Virtumonde and Smitfraud-C.

[The Warden]

Hi. I am a victom of Virtumonde and Smitfraud-C. and cannot remove them with a Spybot sweep. Spybot identifies them and cleans them, but they immediately return. I have run Spybot (advanced mode) in normal Windows operating mode and in Safe Mode. Same results for both. I am running Windows XP.

These programs have made my web access almost impossible to get on line.

Anyone's help on how to remove these will be greatly appreciated.

Thank you very much!

I JUST MOVED THIS THREAD TO THIS LOCATION AND PROVIDED A HIJACKTHIS STRING BELOW AS INSTRUCTED BY ONE OF YOUR SENIOR MEMBERS. THANK YOU FOR YOUR ASSISTANCE!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:31 PM, on 8/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\letgpgbo\bolynyzy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\WINDOWS\system32\fsvepgni.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\HOMECO~1\X10COM32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark Fanjoy\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R800 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P32 "EPSON Stylus Photo R800 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI8JA.EXE /FU "C:\DOCUME~1\MARKFA~1\LOCALS~1\Temp\E_S123.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [uiapiset] C:\WINDOWS\system32\fsvepgni.exe
O4 - HKLM\..\Policies\Explorer\Run: [6E5Gg3vDdM] C:\Documents and Settings\All Users\Application Data\letgpgbo\bolynyzy.exe
O4 - Startup: X10 Communications Link.lnk = C:\Program Files\Home Control\X10BURST.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.34/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192746063328
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1213762217531
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://longsdrugs.digitalcameradeveloping.com/upload/FujifilmUploadClient.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O21 - SSODL: setdbutil - {282DFFB1-C51A-000A-53E2-06B769136807} - C:\Program Files\vvkyowb\setdbutil.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\MARKFA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10257 bytes

 

[Baabiouz]

Hello

I will be handling your log to help you get cleaned up. :greeting:


Step #1
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Step #2
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Step #3
Please post a fresh hijackThis log, Combofix log and Smitfraudfix log back here

 

[The Warden]

Okay, thank you for your help. I followed your instructions. However, I cannot find the .txt report for Combofix. It just runs then re starts the computer. By the way, after running Combofix, things are worse. A new desktop background screen has replaced my original background saying "WARNING You have a Virus. Install Anti Virus Software..." Also, a program called AntiVirus XP 2008 is trying to install.

Here is the updated HiJackThis report after running Combofix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:01, on 2008-08-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\letgpgbo\bolynyzy.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\WINDOWS\system32\fsvepgni.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\HOMECO~1\X10COM32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lodedgni.exe
C:\Documents and Settings\Mark Fanjoy\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R800 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P32 "EPSON Stylus Photo R800 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [uiapiset] C:\WINDOWS\system32\fsvepgni.exe
O4 - HKLM\..\Policies\Explorer\Run: [6E5Gg3vDdM] C:\Documents and Settings\All Users\Application Data\letgpgbo\bolynyzy.exe
O4 - Startup: X10 Communications Link.lnk = C:\Program Files\Home Control\X10BURST.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.34/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192746063328
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1213762217531
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://longsdrugs.digitalcameradeveloping.com/upload/FujifilmUploadClient.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O21 - SSODL: setdbutil - {282DFFB1-C51A-000A-53E2-06B769136807} - C:\Program Files\vvkyowb\setdbutil.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\MARKFA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10075 bytes

 

[Baabiouz]

Hello

Please run Smitfraudfix and OtScanIt:

1. Please download OTScanIt.exe from Bleeping Computer by OldTimer and save it to your desktop.
2. Double click on OTScanIt.exe to run it.
3. Click on Extract. Once done, you will be prompted. Click OK and click Close.
4. Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
5. Under Drivers section, select Non-Microsoft.
6. Click on the Run Scan button at the top left hand corner.
7. OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

 

[The Warden]

Hi. Sorry for the delay. I posted the reports you requested this morning, but I did not realize the string was too long and it did not post. Here is Smitfraud Report first. OTSScanIt report coming in next string...
Thank you!!

