]
    dtvbpljf.dll -> %System32%\dtvbpljf.dll -> [Ver = | Size = 10816 bytes | Modified Date = 29/10/2007 16:48:20 | Attr = ]
    eelghdpb.ini -> %System32%\eelghdpb.ini -> [Ver = | Size = 669053 bytes | Modified Date = 13/11/2007 22:32:24 | Attr = HS]
    esurceql.dll -> %System32%\esurceql.dll -> [Ver = | Size = 10816 bytes | Modified Date = 30/10/2007 18:31:14 | Attr = ]
    fgbfmfgo.exe -> %System32%\fgbfmfgo.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 13/11/2007 21:47:40 | Attr = ]
    fledgmkg.dll -> %System32%\fledgmkg.dll -> [Ver = | Size = 10816 bytes | Modified Date = 06/11/2007 08:04:42 | Attr = ]
    fpoeykot.ini -> %System32%\fpoeykot.ini -> [Ver = | Size = 1090244 bytes | Modified Date = 12/11/2007 21:47:30 | Attr = HS]
    ghhkj.bak1 -> %System32%\ghhkj.bak1 -> [Ver = | Size = 6465 bytes | Modified Date = 20/10/2007 13:14:54 | Attr = HS]
    ghhkj.bak2 -> %System32%\ghhkj.bak2 -> [Ver = | Size = 127154 bytes | Modified Date = 13/11/2007 21:47:38 | Attr = HS]
    ghhkj.ini -> %System32%\ghhkj.ini -> [Ver = | Size = 130998 bytes | Modified Date = 13/11/2007 22:45:28 | Attr = HS]
    ghholedc.dll -> %System32%\ghholedc.dll -> [Ver = | Size = 10816 bytes | Modified Date = 29/10/2007 16:50:34 | Attr = ]
    hdaetheo.dll -> %System32%\hdaetheo.dll -> [Ver = | Size = 10816 bytes | Modified Date = 07/11/2007 21:38:24 | Attr = ]
    ilmrpxyk.dll -> %System32%\ilmrpxyk.dll -> [Ver = | Size = 10816 bytes | Modified Date = 25/10/2007 19:57:48 | Attr = ]
    jkhhg.dll -> %System32%\jkhhg.dll -> [Ver = | Size = 309856 bytes | Modified Date = 20/10/2007 13:13:56 | Attr = ]
    jnydlcyf.dll -> %System32%\jnydlcyf.dll -> [Ver = | Size = 10816 bytes | Modified Date = 06/11/2007 08:10:02 | Attr = ]
    kemudgnl.dll -> %System32%\kemudgnl.dll -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:22:56 | Attr = ]
    knrpjdrt.exe -> %System32%\knrpjdrt.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/11/2007 14:41:00 | Attr = ]
    lpivgmvq.exe -> %System32%\lpivgmvq.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 09/11/2007 20:04:14 | Attr = ]
    mbtatcfj.ini -> %System32%\mbtatcfj.ini -> [Ver = | Size = 1145961 bytes | Modified Date = 09/11/2007 20:04:02 | Attr = HS]
    mfcpotlj.dll -> %System32%\mfcpotlj.dll -> [Ver = | Size = 77376 bytes | Modified Date = 22/10/2007 22:28:28 | Attr = ]
    nhuodkfl.dllbox -> %System32%\nhuodkfl.dllbox -> [Ver = | Size = 17006 bytes | Modified Date = 22/10/2007 22:25:38 | Attr = HS]
    nnnljhi.dll -> %System32%\nnnljhi.dll -> [Ver = | Size = 33280 bytes | Modified Date = 20/10/2007 13:08:50 | Attr = ]
    nudxculp.exe -> %System32%\nudxculp.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 12/11/2007 21:47:32 | Attr = ]
    ojkwqtpj.dll -> %System32%\ojkwqtpj.dll -> [Ver = | Size = 80448 bytes | Modified Date = 13/11/2007 21:51:06 | Attr = ]
    okcxtsdo.dll -> %System32%\okcxtsdo.dll -> [Ver = | Size = 10816 bytes | Modified Date = 04/11/2007 12:40:08 | Attr = ]
    oktmnuxr.ini -> %System32%\oktmnuxr.ini -> [Ver = | Size = 1156813 bytes | Modified Date = 06/11/2007 08:04:40 | Attr = HS]
    oslehegq.dll -> %System32%\oslehegq.dll -> [Ver = | Size = 10816 bytes | Modified Date = 12/11/2007 21:52:04 | Attr = ]
    perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70968 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 439264 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 520190 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    pjcbhlgb.dll -> %System32%\pjcbhlgb.dll -> [Ver = | Size = 10816 bytes | Modified Date = 09/11/2007 20:06:28 | Attr = ]
    pkgkrypj.dll -> %System32%\pkgkrypj.dll -> [Ver = | Size = 10816 bytes | Modified Date = 28/10/2007 15:04:54 | Attr = ]
    pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 27/10/2007 09:33:00 | Attr = ]
    pvwckqyj.ini -> %System32%\pvwckqyj.ini -> [Ver = | Size = 1290658 bytes | Modified Date = 30/10/2007 16:57:08 | Attr = HS]
    qhxgiluc.dll -> %System32%\qhxgiluc.dll -> [Ver = | Size = 89664 bytes | Modified Date = 12/11/2007 21:58:04 | Attr = ]
    qisoaeby.ini -> %System32%\qisoaeby.ini -> [Ver = | Size = 1175904 bytes | Modified Date = 03/11/2007 12:31:56 | Attr = HS]
    qnfarejo.ini -> %System32%\qnfarejo.ini -> [Ver = | Size = 1172591 bytes | Modified Date = 27/10/2007 09:07:26 | Attr = HS]
    qsrmewsg.dll -> %System32%\qsrmewsg.dll -> [Ver = | Size = 10816 bytes | Modified Date = 07/11/2007 21:36:20 | Attr = ]
    ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 10/11/2007 14:46:06 | Attr = ]
    rxrjrkex.ini -> %System32%\rxrjrkex.ini -> [Ver = | Size = 1132968 bytes | Modified Date = 07/11/2007 21:36:22 | Attr = HS]
    saufwvyg.dll -> %System32%\saufwvyg.dll -> [Ver = | Size = 10816 bytes | Modified Date = 28/10/2007 15:07:54 | Attr = ]
    sixavujb.dll -> %System32%\sixavujb.dll -> [Ver = | Size = 10816 bytes | Modified Date = 11/11/2007 14:38:00 | Attr = ]
    tjbiimnt.ini -> %System32%\tjbiimnt.ini -> [Ver = | Size = 1183402 bytes | Modified Date = 29/10/2007 16:03:24 | Attr = HS]
    tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4738 bytes | Modified Date = 13/11/2007 22:21:50 | Attr = ]
    ubgiugbu.dll -> %System32%\ubgiugbu.dll -> [Ver = | Size = 10816 bytes | Modified Date = 13/11/2007 21:50:40 | Attr = ]
    udgtruiw.ini -> %System32%\udgtruiw.ini -> [Ver = | Size = 1177059 bytes | Modified Date = 28/10/2007 15:03:12 | Attr = HS]
    vjjyhwmi.ini -> %System32%\vjjyhwmi.ini -> [Ver = | Size = 1159357 bytes | Modified Date = 04/11/2007 12:42:36 | Attr = HS]
    vnwkevog.ini -> %System32%\vnwkevog.ini -> [Ver = | Size = 1083617 bytes | Modified Date = 11/11/2007 14:36:24 | Attr = HS]
    vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353246 bytes | Modified Date = 13/11/2007 22:28:18 | Attr = H ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13002 bytes | Modified Date = 12/11/2007 21:45:46 | Attr = ]
    wqbdysmk.dll -> %System32%\wqbdysmk.dll -> [Ver = | Size = 10816 bytes | Modified Date = 30/10/2007 16:05:50 | Attr = ]
    wxfrllgo.dll -> %System32%\wxfrllgo.dll -> [Ver = | Size = 10816 bytes | Modified Date = 11/11/2007 14:36:34 | Attr = ]
    xqurfxxa.ini -> %System32%\xqurfxxa.ini -> [Ver = | Size = 693472 bytes | Modified Date = 24/10/2007 17:31:54 | Attr = HS]
    yaktlqvb.dll -> %System32%\yaktlqvb.dll -> [Ver = | Size = 10816 bytes | Modified Date = 03/11/2007 12:34:04 | Attr = ]
    ygixutlw.dll -> %System32%\ygixutlw.dll -> [Ver = | Size = 10816 bytes | Modified Date = 26/10/2007 20:00:18 | Attr = ]
    ylrbrqkh.dll -> %System32%\ylrbrqkh.dll -> [Ver = | Size = 10816 bytes | Modified Date = 03/11/2007 12:36:18 | Attr = ]
    zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 13/11/2007 22:28:20 | Attr = H ]
    __c001E90.dat -> %System32%\__c001E90.dat -> [Ver = | Size = 10816 bytes | Modified Date = 13/11/2007 21:50:40 | Attr = ]
    __c002AD3E.dat -> %System32%\__c002AD3E.dat -> [Ver = | Size = 10816 bytes | Modified Date = 25/10/2007 19:57:48 | Attr = ]
    __c0035629.dat -> %System32%\__c0035629.dat -> [Ver = | Size = 10816 bytes | Modified Date = 30/10/2007 18:31:14 | Attr = ]
    __c003C29E.dat -> %System32%\__c003C29E.dat -> [Ver = | Size = 10816 bytes | Modified Date = 27/10/2007 09:07:20 | Attr = ]
    __c006E3A0.dat -> %System32%\__c006E3A0.dat -> [Ver = | Size = 10816 bytes | Modified Date = 09/11/2007 20:06:28 | Attr = ]
    __c006F425.dat -> %System32%\__c006F425.dat -> [Ver = | Size = 10816 bytes | Modified Date = 11/11/2007 14:38:00 | Attr = ]
    __c0079CE7.dat -> %System32%\__c0079CE7.dat -> [Ver = | Size = 10816 bytes | Modified Date = 28/10/2007 15:07:54 | Attr = ]
    __c00922F.dat -> %System32%\__c00922F.dat -> [Ver = | Size = 10816 bytes | Modified Date = 29/10/2007 16:50:34 | Attr = ]
    __c0098D90.dat -> %System32%\__c0098D90.dat -> [Ver = | Size = 10816 bytes | Modified Date = 03/11/2007 12:36:18 | Attr = ]
    __c00BCC4A.dat -> %System32%\__c00BCC4A.dat -> [Ver = | Size = 10816 bytes | Modified Date = 07/11/2007 21:38:24 | Attr = ]
    __c00EF994.dat -> %System32%\__c00EF994.dat -> [Ver = | Size = 10816 bytes | Modified Date = 12/11/2007 21:52:04 | Attr = ]
    __c00F6321.dat -> %System32%\__c00F6321.dat -> [Ver = | Size = 10816 bytes | Modified Date = 06/11/2007 08:10:02 | Attr = ]
    __c00FFE10.dat -> %System32%\__c00FFE10.dat -> [Ver = | Size = 10816 bytes | Modified Date = 04/11/2007 12:40:08 | Attr = ]
    aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Modified Date = 25/10/2007 16:58:50 | Attr = ]
    aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 93264 bytes | Modified Date = 25/10/2007 17:05:36 | Attr = ]
    aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Modified Date = 25/10/2007 17:05:20 | Attr = ]
    aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Modified Date = 25/10/2007 17:03:20 | Attr = ]
    aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Modified Date = 25/10/2007 17:01:34 | Attr = ]
    bg_bg.gif -> %System32%\drivers\bg_bg.gif -> [Ver = | Size = 72 bytes | Modified Date = 20/10/2007 13:09:14 | Attr = ]
    blank.gif -> %System32%\drivers\blank.gif -> [Ver = | Size = 837 bytes | Modified Date = 20/10/2007 13:09:24 | Attr = ]
    box_1.gif -> %System32%\drivers\box_1.gif -> [Ver = | Size = 12313 bytes | Modified Date = 20/10/2007 13:09:24 | Attr = ]
    box_2.gif -> %System32%\drivers\box_2.gif -> [Ver = | Size = 11927 bytes | Modified Date = 20/10/2007 13:09:24 | Attr = ]
    box_3.gif -> %System32%\drivers\box_3.gif -> [Ver = | Size = 12326 bytes | Modified Date = 20/10/2007 13:09:26 | Attr = ]
    button_buynow.gif -> %System32%\drivers\button_buynow.gif -> [Ver = | Size = 1619 bytes | Modified Date = 20/10/2007 13:09:26 | Attr = ]
    button_freescan.gif -> %System32%\drivers\button_freescan.gif -> [Ver = | Size = 1647 bytes | Modified Date = 20/10/2007 13:09:28 | Attr = ]
    cell_bg.gif -> %System32%\drivers\cell_bg.gif -> [Ver = | Size = 1342 bytes | Modified Date = 20/10/2007 13:09:06 | Attr = ]
    cell_footer.gif -> %System32%\drivers\cell_footer.gif -> [Ver = | Size = 1373 bytes | Modified Date = 20/10/2007 13:09:06 | Attr = ]
    cell_header_block.gif -> %System32%\drivers\cell_header_block.gif -> [Ver = | Size = 3313 bytes | Modified Date = 20/10/2007 13:09:06 | Attr = ]
    cell_header_remove.gif -> %System32%\drivers\cell_header_remove.gif -> [Ver = | Size = 3552 bytes | Modified Date = 20/10/2007 13:09:08 | Attr = ]
    cell_header_scan.gif -> %System32%\drivers\cell_header_scan.gif -> [Ver = | Size = 3479 bytes | Modified Date = 20/10/2007 13:09:08 | Attr = ]
    close_ico.gif -> %System32%\drivers\close_ico.gif -> [Ver = | Size = 64 bytes | Modified Date = 20/10/2007 13:09:14 | Attr = ]
    detect.htm -> %System32%\drivers\detect.htm -> [Ver = | Size = 12471 bytes | Modified Date = 20/10/2007 13:09:04 | Attr = ]
    download_box.gif -> %System32%\drivers\download_box.gif -> [Ver = | Size = 2238 bytes | Modified Date = 20/10/2007 13:09:28 | Attr = ]
    download_btn.jpg -> %System32%\drivers\download_btn.jpg -> [Ver = | Size = 8852 bytes | Modified Date = 20/10/2007 13:09:08 | Attr = ]
    download_now_btn.gif -> %System32%\drivers\download_now_btn.gif -> [Ver = | Size = 4448 bytes | Modified Date = 20/10/2007 13:09:08 | Attr = ]
    fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 9347104 bytes | Modified Date = 13/11/2007 21:51:10 | Attr = HS]
    fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 131432 bytes | Modified Date = 13/11/2007 21:51:10 | Attr = HS]
    fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 678176 bytes | Modified Date = 13/11/2007 22:14:48 | Attr = HS]
    fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 67736 bytes | Modified Date = 13/11/2007 21:51:10 | Attr = HS]
    footer_back.jpg -> %System32%\drivers\footer_back.jpg -> [Ver = | Size = 2922 bytes | Modified Date = 20/10/2007 13:09:30 | Attr = ]
    header_1.gif -> %System32%\drivers\header_1.gif -> [Ver = | Size = 28459 bytes | Modified Date = 20/10/2007 13:09:30 | Attr = ]
    header_2.gif -> %System32%\drivers\header_2.gif -> [Ver = | Size = 15421 bytes | Modified Date = 20/10/2007 13:09:32 | Attr = ]
    header_3.gif -> %System32%\drivers\header_3.gif -> [Ver = | Size = 10193 bytes | Modified Date = 20/10/2007 13:09:32 | Attr = ]
    header_4.gif -> %System32%\drivers\header_4.gif -> [Ver = | Size = 11077 bytes | Modified Date = 20/10/2007 13:09:34 | Attr = ]
    header_red_bg.gif -> %System32%\drivers\header_red_bg.gif -> [Ver = | Size = 877 bytes | Modified Date = 20/10/2007 13:09:10 | Attr = ]
    header_red_free_scan.gif -> %System32%\drivers\header_red_free_scan.gif -> [Ver = | Size = 3216 bytes | Modified Date = 20/10/2007 13:09:10 | Attr = ]
    header_red_free_scan_bg.gif -> %System32%\drivers\header_red_free_scan_bg.gif -> [V


  • Advertisement
  • #7
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Your PC is horribly infected

    Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
    [Kill Explorer]
    [Unregister Dlls]
    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YY -> c8866ae6 -> %System32%\bpdhglee.dll [rundll32.exe "C:\WINDOWS\system32\bpdhglee.dll",b]
    YN -> USRpdA ->
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
    YY -> C:\WINDOWS\system32\__c001E90.dat -> %System32%\__c001E90.dat
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    YY -> cembuxjz -> %System32%\cembuxjz.dll
    YN -> winjyp32 -> winjyp32.dll
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YY -> {33465ed5-eca7-4e7d-8362-f52e90a10336} [HKLM] -> %System32%\ojkwqtpj.dll [Reg Data - Value does not exist]
    YY -> {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\cembuxjz.dll [Reg Data - Value does not exist]
    YY -> {E928C6C8-A13C-4C25-A449-3EE0DFAE94F8} [HKLM] -> %System32%\jkhhg.dll [Reg Data - Value does not exist]
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    YY -> {11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\cembuxjz.dll [Security Toolbar]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
    [Files/Folders - Created Within 30 days]
    NY -> atynfdql.dll -> %System32%\atynfdql.dll
    NY -> aufncihi.ini -> %System32%\aufncihi.ini
    NY -> bpdhglee.dll -> %System32%\bpdhglee.dll
    NY -> cembuxjz.dll -> %System32%\cembuxjz.dll
    NY -> cembuxjz.dllbox -> %System32%\cembuxjz.dllbox
    NY -> coveubkq.ini -> %System32%\coveubkq.ini
    NY -> culigxhq.ini -> %System32%\culigxhq.ini
    NY -> dextqyou.dll -> %System32%\dextqyou.dll
    NY -> dqsmsvhc.dll -> %System32%\dqsmsvhc.dll
    NY -> dtvbpljf.dll -> %System32%\dtvbpljf.dll
    NY -> eelghdpb.ini -> %System32%\eelghdpb.ini
    NY -> esurceql.dll -> %System32%\esurceql.dll
    NY -> fgbfmfgo.exe -> %System32%\fgbfmfgo.exe
    NY -> fledgmkg.dll -> %System32%\fledgmkg.dll
    NY -> fpoeykot.ini -> %System32%\fpoeykot.ini
    NY -> ghhkj.bak1 -> %System32%\ghhkj.bak1
    NY -> ghhkj.bak2 -> %System32%\ghhkj.bak2
    NY -> ghhkj.ini -> %System32%\ghhkj.ini
    NY -> ghholedc.dll -> %System32%\ghholedc.dll
    NY -> hdaetheo.dll -> %System32%\hdaetheo.dll
    NY -> ilmrpxyk.dll -> %System32%\ilmrpxyk.dll
    NY -> jkhhg.dll -> %System32%\jkhhg.dll
    NY -> jnydlcyf.dll -> %System32%\jnydlcyf.dll
    NY -> kemudgnl.dll -> %System32%\kemudgnl.dll
    NY -> knrpjdrt.exe -> %System32%\knrpjdrt.exe
    NY -> lpivgmvq.exe -> %System32%\lpivgmvq.exe
    NY -> mbtatcfj.ini -> %System32%\mbtatcfj.ini
    NY -> mfcpotlj.dll -> %System32%\mfcpotlj.dll
    NY -> nhuodkfl.dllbox -> %System32%\nhuodkfl.dllbox
    NY -> nnnljhi.dll -> %System32%\nnnljhi.dll
    NY -> nudxculp.exe -> %System32%\nudxculp.exe
    NY -> ojkwqtpj.dll -> %System32%\ojkwqtpj.dll
    NY -> okcxtsdo.dll -> %System32%\okcxtsdo.dll
    NY -> oktmnuxr.ini -> %System32%\oktmnuxr.ini
    NY -> oslehegq.dll -> %System32%\oslehegq.dll
    NY -> pjcbhlgb.dll -> %System32%\pjcbhlgb.dll
    NY -> pkgkrypj.dll -> %System32%\pkgkrypj.dll
    NY -> pvwckqyj.ini -> %System32%\pvwckqyj.ini
    NY -> qhxgiluc.dll -> %System32%\qhxgiluc.dll
    NY -> qisoaeby.ini -> %System32%\qisoaeby.ini
    NY -> qnfarejo.ini -> %System32%\qnfarejo.ini
    NY -> qsrmewsg.dll -> %System32%\qsrmewsg.dll
    NY -> rxrjrkex.ini -> %System32%\rxrjrkex.ini
    NY -> saufwvyg.dll -> %System32%\saufwvyg.dll
    NY -> sixavujb.dll -> %System32%\sixavujb.dll
    NY -> tjbiimnt.ini -> %System32%\tjbiimnt.ini
    NY -> ubgiugbu.dll -> %System32%\ubgiugbu.dll
    NY -> udgtruiw.ini -> %System32%\udgtruiw.ini
    NY -> vjjyhwmi.ini -> %System32%\vjjyhwmi.ini
    NY -> vnwkevog.ini -> %System32%\vnwkevog.ini
    NY -> wqbdysmk.dll -> %System32%\wqbdysmk.dll
    NY -> wxfrllgo.dll -> %System32%\wxfrllgo.dll
    NY -> xqurfxxa.ini -> %System32%\xqurfxxa.ini
    NY -> yaktlqvb.dll -> %System32%\yaktlqvb.dll
    NY -> ygixutlw.dll -> %System32%\ygixutlw.dll
    NY -> ylrbrqkh.dll -> %System32%\ylrbrqkh.dll
    NY -> __c001E90.dat -> %System32%\__c001E90.dat
    NY -> __c002AD3E.dat -> %System32%\__c002AD3E.dat
    NY -> __c0035629.dat -> %System32%\__c0035629.dat
    NY -> __c003C29E.dat -> %System32%\__c003C29E.dat
    NY -> __c006E3A0.dat -> %System32%\__c006E3A0.dat
    NY -> __c006F425.dat -> %System32%\__c006F425.dat
    NY -> __c0079CE7.dat -> %System32%\__c0079CE7.dat
    NY -> __c00922F.dat -> %System32%\__c00922F.dat
    NY -> __c0098D90.dat -> %System32%\__c0098D90.dat
    NY -> __c00BCC4A.dat -> %System32%\__c00BCC4A.dat
    NY -> __c00EF994.dat -> %System32%\__c00EF994.dat
    NY -> __c00F6321.dat -> %System32%\__c00F6321.dat
    NY -> __c00FFE10.dat -> %System32%\__c00FFE10.dat
    NY -> bg_bg.gif -> %System32%\drivers\bg_bg.gif
    NY -> blank.gif -> %System32%\drivers\blank.gif
    NY -> box_1.gif -> %System32%\drivers\box_1.gif
    NY -> box_2.gif -> %System32%\drivers\box_2.gif
    NY -> box_3.gif -> %System32%\drivers\box_3.gif
    NY -> button_buynow.gif -> %System32%\drivers\button_buynow.gif
    NY -> button_freescan.gif -> %System32%\drivers\button_freescan.gif
    NY -> cell_bg.gif -> %System32%\drivers\cell_bg.gif
    NY -> cell_footer.gif -> %System32%\drivers\cell_footer.gif
    NY -> cell_header_block.gif -> %System32%\drivers\cell_header_block.gif
    NY -> cell_header_remove.gif -> %System32%\drivers\cell_header_remove.gif
    NY -> cell_header_scan.gif -> %System32%\drivers\cell_header_scan.gif
    NY -> close_ico.gif -> %System32%\drivers\close_ico.gif
    NY -> detect.htm -> %System32%\drivers\detect.htm
    NY -> download_box.gif -> %System32%\drivers\download_box.gif
    NY -> download_btn.jpg -> %System32%\drivers\download_btn.jpg
    NY -> download_now_btn.gif -> %System32%\drivers\download_now_btn.gif
    NY -> footer_back.jpg -> %System32%\drivers\footer_back.jpg
    NY -> header_1.gif -> %System32%\drivers\header_1.gif
    NY -> header_2.gif -> %System32%\drivers\header_2.gif
    NY -> header_3.gif -> %System32%\drivers\header_3.gif
    NY -> header_4.gif -> %System32%\drivers\header_4.gif
    NY -> header_red_bg.gif -> %System32%\drivers\header_red_bg.gif
    NY -> header_red_free_scan.gif -> %System32%\drivers\header_red_free_scan.gif
    NY -> header_red_free_scan_bg.gif -> %System32%\drivers\header_red_free_scan_bg.gif
    NY -> header_red_protect_your_pc.gif -> %System32%\drivers\header_red_protect_your_pc.gif
    NY -> icon_warning_big.gif -> %System32%\drivers\icon_warning_big.gif
    NY -> main_back.gif -> %System32%\drivers\main_back.gif
    NY -> perfect_cleaner_box.jpg -> %System32%\drivers\perfect_cleaner_box.jpg
    NY -> product_1_header.gif -> %System32%\drivers\product_1_header.gif
    NY -> product_1_name_small.gif -> %System32%\drivers\product_1_name_small.gif
    NY -> product_2_header.gif -> %System32%\drivers\product_2_header.gif
    NY -> product_2_name_small.gif -> %System32%\drivers\product_2_name_small.gif
    NY -> product_3_header.gif -> %System32%\drivers\product_3_header.gif
    NY -> product_3_name_small.gif -> %System32%\drivers\product_3_name_small.gif
    NY -> product_features.gif -> %System32%\drivers\product_features.gif
    NY -> pt.htm -> %System32%\drivers\pt.htm
    NY -> rating.gif -> %System32%\drivers\rating.gif
    NY -> remove_spyware_header.gif -> %System32%\drivers\remove_spyware_header.gif
    NY -> screenshot.jpg -> %System32%\drivers\screenshot.jpg
    NY -> sep_hor.gif -> %System32%\drivers\sep_hor.gif
    NY -> sep_vert.gif -> %System32%\drivers\sep_vert.gif
    NY -> shadow.jpg -> %System32%\drivers\shadow.jpg
    NY -> shadow_bg.gif -> %System32%\drivers\shadow_bg.gif
    NY -> spacer.gif -> %System32%\drivers\spacer.gif
    NY -> spyware_detected.gif -> %System32%\drivers\spyware_detected.gif
    NY -> spy_away_box.jpg -> %System32%\drivers\spy_away_box.jpg
    NY -> star.gif -> %System32%\drivers\star.gif
    NY -> star_gray.gif -> %System32%\drivers\star_gray.gif
    NY -> star_gray_small.gif -> %System32%\drivers\star_gray_small.gif
    NY -> star_small.gif -> %System32%\drivers\star_small.gif
    NY -> style.css -> %System32%\drivers\style.css
    NY -> s_detect.htm -> %System32%\drivers\s_detect.htm
    NY -> v.gif -> %System32%\drivers\v.gif
    NY -> warning_ico.gif -> %System32%\drivers\warning_ico.gif
    NY -> warning_icon.gif -> %System32%\drivers\warning_icon.gif
    NY -> win_logo.gif -> %System32%\drivers\win_logo.gif
    NY -> x.gif -> %System32%\drivers\x.gif
    NY -> yellow_warning_ico.gif -> %System32%\drivers\yellow_warning_ico.gif
    [Files/Folders - Modified Within 30 days]
    NY -> atynfdql.dll -> %System32%\atynfdql.dll
    NY -> aufncihi.ini -> %System32%\aufncihi.ini
    NY -> bpdhglee.dll -> %System32%\bpdhglee.dll
    NY -> cembuxjz.dll -> %System32%\cembuxjz.dll
    NY -> cembuxjz.dllbox -> %System32%\cembuxjz.dllbox
    NY -> coveubkq.ini -> %System32%\coveubkq.ini
    NY -> culigxhq.ini -> %System32%\culigxhq.ini
    NY -> dextqyou.dll -> %System32%\dextqyou.dll
    NY -> dqsmsvhc.dll -> %System32%\dqsmsvhc.dll
    NY -> dtvbpljf.dll -> %System32%\dtvbpljf.dll
    NY -> eelghdpb.ini -> %System32%\eelghdpb.ini
    NY -> esurceql.dll -> %System32%\esurceql.dll
    NY -> fgbfmfgo.exe -> %System32%\fgbfmfgo.exe
    NY -> fledgmkg.dll -> %System32%\fledgmkg.dll
    NY -> fpoeykot.ini -> %System32%\fpoeykot.ini
    NY -> ghhkj.bak1 -> %System32%\ghhkj.bak1
    NY -> ghhkj.bak2 -> %System32%\ghhkj.bak2
    NY -> ghhkj.ini -> %System32%\ghhkj.ini
    NY -> ghholedc.dll -> %System32%\ghholedc.dll
    NY -> hdaetheo.dll -> %System32%\hdaetheo.dll
    NY -> ilmrpxyk.dll -> %System32%\ilmrpxyk.dll
    NY -> jkhhg.dll -> %System32%\jkhhg.dll
    NY -> jnydlcyf.dll -> %System32%\jnydlcyf.dll
    NY -> kemudgnl.dll -> %System32%\kemudgnl.dll
    NY -> knrpjdrt.exe -> %System32%\knrpjdrt.exe
    NY -> lpivgmvq.exe -> %System32%\lpivgmvq.exe
    NY -> mbtatcfj.ini -> %System32%\mbtatcfj.ini
    NY -> mfcpotlj.dll -> %System32%\mfcpotlj.dll
    NY -> nhuodkfl.dllbox -> %System32%\nhuodkfl.dllbox
    NY -> nnnljhi.dll -> %System32%\nnnljhi.dll
    NY -> nudxculp.exe -> %System32%\nudxculp.exe
    NY -> ojkwqtpj.dll -> %System32%\ojkwqtpj.dll
    NY -> okcxtsdo.dll -> %System32%\okcxtsdo.dll
    NY -> oktmnuxr.ini -> %System32%\oktmnuxr.ini
    NY -> oslehegq.dll -> %System32%\oslehegq.dll
    NY -> pjcbhlgb.dll -> %System32%\pjcbhlgb.dll
    NY -> pkgkrypj.dll -> %System32%\pkgkrypj.dll
    NY -> pncrt.dll -> %System32%\pncrt.dll
    NY -> pvwckqyj.ini -> %System32%\pvwckqyj.ini
    NY -> qhxgiluc.dll -> %System32%\qhxgiluc.dll
    NY -> qisoaeby.ini -> %System32%\qisoaeby.ini
    NY -> qnfarejo.ini -> %System32%\qnfarejo.ini
    NY -> qsrmewsg.dll -> %System32%\qsrmewsg.dll
    NY -> rxrjrkex.ini -> %System32%\rxrjrkex.ini
    NY -> saufwvyg.dll -> %System32%\saufwvyg.dll
    NY -> sixavujb.dll -> %System32%\sixavujb.dll
    NY -> tjbiimnt.ini -> %System32%\tjbiimnt.ini
    NY -> ubgiugbu.dll -> %System32%\ubgiugbu.dll
    NY -> udgtruiw.ini -> %System32%\udgtruiw.ini
    NY -> vjjyhwmi.ini -> %System32%\vjjyhwmi.ini
    NY -> vnwkevog.ini -> %System32%\vnwkevog.ini
    NY -> wqbdysmk.dll -> %System32%\wqbdysmk.dll
    NY -> wxfrllgo.dll -> %System32%\wxfrllgo.dll
    NY -> xqurfxxa.ini -> %System32%\xqurfxxa.ini
    NY -> yaktlqvb.dll -> %System32%\yaktlqvb.dll
    NY -> ygixutlw.dll -> %System32%\ygixutlw.dll
    NY -> ylrbrqkh.dll -> %System32%\ylrbrqkh.dll
    NY -> __c001E90.dat -> %System32%\__c001E90.dat
    NY -> __c002AD3E.dat -> %System32%\__c002AD3E.dat
    NY -> __c0035629.dat -> %System32%\__c0035629.dat
    NY -> __c003C29E.dat -> %System32%\__c003C29E.dat
    NY -> __c006E3A0.dat -> %System32%\__c006E3A0.dat
    NY -> __c006F425.dat -> %System32%\__c006F425.dat
    NY -> __c0079CE7.dat -> %System32%\__c0079CE7.dat
    NY -> __c00922F.dat -> %System32%\__c00922F.dat
    NY -> __c0098D90.dat -> %System32%\__c0098D90.dat
    NY -> __c00BCC4A.dat -> %System32%\__c00BCC4A.dat
    NY -> __c00EF994.dat -> %System32%\__c00EF994.dat
    NY -> __c00F6321.dat -> %System32%\__c00F6321.dat
    NY -> __c00FFE10.dat -> %System32%\__c00FFE10.dat
    NY -> bg_bg.gif -> %System32%\drivers\bg_bg.gif
    NY -> blank.gif -> %System32%\drivers\blank.gif
    NY -> box_1.gif -> %System32%\drivers\box_1.gif
    NY -> box_2.gif -> %System32%\drivers\box_2.gif
    NY -> box_3.gif -> %System32%\drivers\box_3.gif
    NY -> button_buynow.gif -> %System32%\drivers\button_buynow.gif
    NY -> button_freescan.gif -> %System32%\drivers\button_freescan.gif
    NY -> cell_bg.gif -> %System32%\drivers\cell_bg.gif
    NY -> cell_footer.gif -> %System32%\drivers\cell_footer.gif
    NY -> cell_header_block.gif -> %System32%\drivers\cell_header_block.gif
    NY -> cell_header_remove.gif -> %System32%\drivers\cell_header_remove.gif
    NY -> cell_header_scan.gif -> %System32%\drivers\cell_header_scan.gif
    NY -> close_ico.gif -> %System32%\drivers\close_ico.gif
    NY -> detect.htm -> %System32%\drivers\detect.htm
    NY -> download_box.gif -> %System32%\drivers\download_box.gif
    NY -> download_btn.jpg -> %System32%\drivers\download_btn.jpg
    NY -> download_now_btn.gif -> %System32%\drivers\download_now_btn.gif
    NY -> footer_back.jpg -> %System32%\drivers\footer_back.jpg
    NY -> header_1.gif -> %System32%\drivers\header_1.gif
    NY -> header_2.gif -> %System32%\drivers\header_2.gif
    NY -> header_3.gif -> %System32%\drivers\header_3.gif
    NY -> header_4.gif -> %System32%\drivers\header_4.gif
    NY -> header_red_bg.gif -> %System32%\drivers\header_red_bg.gif
    NY -> header_red_free_scan.gif -> %System32%\drivers\header_red_free_scan.gif
    NY -> header_red_free_scan_bg.gif -> %System32%\drivers\header_red_free_scan_bg.gif
    NY -> header_red_protect_your_pc.gif -> %System32%\drivers\header_red_protect_your_pc.gif
    NY -> icon_warning_big.gif -> %System32%\drivers\icon_warning_big.gif
    NY -> infected.gif -> %System32%\drivers\infected.gif
    NY -> main_back.gif -> %System32%\drivers\main_back.gif
    NY -> perfect_cleaner_box.jpg -> %System32%\drivers\perfect_cleaner_box.jpg
    NY -> product_1_header.gif -> %System32%\drivers\product_1_header.gif
    NY -> product_1_name_small.gif -> %System32%\drivers\product_1_name_small.gif
    NY -> product_2_header.gif -> %System32%\drivers\product_2_header.gif
    NY -> product_2_name_small.gif -> %System32%\drivers\product_2_name_small.gif
    NY -> product_3_header.gif -> %System32%\drivers\product_3_header.gif
    NY -> product_3_name_small.gif -> %System32%\drivers\product_3_name_small.gif
    NY -> product_features.gif -> %System32%\drivers\product_features.gif
    NY -> pt.htm -> %System32%\drivers\pt.htm
    NY -> rating.gif -> %System32%\drivers\rating.gif
    NY -> remove_spyware_header.gif -> %System32%\drivers\remove_spyware_header.gif
    NY -> screenshot.jpg -> %System32%\drivers\screenshot.jpg
    NY -> sep_hor.gif -> %System32%\drivers\sep_hor.gif
    NY -> sep_vert.gif -> %System32%\drivers\sep_vert.gif
    NY -> shadow.jpg -> %System32%\drivers\shadow.jpg
    NY -> shadow_bg.gif -> %System32%\drivers\shadow_bg.gif
    NY -> spacer.gif -> %System32%\drivers\spacer.gif
    NY -> spyware_detected.gif -> %System32%\drivers\spyware_detected.gif
    NY -> spy_away_box.jpg -> %System32%\drivers\spy_away_box.jpg
    NY -> star.gif -> %System32%\drivers\star.gif
    NY -> star_gray.gif -> %System32%\drivers\star_gray.gif
    NY -> star_gray_small.gif -> %System32%\drivers\star_gray_small.gif
    NY -> star_small.gif -> %System32%\drivers\star_small.gif
    NY -> style.css -> %System32%\drivers\style.css
    NY -> s_detect.htm -> %System32%\drivers\s_detect.htm
    NY -> v.gif -> %System32%\drivers\v.gif
    NY -> warning_ico.gif -> %System32%\drivers\warning_ico.gif
    NY -> warning_icon.gif -> %System32%\drivers\warning_icon.gif
    NY -> win_logo.gif -> %System32%\drivers\win_logo.gif
    NY -> x.gif -> %System32%\drivers\x.gif
    NY -> yellow_warning_ico.gif -> %System32%\drivers\yellow_warning_ico.gif
    [File String Scan - Non-Microsoft Only]
    NY -> UPX! , UPX0 , -> %System32%\atynfdql.dll
    NY -> UPX! , UPX0 , -> %System32%\dextqyou.dll
    NY -> UPX! , UPX0 , -> %System32%\dqsmsvhc.dll
    NY -> UPX! , UPX0 , -> %System32%\dtvbpljf.dll
    NY -> UPX! , UPX0 , -> %System32%\esurceql.dll
    NY -> UPX! , UPX0 , -> %System32%\fledgmkg.dll
    NY -> UPX! , UPX0 , -> %System32%\ghholedc.dll
    NY -> UPX! , UPX0 , -> %System32%\hdaetheo.dll
    NY -> UPX! , UPX0 , -> %System32%\ilmrpxyk.dll
    NY -> UPX! , UPX0 , -> %System32%\jnydlcyf.dll
    NY -> UPX! , -> %System32%\oembios.bin
    NY -> UPX! , UPX0 , -> %System32%\okcxtsdo.dll
    NY -> UPX! , UPX0 , -> %System32%\oslehegq.dll
    NY -> UPX! , UPX0 , -> %System32%\pjcbhlgb.dll
    NY -> UPX! , UPX0 , -> %System32%\pkgkrypj.dll
    NY -> UPX! , UPX0 , -> %System32%\qsrmewsg.dll
    NY -> UPX! , UPX0 , -> %System32%\saufwvyg.dll
    NY -> UPX! , UPX0 , -> %System32%\sixavujb.dll
    NY -> UPX! , UPX0 , -> %System32%\ubgiugbu.dll
    NY -> UPX! , UPX0 , -> %System32%\wqbdysmk.dll
    NY -> UPX! , UPX0 , -> %System32%\wxfrllgo.dll
    NY -> UPX! , UPX0 , -> %System32%\yaktlqvb.dll
    NY -> UPX! , UPX0 , -> %System32%\ygixutlw.dll
    NY -> UPX! , UPX0 , -> %System32%\ylrbrqkh.dll
    NY -> UPX! , UPX0 , -> %System32%\__c002AD3E.dat
    NY -> UPX! , UPX0 , -> %System32%\__c0035629.dat
    NY -> UPX! , UPX0 , -> %System32%\__c003C29E.dat
    NY -> UPX! , UPX0 , -> %System32%\__c006E3A0.dat
    NY -> UPX! , UPX0 , -> %System32%\__c006F425.dat
    NY -> UPX! , UPX0 , -> %System32%\__c0079CE7.dat
    NY -> UPX! , UPX0 , -> %System32%\__c00922F.dat
    NY -> UPX! , UPX0 , -> %System32%\__c0098D90.dat
    NY -> UPX! , UPX0 , -> %System32%\__c00BCC4A.dat
    NY -> UPX! , UPX0 , -> %System32%\__c00EF994.dat
    NY -> UPX! , UPX0 , -> %System32%\__c00F6321.dat
    NY -> UPX! , UPX0 , -> %System32%\__c00FFE10.dat
    [Empty Temp Folders]
    [Start Explorer]
    [Reboot]

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

    I will review the information when it comes back in.




    Also read the sticky and post a HijackThis log here.


  • #8
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    Ya, my virus scan keeps going crazy. I don't know how many times I've run a scan.! :mad:

    Thanks for your help, what sticky are your referring to?


  • #9
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    Here is the fix report:

    Explorer killed successfully
    [Registry - Non-Microsoft Only]
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\c8866ae6 not found.
    File C:\WINDOWS\SYSTEM32\bpdhglee.dll not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\USRpdA not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls written successfully.
    C:\WINDOWS\SYSTEM32\__c001E90.dat moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cembuxjz deleted successfully.
    C:\WINDOWS\SYSTEM32\cembuxjz.dll unregistered successfully.
    File move failed. C:\WINDOWS\SYSTEM32\cembuxjz.dll scheduled to be moved on reboot.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyp32 not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33465ed5-eca7-4e7d-8362-f52e90a10336} not found.
    File C:\WINDOWS\SYSTEM32\ojkwqtpj.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A} deleted successfully.
    C:\WINDOWS\SYSTEM32\cembuxjz.dll unregistered successfully.
    File move failed. C:\WINDOWS\SYSTEM32\cembuxjz.dll scheduled to be moved on reboot.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E928C6C8-A13C-4C25-A449-3EE0DFAE94F8} not found.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkhhg.dll
    C:\WINDOWS\SYSTEM32\jkhhg.dll NOT unregistered.
    File move failed. C:\WINDOWS\SYSTEM32\jkhhg.dll scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{11A69AE4-FBED-4832-A2BF-45AF82825583} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583} deleted successfully.
    C:\WINDOWS\SYSTEM32\cembuxjz.dll unregistered successfully.
    File move failed. C:\WINDOWS\SYSTEM32\cembuxjz.dll scheduled to be moved on reboot.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} not found.
    [Files/Folders - Created Within 30 days]
    File C:\WINDOWS\SYSTEM32\atynfdql.dll not found!
    File C:\WINDOWS\SYSTEM32\aufncihi.ini not found!
    File C:\WINDOWS\SYSTEM32\bpdhglee.dll not found!
    C:\WINDOWS\SYSTEM32\cembuxjz.dll unregistered successfully.
    File move failed. C:\WINDOWS\SYSTEM32\cembuxjz.dll scheduled to be moved on reboot.
    C:\WINDOWS\SYSTEM32\cembuxjz.dllbox moved successfully.
    File C:\WINDOWS\SYSTEM32\coveubkq.ini not found!
    File C:\WINDOWS\SYSTEM32\culigxhq.ini not found!
    File C:\WINDOWS\SYSTEM32\dextqyou.dll not found!
    File C:\WINDOWS\SYSTEM32\dqsmsvhc.dll not found!
    File C:\WINDOWS\SYSTEM32\dtvbpljf.dll not found!
    File C:\WINDOWS\SYSTEM32\eelghdpb.ini not found!
    File C:\WINDOWS\SYSTEM32\esurceql.dll not found!
    File C:\WINDOWS\SYSTEM32\fgbfmfgo.exe not found!
    File C:\WINDOWS\SYSTEM32\fledgmkg.dll not found!
    File C:\WINDOWS\SYSTEM32\fpoeykot.ini not found!
    C:\WINDOWS\SYSTEM32\ghhkj.bak1 moved successfully.
    File C:\WINDOWS\SYSTEM32\ghhkj.bak2 not found!
    C:\WINDOWS\SYSTEM32\ghhkj.ini moved successfully.
    File C:\WINDOWS\SYSTEM32\ghholedc.dll not found!
    File C:\WINDOWS\SYSTEM32\hdaetheo.dll not found!
    File C:\WINDOWS\SYSTEM32\ilmrpxyk.dll not found!
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkhhg.dll
    C:\WINDOWS\SYSTEM32\jkhhg.dll NOT unregistered.
    File move failed. C:\WINDOWS\SYSTEM32\jkhhg.dll scheduled to be moved on reboot.
    File C:\WINDOWS\SYSTEM32\jnydlcyf.dll not found!
    File C:\WINDOWS\SYSTEM32\kemudgnl.dll not found!
    File C:\WINDOWS\SYSTEM32\knrpjdrt.exe not found!
    File C:\WINDOWS\SYSTEM32\lpivgmvq.exe not found!
    File C:\WINDOWS\SYSTEM32\mbtatcfj.ini not found!
    File C:\WINDOWS\SYSTEM32\mfcpotlj.dll not found!
    C:\WINDOWS\SYSTEM32\nhuodkfl.dllbox moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\nnnljhi.dll
    C:\WINDOWS\SYSTEM32\nnnljhi.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\nnnljhi.dll moved successfully.
    C:\WINDOWS\SYSTEM32\nudxculp.exe moved successfully.
    File C:\WINDOWS\SYSTEM32\ojkwqtpj.dll not found!
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\okcxtsdo.dll
    C:\WINDOWS\SYSTEM32\okcxtsdo.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\okcxtsdo.dll moved successfully.
    C:\WINDOWS\SYSTEM32\oktmnuxr.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\oslehegq.dll
    C:\WINDOWS\SYSTEM32\oslehegq.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\oslehegq.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\pjcbhlgb.dll
    C:\WINDOWS\SYSTEM32\pjcbhlgb.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\pjcbhlgb.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\pkgkrypj.dll
    C:\WINDOWS\SYSTEM32\pkgkrypj.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\pkgkrypj.dll moved successfully.
    C:\WINDOWS\SYSTEM32\pvwckqyj.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\qhxgiluc.dll
    C:\WINDOWS\SYSTEM32\qhxgiluc.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\qhxgiluc.dll moved successfully.
    C:\WINDOWS\SYSTEM32\qisoaeby.ini moved successfully.
    C:\WINDOWS\SYSTEM32\qnfarejo.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\qsrmewsg.dll
    C:\WINDOWS\SYSTEM32\qsrmewsg.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\qsrmewsg.dll moved successfully.
    C:\WINDOWS\SYSTEM32\rxrjrkex.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\saufwvyg.dll
    C:\WINDOWS\SYSTEM32\saufwvyg.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\saufwvyg.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\sixavujb.dll
    C:\WINDOWS\SYSTEM32\sixavujb.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\sixavujb.dll moved successfully.
    C:\WINDOWS\SYSTEM32\tjbiimnt.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ubgiugbu.dll
    C:\WINDOWS\SYSTEM32\ubgiugbu.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\ubgiugbu.dll moved successfully.
    C:\WINDOWS\SYSTEM32\udgtruiw.ini moved successfully.
    C:\WINDOWS\SYSTEM32\vjjyhwmi.ini moved successfully.
    C:\WINDOWS\SYSTEM32\vnwkevog.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\wqbdysmk.dll
    C:\WINDOWS\SYSTEM32\wqbdysmk.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\wqbdysmk.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\wxfrllgo.dll
    C:\WINDOWS\SYSTEM32\wxfrllgo.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\wxfrllgo.dll moved successfully.
    C:\WINDOWS\SYSTEM32\xqurfxxa.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\yaktlqvb.dll
    C:\WINDOWS\SYSTEM32\yaktlqvb.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\yaktlqvb.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ygixutlw.dll
    C:\WINDOWS\SYSTEM32\ygixutlw.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\ygixutlw.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ylrbrqkh.dll
    C:\WINDOWS\SYSTEM32\ylrbrqkh.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\ylrbrqkh.dll moved successfully.
    File C:\WINDOWS\SYSTEM32\__c001E90.dat not found!
    C:\WINDOWS\SYSTEM32\__c002AD3E.dat moved successfully.
    C:\WINDOWS\SYSTEM32\__c0035629.dat moved successfully.
    C:\WINDOWS\SYSTEM32\__c003C29E.dat moved successfully.
    C:\WINDOWS\SYSTEM32\__c006E3A0.dat moved successfully.
    C:\WINDOWS\SYSTEM32\__c006F425.dat moved successfully.
    C:\WINDOWS\SYSTEM32\__c0079CE7.dat moved successfully.
    C:\WINDOWS\SYSTEM32\__c00922F.dat moved successfully.
    C:\WINDOWS\SYSTEM32\__c0098D90.dat moved successfully.
    C:\WINDOWS\SYSTEM32\__c00BCC4A.dat moved successfully.
    C:\WINDOWS\SYSTEM32\__c00EF994.dat moved successfully.
    C:\WINDOWS\SYSTEM32\__c00F6321.dat moved successfully.
    C:\WINDOWS\SYSTEM32\__c00FFE10.dat moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\bg_bg.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\blank.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\box_1.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\box_2.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\box_3.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\button_buynow.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\button_freescan.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\cell_bg.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\cell_footer.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\cell_header_block.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\cell_header_remove.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\cell_header_scan.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\close_ico.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\detect.htm moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\download_box.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\download_btn.jpg moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\download_now_btn.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\footer_back.jpg moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\header_1.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\header_2.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\header_3.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\header_4.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\header_red_bg.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\header_red_free_scan.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\header_red_free_scan_bg.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\header_red_protect_your_pc.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\icon_warning_big.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\main_back.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\perfect_cleaner_box.jpg moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\product_1_header.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\product_1_name_small.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\product_2_header.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\product_2_name_small.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\product_3_header.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\product_3_name_small.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\product_features.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\pt.htm moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\rating.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\remove_spyware_header.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\screenshot.jpg moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\sep_hor.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\sep_vert.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\shadow.jpg moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\shadow_bg.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\spacer.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\spyware_detected.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\spy_away_box.jpg moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\star.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\star_gray.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\star_gray_small.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\star_small.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\style.css moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\s_detect.htm moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\v.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\warning_ico.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\warning_icon.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\win_logo.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\x.gif moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\yellow_warning_ico.gif moved successfully.
    [Files/Folders - Modified Within 30 days]
    File C:\WINDOWS\SYSTEM32\atynfdql.dll not found!
    File C:\WINDOWS\SYSTEM32\aufncihi.ini not found!
    File C:\WINDOWS\SYSTEM32\bpdhglee.dll not found!
    C:\WINDOWS\SYSTEM32\cembuxjz.dll unregistered successfully.
    File move failed. C:\WINDOWS\SYSTEM32\cembuxjz.dll scheduled to be moved on reboot.
    File C:\WINDOWS\SYSTEM32\cembuxjz.dllbox not found!
    File C:\WINDOWS\SYSTEM32\coveubkq.ini not found!
    File C:\WINDOWS\SYSTEM32\culigxhq.ini not found!
    File C:\WINDOWS\SYSTEM32\dextqyou.dll not found!
    File C:\WINDOWS\SYSTEM32\dqsmsvhc.dll not found!
    File C:\WINDOWS\SYSTEM32\dtvbpljf.dll not found!
    File C:\WINDOWS\SYSTEM32\eelghdpb.ini not found!
    File C:\WINDOWS\SYSTEM32\esurceql.dll not found!
    File C:\WINDOWS\SYSTEM32\fgbfmfgo.exe not found!
    File C:\WINDOWS\SYSTEM32\fledgmkg.dll not found!
    File C:\WINDOWS\SYSTEM32\fpoeykot.ini not found!
    File C:\WINDOWS\SYSTEM32\ghhkj.bak1 not found!
    File C:\WINDOWS\SYSTEM32\ghhkj.bak2 not found!
    File C:\WINDOWS\SYSTEM32\ghhkj.ini not found!
    File C:\WINDOWS\SYSTEM32\ghholedc.dll not found!
    File C:\WINDOWS\SYSTEM32\hdaetheo.dll not found!
    File C:\WINDOWS\SYSTEM32\ilmrpxyk.dll not found!
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkhhg.dll
    C:\WINDOWS\SYSTEM32\jkhhg.dll NOT unregistered.
    File move failed. C:\WINDOWS\SYSTEM32\jkhhg.dll scheduled to be moved on reboot.
    File C:\WINDOWS\SYSTEM32\jnydlcyf.dll not found!
    File C:\WINDOWS\SYSTEM32\kemudgnl.dll not found!
    File C:\WINDOWS\SYSTEM32\knrpjdrt.exe not found!
    File C:\WINDOWS\SYSTEM32\lpivgmvq.exe not found!
    File C:\WINDOWS\SYSTEM32\mbtatcfj.ini not found!
    File C:\WINDOWS\SYSTEM32\mfcpotlj.dll not found!
    File C:\WINDOWS\SYSTEM32\nhuodkfl.dllbox not found!
    File C:\WINDOWS\SYSTEM32\nnnljhi.dll not found!
    File C:\WINDOWS\SYSTEM32\nudxculp.exe not found!
    File C:\WINDOWS\SYSTEM32\ojkwqtpj.dll not found!
    File C:\WINDOWS\SYSTEM32\okcxtsdo.dll not found!
    File C:\WINDOWS\SYSTEM32\oktmnuxr.ini not found!
    File C:\WINDOWS\SYSTEM32\oslehegq.dll not found!
    File C:\WINDOWS\SYSTEM32\pjcbhlgb.dll not found!
    File C:\WINDOWS\SYSTEM32\pkgkrypj.dll not found!
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\pncrt.dll
    C:\WINDOWS\SYSTEM32\pncrt.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\pncrt.dll moved successfully.
    File C:\WINDOWS\SYSTEM32\pvwckqyj.ini not found!
    File C:\WINDOWS\SYSTEM32\qhxgiluc.dll not found!
    File C:\WINDOWS\SYSTEM32\qisoaeby.ini not found!
    File C:\WINDOWS\SYSTEM32\qnfarejo.ini not found!
    File C:\WINDOWS\SYSTEM32\qsrmewsg.dll not found!
    File C:\WINDOWS\SYSTEM32\rxrjrkex.ini not found!
    File C:\WINDOWS\SYSTEM32\saufwvyg.dll not found!
    File C:\WINDOWS\SYSTEM32\sixavujb.dll not found!
    File C:\WINDOWS\SYSTEM32\tjbiimnt.ini not found!
    File C:\WINDOWS\SYSTEM32\ubgiugbu.dll not found!
    File C:\WINDOWS\SYSTEM32\udgtruiw.ini not found!
    File C:\WINDOWS\SYSTEM32\vjjyhwmi.ini not found!
    File C:\WINDOWS\SYSTEM32\vnwkevog.ini not found!
    File C:\WINDOWS\SYSTEM32\wqbdysmk.dll not found!
    File C:\WINDOWS\SYSTEM32\wxfrllgo.dll not found!
    File C:\WINDOWS\SYSTEM32\xqurfxxa.ini not found!
    File C:\WINDOWS\SYSTEM32\yaktlqvb.dll not found!
    File C:\WINDOWS\SYSTEM32\ygixutlw.dll not found!
    File C:\WINDOWS\SYSTEM32\ylrbrqkh.dll not found!
    File C:\WINDOWS\SYSTEM32\__c001E90.dat not found!
    File C:\WINDOWS\SYSTEM32\__c002AD3E.dat not found!
    File C:\WINDOWS\SYSTEM32\__c0035629.dat not found!
    File C:\WINDOWS\SYSTEM32\__c003C29E.dat not found!
    File C:\WINDOWS\SYSTEM32\__c006E3A0.dat not found!
    File C:\WINDOWS\SYSTEM32\__c006F425.dat not found!
    File C:\WINDOWS\SYSTEM32\__c0079CE7.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00922F.dat not found!
    File C:\WINDOWS\SYSTEM32\__c0098D90.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00BCC4A.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00EF994.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00F6321.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00FFE10.dat not found!
    File C:\WINDOWS\SYSTEM32\drivers\bg_bg.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\blank.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\box_1.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\box_2.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\box_3.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\button_buynow.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\button_freescan.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\cell_bg.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\cell_footer.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\cell_header_block.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\cell_header_remove.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\cell_header_scan.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\close_ico.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\detect.htm not found!
    File C:\WINDOWS\SYSTEM32\drivers\download_box.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\download_btn.jpg not found!
    File C:\WINDOWS\SYSTEM32\drivers\download_now_btn.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\footer_back.jpg not found!
    File C:\WINDOWS\SYSTEM32\drivers\header_1.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\header_2.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\header_3.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\header_4.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\header_red_bg.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\header_red_free_scan.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\header_red_free_scan_bg.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\header_red_protect_your_pc.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\icon_warning_big.gif not found!
    C:\WINDOWS\SYSTEM32\drivers\infected.gif moved successfully.
    File C:\WINDOWS\SYSTEM32\drivers\main_back.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\perfect_cleaner_box.jpg not found!
    File C:\WINDOWS\SYSTEM32\drivers\product_1_header.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\product_1_name_small.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\product_2_header.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\product_2_name_small.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\product_3_header.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\product_3_name_small.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\product_features.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\pt.htm not found!
    File C:\WINDOWS\SYSTEM32\drivers\rating.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\remove_spyware_header.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\screenshot.jpg not found!
    File C:\WINDOWS\SYSTEM32\drivers\sep_hor.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\sep_vert.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\shadow.jpg not found!
    File C:\WINDOWS\SYSTEM32\drivers\shadow_bg.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\spacer.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\spyware_detected.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\spy_away_box.jpg not found!
    File C:\WINDOWS\SYSTEM32\drivers\star.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\star_gray.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\star_gray_small.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\star_small.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\style.css not found!
    File C:\WINDOWS\SYSTEM32\drivers\s_detect.htm not found!
    File C:\WINDOWS\SYSTEM32\drivers\v.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\warning_ico.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\warning_icon.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\win_logo.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\x.gif not found!
    File C:\WINDOWS\SYSTEM32\drivers\yellow_warning_ico.gif not found!
    [File String Scan - Non-Microsoft Only]
    File C:\WINDOWS\SYSTEM32\atynfdql.dll not found!
    File C:\WINDOWS\SYSTEM32\dextqyou.dll not found!
    File C:\WINDOWS\SYSTEM32\dqsmsvhc.dll not found!
    File C:\WINDOWS\SYSTEM32\dtvbpljf.dll not found!
    File C:\WINDOWS\SYSTEM32\esurceql.dll not found!
    File C:\WINDOWS\SYSTEM32\fledgmkg.dll not found!
    File C:\WINDOWS\SYSTEM32\ghholedc.dll not found!
    File C:\WINDOWS\SYSTEM32\hdaetheo.dll not found!
    File C:\WINDOWS\SYSTEM32\ilmrpxyk.dll not found!
    File C:\WINDOWS\SYSTEM32\jnydlcyf.dll not found!
    C:\WINDOWS\SYSTEM32\oembios.bin moved successfully.
    File C:\WINDOWS\SYSTEM32\okcxtsdo.dll not found!
    File C:\WINDOWS\SYSTEM32\oslehegq.dll not found!
    File C:\WINDOWS\SYSTEM32\pjcbhlgb.dll not found!
    File C:\WINDOWS\SYSTEM32\pkgkrypj.dll not found!
    File C:\WINDOWS\SYSTEM32\qsrmewsg.dll not found!
    File C:\WINDOWS\SYSTEM32\saufwvyg.dll not found!
    File C:\WINDOWS\SYSTEM32\sixavujb.dll not found!
    File C:\WINDOWS\SYSTEM32\ubgiugbu.dll not found!
    File C:\WINDOWS\SYSTEM32\wqbdysmk.dll not found!
    File C:\WINDOWS\SYSTEM32\wxfrllgo.dll not found!
    File C:\WINDOWS\SYSTEM32\yaktlqvb.dll not found!
    File C:\WINDOWS\SYSTEM32\ygixutlw.dll not found!
    File C:\WINDOWS\SYSTEM32\ylrbrqkh.dll not found!
    File C:\WINDOWS\SYSTEM32\__c002AD3E.dat not found!
    File C:\WINDOWS\SYSTEM32\__c0035629.dat not found!
    File C:\WINDOWS\SYSTEM32\__c003C29E.dat not found!
    File C:\WINDOWS\SYSTEM32\__c006E3A0.dat not found!
    File C:\WINDOWS\SYSTEM32\__c006F425.dat not found!
    File C:\WINDOWS\SYSTEM32\__c0079CE7.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00922F.dat not found!
    File C:\WINDOWS\SYSTEM32\__c0098D90.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00BCC4A.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00EF994.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00F6321.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00FFE10.dat not found!
    [Empty Temp Folders]
    C:\DOCUME~1\Derek\LOCALS~1\Temp\ -> emptied.
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
    RecycleBin -> emptied.
    Explorer started successfully
    < End of log >
    Created on 11/14/2007 18:56:50


  • #10
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    Here is the new report:

    WinPFind3 logfile created on: 14/11/2007 19:08:52
    WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Derek\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    1022.73 Mb Total Physical Memory | 540.52 Mb Available Physical Memory | 52.85% Memory free
    2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.77% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19.53 Gb Total Space | 9.44 Gb Free Space | 48.35% Space Free
    Drive D: | 129.51 Gb Total Space | 67.87 Gb Free Space | 52.40% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: CASTLETR-YKJ3FD
    Current User Name: Derek
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
    ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 79224 bytes | Modified Date = 25/10/2007 16:20:44 | Attr = ]
    ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 247160 bytes | Modified Date = 25/10/2007 16:20:14 | Attr = ]
    ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 136568 bytes | Modified Date = 25/10/2007 16:20:38 | Attr = ]
    ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 345464 bytes | Modified Date = 25/10/2007 16:19:22 | Attr = ]
    asusprob.exe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 06/12/2002 15:07:48 | Attr = ]
    aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 17272 bytes | Modified Date = 25/10/2007 16:46:32 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5103 | Size = 335872 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    bluesoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 1, 4 | Size = 1183744 bytes | Modified Date = 06/06/2005 12:23:08 | Attr = ]
    btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr = ]
    easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 19/09/2007 03:33:46 | Attr = ]
    ezprint.exe -> %ProgramFiles%\Lexmark 4300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.11.0 | Size = 94208 bytes | Modified Date = 26/07/2005 12:17:18 | Attr = ]
    firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.9: 2007102514 | Size = 7649128 bytes | Modified Date = 03/11/2007 13:00:24 | Attr = ]
    hydradm.exe -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraDM.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 270336 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    hydramd.exe -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraMD.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 364544 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 1381376 bytes | Modified Date = 27/01/2005 17:17:32 | Attr = ]
    incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ]
    ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
    launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 14:10:32 | Attr = ]
    lxcecoms.exe -> %System32%\lxcecoms.exe -> Lexmark International, Inc. [Ver = 1.101.101.0 | Size = 471040 bytes | Modified Date = 06/07/2005 10:14:12 | Attr = ]
    lxcemon.exe -> %ProgramFiles%\Lexmark 4300 Series\lxcemon.exe -> Lexmark International, Inc. [Ver = 2.6.44.20 | Size = 192512 bytes | Modified Date = 02/08/2005 17:45:16 | Attr = ]
    reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 02:06:32 | Attr = ]
    rfpicon.exe -> %ProgramFiles%\VibrateGameDeviceDriver\rfpicon.exe -> Ruling Tec Pte Ltd [Ver = 1.0 | Size = 49152 bytes | Modified Date = 16/01/2003 11:32:40 | Attr = ]
    servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 15:55:00 | Attr = ]
    smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]
    smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 25 | Size = 585728 bytes | Modified Date = 30/05/2003 08:42:22 | Attr = ]
    smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 29/05/2003 15:28:32 | Attr = ]
    utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 29/09/2007 14:08:40 | Attr = ]
    vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]
    wxlumkfa.exe -> %System32%\wxlumkfa.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 14/11/2007 18:55:48 | Attr = ]
    zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
    (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 17272 bytes | Modified Date = 25/10/2007 16:46:32 | Attr = ]
    (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 136568 bytes | Modified Date = 25/10/2007 16:20:38 | Attr = ]
    (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 247160 bytes | Modified Date = 25/10/2007 16:20:14 | Attr = ]
    (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 345464 bytes | Modified Date = 25/10/2007 16:19:22 | Attr = ]
    (BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 03/08/2004 23:56:50 | Attr = ]
    (DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\wxlumkfa.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 14/11/2007 18:55:48 | Attr = ]
    (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
    (InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    (InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ]
    (lxce_device) lxce_device [Win32_Own | On_Demand | Running] -> %System32%\lxcecoms.exe -> Lexmark International, Inc. [Ver = 1.101.101.0 | Size = 471040 bytes | Modified Date = 06/07/2005 10:14:12 | Attr = ]
    (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 15:55:00 | Attr = ]
    (SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]
    (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 02:06:32 | Attr = ]
    ASUS Probe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 06/12/2002 15:07:48 | Attr = ]
    ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5103 | Size = 335872 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 79224 bytes | Modified Date = 25/10/2007 16:20:44 | Attr = ]
    c8866ae6 -> %System32%\ymarkopr.dll [rundll32.exe "C:\WINDOWS\system32\ymarkopr.dll",b] -> [Ver = | Size = 85056 bytes | Modified Date = 14/11/2007 19:08:34 | Attr = ]
    EzPrint -> %ProgramFiles%\Lexmark 4300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.11.0 | Size = 94208 bytes | Modified Date = 26/07/2005 12:17:18 | Attr = ]
    FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 12/07/2005 09:36:32 | Attr = ]
    HydraVisionDesktopManager -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraDM.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 270336 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    HydraVisionViewport -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraMD.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 364544 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 1381376 bytes | Modified Date = 27/01/2005 17:17:32 | Attr = ]
    iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ]
    LXCECATS -> %System32%\spool\drivers\w32x86\3\lxcetime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 20/07/2005 13:46:26 | Attr = ]
    lxcemon.exe -> %ProgramFiles%\Lexmark 4300 Series\lxcemon.exe -> Lexmark International, Inc. [Ver = 2.6.44.20 | Size = 192512 bytes | Modified Date = 02/08/2005 17:45:16 | Attr = ]
    NeroFilterCheck -> %System32%\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 12/01/2006 15:40:44 | Attr = ]
    PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 14:10:32 | Attr = ]
    QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 05:24:52 | Attr = ]
    RTBatteryMeter -> %ProgramFiles%\VibrateGameDeviceDriver\rfpicon.exe -> Ruling Tec Pte Ltd [Ver = 1.0 | Size = 49152 bytes | Modified Date = 16/01/2003 11:32:40 | Attr = ]
    SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 25 | Size = 585728 bytes | Modified Date = 30/05/2003 08:42:22 | Attr = ]
    SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 29/05/2003 15:28:32 | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
    ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]
    < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
    IMAIL -> Installed = 1 ->
    MAPI -> Installed = 1 ->
    MSFS -> Installed = 1 ->
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 65 | Size = 2048000 bytes | Modified Date = 15/09/2006 13:27:00 | Attr = ]
    uTorrent -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 29/09/2007 14:08:40 | Attr = ]
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
    %AllUsersStartup%\BlueSoleil.lnk -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 1, 4 | Size = 1183744 bytes | Modified Date = 06/06/2005 12:23:08 | Attr = ]
    %AllUsersStartup%\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 19/09/2007 03:33:46 | Attr = ]
    < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
    C:\WINDOWS\system32\__c00FAC04.dat -> %System32%\__c00FAC04.dat -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 19:06:32 | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 21/02/2006 19:40:30 | Attr = ]
    cembuxjz -> %System32%\cembuxjz.dll -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
    < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
    127.0.0.1 localhost -> ->
    < Internet Explorer Settings > -> ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Local Page -> C:\windows\system32\blank.htm ->
    HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Local Page -> C:\windows\system32\blank.htm ->
    HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKCU: ProxyEnable -> 0 ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    msn.com [ - ] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {4604916A-BA6F-4848-8AC7-EF2AB950359D} [HKLM] -> %System32%\jkhhg.dll [Reg Data - Value does not exist] -> [Ver = | Size = 309856 bytes | Modified Date = 20/10/2007 13:13:56 | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 00:04:00 | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\cembuxjz.dll [Reg Data - Value does not exist] -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    {11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\cembuxjz.dll [Security Toolbar] -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
    E&xport to Microsoft Excel -> -> File not found
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {3BB9887A-7CB8-4ED0-A62F-EE8872C191D4} -> (3Com Gigabit LOM (3C940)) ->
    {E975F870-F424-4215-B8ED-98206BCF8630} -> () ->
    {F7EEB0CF-F017-4CDD-A843-90A27FF9DA39} -> () ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab ->
    {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190929777716 ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191158134265 ->
    {6F750202-1362-4815-A476-88533DE61D0C} -> Kodak Gallery Easy Upload Manager Class - CodeBase = http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc4.cab ->
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ->
    Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


    [Registry - Additional Scans - Non-Microsoft Only]