SmitFraudFix v2.338

Scan done at 14:03:53.12, 2008-08-18
Run from C:\Documents and Settings\Mark Fanjoy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\letgpgbo\bolynyzy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\fsvepgni.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\lodedgni.exe
C:\Documents and Settings\Mark Fanjoy\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mark Fanjoy


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mark Fanjoy\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARKFA~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D9E2E5DA-3A33-4029-AB04-5604BAF1F558}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D9E2E5DA-3A33-4029-AB04-5604BAF1F558}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D9E2E5DA-3A33-4029-AB04-5604BAF1F558}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[The Warden]

Okay, OTSScanIt Report is too long. I have to cut it in half. Here is first half...



OTSScanIt Report

OTScanIt logfile created on: 2008-08-18 14:05:04
OTScanIt by OldTimer - Version 1.0.16.2     Folder = C:\Documents and Settings\Mark Fanjoy\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
 
2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.20% Memory free
2.60 Gb Paging File | 2.36 Gb Available in Paging File | 90.62% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 41.15 Gb Free Space | 55.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 344.15 Gb Free Space | 73.89% Space Free | Partition Type: NTFS
Drive G: | 279.47 Gb Total Space | 181.72 Gb Free Space | 65.02% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARKOFFICE
Current User Name: Mark Fanjoy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2004-02-29 16:44:54 | Attr =    ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2004-02-29 16:44:48 | Attr =    ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 2004-03-12 15:17:10 | Attr =    ]
e_s40rp7.exe -> %AllUsersProfile%\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> SEIKO EPSON CORPORATION [Ver = 4.02 | Size = 113664 bytes | Modified Date = 2007-01-11 05:02:00 | Attr =    ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 2007-10-04 18:14:00 | Attr =    ]
psiservice.exe -> %SystemRoot%\system32\PSIService.exe ->  [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 2006-11-02 21:40:12 | Attr =    ]
wacom_tablet.exe -> %SystemRoot%\system32\Wacom_Tablet.exe -> Wacom Technology, Corp. [Ver = 6.0.5-7 | Size = 1373480 bytes | Modified Date = 2007-09-07 11:40:04 | Attr =    ]
x10nets.exe -> %CommonProgramFiles%\X10\Common\X10nets.exe -> X10 [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 2001-11-12 14:31:48 | Attr =    ]
wacom_tabletuser.exe -> %SystemRoot%\system32\WTablet\Wacom_TabletUser.exe -> Wacom Technology, Corp. [Ver = 6.0.5-7 | Size = 132392 bytes | Modified Date = 2007-09-07 11:40:34 | Attr =    ]
wacom_tablet.exe -> %SystemRoot%\system32\Wacom_Tablet.exe -> Wacom Technology, Corp. [Ver = 6.0.5-7 | Size = 1373480 bytes | Modified Date = 2007-09-07 11:40:04 | Attr =    ]
bolynyzy.exe -> %AllUsersProfile%\Application Data\letgpgbo\bolynyzy.exe ->  [Ver =  | Size = 61440 bytes | Modified Date = 2008-08-16 20:33:50 | Attr =    ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.019 | Size = 37888 bytes | Modified Date = 2003-11-14 09:50:00 | Attr =    ]
fsvepgni.exe -> %SystemRoot%\system32\fsvepgni.exe ->  [Ver =  | Size = 86016 bytes | Modified Date = 2008-08-16 20:33:48 | Attr =    ]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.1.2003102300 | Size = 217194 bytes | Modified Date = 2003-10-23 21:37:56 | Attr =    ]
lodedgni.exe -> %SystemRoot%\system32\lodedgni.exe -> File not found
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 2008-07-12 09:29:54 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2007-10-19 16:55:18 | Attr =    ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2004-02-29 16:44:48 | Attr =    ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 87160 bytes | Modified Date = 2004-02-29 16:44:52 | Attr =    ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2004-02-29 16:44:54 | Attr =    ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 2004-03-12 15:17:10 | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 2008-04-13 17:12:17 | Attr =    ]
(EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [Win32_Own | Auto | Running] -> %AllUsersProfile%\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> SEIKO EPSON CORPORATION [Ver = 4.02 | Size = 113664 bytes | Modified Date = 2007-01-11 05:02:00 | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 2007-01-03 18:40:21 | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-04 01:41:10 | Attr =    ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 2007-10-04 18:14:00 | Attr =    ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\hpzipm12.exe -> HP [Ver = 7, 0, 5, 0 | Size = 65536 bytes | Modified Date = 2003-10-22 10:19:22 | Attr =    ]
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PSIService.exe ->  [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 2006-11-02 21:40:12 | Attr =    ]
(RoxLiveShare10) LiveShare P2P Server 10 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -> File not found
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 1.5.0.0 | Size = 169192 bytes | Modified Date = 2004-03-12 15:18:06 | Attr =    ]
(SessionLauncher) SessionLauncher [Win32_Own | Auto | Stopped] -> %SystemDrive%\DOCUME~1\MARKFA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe -> File not found
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.3.0.46 | Size = 193760 bytes | Modified Date = 2004-03-11 14:58:32 | Attr =    ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 1221864 bytes | Modified Date = 2004-03-12 15:17:46 | Attr =    ]
(TabletServiceWacom) TabletServiceWacom [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Wacom_Tablet.exe -> Wacom Technology, Corp. [Ver = 6.0.5-7 | Size = 1373480 bytes | Modified Date = 2007-09-07 11:40:04 | Attr =    ]
(x10nets) X10 Device Network Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\X10\Common\X10nets.exe -> X10 [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 2001-11-12 14:31:48 | Attr =    ]

[Driver Services - Non-Microsoft Only]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5930 built by: WinDDK | Size = 3727680 bytes | Modified Date = 2005-09-22 16:34:18 | Attr =    ]
(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.4.5.9 | Size = 99648 bytes | Modified Date = 2008-08-01 06:27:35 | Attr =    ]
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Modified Date = 2008-05-05 23:01:28 | Attr =    ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found
(cvspydr2) ColorVision Spyder 2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\cvspydr2.sys -> Colorvision Inc [Ver = 1.0 built by: WinDDK | Size = 33024 bytes | Modified Date = 2002-04-02 17:30:16 | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 2008-04-13 11:44:48 | Attr =    ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 2008-04-13 11:44:46 | Attr =    ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2003-11-08 05:00:00 | Attr =    ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 2008-04-14 01:00:00 | Attr =    ]
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 1, 2 | Size = 24392 bytes | Modified Date = 2008-07-21 05:11:58 | Attr =    ]
(giveio) giveio [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\giveio.sys ->  [Ver =  | Size = 5248 bytes | Modified Date = 2007-11-27 12:40:32 | Attr =    ]
(L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\L8042pr2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 51486 bytes | Modified Date = 2003-11-07 02:50:00 | Attr =    ]
(LF30FS) LF30FS [Kernel | Auto | Running] -> %ProgramFiles%\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys ->  [Ver =  | Size = 101488 bytes | Modified Date = 2004-11-19 18:07:00 | Attr =    ]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 70798 bytes | Modified Date = 2003-11-07 02:50:00 | Attr =    ]
(MaxtorFrontPanel1) Maxtor 1394 Storage Front Panel Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mxofwfp.sys -> Maxtor Corp. [Ver = 1,1,0,0 | Size = 19712 bytes | Modified Date = 2003-03-13 13:23:28 | Attr =    ]
(mr7910) Photo Viewer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mr7910.sys -> Mars Semiconductor Corp. [Ver = v2.0 | Size = 113664 bytes | Modified Date = 2005-06-28 12:32:14 | Attr =    ]
(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mxopswd.sys -> Maxtor Corp. [Ver = 1,0,6,0 | Size = 15360 bytes | Modified Date = 2004-10-07 10:21:22 | Attr =    ]
(NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080816.003\NAVENG.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 89936 bytes | Modified Date = 2008-08-16 01:00:00 | Attr =    ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080816.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 856336 bytes | Modified Date = 2008-08-16 01:00:00 | Attr =    ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 6854464 bytes | Modified Date = 2007-10-04 18:14:00 | Attr =    ]
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 2008-06-15 13:11:47 | Attr =    ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2003-11-08 05:00:00 | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.67a | Size = 43872 bytes | Modified Date = 2007-07-26 03:00:00 | Attr =    ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 2004-08-03 22:31:32 | Attr =    ]
(SAVRT) SAVRT [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.3.0.28 | Size = 301200 bytes | Modified Date = 2004-02-09 15:43:56 | Attr = R  ]
(SAVRTPEL) SAVRTPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.3.0.28 | Size = 37008 bytes | Modified Date = 2004-02-09 15:43:56 | Attr = R  ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 03:25:53 | Attr =    ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 2001-08-17 14:56:16 | Attr =    ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.4.0.6 | Size = 82832 bytes | Modified Date = 2004-03-04 23:46:46 | Attr =    ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.3.0.46 | Size = 16288 bytes | Modified Date = 2004-03-11 14:58:08 | Attr =    ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.3.0.46 | Size = 263616 bytes | Modified Date = 2004-03-11 14:58:10 | Attr =    ]
(TPkd) TPkd [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\TPkd.sys -> PACE Anti-Piracy, Inc. [Ver = 5.3.0.2339 | Size = 69920 bytes | Modified Date = 2005-09-27 00:00:02 | Attr =    ]
(wacommousefilter) Wacom Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wacommousefilter.sys -> Wacom Technology [Ver = 1.2.0002.0 | Size = 11312 bytes | Modified Date = 2007-02-16 11:12:36 | Attr =    ]
(wacomvhid) Wacom Virtual Hid Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wacomvhid.sys -> Wacom Technology [Ver = 2.8.0000.0 | Size = 12848 bytes | Modified Date = 2007-02-16 10:30:12 | Attr =    ]
(WacomVKHid) Virtual Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WacomVKHid.sys -> Wacom Technology [Ver = 1.1.0000.0 | Size = 11440 bytes | Modified Date = 2007-02-15 16:11:28 | Attr =    ]