    [Files/Folders - Created Within 30 days]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 22/10/2007 22:23:43 | Attr = ]
    $NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 13/11/2007 19:05:02 | Attr = H ]
    cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 115 bytes | Created Date = 21/10/2007 11:15:15 | Attr = ]
    CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 22/10/2007 19:33:20 | Attr = HS]
    PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 22/10/2007 20:11:31 | Attr = H ]
    appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 22/10/2007 19:14:33 | Attr = ]
    cembuxjz.dll -> %System32%\cembuxjz.dll -> [Ver = | Size = 145984 bytes | Created Date = 13/11/2007 20:23:20 | Attr = ]
    cembuxjz.dllbox -> %System32%\cembuxjz.dllbox -> [Ver = | Size = 20810 bytes | Created Date = 14/11/2007 18:52:25 | Attr = HS]
    chiearpb.dll -> %System32%\chiearpb.dll -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 19:06:29 | Attr = ]
    cohbupvg.dll -> %System32%\cohbupvg.dll -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 18:57:07 | Attr = ]
    dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 22/10/2007 21:29:30 | Attr = ]
    fmbqqtxw.dll -> %System32%\fmbqqtxw.dll -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 18:55:23 | Attr = ]
    ghhkj.bak1 -> %System32%\ghhkj.bak1 -> [Ver = | Size = 99363 bytes | Created Date = 14/11/2007 18:57:07 | Attr = HS]
    ghhkj.ini -> %System32%\ghhkj.ini -> [Ver = | Size = 100995 bytes | Created Date = 14/11/2007 18:52:22 | Attr = HS]
    GroupPolicy -> %System32%\GroupPolicy -> [Folder | Created Date = 13/11/2007 23:06:06 | Attr = H ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    jkhhg.dll -> %System32%\jkhhg.dll -> [Ver = | Size = 309856 bytes | Created Date = 20/10/2007 13:13:53 | Attr = ]
    lrgofkwh.exe -> %System32%\lrgofkwh.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 14/11/2007 19:08:30 | Attr = ]
    Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 22/10/2007 21:29:26 | Attr = ]
    rpokramy.ini -> %System32%\rpokramy.ini -> [Ver = | Size = 671127 bytes | Created Date = 14/11/2007 19:08:42 | Attr = HS]
    SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 22/10/2007 21:29:29 | Attr = ]
    swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 22/10/2007 21:29:27 | Attr = ]
    swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 22/10/2007 21:29:28 | Attr = ]
    swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 22/10/2007 21:29:31 | Attr = ]
    tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4738 bytes | Created Date = 22/10/2007 21:32:42 | Attr = ]
    VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 22/10/2007 21:29:32 | Attr = ]
    viccbeor.dll -> %System32%\viccbeor.dll -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 18:53:19 | Attr = ]
    WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 22/10/2007 21:29:34 | Attr = ]
    wxlumkfa.exe -> %System32%\wxlumkfa.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 14/11/2007 18:55:47 | Attr = ]
    ymarkopr.dll -> %System32%\ymarkopr.dll -> [Ver = | Size = 85056 bytes | Created Date = 14/11/2007 19:08:31 | Attr = ]
    __c0053726.dat -> %System32%\__c0053726.dat -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 18:55:24 | Attr = ]
    __c00FAC04.dat -> %System32%\__c00FAC04.dat -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 19:06:30 | Attr = ]
    imagedrv.sys -> %System32%\drivers\imagedrv.sys -> Ahead Software AG [Ver = 2.29.0.0 built by: WinDDK | Size = 5888 bytes | Created Date = 13/11/2007 21:28:43 | Attr = ]
    imagesrv.sys -> %System32%\drivers\imagesrv.sys -> Ahead Software AG [Ver = 2.29.0.0 built by: WinDDK | Size = 127488 bytes | Created Date = 13/11/2007 21:28:43 | Attr = ]

    [Files/Folders - Modified Within 30 days]
    Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 28/10/2007 15:28:30 | Attr = ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/11/2007 15:44:28 | Attr = R ]
    System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 13/11/2007 22:28:00 | Attr = HS]
    Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 13/11/2007 21:26:32 | Attr = ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 13/11/2007 19:31:06 | Attr = ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 13/11/2007 23:06:22 | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 13/11/2007 19:04:44 | Attr = H ]
    $NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 13/11/2007 19:05:04 | Attr = H ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 14/11/2007 19:05:14 | Attr = S]
    cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 115 bytes | Modified Date = 13/11/2007 20:25:42 | Attr = ]
    CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 22/10/2007 19:33:22 | Attr = HS]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 13/11/2007 21:10:30 | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 13/11/2007 19:05:14 | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 13/11/2007 19:04:38 | Attr = HS]
    Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 14/11/2007 19:08:56 | Attr = ]
    mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1447 bytes | Modified Date = 11/11/2007 15:45:24 | Attr = ]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 13/11/2007 22:48:02 | Attr = ]
    PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 22/10/2007 20:11:32 | Attr = H ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 14/11/2007 19:08:32 | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 14/11/2007 19:05:46 | Attr = H ]
    security -> %SystemRoot%\security -> [Folder | Modified Date = 13/11/2007 23:06:12 | Attr = ]
    SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 21/10/2007 19:27:20 | Attr = ]
    system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 22/10/2007 21:29:04 | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 14/11/2007 19:08:52 | Attr = ]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 14/11/2007 19:06:48 | Attr = ]
    AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 24/10/2007 20:26:06 | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 14/11/2007 19:05:26 | Attr = H ]
    appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 22/10/2007 19:14:34 | Attr = ]
    aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 815480 bytes | Modified Date = 25/10/2007 16:24:46 | Attr = ]
    AVASTSS.scr -> %System32%\AVASTSS.scr -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 95608 bytes | Modified Date = 25/10/2007 16:14:26 | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 14/11/2007 18:56:48 | Attr = ]
    cembuxjz.dll -> %System32%\cembuxjz.dll -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    cembuxjz.dllbox -> %System32%\cembuxjz.dllbox -> [Ver = | Size = 20810 bytes | Modified Date = 14/11/2007 19:08:58 | Attr = HS]
    chiearpb.dll -> %System32%\chiearpb.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 19:06:32 | Attr = ]
    cohbupvg.dll -> %System32%\cohbupvg.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:57:08 | Attr = ]
    CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 13/11/2007 19:11:00 | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 14/11/2007 18:57:02 | Attr = RHS]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 14/11/2007 18:56:48 | Attr = ]
    fmbqqtxw.dll -> %System32%\fmbqqtxw.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:55:26 | Attr = ]
    ghhkj.bak1 -> %System32%\ghhkj.bak1 -> [Ver = | Size = 99363 bytes | Modified Date = 14/11/2007 18:57:08 | Attr = HS]
    ghhkj.ini -> %System32%\ghhkj.ini -> [Ver = | Size = 100995 bytes | Modified Date = 14/11/2007 19:08:52 | Attr = HS]
    GroupPolicy -> %System32%\GroupPolicy -> [Folder | Modified Date = 13/11/2007 23:06:08 | Attr = H ]
    jkhhg.dll -> %System32%\jkhhg.dll -> [Ver = | Size = 309856 bytes | Modified Date = 20/10/2007 13:13:56 | Attr = ]
    lrgofkwh.exe -> %System32%\lrgofkwh.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 14/11/2007 19:08:32 | Attr = ]
    perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70968 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 439264 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 520190 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 10/11/2007 14:46:06 | Attr = ]
    rpokramy.ini -> %System32%\rpokramy.ini -> [Ver = | Size = 671127 bytes | Modified Date = 14/11/2007 19:08:46 | Attr = HS]
    tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4738 bytes | Modified Date = 13/11/2007 22:21:50 | Attr = ]
    viccbeor.dll -> %System32%\viccbeor.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:53:20 | Attr = ]
    vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353246 bytes | Modified Date = 14/11/2007 19:06:26 | Attr = H ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13002 bytes | Modified Date = 12/11/2007 21:45:46 | Attr = ]
    wxlumkfa.exe -> %System32%\wxlumkfa.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 14/11/2007 18:55:48 | Attr = ]
    ymarkopr.dll -> %System32%\ymarkopr.dll -> [Ver = | Size = 85056 bytes | Modified Date = 14/11/2007 19:08:34 | Attr = ]
    zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 14/11/2007 18:42:54 | Attr = H ]
    __c0053726.dat -> %System32%\__c0053726.dat -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:55:26 | Attr = ]
    __c00FAC04.dat -> %System32%\__c00FAC04.dat -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 19:06:32 | Attr = ]
    aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Modified Date = 25/10/2007 16:58:50 | Attr = ]
    aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 93264 bytes | Modified Date = 25/10/2007 17:05:36 | Attr = ]
    aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Modified Date = 25/10/2007 17:05:20 | Attr = ]
    aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Modified Date = 25/10/2007 17:03:20 | Attr = ]
    aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Modified Date = 25/10/2007 17:01:34 | Attr = ]
    fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 9395488 bytes | Modified Date = 14/11/2007 16:44:50 | Attr = HS]
    fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 132128 bytes | Modified Date = 14/11/2007 16:44:50 | Attr = HS]
    fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 683296 bytes | Modified Date = 14/11/2007 16:44:50 | Attr = HS]
    fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 68240 bytes | Modified Date = 14/11/2007 16:44:50 | Attr = HS]

    [File String Scan - Non-Microsoft Only]
    UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 815480 bytes | Modified Date = 25/10/2007 16:24:46 | Attr = ]
    UPX! , UPX0 , -> %System32%\chiearpb.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 19:06:32 | Attr = ]
    UPX! , UPX0 , -> %System32%\cohbupvg.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:57:08 | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 739840 bytes | Modified Date = 17/09/2007 18:22:58 | Attr = ]
    UPX! , UPX0 , -> %System32%\fmbqqtxw.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:55:26 | Attr = ]
    UPX! , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 04/09/2001 09:05:32 | Attr = ]
    UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 16:49:30 | Attr = ]
    UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 18:43:54 | Attr = ]
    UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 09:36:06 | Attr = ]
    UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 05:20:34 | Attr = ]
    UPX! , UPX0 , -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 05/09/2007 23:22:24 | Attr = ]
    UPX! , UPX0 , -> %System32%\viccbeor.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:53:20 | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    UPX! , UPX0 , -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Modified Date = 03/10/2007 23:36:46 | Attr = ]
    UPX! , UPX0 , -> %System32%\__c0053726.dat -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:55:26 | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    UPX! , -> %System32%\dllcache\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 04/09/2001 09:05:32 | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 21:41:38 | Attr = ]
    PEC2 , -> %System32%\drivers\VcommMgr.sys -> IVT Corporation [Ver = 2.20 | Size = 82148 bytes | Modified Date = 25/03/2005 16:18:48 | Attr = ]

    < End of report >


  • #11
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    Here is the new report:

    WinPFind3 logfile created on: 14/11/2007 19:08:52
    WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\*****\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    1022.73 Mb Total Physical Memory | 540.52 Mb Available Physical Memory | 52.85% Memory free
    2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.77% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19.53 Gb Total Space | 9.44 Gb Free Space | 48.35% Space Free
    Drive D: | 129.51 Gb Total Space | 67.87 Gb Free Space | 52.40% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: *************
    Current User Name: *****
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
    ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 79224 bytes | Modified Date = 25/10/2007 16:20:44 | Attr = ]
    ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 247160 bytes | Modified Date = 25/10/2007 16:20:14 | Attr = ]
    ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 136568 bytes | Modified Date = 25/10/2007 16:20:38 | Attr = ]
    ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 345464 bytes | Modified Date = 25/10/2007 16:19:22 | Attr = ]
    asusprob.exe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 06/12/2002 15:07:48 | Attr = ]
    aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 17272 bytes | Modified Date = 25/10/2007 16:46:32 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5103 | Size = 335872 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    bluesoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 1, 4 | Size = 1183744 bytes | Modified Date = 06/06/2005 12:23:08 | Attr = ]
    btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr = ]
    easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 19/09/2007 03:33:46 | Attr = ]
    ezprint.exe -> %ProgramFiles%\Lexmark 4300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.11.0 | Size = 94208 bytes | Modified Date = 26/07/2005 12:17:18 | Attr = ]
    firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.9: 2007102514 | Size = 7649128 bytes | Modified Date = 03/11/2007 13:00:24 | Attr = ]
    hydradm.exe -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraDM.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 270336 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    hydramd.exe -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraMD.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 364544 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 1381376 bytes | Modified Date = 27/01/2005 17:17:32 | Attr = ]
    incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ]
    ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
    launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 14:10:32 | Attr = ]
    lxcecoms.exe -> %System32%\lxcecoms.exe -> Lexmark International, Inc. [Ver = 1.101.101.0 | Size = 471040 bytes | Modified Date = 06/07/2005 10:14:12 | Attr = ]
    lxcemon.exe -> %ProgramFiles%\Lexmark 4300 Series\lxcemon.exe -> Lexmark International, Inc. [Ver = 2.6.44.20 | Size = 192512 bytes | Modified Date = 02/08/2005 17:45:16 | Attr = ]
    reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 02:06:32 | Attr = ]
    rfpicon.exe -> %ProgramFiles%\VibrateGameDeviceDriver\rfpicon.exe -> Ruling Tec Pte Ltd [Ver = 1.0 | Size = 49152 bytes | Modified Date = 16/01/2003 11:32:40 | Attr = ]
    servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 15:55:00 | Attr = ]
    smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]
    smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 25 | Size = 585728 bytes | Modified Date = 30/05/2003 08:42:22 | Attr = ]
    smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 29/05/2003 15:28:32 | Attr = ]
    utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 29/09/2007 14:08:40 | Attr = ]
    vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]
    wxlumkfa.exe -> %System32%\wxlumkfa.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 14/11/2007 18:55:48 | Attr = ]
    zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
    (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 17272 bytes | Modified Date = 25/10/2007 16:46:32 | Attr = ]
    (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 136568 bytes | Modified Date = 25/10/2007 16:20:38 | Attr = ]
    (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 247160 bytes | Modified Date = 25/10/2007 16:20:14 | Attr = ]
    (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 345464 bytes | Modified Date = 25/10/2007 16:19:22 | Attr = ]
    (BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 03/08/2004 23:56:50 | Attr = ]
    (DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\wxlumkfa.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 14/11/2007 18:55:48 | Attr = ]
    (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
    (InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    (InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ]
    (lxce_device) lxce_device [Win32_Own | On_Demand | Running] -> %System32%\lxcecoms.exe -> Lexmark International, Inc. [Ver = 1.101.101.0 | Size = 471040 bytes | Modified Date = 06/07/2005 10:14:12 | Attr = ]
    (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 15:55:00 | Attr = ]
    (SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]
    (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 02:06:32 | Attr = ]
    ASUS Probe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 06/12/2002 15:07:48 | Attr = ]
    ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5103 | Size = 335872 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 79224 bytes | Modified Date = 25/10/2007 16:20:44 | Attr = ]
    c8866ae6 -> %System32%\ymarkopr.dll [rundll32.exe "C:\WINDOWS\system32\ymarkopr.dll",b] -> [Ver = | Size = 85056 bytes | Modified Date = 14/11/2007 19:08:34 | Attr = ]
    EzPrint -> %ProgramFiles%\Lexmark 4300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.11.0 | Size = 94208 bytes | Modified Date = 26/07/2005 12:17:18 | Attr = ]
    FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 12/07/2005 09:36:32 | Attr = ]
    HydraVisionDesktopManager -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraDM.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 270336 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    HydraVisionViewport -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraMD.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 364544 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 1381376 bytes | Modified Date = 27/01/2005 17:17:32 | Attr = ]
    iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ]
    LXCECATS -> %System32%\spool\drivers\w32x86\3\lxcetime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 20/07/2005 13:46:26 | Attr = ]
    lxcemon.exe -> %ProgramFiles%\Lexmark 4300 Series\lxcemon.exe -> Lexmark International, Inc. [Ver = 2.6.44.20 | Size = 192512 bytes | Modified Date = 02/08/2005 17:45:16 | Attr = ]
    NeroFilterCheck -> %System32%\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 12/01/2006 15:40:44 | Attr = ]
    PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 14:10:32 | Attr = ]
    QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 05:24:52 | Attr = ]
    RTBatteryMeter -> %ProgramFiles%\VibrateGameDeviceDriver\rfpicon.exe -> Ruling Tec Pte Ltd [Ver = 1.0 | Size = 49152 bytes | Modified Date = 16/01/2003 11:32:40 | Attr = ]
    SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 25 | Size = 585728 bytes | Modified Date = 30/05/2003 08:42:22 | Attr = ]
    SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 29/05/2003 15:28:32 | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
    ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]
    < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
    IMAIL -> Installed = 1 ->
    MAPI -> Installed = 1 ->
    MSFS -> Installed = 1 ->
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 65 | Size = 2048000 bytes | Modified Date = 15/09/2006 13:27:00 | Attr = ]
    uTorrent -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 29/09/2007 14:08:40 | Attr = ]
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
    %AllUsersStartup%\BlueSoleil.lnk -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 1, 4 | Size = 1183744 bytes | Modified Date = 06/06/2005 12:23:08 | Attr = ]
    %AllUsersStartup%\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 19/09/2007 03:33:46 | Attr = ]
    < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
    C:\WINDOWS\system32\__c00FAC04.dat -> %System32%\__c00FAC04.dat -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 19:06:32 | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 21/02/2006 19:40:30 | Attr = ]
    cembuxjz -> %System32%\cembuxjz.dll -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
    < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
    127.0.0.1 localhost -> ->
    < Internet Explorer Settings > -> ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Local Page -> C:\windows\system32\blank.htm ->
    HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Local Page -> C:\windows\system32\blank.htm ->
    HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKCU: ProxyEnable -> 0 ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    msn.com [ - ] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {4604916A-BA6F-4848-8AC7-EF2AB950359D} [HKLM] -> %System32%\jkhhg.dll [Reg Data - Value does not exist] -> [Ver = | Size = 309856 bytes | Modified Date = 20/10/2007 13:13:56 | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 00:04:00 | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\cembuxjz.dll [Reg Data - Value does not exist] -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    {11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\cembuxjz.dll [Security Toolbar] -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
    E&xport to Microsoft Excel -> -> File not found
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {3BB9887A-7CB8-4ED0-A62F-EE8872C191D4} -> (3Com Gigabit LOM (3C940)) ->
    {E975F870-F424-4215-B8ED-98206BCF8630} -> () ->
    {F7EEB0CF-F017-4CDD-A843-90A27FF9DA39} -> () ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab ->
    {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190929777716 ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191158134265 ->
    {6F750202-1362-4815-A476-88533DE61D0C} -> Kodak Gallery Easy Upload Manager Class - CodeBase = http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc4.cab ->
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ->
    Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


    [Registry - Additional Scans - Non-Microsoft Only]

    [Files/Folders - Created Within 30 days]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 22/10/2007 22:23:43 | Attr = ]
    $NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 13/11/2007 19:05:02 | Attr = H ]
    cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 115 bytes | Created Date = 21/10/2007 11:15:15 | Attr = ]
    CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 22/10/2007 19:33:20 | Attr = HS]
    PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 22/10/2007 20:11:31 | Attr = H ]
    appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 22/10/2007 19:14:33 | Attr = ]
    cembuxjz.dll -> %System32%\cembuxjz.dll -> [Ver = | Size = 145984 bytes | Created Date = 13/11/2007 20:23:20 | Attr = ]
    cembuxjz.dllbox -> %System32%\cembuxjz.dllbox -> [Ver = | Size = 20810 bytes | Created Date = 14/11/2007 18:52:25 | Attr = HS]
    chiearpb.dll -> %System32%\chiearpb.dll -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 19:06:29 | Attr = ]
    cohbupvg.dll -> %System32%\cohbupvg.dll -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 18:57:07 | Attr = ]
    dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 22/10/2007 21:29:30 | Attr = ]
    fmbqqtxw.dll -> %System32%\fmbqqtxw.dll -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 18:55:23 | Attr = ]
    ghhkj.bak1 -> %System32%\ghhkj.bak1 -> [Ver = | Size = 99363 bytes | Created Date = 14/11/2007 18:57:07 | Attr = HS]
    ghhkj.ini -> %System32%\ghhkj.ini -> [Ver = | Size = 100995 bytes | Created Date = 14/11/2007 18:52:22 | Attr = HS]
    GroupPolicy -> %System32%\GroupPolicy -> [Folder | Created Date = 13/11/2007 23:06:06 | Attr = H ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    jkhhg.dll -> %System32%\jkhhg.dll -> [Ver = | Size = 309856 bytes | Created Date = 20/10/2007 13:13:53 | Attr = ]
    lrgofkwh.exe -> %System32%\lrgofkwh.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 14/11/2007 19:08:30 | Attr = ]
    Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 22/10/2007 21:29:26 | Attr = ]
    rpokramy.ini -> %System32%\rpokramy.ini -> [Ver = | Size = 671127 bytes | Created Date = 14/11/2007 19:08:42 | Attr = HS]
    SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 22/10/2007 21:29:29 | Attr = ]
    swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 22/10/2007 21:29:27 | Attr = ]
    swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 22/10/2007 21:29:28 | Attr = ]
    swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 22/10/2007 21:29:31 | Attr = ]
    tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4738 bytes | Created Date = 22/10/2007 21:32:42 | Attr = ]
    VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 22/10/2007 21:29:32 | Attr = ]
    viccbeor.dll -> %System32%\viccbeor.dll -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 18:53:19 | Attr = ]
    WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 22/10/2007 21:29:34 | Attr = ]
    wxlumkfa.exe -> %System32%\wxlumkfa.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 14/11/2007 18:55:47 | Attr = ]
    ymarkopr.dll -> %System32%\ymarkopr.dll -> [Ver = | Size = 85056 bytes | Created Date = 14/11/2007 19:08:31 | Attr = ]
    __c0053726.dat -> %System32%\__c0053726.dat -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 18:55:24 | Attr = ]
    __c00FAC04.dat -> %System32%\__c00FAC04.dat -> [Ver = | Size = 10816 bytes | Created Date = 14/11/2007 19:06:30 | Attr = ]
    imagedrv.sys -> %System32%\drivers\imagedrv.sys -> Ahead Software AG [Ver = 2.29.0.0 built by: WinDDK | Size = 5888 bytes | Created Date = 13/11/2007 21:28:43 | Attr = ]
    imagesrv.sys -> %System32%\drivers\imagesrv.sys -> Ahead Software AG [Ver = 2.29.0.0 built by: WinDDK | Size = 127488 bytes | Created Date = 13/11/2007 21:28:43 | Attr = ]