(XUIF) X10 USB Wireless Transceiver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\x10ufx2.sys -> X10 Wireless Technology, Inc. [Ver = 3.0.0.187 | Size = 17792 bytes | Modified Date = 2005-05-19 16:52:58 | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe [C:\Program Files\Google\Gmail Notifier\gnotify.exe] -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 2005-07-15 14:48:33 | Attr =    ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe ["C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 2008-04-01 13:21:56 | Attr = R  ]
EPSON Stylus Photo R800 -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800"] -> File not found
EPSON Stylus Photo R800 (Copy 1) -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P32 "EPSON Stylus Photo R800 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R800"] -> File not found
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE [Logi_MwX.Exe] -> Logitech Inc. [Ver = 9.79.016 | Size = 19968 bytes | Modified Date = 2003-11-07 02:50:00 | Attr =    ]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 2006-01-12 17:40:44 | Attr =    ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 8491008 bytes | Modified Date = 2007-10-04 18:14:00 | Attr =    ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 81920 bytes | Modified Date = 2007-10-04 18:14:00 | Attr =    ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] ->  [Ver =  | Size = 1626112 bytes | Modified Date = 2007-10-04 18:14:00 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 2008-05-27 10:50:30 | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AnyDVD -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVDtray.exe [C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe] -> SlySoft, Inc. [Ver = 6.4.5.9 | Size = 2161600 bytes | Modified Date = 2008-08-01 06:32:10 | Attr =    ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 86960 bytes | Modified Date = 2006-09-11 04:40:34 | Attr =    ]
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe ["C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"] -> Ahead Software AG [Ver = 1, 2, 0, 65 | Size = 2048000 bytes | Modified Date = 2006-09-15 15:27:00 | Attr =    ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 1, 22 | Size = 1829712 bytes | Modified Date = 2008-07-30 14:45:44 | Attr = RHS]
uiapiset -> %SystemRoot%\system32\fsvepgni.exe [C:\WINDOWS\system32\fsvepgni.exe] ->  [Ver =  | Size = 86016 bytes | Modified Date = 2008-08-16 20:33:48 | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.1.2003102300 | Size = 217194 bytes | Modified Date = 2003-10-23 21:37:56 | Attr =    ]
< Mark Fanjoy Startup Folder > -> C:\Documents and Settings\Mark Fanjoy\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\X10 Communications Link.lnk -> %ProgramFiles%\Home Control\X10BURST.EXE -> X-10 (USA) Inc. [Ver = 2.1.0B2.0.70 | Size = 79617 bytes | Modified Date = 2001-01-12 11:49:12 | Attr =    ]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
{282DFFB1-C51A-000A-53E2-06B769136807} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\vvkyowb\setdbutil.dll [setdbutil] ->  [Ver =  | Size = 106496 bytes | Modified Date = 2008-08-16 20:33:53 | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 2008-04-13 17:12:19 | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 2008-04-13 17:12:38 | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 2008-04-13 17:12:24 | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 2008-04-13 17:12:05 | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 2008-04-13 17:12:41 | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 9.0.0.338 | Size = 83176 bytes | Modified Date = 2004-03-12 15:17:24 | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\6E5Gg3vDdM -> %AllUsersProfile%\Application Data\letgpgbo\bolynyzy.exe [C:\Documents and Settings\All Users\Application Data\letgpgbo\bolynyzy.exe] ->  [Ver =  | Size = 61440 bytes | Modified Date = 2008-08-16 20:33:50 | Attr =    ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 2008-04-13 11:40:46 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVD-RAM_GSA-H22L_______________1.02____\5&63387ad&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 2007-10-18 15:13:23 | Attr =    ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ig?source=gama -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4744 domain(s) found. -> 
44 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4755 domain(s) found. -> 
44 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 2003-11-03 15:17:44 | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 2008-07-30 14:45:34 | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr =    ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] ->  [Ver =  | Size = 147456 bytes | Modified Date = 2003-05-15 01:03:46 | Attr =    ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] ->  [Ver =  | Size = 147456 bytes | Modified Date = 2003-05-15 01:03:46 | Attr =    ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] ->  [Ver =  | Size = 147456 bytes | Modified Date = 2003-05-15 01:03:46 | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > ->

 

[The Warden]

Here is second half of OTSScanIt Report....


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{A6E4A4EB-D169-4E99-8988-250FCBAFE767} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 2003-05-15 01:03:46 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 2008-07-30 14:45:34 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{49515B9A-569E-47D8-9B37-CFFF8F5FE576} -> (1394 Net Adapter) ->
{BEE67631-AF88-4E19-9B26-EE5AE93EF00F} -> () ->
{D9E2E5DA-3A33-4029-AB04-5604BAF1F558} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab[QuickTime Object] ->
{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www.costcophotocenter.com/CostcoActivia.cab[Snapfish Activia] ->
{474F00F5-3853-492C-AC3A-476512BBC336}[HKEY_LOCAL_MACHINE] -> http://picasaweb.google.com/s/v/26.34/uploader2.cab[UploadListView Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192746063328[WUWebControl Class] ->
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}[HKEY_LOCAL_MACHINE] -> http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab[System Requirements Lab Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1213762217531[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{9600F64D-755F-11D4-A47F-0001023E6D5A}[HKEY_LOCAL_MACHINE] -> http://web1.shutterfly.com/downloads/Uploader.cab[Shutterfly Picture Upload Plugin] ->
{A8683C98-5341-421B-B23C-8514C05354F1}[HKEY_LOCAL_MACHINE] -> http://longsdrugs.digitalcameradeveloping.com/upload/FujifilmUploadClient.cab[FujifilmUploader Class] ->
{A93D84FD-641F-43AE-B963-E6FA84BE7FE7}[HKEY_LOCAL_MACHINE] -> http://www.linksysfix.com/netcheck/67/install/gtdownls.cab[LinkSys Content Update] ->
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF}[HKEY_LOCAL_MACHINE] -> http://www.live365.com/players/play365.cab[Live365Player Class] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{DBA230D1-8467-4e69-987E-5FAE815A3B45}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FreeImage.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FreeImage.dll\\.Owner -> {A8683C98-5341-421B-B23C-8514C05354F1} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FreeImage.dll\\{A8683C98-5341-421B-B23C-8514C05354F1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FujifilmUploadClient.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FujifilmUploadClient.dll\\.Owner -> {A8683C98-5341-421B-B23C-8514C05354F1} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FujifilmUploadClient.dll\\{A8683C98-5341-421B-B23C-8514C05354F1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcurl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcurl.dll\\.Owner -> {A8683C98-5341-421B-B23C-8514C05354F1} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcurl.dll\\{A8683C98-5341-421B-B23C-8514C05354F1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Play365.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Play365.dll\\.Owner -> {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Play365.dll\\{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\\.Owner -> {9600F64D-755F-11D4-A47F-0001023E6D5A} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\\{9600F64D-755F-11D4-A47F-0001023E6D5A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\.Owner -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\.Owner -> {474F00F5-3853-492C-AC3A-476512BBC336} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\{474F00F5-3853-492C-AC3A-476512BBC336} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\\{A8683C98-5341-421B-B23C-8514C05354F1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{A8683C98-5341-421B-B23C-8514C05354F1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/shfolder.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/shfolder.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/shfolder.dll\\{A8683C98-5341-421B-B23C-8514C05354F1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> ->