    [Files/Folders - Modified Within 30 days]
    Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 28/10/2007 15:28:30 | Attr = ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/11/2007 15:44:28 | Attr = R ]
    System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 13/11/2007 22:28:00 | Attr = HS]
    Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 13/11/2007 21:26:32 | Attr = ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 13/11/2007 19:31:06 | Attr = ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 13/11/2007 23:06:22 | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 13/11/2007 19:04:44 | Attr = H ]
    $NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 13/11/2007 19:05:04 | Attr = H ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 14/11/2007 19:05:14 | Attr = S]
    cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 115 bytes | Modified Date = 13/11/2007 20:25:42 | Attr = ]
    CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 22/10/2007 19:33:22 | Attr = HS]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 13/11/2007 21:10:30 | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 13/11/2007 19:05:14 | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 13/11/2007 19:04:38 | Attr = HS]
    Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 14/11/2007 19:08:56 | Attr = ]
    mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1447 bytes | Modified Date = 11/11/2007 15:45:24 | Attr = ]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 13/11/2007 22:48:02 | Attr = ]
    PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 22/10/2007 20:11:32 | Attr = H ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 14/11/2007 19:08:32 | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 14/11/2007 19:05:46 | Attr = H ]
    security -> %SystemRoot%\security -> [Folder | Modified Date = 13/11/2007 23:06:12 | Attr = ]
    SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 21/10/2007 19:27:20 | Attr = ]
    system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 22/10/2007 21:29:04 | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 14/11/2007 19:08:52 | Attr = ]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 14/11/2007 19:06:48 | Attr = ]
    AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 24/10/2007 20:26:06 | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 14/11/2007 19:05:26 | Attr = H ]
    appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 22/10/2007 19:14:34 | Attr = ]
    aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 815480 bytes | Modified Date = 25/10/2007 16:24:46 | Attr = ]
    AVASTSS.scr -> %System32%\AVASTSS.scr -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 95608 bytes | Modified Date = 25/10/2007 16:14:26 | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 14/11/2007 18:56:48 | Attr = ]
    cembuxjz.dll -> %System32%\cembuxjz.dll -> [Ver = | Size = 145984 bytes | Modified Date = 13/11/2007 20:23:22 | Attr = ]
    cembuxjz.dllbox -> %System32%\cembuxjz.dllbox -> [Ver = | Size = 20810 bytes | Modified Date = 14/11/2007 19:08:58 | Attr = HS]
    chiearpb.dll -> %System32%\chiearpb.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 19:06:32 | Attr = ]
    cohbupvg.dll -> %System32%\cohbupvg.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:57:08 | Attr = ]
    CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 13/11/2007 19:11:00 | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 14/11/2007 18:57:02 | Attr = RHS]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 14/11/2007 18:56:48 | Attr = ]
    fmbqqtxw.dll -> %System32%\fmbqqtxw.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:55:26 | Attr = ]
    ghhkj.bak1 -> %System32%\ghhkj.bak1 -> [Ver = | Size = 99363 bytes | Modified Date = 14/11/2007 18:57:08 | Attr = HS]
    ghhkj.ini -> %System32%\ghhkj.ini -> [Ver = | Size = 100995 bytes | Modified Date = 14/11/2007 19:08:52 | Attr = HS]
    GroupPolicy -> %System32%\GroupPolicy -> [Folder | Modified Date = 13/11/2007 23:06:08 | Attr = H ]
    jkhhg.dll -> %System32%\jkhhg.dll -> [Ver = | Size = 309856 bytes | Modified Date = 20/10/2007 13:13:56 | Attr = ]
    lrgofkwh.exe -> %System32%\lrgofkwh.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 14/11/2007 19:08:32 | Attr = ]
    perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70968 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 439264 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 520190 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 10/11/2007 14:46:06 | Attr = ]
    rpokramy.ini -> %System32%\rpokramy.ini -> [Ver = | Size = 671127 bytes | Modified Date = 14/11/2007 19:08:46 | Attr = HS]
    tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4738 bytes | Modified Date = 13/11/2007 22:21:50 | Attr = ]
    viccbeor.dll -> %System32%\viccbeor.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:53:20 | Attr = ]
    vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353246 bytes | Modified Date = 14/11/2007 19:06:26 | Attr = H ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13002 bytes | Modified Date = 12/11/2007 21:45:46 | Attr = ]
    wxlumkfa.exe -> %System32%\wxlumkfa.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 14/11/2007 18:55:48 | Attr = ]
    ymarkopr.dll -> %System32%\ymarkopr.dll -> [Ver = | Size = 85056 bytes | Modified Date = 14/11/2007 19:08:34 | Attr = ]
    zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 14/11/2007 18:42:54 | Attr = H ]
    __c0053726.dat -> %System32%\__c0053726.dat -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:55:26 | Attr = ]
    __c00FAC04.dat -> %System32%\__c00FAC04.dat -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 19:06:32 | Attr = ]
    aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Modified Date = 25/10/2007 16:58:50 | Attr = ]
    aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 93264 bytes | Modified Date = 25/10/2007 17:05:36 | Attr = ]
    aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Modified Date = 25/10/2007 17:05:20 | Attr = ]
    aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Modified Date = 25/10/2007 17:03:20 | Attr = ]
    aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Modified Date = 25/10/2007 17:01:34 | Attr = ]
    fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 9395488 bytes | Modified Date = 14/11/2007 16:44:50 | Attr = HS]
    fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 132128 bytes | Modified Date = 14/11/2007 16:44:50 | Attr = HS]
    fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 683296 bytes | Modified Date = 14/11/2007 16:44:50 | Attr = HS]
    fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 68240 bytes | Modified Date = 14/11/2007 16:44:50 | Attr = HS]

    [File String Scan - Non-Microsoft Only]
    UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 815480 bytes | Modified Date = 25/10/2007 16:24:46 | Attr = ]
    UPX! , UPX0 , -> %System32%\chiearpb.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 19:06:32 | Attr = ]
    UPX! , UPX0 , -> %System32%\cohbupvg.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:57:08 | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 739840 bytes | Modified Date = 17/09/2007 18:22:58 | Attr = ]
    UPX! , UPX0 , -> %System32%\fmbqqtxw.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:55:26 | Attr = ]
    UPX! , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 04/09/2001 09:05:32 | Attr = ]
    UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 16:49:30 | Attr = ]
    UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 18:43:54 | Attr = ]
    UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 09:36:06 | Attr = ]
    UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 05:20:34 | Attr = ]
    UPX! , UPX0 , -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 05/09/2007 23:22:24 | Attr = ]
    UPX! , UPX0 , -> %System32%\viccbeor.dll -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:53:20 | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    UPX! , UPX0 , -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Modified Date = 03/10/2007 23:36:46 | Attr = ]
    UPX! , UPX0 , -> %System32%\__c0053726.dat -> [Ver = | Size = 10816 bytes | Modified Date = 14/11/2007 18:55:26 | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    UPX! , -> %System32%\dllcache\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 04/09/2001 09:05:32 | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 21:41:38 | Attr = ]
    PEC2 , -> %System32%\drivers\VcommMgr.sys -> IVT Corporation [Ver = 2.20 | Size = 82148 bytes | Modified Date = 25/03/2005 16:18:48 | Attr = ]

    < End of report >


  • Advertisement
  • #12
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Lets do a few big scans. If you have SDFix.exe or ComboFix.exe already, then make sure you delete the tools before we start.

    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum




    Download Combofix and save it to your desktop.

    **Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
      When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" for further review.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall




    Next reboot your PC into Safe Mode once again.

    Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
    [Kill Explorer]
    [Unregister Dlls]
    [Processes - Non-Microsoft Only]
    YY -> wxlumkfa.exe -> %System32%\wxlumkfa.exe
    [Win32 Services - Non-Microsoft Only]
    YY -> (DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\wxlumkfa.exe
    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YY -> c8866ae6 -> %System32%\ymarkopr.dll [rundll32.exe "C:\WINDOWS\system32\ymarkopr.dll",b]
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
    YY -> C:\WINDOWS\system32\__c00FAC04.dat -> %System32%\__c00FAC04.dat
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    YY -> cembuxjz -> %System32%\cembuxjz.dll
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YY -> {4604916A-BA6F-4848-8AC7-EF2AB950359D} [HKLM] -> %System32%\jkhhg.dll [Reg Data - Value does not exist]
    YY -> {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\cembuxjz.dll [Reg Data - Value does not exist]
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    YY -> {11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\cembuxjz.dll [Security Toolbar]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
    [Files/Folders - Created Within 30 days]
    NY -> cembuxjz.dll -> %System32%\cembuxjz.dll
    NY -> cembuxjz.dllbox -> %System32%\cembuxjz.dllbox
    NY -> chiearpb.dll -> %System32%\chiearpb.dll
    NY -> cohbupvg.dll -> %System32%\cohbupvg.dll
    NY -> fmbqqtxw.dll -> %System32%\fmbqqtxw.dll
    NY -> ghhkj.bak1 -> %System32%\ghhkj.bak1
    NY -> ghhkj.ini -> %System32%\ghhkj.ini
    NY -> jkhhg.dll -> %System32%\jkhhg.dll
    NY -> lrgofkwh.exe -> %System32%\lrgofkwh.exe
    NY -> rpokramy.ini -> %System32%\rpokramy.ini
    NY -> viccbeor.dll -> %System32%\viccbeor.dll
    NY -> wxlumkfa.exe -> %System32%\wxlumkfa.exe
    NY -> ymarkopr.dll -> %System32%\ymarkopr.dll
    NY -> __c0053726.dat -> %System32%\__c0053726.dat
    NY -> __c00FAC04.dat -> %System32%\__c00FAC04.dat
    [Files/Folders - Modified Within 30 days]
    NY -> cembuxjz.dll -> %System32%\cembuxjz.dll
    NY -> cembuxjz.dllbox -> %System32%\cembuxjz.dllbox
    NY -> chiearpb.dll -> %System32%\chiearpb.dll
    NY -> cohbupvg.dll -> %System32%\cohbupvg.dll
    NY -> fmbqqtxw.dll -> %System32%\fmbqqtxw.dll
    NY -> ghhkj.bak1 -> %System32%\ghhkj.bak1
    NY -> ghhkj.ini -> %System32%\ghhkj.ini
    NY -> jkhhg.dll -> %System32%\jkhhg.dll
    NY -> lrgofkwh.exe -> %System32%\lrgofkwh.exe
    NY -> viccbeor.dll -> %System32%\viccbeor.dll
    NY -> wxlumkfa.exe -> %System32%\wxlumkfa.exe
    NY -> ymarkopr.dll -> %System32%\ymarkopr.dll
    NY -> __c0053726.dat -> %System32%\__c0053726.dat
    NY -> __c00FAC04.dat -> %System32%\__c00FAC04.dat
    [File String Scan - Non-Microsoft Only]
    NY -> UPX! , UPX0 , -> %System32%\chiearpb.dll
    NY -> UPX! , UPX0 , -> %System32%\cohbupvg.dll
    NY -> UPX! , UPX0 , -> %System32%\fmbqqtxw.dll
    NY -> UPX! , -> %System32%\oembios.bin
    NY -> UPX! , UPX0 , -> %System32%\__c0053726.dat
    [Start Explorer]
    [Reboot]

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

    I will review the information when it comes back in. Make sure you attach the WinPFind3.exe report, but post the others back.


  • #13
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    SDFix Report:


    SDFix: Version 1.114

    Run by Derek on 14/11/2007 at 19:59

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    No Trojan Files Found




    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-14 20:24:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:0000003c

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\DOCUME~1\\Derek\\LOCALS~1\\Temp\\win2E.tmp.exe"="C:\\DOCUME~1\\Derek\\LOCALS~1\\Temp\\win2E.tmp.exe:*:Enabled:win2E.tmp"
    "C:\\WINDOWS\\system32\\lajparyt.exe"="C:\\WINDOWS\\system32\\laj"
    "C:\\WINDOWS\\system32\\wxlumkfa.exe"="C:\\WINDOWS\\system32\\wxl"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files:


    Files with Hidden Attributes:

    Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
    Wed 14 Nov 2007 20,810 ..SH. --- "C:\WINDOWS\system32\cembuxjz.dllbox"
    Wed 14 Nov 2007 99,363 ..SH. --- "C:\WINDOWS\system32\ghhkj.bak1"
    Fri 28 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Derek\Local Settings\Temp\ico1.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Derek\Local Settings\Temp\ico2.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Derek\Local Settings\Temp\ico3.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Derek\Local Settings\Temp\ico4.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Derek\Local Settings\Temp\ico5.tmp"
    Sun 26 Feb 2006 34,816 A..H. --- "C:\Documents and Settings\Derek\My Documents\CV\~WRL0001.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico13.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico14.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico15.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico16.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico17.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico24.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico25.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico26.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico27.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico28.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico3C.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico3D.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico3E.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico3F.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico40.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico42.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico43.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico44.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico45.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico46.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico55.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico56.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico57.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico58.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico59.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico68.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico69.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico6A.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico6B.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico6C.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico72.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico73.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico74.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico75.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico76.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico84.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico85.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico86.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico87.tmp"
    Wed 14 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Ellen\Local Settings\Temp\ico88.tmp"
    Sun 2 Apr 2006 4,348 A..H. --- "C:\Documents and Settings\Derek\My Documents\My Music\License Backup\drmv1key.bak"
    Sun 2 Apr 2006 20 A..H. --- "C:\Documents and Settings\Derek\My Documents\My Music\License Backup\drmv1lic.bak"
    Sun 2 Apr 2006 400 A.SH. --- "C:\Documents and Settings\Derek\My Documents\My Music\License Backup\drmv2key.bak"
    Wed 14 Nov 2007 20,810 A.SH. --- "C:\Documents and Settings\Derek\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\cembuxjz.dllbox"
    Wed 14 Nov 2007 99,363 A.SH. --- "C:\Documents and Settings\Derek\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\ghhkj.bak1"
    Tue 13 Nov 2007 127,154 A.SH. --- "C:\Documents and Settings\Derek\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\ghhkj.bak2"
    Mon 22 Oct 2007 17,006 A.SH. --- "C:\Documents and Settings\Derek\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\nhuodkfl.dllbox"

    Finished!


  • #14
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    ComboFix Log:

    ComboFix 07-11-08.3 - Derek 2007-11-14 21:00:06.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.546 [GMT 0:00]
    Running from: C:\Documents and Settings\Derek\Desktop\ComboFix.exe
    * Created a new restore point
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Derek\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Derek\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Derek\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\Ellen\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Ellen\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Ellen\Favorites\Online Security Guide.lnk
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\__c0053726.dat
    C:\WINDOWS\system32\__c00FAC04.dat
    C:\WINDOWS\system32\cembuxjz.dllbox
    C:\WINDOWS\system32\chiearpb.dll
    C:\WINDOWS\system32\cohbupvg.dll
    C:\WINDOWS\system32\fmbqqtxw.dll
    C:\WINDOWS\system32\ghhkj.bak1
    C:\WINDOWS\system32\ghhkj.ini
    C:\WINDOWS\system32\jkhhg.dll
    C:\WINDOWS\system32\viccbeor.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    \LEGACY_DOMAINSERVICE
    \DomainService
    \npf


    ((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
    .

    2007-11-14 20:59 51,200 --a
    C:\WINDOWS\NirCmd.exe
    2007-11-14 19:57 <DIR> d
    C:\WINDOWS\ERUNT
    2007-11-14 19:14 79,424 --a
    C:\WINDOWS\system32\venyyeaq.dll
    2007-11-14 19:08 85,056 --a
    C:\WINDOWS\system32\ymarkopr.dll
    2007-11-14 19:08 71,232 --a
    C:\WINDOWS\system32\lrgofkwh.exe
    2007-11-14 18:55 71,232 --a
    C:\WINDOWS\system32\wxlumkfa.exe
    2007-11-13 23:06 <DIR> d--h
    C:\WINDOWS\system32\GroupPolicy
    2007-11-13 21:28 127,488
    C:\WINDOWS\system32\drivers\imagesrv.sys
    2007-11-13 21:28 5,888
    C:\WINDOWS\system32\drivers\imagedrv.sys
    2007-11-13 20:23 145,984 --a
    C:\WINDOWS\system32\cembuxjz.dll
    2007-11-11 15:44 <DIR> d
    C:\Program Files\Java
    2007-11-11 15:43 <DIR> d
    C:\Program Files\Common Files\Java
    2007-11-10 14:46 <DIR> d
    C:\Program Files\VibrateGameDeviceDriver
    2007-11-09 19:26 10,816 --a
    C:\Documents and Settings\Scott\Application Data\__c00F4C4.dat
    2007-11-09 17:43 10,816 --a
    C:\Documents and Settings\Scott\Application Data\__c00F2F9.dat
    2007-11-04 12:29 <DIR> d
    C:\Documents and Settings\Derek\Application Data\VideoEgg
    2007-10-28 15:29 <DIR> d
    C:\Documents and Settings\Scott\Application Data\PC Suite
    2007-10-28 15:29 <DIR> d
    C:\Documents and Settings\Scott\Application Data\FaxCtr
    2007-10-27 09:32 <DIR> d
    C:\Program Files\Real
    2007-10-27 09:32 <DIR> d
    C:\Program Files\Common Files\Real
    2007-10-24 19:39 <DIR> d
    C:\Program Files\DIKO
    2007-10-22 22:23 <DIR> d
    C:\VundoFix Backups
    2007-10-22 21:32 4,738 --a
    C:\WINDOWS\system32\tmp.reg
    2007-10-22 21:29 289,144 --a
    C:\WINDOWS\system32\VCCLSID.exe
    2007-10-22 21:29 288,417 --a
    C:\WINDOWS\system32\SrchSTS.exe
    2007-10-22 21:29 53,248 --a
    C:\WINDOWS\system32\Process.exe
    2007-10-22 21:29 51,200 --a
    C:\WINDOWS\system32\dumphive.exe
    2007-10-22 21:29 25,600 --a
    C:\WINDOWS\system32\WS2Fix.exe
    2007-10-22 21:13 <DIR> d
    C:\Documents and Settings\Derek\dwhelper
    2007-10-22 20:11 <DIR> d--h
    C:\WINDOWS\PIF
    2007-10-22 19:49 <DIR> d
    C:\Program Files\Spyware Terminator
    2007-10-20 13:21 <DIR> d
    C:\Documents and Settings\Derek\Application Data\Video DVD Maker FREE

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-14 21:51
    d
    w C:\Documents and Settings\Derek\Application Data\uTorrent
    2007-11-14 19:50 9,418,784 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-14 19:50 686,112 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-11-14 19:50 68,504 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-11-14 19:50 132,440 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-11-13 21:35
    d
    w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-13 21:27
    d
    w C:\Program Files\Ahead
    2007-11-13 21:08
    d
    w C:\Program Files\SpywareBlaster
    2007-11-10 14:46
    d
    w C:\Program Files\Common Files\InstallShield
    2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-10-23 17:30
    d
    w C:\Documents and Settings\Derek\Application Data\Ahead
    2007-10-22 19:55
    d
    w C:\Program Files\Windows Media Connect 2
    2007-10-22 19:34
    d
    w C:\Documents and Settings\Derek\Application Data\Lavasoft
    2007-10-22 19:22
    d
    w C:\Program Files\Lavasoft
    2007-10-11 18:49
    d
    w C:\Documents and Settings\Derek\Application Data\PC Suite
    2007-10-11 18:45
    d
    w C:\Documents and Settings\Derek\Application Data\Nokia Multimedia Player
    2007-10-11 18:30
    d
    w C:\Documents and Settings\All Users\Application Data\PC Suite
    2007-10-11 18:05
    d
    w C:\Documents and Settings\Derek\Application Data\Talkback
    2007-10-09 15:00
    d
    w C:\Documents and Settings\Ellen\Application Data\PC Suite
    2007-10-08 11:18
    d
    w C:\Documents and Settings\Derek\Application Data\Nokia
    2007-10-08 11:16
    d
    w C:\Program Files\Nokia
    2007-10-08 11:16
    d
    w C:\Program Files\Common Files\PCSuite
    2007-10-08 11:16
    d
    w C:\Program Files\Common Files\Nokia
    2007-10-08 11:15
    d
    w C:\Program Files\PC Connectivity Solution
    2007-10-08 11:15
    d
    w C:\Program Files\DIFX
    2007-10-08 11:12
    d
    w C:\Documents and Settings\All Users\Application Data\Installations
    2007-10-08 10:47
    d
    w C:\Documents and Settings\All Users\Application Data\Bluetooth
    2007-10-08 10:37
    d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-08 10:37
    d
    w C:\Program Files\IVT Corporation
    2007-10-01 20:26
    d
    w C:\Program Files\Runtime Software
    2007-10-01 20:11
    d
    w C:\Documents and Settings\Derek\Application Data\MailFrontier
    2007-09-30 17:38
    d
    w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-09-30 17:30
    d
    w C:\Program Files\SonicWallES
    2007-09-30 17:30
    d
    w C:\Documents and Settings\Ellen\Application Data\MailFrontier
    2007-09-30 17:24
    d
    w C:\Documents and Settings\Ellen\Application Data\FaxCtr
    2007-09-30 14:15
    d
    w C:\Documents and Settings\Derek\Application Data\OfficeUpdate12
    2007-09-30 14:14
    d
    w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2007-09-30 13:11
    d
    w C:\Program Files\MSXML 4.0
    2007-09-30 12:52
    d
    w C:\Program Files\Microsoft ActiveSync
    2007-09-30 11:22
    d
    w C:\Program Files\Microsoft.NET
    2007-09-29 19:48
    d
    w C:\Documents and Settings\All Users\Application Data\Kodak
    2007-09-29 19:43
    d
    w C:\Program Files\Kodak
    2007-09-29 19:42
    d
    w C:\Program Files\Common Files\Kodak
    2007-09-29 15:09
    d
    w C:\Program Files\iTunes
    2007-09-29 15:09
    d
    w C:\Program Files\iPod
    2007-09-29 15:09
    d
    w C:\Documents and Settings\Derek\Application Data\Apple Computer
    2007-09-29 15:08
    d
    w C:\Program Files\QuickTime
    2007-09-29 15:08
    d
    w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-09-29 15:07
    d
    w C:\Program Files\Apple Software Update
    2007-09-29 15:06
    d
    w C:\Program Files\Common Files\Apple
    2007-09-29 15:06
    d
    w C:\Documents and Settings\All Users\Application Data\Apple
    2007-09-29 14:21
    d
    w C:\Documents and Settings\Derek\Application Data\DivX
    2007-09-29 14:20
    d
    w C:\Program Files\DivX
    2007-09-29 14:08
    d
    w C:\Program Files\uTorrent
    2007-09-29 14:01
    d
    w C:\Program Files\DVD Shrink
    2007-09-29 13:47
    d
    w C:\Program Files\CCleaner
    2007-09-28 23:04
    d
    w C:\Program Files\ASUS
    2007-09-28 21:58
    d
    w C:\Program Files\Common Files\Adobe
    2007-09-28 21:57
    d
    w C:\Documents and Settings\Derek\Application Data\Leadertech
    2007-09-28 21:18
    d
    w C:\Program Files\MSXML 6.0
    2007-09-28 18:46
    d
    w C:\Program Files\MSBuild
    2007-09-28 18:42
    d
    w C:\Program Files\Reference Assemblies
    2007-09-27 23:27
    d
    w C:\Documents and Settings\All Users\Application Data\Ahead
    2007-09-27 23:26
    d
    w C:\Program Files\Common Files\Nero
    2007-09-27 23:24
    d
    w C:\Program Files\Common Files\Ahead
    2007-09-27 23:17
    d
    w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-09-27 23:16
    d
    w C:\Program Files\Lexmark 4300 Series
    2007-09-27 23:16
    d
    w C:\Documents and Settings\Derek\Application Data\FaxCtr
    2007-09-27 23:08
    d
    w C:\Program Files\Abbyy FineReader 6.0 Sprint
    2007-09-27 23:07
    d
    w C:\Program Files\Lexmark Fax Solutions
    2007-09-27 23:06
    d
    w C:\Documents and Settings\All Users\Application Data\FaxCtr
    2007-09-27 21:48
    d
    w C:\Program Files\Netopia
    2007-09-27 21:29
    d
    w C:\Program Files\Analog Devices
    2007-09-27 21:27
    d
    w C:\Program Files\Intel
    2007-09-27 21:14
    d
    w C:\Program Files\ATI Technologies
    2007-09-27 20:30
    d
    w C:\Program Files\Alwil Software
    2007-09-27 20:21
    d
    w C:\Program Files\microsoft frontpage
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-09-06 15:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-09-06 15:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4c4a8169-42bd-476a-9608-cb1748c1858c}]
    2007-11-14 19:14 79424 --a
    C:\WINDOWS\system32\venyyeaq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-13 20:23 145984 --a
    C:\WINDOWS\system32\cembuxjz.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\cembuxjz.dll [2007-11-13 20:23 145984]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 16:20]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 20:10]
    "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 15:41]
    "HydraVisionViewport"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe" [2003-04-01 15:41]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 C:\WINDOWS\system32\bthprops.cpl]
    "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 13:46]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 17:45]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 12:17]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 09:36]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-27 17:17]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 15:07]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
    "RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "c8866ae6"="C:\WINDOWS\system32\ymarkopr.dll" [2007-11-14 19:08]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2006-09-15 13:27]
    "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-09-29 14:08]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-10-08 10:37:20]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cembuxjz]
    cembuxjz.dll 2007-11-13 20:23 145984 C:\WINDOWS\system32\cembuxjz.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhg.dll

    R3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys
    R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys
    S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
    S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-14 21:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-09-29 19:33:34 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
    - C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-14 21:50:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-14 21:53:19 - machine was rebooted
    .
    --- E O F ---


  • #15
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    New WinPFind3u fix log:

    Explorer killed successfully
    [Processes - Non-Microsoft Only]
    Unable to kill process wxlumkfa.exe .
    C:\WINDOWS\SYSTEM32\wxlumkfa.exe moved successfully.
    [Win32 Services - Non-Microsoft Only]
    Unable to stop service DomainService .
    Unable to delete service DomainService .
    File C:\WINDOWS\SYSTEM32\wxlumkfa.exe not found.
    [Registry - Non-Microsoft Only]
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\c8866ae6 deleted successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ymarkopr.dll
    C:\WINDOWS\SYSTEM32\ymarkopr.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\ymarkopr.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls written successfully.
    File C:\WINDOWS\SYSTEM32\__c00FAC04.dat not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cembuxjz deleted successfully.
    C:\WINDOWS\SYSTEM32\cembuxjz.dll unregistered successfully.
    File move failed. C:\WINDOWS\SYSTEM32\cembuxjz.dll scheduled to be moved on reboot.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4604916A-BA6F-4848-8AC7-EF2AB950359D} not found.
    File C:\WINDOWS\SYSTEM32\jkhhg.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A} deleted successfully.
    C:\WINDOWS\SYSTEM32\cembuxjz.dll unregistered successfully.
    File move failed. C:\WINDOWS\SYSTEM32\cembuxjz.dll scheduled to be moved on reboot.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{11A69AE4-FBED-4832-A2BF-45AF82825583} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583} deleted successfully.
    C:\WINDOWS\SYSTEM32\cembuxjz.dll unregistered successfully.
    File move failed. C:\WINDOWS\SYSTEM32\cembuxjz.dll scheduled to be moved on reboot.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} deleted successfully.
    [Files/Folders - Created Within 30 days]
    C:\WINDOWS\SYSTEM32\cembuxjz.dll unregistered successfully.
    File move failed. C:\WINDOWS\SYSTEM32\cembuxjz.dll scheduled to be moved on reboot.
    C:\WINDOWS\SYSTEM32\cembuxjz.dllbox moved successfully.
    File C:\WINDOWS\SYSTEM32\chiearpb.dll not found!
    File C:\WINDOWS\SYSTEM32\cohbupvg.dll not found!
    File C:\WINDOWS\SYSTEM32\fmbqqtxw.dll not found!
    File C:\WINDOWS\SYSTEM32\ghhkj.bak1 not found!
    File C:\WINDOWS\SYSTEM32\ghhkj.ini not found!
    File C:\WINDOWS\SYSTEM32\jkhhg.dll not found!
    C:\WINDOWS\SYSTEM32\lrgofkwh.exe moved successfully.
    C:\WINDOWS\SYSTEM32\rpokramy.ini moved successfully.
    File C:\WINDOWS\SYSTEM32\viccbeor.dll not found!
    File C:\WINDOWS\SYSTEM32\wxlumkfa.exe not found!
    File C:\WINDOWS\SYSTEM32\ymarkopr.dll not found!
    File C:\WINDOWS\SYSTEM32\__c0053726.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00FAC04.dat not found!
    [Files/Folders - Modified Within 30 days]
    C:\WINDOWS\SYSTEM32\cembuxjz.dll unregistered successfully.
    File move failed. C:\WINDOWS\SYSTEM32\cembuxjz.dll scheduled to be moved on reboot.
    File C:\WINDOWS\SYSTEM32\cembuxjz.dllbox not found!
    File C:\WINDOWS\SYSTEM32\chiearpb.dll not found!
    File C:\WINDOWS\SYSTEM32\cohbupvg.dll not found!
    File C:\WINDOWS\SYSTEM32\fmbqqtxw.dll not found!
    File C:\WINDOWS\SYSTEM32\ghhkj.bak1 not found!
    File C:\WINDOWS\SYSTEM32\ghhkj.ini not found!
    File C:\WINDOWS\SYSTEM32\jkhhg.dll not found!
    File C:\WINDOWS\SYSTEM32\lrgofkwh.exe not found!
    File C:\WINDOWS\SYSTEM32\viccbeor.dll not found!
    File C:\WINDOWS\SYSTEM32\wxlumkfa.exe not found!
    File C:\WINDOWS\SYSTEM32\ymarkopr.dll not found!
    File C:\WINDOWS\SYSTEM32\__c0053726.dat not found!
    File C:\WINDOWS\SYSTEM32\__c00FAC04.dat not found!
    [File String Scan - Non-Microsoft Only]
    File C:\WINDOWS\SYSTEM32\chiearpb.dll not found!
    File C:\WINDOWS\SYSTEM32\cohbupvg.dll not found!
    File C:\WINDOWS\SYSTEM32\fmbqqtxw.dll not found!
    C:\WINDOWS\SYSTEM32\oembios.bin moved successfully.
    File C:\WINDOWS\SYSTEM32\__c0053726.dat not found!
    Explorer started successfully
    < End of log >
    Created on 11/14/2007 22:09:05


  • #16
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    Final WinPFind3u Scan:

    WinPFind3 logfile created on: 14/11/2007 22:14:12
    WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\*****\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    1022.73 Mb Total Physical Memory | 568.92 Mb Available Physical Memory | 55.63% Memory free
    2.41 Gb Paging File | 2.02 Gb Available in Paging File | 83.96% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19.53 Gb Total Space | 9.34 Gb Free Space | 47.83% Space Free
    Drive D: | 129.51 Gb Total Space | 67.87 Gb Free Space | 52.40% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: ***************
    Current User Name: *****
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
    ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 79224 bytes | Modified Date = 25/10/2007 16:20:44 | Attr = ]
    ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 247160 bytes | Modified Date = 25/10/2007 16:20:14 | Attr = ]
    ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 136568 bytes | Modified Date = 25/10/2007 16:20:38 | Attr = ]
    ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 345464 bytes | Modified Date = 25/10/2007 16:19:22 | Attr = ]
    asusprob.exe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 06/12/2002 15:07:48 | Attr = ]
    aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 17272 bytes | Modified Date = 25/10/2007 16:46:32 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5103 | Size = 335872 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    bluesoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 1, 4 | Size = 1183744 bytes | Modified Date = 06/06/2005 12:23:08 | Attr = ]
    btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr = ]
    easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 19/09/2007 03:33:46 | Attr = ]
    ezprint.exe -> %ProgramFiles%\Lexmark 4300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.11.0 | Size = 94208 bytes | Modified Date = 26/07/2005 12:17:18 | Attr = ]
    firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.9: 2007102514 | Size = 7649128 bytes | Modified Date = 03/11/2007 13:00:24 | Attr = ]
    hydradm.exe -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraDM.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 270336 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    hydramd.exe -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraMD.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 364544 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 1381376 bytes | Modified Date = 27/01/2005 17:17:32 | Attr = ]
    incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ]
    ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
    launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 14:10:32 | Attr = ]
    lxcecoms.exe -> %System32%\lxcecoms.exe -> Lexmark International, Inc. [Ver = 1.101.101.0 | Size = 471040 bytes | Modified Date = 06/07/2005 10:14:12 | Attr = ]
    lxcemon.exe -> %ProgramFiles%\Lexmark 4300 Series\lxcemon.exe -> Lexmark International, Inc. [Ver = 2.6.44.20 | Size = 192512 bytes | Modified Date = 02/08/2005 17:45:16 | Attr = ]
    reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 02:06:32 | Attr = ]
    rfpicon.exe -> %ProgramFiles%\VibrateGameDeviceDriver\rfpicon.exe -> Ruling Tec Pte Ltd [Ver = 1.0 | Size = 49152 bytes | Modified Date = 16/01/2003 11:32:40 | Attr = ]
    servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 15:55:00 | Attr = ]
    smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]
    smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 25 | Size = 585728 bytes | Modified Date = 30/05/2003 08:42:22 | Attr = ]
    smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 29/05/2003 15:28:32 | Attr = ]
    utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 29/09/2007 14:08:40 | Attr = ]
    vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]
    zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
    (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 17272 bytes | Modified Date = 25/10/2007 16:46:32 | Attr = ]
    (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
    (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 136568 bytes | Modified Date = 25/10/2007 16:20:38 | Attr = ]
    (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 247160 bytes | Modified Date = 25/10/2007 16:20:14 | Attr = ]
    (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 345464 bytes | Modified Date = 25/10/2007 16:19:22 | Attr = ]
    (BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 03/08/2004 23:56:50 | Attr = ]
    (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
    (InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    (InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 27/01/2005 18:16:58 | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ]
    (lxce_device) lxce_device [Win32_Own | On_Demand | Running] -> %System32%\lxcecoms.exe -> Lexmark International, Inc. [Ver = 1.101.101.0 | Size = 471040 bytes | Modified Date = 06/07/2005 10:14:12 | Attr = ]
    (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 15:55:00 | Attr = ]
    (SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 14:50:10 | Attr = ]
    (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 02:06:32 | Attr = ]
    ASUS Probe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 06/12/2002 15:07:48 | Attr = ]
    ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5103 | Size = 335872 bytes | Modified Date = 21/04/2004 20:10:00 | Attr = ]
    avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 79224 bytes | Modified Date = 25/10/2007 16:20:44 | Attr = ]
    EzPrint -> %ProgramFiles%\Lexmark 4300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.11.0 | Size = 94208 bytes | Modified Date = 26/07/2005 12:17:18 | Attr = ]
    FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 12/07/2005 09:36:32 | Attr = ]
    HydraVisionDesktopManager -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraDM.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 270336 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    HydraVisionViewport -> %ProgramFiles%\ATI Technologies\ATI HydraVision\HydraMD.exe -> ATI Technologies Inc. [Ver = 3.21.2108 | Size = 364544 bytes | Modified Date = 01/04/2003 15:41:42 | Attr = ]
    InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 1381376 bytes | Modified Date = 27/01/2005 17:17:32 | Attr = ]
    iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ]
    LXCECATS -> %System32%\spool\drivers\w32x86\3\lxcetime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 20/07/2005 13:46:26 | Attr = ]
    lxcemon.exe -> %ProgramFiles%\Lexmark 4300 Series\lxcemon.exe -> Lexmark International, Inc. [Ver = 2.6.44.20 | Size = 192512 bytes | Modified Date = 02/08/2005 17:45:16 | Attr = ]
    NeroFilterCheck -> %System32%\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 12/01/2006 15:40:44 | Attr = ]
    PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 14:10:32 | Attr = ]
    QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 05:24:52 | Attr = ]
    RTBatteryMeter -> %ProgramFiles%\VibrateGameDeviceDriver\rfpicon.exe -> Ruling Tec Pte Ltd [Ver = 1.0 | Size = 49152 bytes | Modified Date = 16/01/2003 11:32:40 | Attr = ]
    SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 25 | Size = 585728 bytes | Modified Date = 30/05/2003 08:42:22 | Attr = ]
    SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 29/05/2003 15:28:32 | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
    ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 06/09/2007 15:14:18 | Attr = ]
    < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
    IMAIL -> Installed = 1 ->
    MAPI -> Installed = 1 ->
    MSFS -> Installed = 1 ->
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 65 | Size = 2048000 bytes | Modified Date = 15/09/2006 13:27:00 | Attr = ]
    uTorrent -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 29/09/2007 14:08:40 | Attr = ]
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
    %AllUsersStartup%\BlueSoleil.lnk -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 1, 4 | Size = 1183744 bytes | Modified Date = 06/06/2005 12:23:08 | Attr = ]
    %AllUsersStartup%\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 19/09/2007 03:33:46 | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 21/02/2006 19:40:30 | Attr = ]
    cembuxjz -> cembuxjz.dll -> File not found
    < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
    < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
    127.0.0.1 localhost -> ->
    < Internet Explorer Settings > -> ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Local Page -> C:\windows\system32\blank.htm ->
    HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Local Page -> C:\windows\system32\blank.htm ->
    HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKCU: ProxyEnable -> 0 ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    msn.com [ - ] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {4c4a8169-42bd-476a-9608-cb1748c1858c} [HKLM] -> %System32%\venyyeaq.dll [Reg Data - Value does not exist] -> [Ver = | Size = 79424 bytes | Modified Date = 14/11/2007 19:14:32 | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 00:04:00 | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\cembuxjz.dll [Reg Data - Value does not exist] -> File not found
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    {11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\cembuxjz.dll [Security Toolbar] -> File not found
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
    E&xport to Microsoft Excel -> -> File not found
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {3BB9887A-7CB8-4ED0-A62F-EE8872C191D4} -> (3Com Gigabit LOM (3C940)) ->
    {E975F870-F424-4215-B8ED-98206BCF8630} -> () ->
    {F7EEB0CF-F017-4CDD-A843-90A27FF9DA39} -> () ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab ->
    {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190929777716 ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191158134265 ->
    {6F750202-1362-4815-A476-88533DE61D0C} -> Kodak Gallery Easy Upload Manager Class - CodeBase = http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc4.cab ->
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ->
    Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


    [Registry - Additional Scans - Non-Microsoft Only]

    [Files/Folders - Created Within 30 days]
    qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 14/11/2007 20:59:30 | Attr = ]
    SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 14/11/2007 19:52:53 | Attr = ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 22/10/2007 22:23:43 | Attr = ]
    $NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 13/11/2007 19:05:02 | Attr = H ]
    catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136704 bytes | Created Date = 14/11/2007 20:59:00 | Attr = ]
    CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 22/10/2007 19:33:20 | Attr = HS]
    erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 14/11/2007 21:04:25 | Attr = ]
    ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 14/11/2007 19:57:38 | Attr = ]
    NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 14/11/2007 20:59:00 | Attr = ]
    PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 22/10/2007 20:11:31 | Attr = H ]
    appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 22/10/2007 19:14:33 | Attr = ]
    dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 22/10/2007 21:29:30 | Attr = ]
    GroupPolicy -> %System32%\GroupPolicy -> [Folder | Created Date = 13/11/2007 23:06:06 | Attr = H ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/11/2007 15:45:13 | Attr = ]
    Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 22/10/2007 21:29:26 | Attr = ]
    SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 22/10/2007 21:29:29 | Attr = ]
    swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 22/10/2007 21:29:27 | Attr = ]
    swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 22/10/2007 21:29:28 | Attr = ]
    swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 22/10/2007 21:29:31 | Attr = ]
    tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4738 bytes | Created Date = 22/10/2007 21:32:42 | Attr = ]
    VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 22/10/2007 21:29:32 | Attr = ]
    venyyeaq.dll -> %System32%\venyyeaq.dll -> [Ver = | Size = 79424 bytes | Created Date = 14/11/2007 19:14:30 | Attr = ]
    VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 14/11/2007 20:59:00 | Attr = ]
    WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 22/10/2007 21:29:34 | Attr = ]
    imagedrv.sys -> %System32%\drivers\imagedrv.sys -> Ahead Software AG [Ver = 2.29.0.0 built by: WinDDK | Size = 5888 bytes | Created Date = 13/11/2007 21:28:43 | Attr = ]
    imagesrv.sys -> %System32%\drivers\imagesrv.sys -> Ahead Software AG [Ver = 2.29.0.0 built by: WinDDK | Size = 127488 bytes | Created Date = 13/11/2007 21:28:43 | Attr = ]

    [Files/Folders - Modified Within 30 days]
    Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 28/10/2007 15:28:30 | Attr = ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/11/2007 15:44:28 | Attr = R ]
    qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 14/11/2007 21:53:10 | Attr = ]
    SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 14/11/2007 20:26:44 | Attr = ]
    System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 13/11/2007 22:28:00 | Attr = HS]
    Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 13/11/2007 21:26:32 | Attr = ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 13/11/2007 19:31:06 | Attr = ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 14/11/2007 21:04:26 | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 13/11/2007 19:04:44 | Attr = H ]
    $NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 13/11/2007 19:05:04 | Attr = H ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 14/11/2007 22:10:18 | Attr = S]
    catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136704 bytes | Modified Date = 08/11/2007 16:59:02 | Attr = ]
    CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 22/10/2007 19:33:22 | Attr = HS]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 13/11/2007 21:10:30 | Attr = ]
    erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 14/11/2007 21:04:26 | Attr = ]
    ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 14/11/2007 19:57:56 | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 13/11/2007 19:05:14 | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 13/11/2007 19:04:38 | Attr = HS]
    Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 14/11/2007 22:12:24 | Attr = ]
    mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1447 bytes | Modified Date = 11/11/2007 15:45:24 | Attr = ]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 13/11/2007 22:48:02 | Attr = ]
    PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 22/10/2007 20:11:32 | Attr = H ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 14/11/2007 21:56:36 | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 14/11/2007 22:10:38 | Attr = H ]
    security -> %SystemRoot%\security -> [Folder | Modified Date = 14/11/2007 22:02:38 | Attr = ]
    SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 21/10/2007 19:27:20 | Attr = ]
    system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 22/10/2007 21:29:04 | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 14/11/2007 22:10:16 | Attr = ]
    Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 14/11/2007 21:03:02 | Attr = S]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 14/11/2007 22:11:36 | Attr = ]
    AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 14/11/2007 21:26:02 | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 14/11/2007 22:10:24 | Attr = H ]
    appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 22/10/2007 19:14:34 | Attr = ]
    aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 815480 bytes | Modified Date = 25/10/2007 16:24:46 | Attr = ]
    AVASTSS.scr -> %System32%\AVASTSS.scr -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 95608 bytes | Modified Date = 25/10/2007 16:14:26 | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 14/11/2007 18:56:48 | Attr = ]
    config -> %System32%\config -> [Folder | Modified Date = 14/11/2007 21:04:42 | Attr = ]
    CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 13/11/2007 19:11:00 | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 14/11/2007 18:57:02 | Attr = RHS]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 14/11/2007 21:50:14 | Attr = ]
    GroupPolicy -> %System32%\GroupPolicy -> [Folder | Modified Date = 13/11/2007 23:06:08 | Attr = H ]
    perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70968 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 439264 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 520190 bytes | Modified Date = 28/10/2007 15:30:44 | Attr = ]
    ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 10/11/2007 14:46:06 | Attr = ]
    tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4738 bytes | Modified Date = 13/11/2007 22:21:50 | Attr = ]
    venyyeaq.dll -> %System32%\venyyeaq.dll -> [Ver = | Size = 79424 bytes | Modified Date = 14/11/2007 19:14:32 | Attr = ]
    vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353246 bytes | Modified Date = 14/11/2007 22:11:04 | Attr = H ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13002 bytes | Modified Date = 12/11/2007 21:45:46 | Attr = ]
    zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 14/11/2007 22:11:04 | Attr = H ]
    aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Modified Date = 25/10/2007 16:58:50 | Attr = ]
    aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 93264 bytes | Modified Date = 25/10/2007 17:05:36 | Attr = ]
    aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Modified Date = 25/10/2007 17:05:20 | Attr = ]
    aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Modified Date = 25/10/2007 17:03:20 | Attr = ]
    aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Modified Date = 25/10/2007 17:01:34 | Attr = ]
    etc -> %System32%\drivers\etc -> [Folder | Modified Date = 14/11/2007 21:50:14 | Attr = ]
    fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 9418784 bytes | Modified Date = 14/11/2007 19:50:06 | Attr = HS]
    fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 132440 bytes | Modified Date = 14/11/2007 19:50:06 | Attr = HS]
    fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 686112 bytes | Modified Date = 14/11/2007 19:50:06 | Attr = HS]
    fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 68504 bytes | Modified Date = 14/11/2007 19:50:06 | Attr = HS]

    [File String Scan - Non-Microsoft Only]
    UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1074, 0 | Size = 815480 bytes | Modified Date = 25/10/2007 16:24:46 | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 739840 bytes | Modified Date = 17/09/2007 18:22:58 | Attr = ]
    UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 16:49:30 | Attr = ]
    UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 22/07/2007 18:39:28 | Attr = ]
    UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 09:36:06 | Attr = ]
    UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 05:20:34 | Attr = ]
    UPX! , UPX0 , -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 05/09/2007 23:22:24 | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    UPX! , UPX0 , -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Modified Date = 03/10/2007 23:36:46 | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 18/08/2001 12:00:00 | Attr = ]
    UPX! , -> %System32%\dllcache\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 04/09/2001 09:05:32 | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 21:41:38 | Attr = ]
    PEC2 , -> %System32%\drivers\VcommMgr.sys -> IVT Corporation [Ver = 2.20 | Size = 82148 bytes | Modified Date = 25/03/2005 16:18:48 | Attr = ]

    < End of report >


  • #17
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Backup Your Registry with ERUNT
    • Please use the following link and scroll down to ERUNT and download it.
      http://aumha.org/freeware/freeware.php
    • For version with the Installer:
      Use the setup program to install ERUNT on your computer
    • For the zipped version:
      Unzip all the files into a folder of your choice.
    Click Erunt.exe to backup your registry to the folder of your choice.

    Note: to restore your registry, go to the folder and start ERDNT.exe



    Delete VundoFix.exe if you have it already, and do the following

    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.




    1. Close any open browsers.

    2. Open notepad and copy/paste the text in the quotebox below into it:
    File::
    C:\WINDOWS\system32\cembuxjz.dllbox
    C:\WINDOWS\system32\ghhkj.bak1
    C:\WINDOWS\system32\venyyeaq.dll
    C:\WINDOWS\system32\ymarkopr.dll
    C:\WINDOWS\system32\lrgofkwh.exe
    C:\WINDOWS\system32\wxlumkfa.exe
    C:\WINDOWS\system32\cembuxjz.dll

    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"="msv1_0 nwv1_0"

    Save this as CFScript.txt, in the same location as ComboFix.exe


    CFScript.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall




    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • #18
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    VundoFix.txt:


    VundoFix V6.5.10

    Checking Java version...

    Sun Java not detected
    Scan started at 23:23:43 22/10/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\bonnghei.dll
    C:\WINDOWS\system32\gsackhul.ini
    C:\WINDOWS\system32\luhkcasg.dll
    C:\WINDOWS\system32\nhuodkfl.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\bonnghei.dll
    C:\WINDOWS\system32\bonnghei.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gsackhul.ini
    C:\WINDOWS\system32\gsackhul.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\luhkcasg.dll
    C:\WINDOWS\system32\luhkcasg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nhuodkfl.dll
    C:\WINDOWS\system32\nhuodkfl.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.6.1

    Checking Java version...

    Scan started at 19:35:24 15/11/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\cembuxjz.dll

    Beginning removal...

    Performing Repairs to the registry.
    Done!


  • #19
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    While I was running ComboFix with the new script, when the computer restarted, all the accounts on the computer had passwords on them. I did not have nay passwords on the accounts and I had to run the last know good configuration to get back into the pc!