[Files/Folders - Created Within 30 days]
08.jpg -> %SystemDrive%\08.jpg -> [Ver = | Size = 172645 bytes | Created Date = 2008-08-15 13:28:08 | Attr = ]
11.jpg -> %SystemDrive%\11.jpg -> [Ver = | Size = 134167 bytes | Created Date = 2008-08-16 20:12:41 | Attr = ]
1217594129-Zr928H.jpg -> %SystemDrive%\1217594129-Zr928H.jpg -> [Ver = | Size = 100872 bytes | Created Date = 2008-08-03 23:32:44 | Attr = ]
1622624610_0ff31af956_o.jpg -> %SystemDrive%\1622624610_0ff31af956_o.jpg -> [Ver = | Size = 1055642 bytes | Created Date = 2008-08-05 22:04:50 | Attr = ]
22576300.jpg -> %SystemDrive%\22576300.jpg -> [Ver = | Size = 4114 bytes | Created Date = 2008-08-05 22:05:53 | Attr = ]
Acrobat Install Instructions.doc -> %SystemDrive%\Acrobat Install Instructions.doc -> [Ver = | Size = 25088 bytes | Created Date = 2008-08-17 13:12:16 | Attr = ]
Amanda-02.jpg -> %SystemDrive%\Amanda-02.jpg -> [Ver = | Size = 60631 bytes | Created Date = 2008-08-15 13:19:05 | Attr = ]
Apple Motion Tutorial.dmg -> %SystemDrive%\Apple Motion Tutorial.dmg -> [Ver = | Size = 272239960 bytes | Created Date = 2008-07-25 14:51:40 | Attr = ]
black.jpg -> %SystemDrive%\black.jpg -> [Ver = | Size = 68334 bytes | Created Date = 2008-08-11 13:56:27 | Attr = ]
bodyinmind_maya_6.jpg -> %SystemDrive%\bodyinmind_maya_6.jpg -> [Ver = | Size = 210157 bytes | Created Date = 2008-08-03 23:33:38 | Attr = ]
brown 2.jpg -> %SystemDrive%\brown 2.jpg -> [Ver = | Size = 60962 bytes | Created Date = 2008-08-03 23:39:26 | Attr = ]
brown.jpg -> %SystemDrive%\brown.jpg -> [Ver = | Size = 48189 bytes | Created Date = 2008-08-03 23:38:57 | Attr = ]
carin_ashley_getimage07_JWtCVLk_sized.jpg -> %SystemDrive%\carin_ashley_getimage07_JWtCVLk_sized.jpg -> [Ver = | Size = 102427 bytes | Created Date = 2008-08-05 12:50:08 | Attr = ]
chari 2.jpg -> %SystemDrive%\chari 2.jpg -> [Ver = | Size = 205888 bytes | Created Date = 2008-08-16 20:11:34 | Attr = ]
chari.jpg -> %SystemDrive%\chari.jpg -> [Ver = | Size = 219953 bytes | Created Date = 2008-08-16 20:10:24 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2008-08-17 23:50:40 | Attr = ]
cpVPiK-1217854437.jpg -> %SystemDrive%\cpVPiK-1217854437.jpg -> [Ver = | Size = 46095 bytes | Created Date = 2008-08-04 22:19:11 | Attr = ]
fantasy.jpg -> %SystemDrive%\fantasy.jpg -> [Ver = | Size = 19838 bytes | Created Date = 2008-08-05 22:09:06 | Attr = ]
float.jpg -> %SystemDrive%\float.jpg -> [Ver = | Size = 136989 bytes | Created Date = 2008-08-06 11:22:50 | Attr = ]
Fonts -> %SystemDrive%\Fonts -> [Folder | Created Date = 2008-08-16 23:28:15 | Attr = R S]
hoot132006_028.jpg -> %SystemDrive%\hoot132006_028.jpg -> [Ver = | Size = 26695 bytes | Created Date = 2008-08-04 18:52:44 | Attr = ]
hRnyV5-1217854245.jpg -> %SystemDrive%\hRnyV5-1217854245.jpg -> [Ver = | Size = 34622 bytes | Created Date = 2008-08-04 22:18:00 | Attr = ]