  • #20
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    Main.txt from DSS:

    Deckard's System Scanner v20071014.68
    Run by Derek on 2007-11-15 20:50:06
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    26: 2007-11-15 20:50:11 UTC - RP72 - Deckard's System Scanner Restore Point
    25: 2007-11-15 20:07:42 UTC - RP71 - ComboFix created restore point
    24: 2007-11-14 20:59:30 UTC - RP70 - ComboFix created restore point
    23: 2007-11-14 20:39:59 UTC - RP69 - System Checkpoint
    22: 2007-11-13 19:03:03 UTC - RP68 - Software Distribution Service 3.0


    -- First Restore Point --
    1: 2007-10-20 13:14:29 UTC - RP47 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Derek.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:51, on 2007-11-15
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Derek\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Derek.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190929777716
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191158134265
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: cembuxjz - cembuxjz.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8065 bytes

    -- File Associations

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
    R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
    R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
    R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
    R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
    R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
    R3 DynCal (Dynamic Calibration Service) - c:\windows\system32\drivers\dyncal.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
    R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

    S3 ASUSHWIO - c:\windows\system32\drivers\asushwio.sys (file missing)
    S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
    S3 catchme - c:\docume~1\derek\locals~1\temp\catchme.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
    R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

    S2 InCDsrvR (InCD Helper (read only)) - c:\program files\ahead\incd\incdsrv.exe -r <Not Verified; Nero AG; Nero AG incdsrv>


    -- Device Manager: Disabled

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Derek
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Derek
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd


    -- Scheduled Tasks

    2007-11-14 21:26:01 284 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2007-09-29 19:33:34 436 --a
    C:\WINDOWS\Tasks\EasyShare Registration Task.job


    -- Files created between 2007-10-15 and 2007-11-15

    2007-11-15 20:51:19 0 d
    C:\Program Files\Trend Micro
    2007-11-14 19:57:38 0 d
    C:\WINDOWS\ERUNT
    2007-11-13 23:07:40 0 dr-h
    C:\Documents and Settings\Derek\Recent
    2007-11-13 23:06:06 0 d--h
    C:\WINDOWS\system32\GroupPolicy
    2007-11-11 15:44:26 0 d
    C:\Program Files\Java
    2007-11-11 15:43:21 0 d
    C:\Program Files\Common Files\Java
    2007-11-10 14:46:45 0 d
    C:\Program Files\VibrateGameDeviceDriver
    2007-11-10 13:57:42 0 d
    C:\Documents and Settings\Scott\Application Data\Adobe
    2007-11-09 19:26:48 10816 --a
    C:\Documents and Settings\Scott\Application Data\__c00F4C4.dat
    2007-11-09 17:43:38 10816 --a
    C:\Documents and Settings\Scott\Application Data\__c00F2F9.dat
    2007-11-04 12:29:40 0 d
    C:\Documents and Settings\Derek\Application Data\VideoEgg
    2007-10-28 15:31:40 0 d
    C:\Documents and Settings\Scott\Application Data\Macromedia
    2007-10-28 15:30:12 0 d
    C:\Documents and Settings\Scott\Application Data\Mozilla
    2007-10-28 15:29:43 0 d
    C:\Documents and Settings\Scott\Application Data\Real
    2007-10-28 15:29:40 0 d
    C:\Documents and Settings\Scott\Application Data\PC Suite
    2007-10-28 15:29:36 0 d
    C:\Documents and Settings\Scott\Application Data\FaxCtr
    2007-10-28 15:29:09 0 d
    C:\Documents and Settings\Scott\Application Data\Identities
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\Templates
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\Start Menu
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\SendTo
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\Recent
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\PrintHood
    2007-10-28 15:28:28 1048576 --ah
    C:\Documents and Settings\Scott\NTUSER.DAT
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\NetHood
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\My Documents
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\Local Settings
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\Favorites
    2007-10-28 15:28:28 0 d
    C:\Documents and Settings\Scott\Desktop
    2007-10-28 15:28:28 0 d--hs---- C:\Documents and Settings\Scott\Cookies
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\Application Data
    2007-10-28 15:28:28 0 d---s---- C:\Documents and Settings\Scott\Application Data\Microsoft
    2007-10-28 15:02:29 0 d
    C:\Documents and Settings\Ellen\Application Data\Real
    2007-10-27 09:32:47 0 d
    C:\Program Files\Common Files\Real
    2007-10-27 09:32:46 0 d
    C:\Program Files\Real
    2007-10-27 09:30:02 0 d
    C:\Documents and Settings\Derek\Application Data\Real
    2007-10-24 19:39:33 0 d
    C:\Program Files\DIKO
    2007-10-22 22:23:43 0 d
    C:\VundoFix Backups
    2007-10-22 21:32:42 4738 --a
    C:\WINDOWS\system32\tmp.reg
    2007-10-22 21:29:34 25600 --a
    C:\WINDOWS\system32\WS2Fix.exe
    2007-10-22 21:29:32 289144 --a
    C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-10-22 21:29:30 51200 --a
    C:\WINDOWS\system32\dumphive.exe
    2007-10-22 21:29:29 288417 --a
    C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-10-22 21:29:26 53248 --a
    C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-10-22 21:13:53 0 d
    C:\Documents and Settings\Derek\dwhelper
    2007-10-22 20:11:31 0 d--h
    C:\WINDOWS\PIF
    2007-10-22 19:49:37 0 d
    C:\Program Files\Spyware Terminator
    2007-10-22 19:33:20 0 d--hs---- C:\WINDOWS\CSC
    2007-10-22 19:27:59 0 dr
    C:\Documents and Settings\LocalService\My Documents
    2007-10-22 19:14:33 0 d
    C:\WINDOWS\system32\appmgmt
    2007-10-20 13:21:01 0 d
    C:\Documents and Settings\Derek\Application Data\Video DVD Maker FREE


    -- Find3M Report

    2007-11-15 20:51:13 0 d
    C:\Documents and Settings\Derek\Application Data\uTorrent
    2007-11-15 20:44:24 28570 --a
    C:\logfile
    2007-11-14 22:11:02 4212 ---h
    C:\WINDOWS\system32\zllictbl.dat
    2007-11-13 21:27:35 0 d
    C:\Program Files\Ahead
    2007-11-13 21:08:58 0 d
    C:\Program Files\SpywareBlaster
    2007-11-11 15:45:22 1447 --a
    C:\WINDOWS\mozver.dat
    2007-11-11 15:43:21 0 d
    C:\Program Files\Common Files
    2007-11-10 14:46:19 0 d
    C:\Program Files\Common Files\InstallShield
    2007-10-23 17:30:24 0 d
    C:\Documents and Settings\Derek\Application Data\Ahead
    2007-10-22 19:55:24 0 d
    C:\Program Files\Windows Media Connect 2
    2007-10-22 19:34:09 0 d
    C:\Documents and Settings\Derek\Application Data\Lavasoft
    2007-10-22 19:22:30 0 d
    C:\Program Files\Lavasoft
    2007-10-11 18:49:03 0 d
    C:\Documents and Settings\Derek\Application Data\PC Suite
    2007-10-11 18:45:00 0 d
    C:\Documents and Settings\Derek\Application Data\Nokia Multimedia Player
    2007-10-11 18:29:09 335 --a
    C:\WINDOWS\mozregistry.dat
    2007-10-11 18:05:01 0 d
    C:\Documents and Settings\Derek\Application Data\Talkback
    2007-10-09 21:45:46 0 d
    C:\Documents and Settings\Derek\Application Data\Mozilla
    2007-10-08 11:18:33 0 d
    C:\Documents and Settings\Derek\Application Data\Nokia
    2007-10-08 11:16:11 0 d
    C:\Program Files\Common Files\Nokia
    2007-10-08 11:16:10 0 d
    C:\Program Files\Common Files\PCSuite
    2007-10-08 11:16:08 0 d
    C:\Program Files\Nokia
    2007-10-08 11:15:40 0 d
    C:\Program Files\DIFX
    2007-10-08 11:15:29 0 d
    C:\Program Files\PC Connectivity Solution
    2007-10-08 10:37:18 0 d
    C:\Program Files\IVT Corporation
    2007-10-08 10:37:17 0 d--h
    C:\Program Files\InstallShield Installation Information
    2007-10-01 20:26:10 0 d
    C:\Program Files\Runtime Software
    2007-10-01 20:18:05 0 d
    C:\Documents and Settings\Derek\Application Data\Adobe
    2007-10-01 20:11:00 0 d
    C:\Documents and Settings\Derek\Application Data\MailFrontier
    2007-09-30 17:30:44 0 d
    C:\Program Files\SonicWallES
    2007-09-30 14:15:01 0 d
    C:\Documents and Settings\Derek\Application Data\OfficeUpdate12
    2007-09-30 13:11:53 0 d
    C:\Program Files\MSXML 4.0
    2007-09-30 12:52:21 0 d
    C:\Program Files\Microsoft ActiveSync
    2007-09-30 11:22:19 0 d
    C:\Program Files\Microsoft.NET
    2007-09-29 19:43:46 0 d
    C:\Program Files\Kodak
    2007-09-29 19:42:51 0 d
    C:\Program Files\Common Files\Kodak
    2007-09-29 15:09:22 0 d
    C:\Documents and Settings\Derek\Application Data\Apple Computer
    2007-09-29 15:09:15 0 d
    C:\Program Files\iTunes
    2007-09-29 15:09:06 0 d
    C:\Program Files\iPod
    2007-09-29 15:08:24 0 d
    C:\Program Files\QuickTime
    2007-09-29 15:07:26 0 d
    C:\Program Files\Apple Software Update
    2007-09-29 15:06:50 0 d
    C:\Program Files\Common Files\Apple
    2007-09-29 14:21:20 0 d
    C:\Documents and Settings\Derek\Application Data\DivX
    2007-09-29 14:20:49 0 d
    C:\Program Files\DivX
    2007-09-29 14:11:44 0 --a
    C:\WINDOWS\nsreg.dat
    2007-09-29 14:08:39 0 d
    C:\Program Files\uTorrent
    2007-09-29 14:01:24 0 d
    C:\Program Files\DVD Shrink
    2007-09-29 13:47:38 0 d
    C:\Program Files\CCleaner
    2007-09-28 23:04:03 0 d
    C:\Program Files\ASUS
    2007-09-28 21:58:00 0 d
    C:\Program Files\Common Files\Adobe
    2007-09-28 21:57:23 0 d
    C:\Documents and Settings\Derek\Application Data\Leadertech
    2007-09-28 21:18:55 0 d
    C:\Program Files\MSXML 6.0
    2007-09-28 18:46:46 0 d
    C:\Program Files\MSBuild
    2007-09-28 18:42:01 0 d
    C:\Program Files\Reference Assemblies
    2007-09-28 18:33:29 0 d
    C:\Documents and Settings\Derek\Application Data\Macromedia
    2007-09-28 16:48:17 0 d
    C:\Program Files\Messenger
    2007-09-27 23:26:54 0 d
    C:\Program Files\Common Files\Nero
    2007-09-27 23:24:10 0 d
    C:\Program Files\Common Files\Ahead
    2007-09-27 23:16:43 0 d
    C:\Documents and Settings\Derek\Application Data\FaxCtr
    2007-09-27 23:16:16 0 d
    C:\Program Files\Lexmark 4300 Series
    2007-09-27 23:08:44 0 d
    C:\Program Files\Abbyy FineReader 6.0 Sprint
    2007-09-27 23:07:30 0 d
    C:\Program Files\Lexmark Fax Solutions
    2007-09-27 22:50:01 0 d
    C:\Program Files\Movie Maker
    2007-09-27 22:47:51 0 d
    C:\Program Files\Windows NT
    2007-09-27 21:50:16 0 d--h
    C:\Program Files\WindowsUpdate
    2007-09-27 21:48:00 0 d
    C:\Program Files\Netopia
    2007-09-27 21:29:24 0 d
    C:\Program Files\Analog Devices
    2007-09-27 21:27:17 0 d
    C:\Program Files\Intel
    2007-09-27 21:23:01 0 d
    C:\Documents and Settings\Derek\Application Data\Help
    2007-09-27 21:14:09 0 d
    C:\Program Files\ATI Technologies
    2007-09-27 21:13:06 0 d
    C:\Program Files\Common Files\ODBC
    2007-09-27 21:13:04 0 d
    C:\Program Files\Common Files\SpeechEngines
    2007-09-27 21:12:44 62 --ahs---- C:\Documents and Settings\Derek\Application Data\desktop.ini
    2007-09-27 20:30:27 0 d
    C:\Program Files\Alwil Software
    2007-09-27 20:26:06 0 d
    C:\Documents and Settings\Derek\Application Data\Identities
    2007-09-27 20:21:38 0 d
    C:\Program Files\microsoft frontpage
    2007-09-27 20:21:00 0 -rahs---- C:\MSDOS.SYS
    2007-09-27 20:21:00 0 -rahs---- C:\IO.SYS
    2007-09-27 20:21:00 0 --a
    C:\CONFIG.SYS
    2007-09-27 20:21:00 0 --a
    C:\AUTOEXEC.BAT
    2007-09-27 20:20:04 0 d
    C:\Program Files\Online Services
    2007-09-27 20:19:01 0 d
    C:\Program Files\Common Files\MSSoap
    2007-09-27 20:18:33 21640 --a
    C:\WINDOWS\system32\emptyregdb.dat
    2007-09-27 20:18:01 0 d
    C:\Program Files\MSN Gaming Zone
    2007-09-17 18:23:00 823296 --a
    C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-09-17 18:23:00 823296 --a
    C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-09-17 18:22:58 802816 --a
    C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-09-17 18:22:58 739840 --a
    C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2007-08-21 00:26:52 196608 --a
    C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-08-21 00:26:52 81920 --a
    C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-08-15 22:33:14 3596288 --a
    C:\WINDOWS\system32\qt-dx331.dll
    2007-08-15 22:30:26 12288 --a
    C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-08-15 10:45:20 524288 --a
    C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 16:20]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 20:10]
    "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 15:41]
    "HydraVisionViewport"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe" [2003-04-01 15:41]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 C:\WINDOWS\system32\bthprops.cpl]
    "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 13:46]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 17:45]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 12:17]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 09:36]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-27 17:17]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 15:07]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
    "RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2006-09-15 13:27]
    "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-09-29 14:08]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-10-08 10:37:20]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cembuxjz]
    cembuxjz.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ




    -- End of Deckard's System Scanner: finished at 2007-11-15 20:52:13


  • #21
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    Extra.txt from DSS:

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
    Percentage of Memory in Use: 44%
    Physical Memory (total/avail): 1022.73 MiB / 567.93 MiB
    Pagefile Memory (total/avail): 2463.04 MiB / 2081.39 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1920.96 MiB

    A: is Removable (Unformatted)
    C: is Fixed (NTFS) - 19.53 GiB total, 9.12 GiB free.
    D: is Fixed (NTFS) - 129.51 GiB total, 67.87 GiB free.
    E: is CDROM (No Media)
    F: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD1600JD-00HBB0 - 149.05 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
    \PARTITION1 - Extended w/Extended Int 13 - 129.51 GiB - D:



    -- Security Center

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)
    AV: ZoneAlarm Security Suite Antivirus v7.0.408.000 (Check Point, LTD.)
    AV: avast! antivirus 4.7.1074 [VPS 071114-0] v4.7.1074 (ALWIL Software)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"


    -- Environment Variables

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Derek\Application Data
    CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=CASTLETR-YKJ3FD
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Derek
    LOGONSERVER=\\CASTLETR-YKJ3FD
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0209
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Derek\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Derek\LOCALS~1\Temp
    tvdumpflags=8
    USERDOMAIN=CASTLETR-YKJ3FD
    USERNAME=Derek
    USERPROFILE=C:\Documents and Settings\Derek
    windir=C:\WINDOWS


    -- User Profiles

    Derek (admin)
    Ellen
    Scott


    -- Add/Remove Programs

    --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\NuNInst.exe /UNINSTALL
    --> C:\WINDOWS\unmrw.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    ASUS Probe V2.21.07 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
    ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
    ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
    avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DriveImage XML --> "C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
    ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
    ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
    ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
    ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
    ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
    ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
    ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
    ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
    essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
    Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_6c90f\Setup.exe /APR-REMOVE
    Lexmark 4300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxceUNST.EXE -NOLICENSE
    Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
    Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Mozilla Firefox (2.0.0.9) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
    MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
    netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
    Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng_web[1].exe
    Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
    OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
    PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
    QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
    SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
    SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
    skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
    SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
    SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
    Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
    staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
    tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
    VibrateGameDeviceDriver --> MsiExec.exe /I{E6FC9938-1B6E-41F6-98BD-ECD70C371DBE}
    VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
    Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
    Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
    Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
    Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
    Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
    Windows Driver Package - Nokia Modem (08/08/2007 3.3) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_32E2E448B53EE5B28E074D88802D0BAF984038DA\pccs_bluetooth.inf
    Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
    Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
    XML Paper Specification Shared Components Pack 1.0 -->
    ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


    -- Application Event Log

    Event Record #/Type948 / Warning
    Event Submitted/Written: 11/14/2007 07:54:11 PM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Event Record #/Type922 / Warning
    Event Submitted/Written: 11/14/2007 04:44:18 PM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Event Record #/Type911 / Error
    Event Submitted/Written: 11/13/2007 09:51:04 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application , version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00083f9c.
    Processing media-specific event for [!ws!]

    Event Record #/Type910 / Error
    Event Submitted/Written: 11/13/2007 09:50:56 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application services.exe, version 5.1.2600.2180, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00083f9c.
    Processing media-specific event for [services.exe!ws!]

    Event Record #/Type909 / Error
    Event Submitted/Written: 11/13/2007 09:24:42 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application nerostartsmart.exe, version 2.0.0.20, faulting module nerostartsmart.exe, version 2.0.0.20, fault address 0x0003e4ab.
    Processing media-specific event for [nerostartsmart.exe!ws!]



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type5091 / Warning
    Event Submitted/Written: 11/15/2007 08:43:39 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Event Record #/Type5045 / Warning
    Event Submitted/Written: 11/15/2007 08:05:12 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Event Record #/Type5004 / Warning
    Event Submitted/Written: 11/15/2007 07:25:38 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Event Record #/Type4971 / Warning
    Event Submitted/Written: 11/14/2007 10:29:07 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Event Record #/Type4943 / Warning
    Event Submitted/Written: 11/14/2007 10:10:51 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



    -- End of Deckard's System Scanner: finished at 2007-11-15 20:52:13


  • Advertisement
  • #22
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    Log File from HiJackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:54, on 2007-11-15
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190929777716
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191158134265
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: cembuxjz - cembuxjz.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8077 bytes


  • #23
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    ASJ, thanks for all your help.

    Are we anyway close to getting this sorted?


  • #24
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Yeah we are pretty close to having you clean.

    Run HijackThis, click "Do a system scan only" and check this entry

    O20 - Winlogon Notify: cembuxjz - cembuxjz.dll (file missing)


    Close all windows except for HijackThis and click "Fix checked".



    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\Documents and Settings\Scott\Application Data\__c00F4C4.dat
      C:\Documents and Settings\Scott\Application Data\__c00F2F9.dat

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
    • Close OTMoveIt
    *If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
    **If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")

    Click "Exit" to close OTMoveIt.




    Reboot your PC and post back with a new DSS log


  • #25
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    ASJ, why did passwords appear on the accounts? They are still there and when I went to log on again it asked me for the password. I had to restart, press F8 adn log in under the last good configuration.


  • #26
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    OTMoveIt Log:

    C:\Documents and Settings\Scott\Application Data\__c00F4C4.dat moved successfully.
    C:\Documents and Settings\Scott\Application Data\__c00F2F9.dat moved successfully.

    Created on 11-15-2007 22:43:30


  • #27
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    Baldie wrote: »
    ASJ, why did passwords appear on the accounts? They are still there and when I went to log on again it asked me for the password. I had to restart, press F8 adn log in under the last good configuration.

    This one seems to have been fixed, with HiJackThis I presume...

    New DSS Main.txt:

    Deckard's System Scanner v20071014.68
    Run by Derek on 2007-11-15 22:47:58
    Computer is in Normal Mode.