k5FwKf-1218722829.jpg -> %SystemDrive%\k5FwKf-1218722829.jpg -> [Ver = | Size = 20624 bytes | Created Date = 2008-08-15 13:21:43 | Attr = ]
KuT8z2-1218553055.jpg -> %SystemDrive%\KuT8z2-1218553055.jpg -> [Ver = | Size = 59478 bytes | Created Date = 2008-08-15 13:30:20 | Attr = ]
lrg-8987-ic0855_115.jpg -> %SystemDrive%\lrg-8987-ic0855_115.jpg -> [Ver = | Size = 27991 bytes | Created Date = 2008-08-11 13:44:08 | Attr = ]
lrg-9174-wmk-_dsc0093.jpg -> %SystemDrive%\lrg-9174-wmk-_dsc0093.jpg -> [Ver = | Size = 45824 bytes | Created Date = 2008-08-15 13:17:03 | Attr = ]
moto.jpg -> %SystemDrive%\moto.jpg -> [Ver = | Size = 33563 bytes | Created Date = 2008-08-16 20:13:28 | Attr = ]
Movavi files -> %SystemDrive%\Movavi files -> [Folder | Created Date = 2008-08-14 17:21:40 | Attr = ]
Myrtle Beach 2008 Music -> %SystemDrive%\Myrtle Beach 2008 Music -> [Folder | Created Date = 2008-07-23 23:16:27 | Attr = ]
o76ovt-1218553058.jpg -> %SystemDrive%\o76ovt-1218553058.jpg -> [Ver = | Size = 38392 bytes | Created Date = 2008-08-15 13:29:56 | Attr = ]
Picture1.jpg -> %SystemDrive%\Picture1.jpg -> [Ver = | Size = 56280 bytes | Created Date = 2008-08-16 12:43:41 | Attr = ]
Picture1a.jpg -> %SystemDrive%\Picture1a.jpg -> [Ver = | Size = 60359 bytes | Created Date = 2008-08-16 12:52:04 | Attr = ]
Picture1aa.jpg -> %SystemDrive%\Picture1aa.jpg -> [Ver = | Size = 90693 bytes | Created Date = 2008-08-16 12:54:03 | Attr = ]
Picture1b.jpg -> %SystemDrive%\Picture1b.jpg -> [Ver = | Size = 51263 bytes | Created Date = 2008-08-16 12:52:17 | Attr = ]
Picture1c.jpg -> %SystemDrive%\Picture1c.jpg -> [Ver = | Size = 38370 bytes | Created Date = 2008-08-16 12:52:40 | Attr = ]
Picture1s.jpg -> %SystemDrive%\Picture1s.jpg -> [Ver = | Size = 80009 bytes | Created Date = 2008-08-16 12:55:10 | Attr = ]
Picture1ss.jpg -> %SystemDrive%\Picture1ss.jpg -> [Ver = | Size = 94583 bytes | Created Date = 2008-08-16 12:55:46 | Attr = ]
Picture1sss.jpg -> %SystemDrive%\Picture1sss.jpg -> [Ver = | Size = 72551 bytes | Created Date = 2008-08-16 12:56:01 | Attr = ]
Picture1ssss.jpg -> %SystemDrive%\Picture1ssss.jpg -> [Ver = | Size = 105311 bytes | Created Date = 2008-08-16 12:56:09 | Attr = ]
Picture1sssss.jpg -> %SystemDrive%\Picture1sssss.jpg -> [Ver = | Size = 95896 bytes | Created Date = 2008-08-16 12:56:28 | Attr = ]
Picture1ssssss.jpg -> %SystemDrive%\Picture1ssssss.jpg -> [Ver = | Size = 78725 bytes | Created Date = 2008-08-16 12:57:05 | Attr = ]
Picture1v.jpg -> %SystemDrive%\Picture1v.jpg -> [Ver = | Size = 50117 bytes | Created Date = 2008-08-16 12:59:31 | Attr = ]
Picture2.jpg -> %SystemDrive%\Picture2.jpg -> [Ver = | Size = 49821 bytes | Created Date = 2008-08-16 12:45:22 | Attr = ]
Picture3.jpg -> %SystemDrive%\Picture3.jpg -> [Ver = | Size = 65143 bytes | Created Date = 2008-08-16 12:45:28 | Attr = ]
Picture4.jpg -> %SystemDrive%\Picture4.jpg -> [Ver = | Size = 47869 bytes | Created Date = 2008-08-16 12:45:41 | Attr = ]