    -- HijackThis (run as Derek.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:48, on 2007-11-15
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Documents and Settings\Derek\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Derek.exe
    C:\Program Files\iPod\bin\iPodService.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190929777716
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191158134265
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8083 bytes

    -- Files created between 2007-10-15 and 2007-11-15

    2007-11-15 20:51:19 0 d
    C:\Program Files\Trend Micro
    2007-11-14 19:57:38 0 d
    C:\WINDOWS\ERUNT
    2007-11-13 23:07:40 0 dr-h
    C:\Documents and Settings\Derek\Recent
    2007-11-13 23:06:06 0 d--h
    C:\WINDOWS\system32\GroupPolicy
    2007-11-11 15:44:26 0 d
    C:\Program Files\Java
    2007-11-11 15:43:21 0 d
    C:\Program Files\Common Files\Java
    2007-11-10 14:46:45 0 d
    C:\Program Files\VibrateGameDeviceDriver
    2007-11-10 13:57:42 0 d
    C:\Documents and Settings\Scott\Application Data\Adobe
    2007-11-04 12:29:40 0 d
    C:\Documents and Settings\Derek\Application Data\VideoEgg
    2007-10-28 15:31:40 0 d
    C:\Documents and Settings\Scott\Application Data\Macromedia
    2007-10-28 15:30:12 0 d
    C:\Documents and Settings\Scott\Application Data\Mozilla
    2007-10-28 15:29:43 0 d
    C:\Documents and Settings\Scott\Application Data\Real
    2007-10-28 15:29:40 0 d
    C:\Documents and Settings\Scott\Application Data\PC Suite
    2007-10-28 15:29:36 0 d
    C:\Documents and Settings\Scott\Application Data\FaxCtr
    2007-10-28 15:29:09 0 d
    C:\Documents and Settings\Scott\Application Data\Identities
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\Templates
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\Start Menu
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\SendTo
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\Recent
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\PrintHood
    2007-10-28 15:28:28 1048576 --ah
    C:\Documents and Settings\Scott\NTUSER.DAT
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\NetHood
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\My Documents
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\Local Settings
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\Favorites
    2007-10-28 15:28:28 0 d
    C:\Documents and Settings\Scott\Desktop
    2007-10-28 15:28:28 0 d--hs---- C:\Documents and Settings\Scott\Cookies
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\Application Data
    2007-10-28 15:28:28 0 d---s---- C:\Documents and Settings\Scott\Application Data\Microsoft
    2007-10-28 15:02:29 0 d
    C:\Documents and Settings\Ellen\Application Data\Real
    2007-10-27 09:32:47 0 d
    C:\Program Files\Common Files\Real
    2007-10-27 09:32:46 0 d
    C:\Program Files\Real
    2007-10-27 09:30:02 0 d
    C:\Documents and Settings\Derek\Application Data\Real
    2007-10-24 19:39:33 0 d
    C:\Program Files\DIKO
    2007-10-22 22:23:43 0 d
    C:\VundoFix Backups
    2007-10-22 21:32:42 4738 --a
    C:\WINDOWS\system32\tmp.reg
    2007-10-22 21:29:34 25600 --a
    C:\WINDOWS\system32\WS2Fix.exe
    2007-10-22 21:29:32 289144 --a
    C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-10-22 21:29:30 51200 --a
    C:\WINDOWS\system32\dumphive.exe
    2007-10-22 21:29:29 288417 --a
    C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-10-22 21:29:26 53248 --a
    C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-10-22 21:13:53 0 d
    C:\Documents and Settings\Derek\dwhelper
    2007-10-22 20:11:31 0 d--h
    C:\WINDOWS\PIF
    2007-10-22 19:49:37 0 d
    C:\Program Files\Spyware Terminator
    2007-10-22 19:33:20 0 d--hs---- C:\WINDOWS\CSC
    2007-10-22 19:27:59 0 dr
    C:\Documents and Settings\LocalService\My Documents
    2007-10-22 19:14:33 0 d
    C:\WINDOWS\system32\appmgmt
    2007-10-20 13:21:01 0 d
    C:\Documents and Settings\Derek\Application Data\Video DVD Maker FREE


    -- Find3M Report

    2007-11-15 22:48:07 29026 --a
    C:\logfile
    2007-11-15 22:48:02 0 d
    C:\Documents and Settings\Derek\Application Data\uTorrent
    2007-11-14 22:11:02 4212 ---h
    C:\WINDOWS\system32\zllictbl.dat
    2007-11-13 21:27:35 0 d
    C:\Program Files\Ahead
    2007-11-13 21:08:58 0 d
    C:\Program Files\SpywareBlaster
    2007-11-11 15:45:22 1447 --a
    C:\WINDOWS\mozver.dat
    2007-11-11 15:43:21 0 d
    C:\Program Files\Common Files
    2007-11-10 14:46:19 0 d
    C:\Program Files\Common Files\InstallShield
    2007-10-23 17:30:24 0 d
    C:\Documents and Settings\Derek\Application Data\Ahead
    2007-10-22 19:55:24 0 d
    C:\Program Files\Windows Media Connect 2
    2007-10-22 19:34:09 0 d
    C:\Documents and Settings\Derek\Application Data\Lavasoft
    2007-10-22 19:22:30 0 d
    C:\Program Files\Lavasoft
    2007-10-11 18:49:03 0 d
    C:\Documents and Settings\Derek\Application Data\PC Suite
    2007-10-11 18:45:00 0 d
    C:\Documents and Settings\Derek\Application Data\Nokia Multimedia Player
    2007-10-11 18:29:09 335 --a
    C:\WINDOWS\mozregistry.dat
    2007-10-11 18:05:01 0 d
    C:\Documents and Settings\Derek\Application Data\Talkback
    2007-10-09 21:45:46 0 d
    C:\Documents and Settings\Derek\Application Data\Mozilla
    2007-10-08 11:18:33 0 d
    C:\Documents and Settings\Derek\Application Data\Nokia
    2007-10-08 11:16:11 0 d
    C:\Program Files\Common Files\Nokia
    2007-10-08 11:16:10 0 d
    C:\Program Files\Common Files\PCSuite
    2007-10-08 11:16:08 0 d
    C:\Program Files\Nokia
    2007-10-08 11:15:40 0 d
    C:\Program Files\DIFX
    2007-10-08 11:15:29 0 d
    C:\Program Files\PC Connectivity Solution
    2007-10-08 10:37:18 0 d
    C:\Program Files\IVT Corporation
    2007-10-08 10:37:17 0 d--h
    C:\Program Files\InstallShield Installation Information
    2007-10-01 20:26:10 0 d
    C:\Program Files\Runtime Software
    2007-10-01 20:18:05 0 d
    C:\Documents and Settings\Derek\Application Data\Adobe
    2007-10-01 20:11:00 0 d
    C:\Documents and Settings\Derek\Application Data\MailFrontier
    2007-09-30 17:30:44 0 d
    C:\Program Files\SonicWallES
    2007-09-30 14:15:01 0 d
    C:\Documents and Settings\Derek\Application Data\OfficeUpdate12
    2007-09-30 13:11:53 0 d
    C:\Program Files\MSXML 4.0
    2007-09-30 12:52:21 0 d
    C:\Program Files\Microsoft ActiveSync
    2007-09-30 11:22:19 0 d
    C:\Program Files\Microsoft.NET
    2007-09-29 19:43:46 0 d
    C:\Program Files\Kodak
    2007-09-29 19:42:51 0 d
    C:\Program Files\Common Files\Kodak
    2007-09-29 15:09:22 0 d
    C:\Documents and Settings\Derek\Application Data\Apple Computer
    2007-09-29 15:09:15 0 d
    C:\Program Files\iTunes
    2007-09-29 15:09:06 0 d
    C:\Program Files\iPod
    2007-09-29 15:08:24 0 d
    C:\Program Files\QuickTime
    2007-09-29 15:07:26 0 d
    C:\Program Files\Apple Software Update
    2007-09-29 15:06:50 0 d
    C:\Program Files\Common Files\Apple
    2007-09-29 14:21:20 0 d
    C:\Documents and Settings\Derek\Application Data\DivX
    2007-09-29 14:20:49 0 d
    C:\Program Files\DivX
    2007-09-29 14:11:44 0 --a
    C:\WINDOWS\nsreg.dat
    2007-09-29 14:08:39 0 d
    C:\Program Files\uTorrent
    2007-09-29 14:01:24 0 d
    C:\Program Files\DVD Shrink
    2007-09-29 13:47:38 0 d
    C:\Program Files\CCleaner
    2007-09-28 23:04:03 0 d
    C:\Program Files\ASUS
    2007-09-28 21:58:00 0 d
    C:\Program Files\Common Files\Adobe
    2007-09-28 21:57:23 0 d
    C:\Documents and Settings\Derek\Application Data\Leadertech
    2007-09-28 21:18:55 0 d
    C:\Program Files\MSXML 6.0
    2007-09-28 18:46:46 0 d
    C:\Program Files\MSBuild
    2007-09-28 18:42:01 0 d
    C:\Program Files\Reference Assemblies
    2007-09-28 18:33:29 0 d
    C:\Documents and Settings\Derek\Application Data\Macromedia
    2007-09-28 16:48:17 0 d
    C:\Program Files\Messenger
    2007-09-27 23:26:54 0 d
    C:\Program Files\Common Files\Nero
    2007-09-27 23:24:10 0 d
    C:\Program Files\Common Files\Ahead
    2007-09-27 23:16:43 0 d
    C:\Documents and Settings\Derek\Application Data\FaxCtr
    2007-09-27 23:16:16 0 d
    C:\Program Files\Lexmark 4300 Series
    2007-09-27 23:08:44 0 d
    C:\Program Files\Abbyy FineReader 6.0 Sprint
    2007-09-27 23:07:30 0 d
    C:\Program Files\Lexmark Fax Solutions
    2007-09-27 22:50:01 0 d
    C:\Program Files\Movie Maker
    2007-09-27 22:47:51 0 d
    C:\Program Files\Windows NT
    2007-09-27 21:50:16 0 d--h
    C:\Program Files\WindowsUpdate
    2007-09-27 21:48:00 0 d
    C:\Program Files\Netopia
    2007-09-27 21:29:24 0 d
    C:\Program Files\Analog Devices
    2007-09-27 21:27:17 0 d
    C:\Program Files\Intel
    2007-09-27 21:23:01 0 d
    C:\Documents and Settings\Derek\Application Data\Help
    2007-09-27 21:14:09 0 d
    C:\Program Files\ATI Technologies
    2007-09-27 21:13:06 0 d
    C:\Program Files\Common Files\ODBC
    2007-09-27 21:13:04 0 d
    C:\Program Files\Common Files\SpeechEngines
    2007-09-27 21:12:44 62 --ahs---- C:\Documents and Settings\Derek\Application Data\desktop.ini
    2007-09-27 20:30:27 0 d
    C:\Program Files\Alwil Software
    2007-09-27 20:26:06 0 d
    C:\Documents and Settings\Derek\Application Data\Identities
    2007-09-27 20:21:38 0 d
    C:\Program Files\microsoft frontpage
    2007-09-27 20:21:00 0 -rahs---- C:\MSDOS.SYS
    2007-09-27 20:21:00 0 -rahs---- C:\IO.SYS
    2007-09-27 20:21:00 0 --a
    C:\CONFIG.SYS
    2007-09-27 20:21:00 0 --a
    C:\AUTOEXEC.BAT
    2007-09-27 20:20:04 0 d
    C:\Program Files\Online Services
    2007-09-27 20:19:01 0 d
    C:\Program Files\Common Files\MSSoap
    2007-09-27 20:18:33 21640 --a
    C:\WINDOWS\system32\emptyregdb.dat
    2007-09-27 20:18:01 0 d
    C:\Program Files\MSN Gaming Zone
    2007-09-17 18:23:00 823296 --a
    C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-09-17 18:23:00 823296 --a
    C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-09-17 18:22:58 802816 --a
    C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-09-17 18:22:58 739840 --a
    C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2007-08-21 00:26:52 196608 --a
    C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-08-21 00:26:52 81920 --a
    C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-08-15 22:33:14 3596288 --a
    C:\WINDOWS\system32\qt-dx331.dll
    2007-08-15 22:30:26 12288 --a
    C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-08-15 10:45:20 524288 --a
    C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 16:20]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 20:10]
    "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 15:41]
    "HydraVisionViewport"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe" [2003-04-01 15:41]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 C:\WINDOWS\system32\bthprops.cpl]
    "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 13:46]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 17:45]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 12:17]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 09:36]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-27 17:17]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 15:07]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
    "RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2006-09-15 13:27]
    "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-09-29 14:08]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-10-08 10:37:20]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhg.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ




    -- End of Deckard's System Scanner: finished at 2007-11-15 22:48:49


  • #28
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello Baldie

    That problem was related to the malware you had on your PC. These infections keep getting tougher to remove, hence why you had that problem. We just need to fix one small thing to make sure you are clean.

    If you still have ERUNT on your PC then there is no need to do this step

    Backup Your Registry with ERUNT
    • Please use the following link and scroll down to ERUNT and download it.
      http://aumha.org/freeware/freeware.php
    • For version with the Installer:
      Use the setup program to install ERUNT on your computer
    • For the zipped version:
      Unzip all the files into a folder of your choice.
    Click Erunt.exe to backup your registry to the folder of your choice.

    Note: to restore your registry, go to the folder and start ERDNT.exe




    Next, you need to do this step

    Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00


    Then double click on the fix.reg file, when it prompts to merge click "Yes". Once you have done all this please send me a new DSS log and tell me if you have had any problems doing any of the above.


  • #29
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    No problems doing the above.

    New DSS main.txt:

    Deckard's System Scanner v20071014.68
    Run by Derek on 2007-11-15 23:01:30
    Computer is in Normal Mode.



    -- HijackThis (run as Derek.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:01, on 2007-11-15
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Derek\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Derek.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190929777716
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191158134265
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8015 bytes

    -- Files created between 2007-10-15 and 2007-11-15

    2007-11-15 20:51:19 0 d
    C:\Program Files\Trend Micro
    2007-11-14 19:57:38 0 d
    C:\WINDOWS\ERUNT
    2007-11-13 23:07:40 0 dr-h
    C:\Documents and Settings\Derek\Recent
    2007-11-13 23:06:06 0 d--h
    C:\WINDOWS\system32\GroupPolicy
    2007-11-11 15:44:26 0 d
    C:\Program Files\Java
    2007-11-11 15:43:21 0 d
    C:\Program Files\Common Files\Java
    2007-11-10 14:46:45 0 d
    C:\Program Files\VibrateGameDeviceDriver
    2007-11-10 13:57:42 0 d
    C:\Documents and Settings\Scott\Application Data\Adobe
    2007-11-04 12:29:40 0 d
    C:\Documents and Settings\Derek\Application Data\VideoEgg
    2007-10-28 15:31:40 0 d
    C:\Documents and Settings\Scott\Application Data\Macromedia
    2007-10-28 15:30:12 0 d
    C:\Documents and Settings\Scott\Application Data\Mozilla
    2007-10-28 15:29:43 0 d
    C:\Documents and Settings\Scott\Application Data\Real
    2007-10-28 15:29:40 0 d
    C:\Documents and Settings\Scott\Application Data\PC Suite
    2007-10-28 15:29:36 0 d
    C:\Documents and Settings\Scott\Application Data\FaxCtr
    2007-10-28 15:29:09 0 d
    C:\Documents and Settings\Scott\Application Data\Identities
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\Templates
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\Start Menu
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\SendTo
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\Recent
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\PrintHood
    2007-10-28 15:28:28 1048576 --ah
    C:\Documents and Settings\Scott\NTUSER.DAT
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\NetHood
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\My Documents
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\Local Settings
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\Favorites
    2007-10-28 15:28:28 0 d
    C:\Documents and Settings\Scott\Desktop
    2007-10-28 15:28:28 0 d--hs---- C:\Documents and Settings\Scott\Cookies
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\Application Data
    2007-10-28 15:28:28 0 d---s---- C:\Documents and Settings\Scott\Application Data\Microsoft
    2007-10-28 15:02:29 0 d
    C:\Documents and Settings\Ellen\Application Data\Real
    2007-10-27 09:32:47 0 d
    C:\Program Files\Common Files\Real
    2007-10-27 09:32:46 0 d
    C:\Program Files\Real
    2007-10-27 09:30:02 0 d
    C:\Documents and Settings\Derek\Application Data\Real
    2007-10-24 19:39:33 0 d
    C:\Program Files\DIKO
    2007-10-22 22:23:43 0 d
    C:\VundoFix Backups
    2007-10-22 21:32:42 4738 --a
    C:\WINDOWS\system32\tmp.reg
    2007-10-22 21:29:34 25600 --a
    C:\WINDOWS\system32\WS2Fix.exe
    2007-10-22 21:29:32 289144 --a
    C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-10-22 21:29:30 51200 --a
    C:\WINDOWS\system32\dumphive.exe
    2007-10-22 21:29:29 288417 --a
    C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-10-22 21:29:26 53248 --a
    C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-10-22 21:13:53 0 d
    C:\Documents and Settings\Derek\dwhelper
    2007-10-22 20:11:31 0 d--h
    C:\WINDOWS\PIF
    2007-10-22 19:49:37 0 d
    C:\Program Files\Spyware Terminator
    2007-10-22 19:33:20 0 d--hs---- C:\WINDOWS\CSC
    2007-10-22 19:27:59 0 dr
    C:\Documents and Settings\LocalService\My Documents
    2007-10-22 19:14:33 0 d
    C:\WINDOWS\system32\appmgmt
    2007-10-20 13:21:01 0 d
    C:\Documents and Settings\Derek\Application Data\Video DVD Maker FREE


    -- Find3M Report

    2007-11-15 23:01:28 0 d
    C:\Documents and Settings\Derek\Application Data\uTorrent
    2007-11-15 22:48:07 29026 --a
    C:\logfile
    2007-11-14 22:11:02 4212 ---h
    C:\WINDOWS\system32\zllictbl.dat
    2007-11-13 21:27:35 0 d
    C:\Program Files\Ahead
    2007-11-13 21:08:58 0 d
    C:\Program Files\SpywareBlaster
    2007-11-11 15:45:22 1447 --a
    C:\WINDOWS\mozver.dat
    2007-11-11 15:43:21 0 d
    C:\Program Files\Common Files
    2007-11-10 14:46:19 0 d
    C:\Program Files\Common Files\InstallShield
    2007-10-23 17:30:24 0 d
    C:\Documents and Settings\Derek\Application Data\Ahead
    2007-10-22 19:55:24 0 d
    C:\Program Files\Windows Media Connect 2
    2007-10-22 19:34:09 0 d
    C:\Documents and Settings\Derek\Application Data\Lavasoft
    2007-10-22 19:22:30 0 d
    C:\Program Files\Lavasoft
    2007-10-11 18:49:03 0 d
    C:\Documents and Settings\Derek\Application Data\PC Suite
    2007-10-11 18:45:00 0 d
    C:\Documents and Settings\Derek\Application Data\Nokia Multimedia Player
    2007-10-11 18:29:09 335 --a
    C:\WINDOWS\mozregistry.dat
    2007-10-11 18:05:01 0 d
    C:\Documents and Settings\Derek\Application Data\Talkback
    2007-10-09 21:45:46 0 d
    C:\Documents and Settings\Derek\Application Data\Mozilla
    2007-10-08 11:18:33 0 d
    C:\Documents and Settings\Derek\Application Data\Nokia
    2007-10-08 11:16:11 0 d
    C:\Program Files\Common Files\Nokia
    2007-10-08 11:16:10 0 d
    C:\Program Files\Common Files\PCSuite
    2007-10-08 11:16:08 0 d
    C:\Program Files\Nokia
    2007-10-08 11:15:40 0 d
    C:\Program Files\DIFX
    2007-10-08 11:15:29 0 d
    C:\Program Files\PC Connectivity Solution
    2007-10-08 10:37:18 0 d
    C:\Program Files\IVT Corporation
    2007-10-08 10:37:17 0 d--h
    C:\Program Files\InstallShield Installation Information
    2007-10-01 20:26:10 0 d
    C:\Program Files\Runtime Software
    2007-10-01 20:18:05 0 d
    C:\Documents and Settings\Derek\Application Data\Adobe
    2007-10-01 20:11:00 0 d
    C:\Documents and Settings\Derek\Application Data\MailFrontier
    2007-09-30 17:30:44 0 d
    C:\Program Files\SonicWallES
    2007-09-30 14:15:01 0 d
    C:\Documents and Settings\Derek\Application Data\OfficeUpdate12
    2007-09-30 13:11:53 0 d
    C:\Program Files\MSXML 4.0
    2007-09-30 12:52:21 0 d
    C:\Program Files\Microsoft ActiveSync
    2007-09-30 11:22:19 0 d
    C:\Program Files\Microsoft.NET
    2007-09-29 19:43:46 0 d
    C:\Program Files\Kodak
    2007-09-29 19:42:51 0 d
    C:\Program Files\Common Files\Kodak
    2007-09-29 15:09:22 0 d
    C:\Documents and Settings\Derek\Application Data\Apple Computer
    2007-09-29 15:09:15 0 d
    C:\Program Files\iTunes
    2007-09-29 15:09:06 0 d
    C:\Program Files\iPod
    2007-09-29 15:08:24 0 d
    C:\Program Files\QuickTime
    2007-09-29 15:07:26 0 d
    C:\Program Files\Apple Software Update
    2007-09-29 15:06:50 0 d
    C:\Program Files\Common Files\Apple
    2007-09-29 14:21:20 0 d
    C:\Documents and Settings\Derek\Application Data\DivX
    2007-09-29 14:20:49 0 d
    C:\Program Files\DivX
    2007-09-29 14:11:44 0 --a
    C:\WINDOWS\nsreg.dat
    2007-09-29 14:08:39 0 d
    C:\Program Files\uTorrent
    2007-09-29 14:01:24 0 d
    C:\Program Files\DVD Shrink
    2007-09-29 13:47:38 0 d
    C:\Program Files\CCleaner
    2007-09-28 23:04:03 0 d
    C:\Program Files\ASUS
    2007-09-28 21:58:00 0 d
    C:\Program Files\Common Files\Adobe
    2007-09-28 21:57:23 0 d
    C:\Documents and Settings\Derek\Application Data\Leadertech
    2007-09-28 21:18:55 0 d
    C:\Program Files\MSXML 6.0
    2007-09-28 18:46:46 0 d
    C:\Program Files\MSBuild
    2007-09-28 18:42:01 0 d
    C:\Program Files\Reference Assemblies
    2007-09-28 18:33:29 0 d
    C:\Documents and Settings\Derek\Application Data\Macromedia
    2007-09-28 16:48:17 0 d
    C:\Program Files\Messenger
    2007-09-27 23:26:54 0 d
    C:\Program Files\Common Files\Nero
    2007-09-27 23:24:10 0 d
    C:\Program Files\Common Files\Ahead
    2007-09-27 23:16:43 0 d
    C:\Documents and Settings\Derek\Application Data\FaxCtr
    2007-09-27 23:16:16 0 d
    C:\Program Files\Lexmark 4300 Series
    2007-09-27 23:08:44 0 d
    C:\Program Files\Abbyy FineReader 6.0 Sprint
    2007-09-27 23:07:30 0 d
    C:\Program Files\Lexmark Fax Solutions
    2007-09-27 22:50:01 0 d
    C:\Program Files\Movie Maker
    2007-09-27 22:47:51 0 d
    C:\Program Files\Windows NT
    2007-09-27 21:50:16 0 d--h
    C:\Program Files\WindowsUpdate
    2007-09-27 21:48:00 0 d
    C:\Program Files\Netopia
    2007-09-27 21:29:24 0 d
    C:\Program Files\Analog Devices
    2007-09-27 21:27:17 0 d
    C:\Program Files\Intel
    2007-09-27 21:23:01 0 d
    C:\Documents and Settings\Derek\Application Data\Help
    2007-09-27 21:14:09 0 d
    C:\Program Files\ATI Technologies
    2007-09-27 21:13:06 0 d
    C:\Program Files\Common Files\ODBC
    2007-09-27 21:13:04 0 d
    C:\Program Files\Common Files\SpeechEngines
    2007-09-27 21:12:44 62 --ahs---- C:\Documents and Settings\Derek\Application Data\desktop.ini
    2007-09-27 20:30:27 0 d
    C:\Program Files\Alwil Software
    2007-09-27 20:26:06 0 d
    C:\Documents and Settings\Derek\Application Data\Identities
    2007-09-27 20:21:38 0 d
    C:\Program Files\microsoft frontpage
    2007-09-27 20:21:00 0 -rahs---- C:\MSDOS.SYS
    2007-09-27 20:21:00 0 -rahs---- C:\IO.SYS
    2007-09-27 20:21:00 0 --a
    C:\CONFIG.SYS
    2007-09-27 20:21:00 0 --a
    C:\AUTOEXEC.BAT
    2007-09-27 20:20:04 0 d
    C:\Program Files\Online Services
    2007-09-27 20:19:01 0 d
    C:\Program Files\Common Files\MSSoap
    2007-09-27 20:18:33 21640 --a
    C:\WINDOWS\system32\emptyregdb.dat
    2007-09-27 20:18:01 0 d
    C:\Program Files\MSN Gaming Zone
    2007-09-17 18:23:00 823296 --a
    C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-09-17 18:23:00 823296 --a
    C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-09-17 18:22:58 802816 --a
    C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-09-17 18:22:58 739840 --a
    C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2007-08-21 00:26:52 196608 --a
    C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-08-21 00:26:52 81920 --a
    C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-08-15 22:33:14 3596288 --a
    C:\WINDOWS\system32\qt-dx331.dll
    2007-08-15 22:30:26 12288 --a
    C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-08-15 10:45:20 524288 --a
    C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 16:20]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 20:10]
    "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 15:41]
    "HydraVisionViewport"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe" [2003-04-01 15:41]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 C:\WINDOWS\system32\bthprops.cpl]
    "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 13:46]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 17:45]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 12:17]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 09:36]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-27 17:17]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 15:07]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
    "RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2006-09-15 13:27]
    "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-09-29 14:08]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-10-08 10:37:20]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ




    -- End of Deckard's System Scanner: finished at 2007-11-15 23:01:59


  • #30
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Beautiful. One more scan then you are all done.

    Next download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.



    Also let me know of any problems you are having.


  • Advertisement
  • #31
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    ActorSeeksJob wrote: »
    Beautiful. One more scan then you are all done.

    Next download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


    Also let me know of any problems you are having.


    I ran AVG late last night. I received 131+ errors (I went to bed for a while) but i did not get any report.


Advertisement