Picture5.jpg -> %SystemDrive%\Picture5.jpg -> [Ver = | Size = 50222 bytes | Created Date = 2008-08-16 12:46:10 | Attr = ]
Pierce -> %SystemDrive%\Pierce -> [Folder | Created Date = 2008-08-08 21:53:37 | Attr = ]
PqXMNV-1217861893.jpg -> %SystemDrive%\PqXMNV-1217861893.jpg -> [Ver = | Size = 28190 bytes | Created Date = 2008-08-04 22:17:45 | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008-08-17 22:27:25 | Attr = ]
RwSMBB-1217861894.jpg -> %SystemDrive%\RwSMBB-1217861894.jpg -> [Ver = | Size = 25931 bytes | Created Date = 2008-08-04 22:19:58 | Attr = ]
S9aEaG-1217854558.jpg -> %SystemDrive%\S9aEaG-1217854558.jpg -> [Ver = | Size = 46507 bytes | Created Date = 2008-08-04 22:19:44 | Attr = ]
SCJh6s-1217942286.jpg -> %SystemDrive%\SCJh6s-1217942286.jpg -> [Ver = | Size = 51014 bytes | Created Date = 2008-08-06 11:29:38 | Attr = ]
SF -> %SystemDrive%\SF -> [Folder | Created Date = 2008-08-03 20:36:33 | Attr = ]
SF 2 -> %SystemDrive%\SF 2 -> [Folder | Created Date = 2008-08-03 21:39:45 | Attr = ]
TO Knights Tryouts Flyer DRAFT 1.pdf -> %SystemDrive%\TO Knights Tryouts Flyer DRAFT 1.pdf -> [Ver = | Size = 412396 bytes | Created Date = 2008-08-17 14:33:01 | Attr = ]
TO Knights Tryouts Flyer DRAFT 1.tif -> %SystemDrive%\TO Knights Tryouts Flyer DRAFT 1.tif -> [Ver = | Size = 15230516 bytes | Created Date = 2008-08-17 14:31:22 | Attr = ]
VIDEO_TS -> %SystemDrive%\VIDEO_TS -> [Folder | Created Date = 2008-08-05 16:04:00 | Attr = ]
VIDEO_TS_01 -> %SystemDrive%\VIDEO_TS_01 -> [Folder | Created Date = 2008-08-05 16:55:19 | Attr = ]
w31c1I-1217861896.jpg -> %SystemDrive%\w31c1I-1217861896.jpg -> [Ver = | Size = 27535 bytes | Created Date = 2008-08-04 22:20:17 | Attr = ]
xPEhUS-1217529253.jpg -> %SystemDrive%\xPEhUS-1217529253.jpg -> [Ver = | Size = 37217 bytes | Created Date = 2008-08-03 23:37:19 | Attr = ]
AnyDVD.sys -> %SystemRoot%\System32\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.4.5.9 | Size = 99648 bytes | Created Date = 2008-08-01 06:27:35 | Attr = ]
ElbyCDIO.sys -> %SystemRoot%\System32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 1, 2 | Size = 24392 bytes | Created Date = 2008-07-21 05:11:58 | Attr = ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
blphc9t7j0epdv.scr -> %SystemRoot%\System32\blphc9t7j0epdv.scr -> Sysinternals [Ver = 3.2 | Size = 118784 bytes | Created Date = 2008-08-17 23:58:56 | Attr = ]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
fsvepgni.exe -> %SystemRoot%\System32\fsvepgni.exe -> [Ver = | Size = 86016 bytes | Created Date = 2008-08-16 20:33:48 | Attr = ]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
kxmjqleh.exe -> %SystemRoot%\System32\kxmjqleh.exe -> [Ver = | Size = 86016 bytes | Created Date = 2008-08-16 22:46:45 | Attr = ]
lklktclk.exe -> %SystemRoot%\System32\lklktclk.exe -> [Ver = | Size = 90112 bytes | Created Date = 2008-08-17 23:21:00 | Attr = ]
lphc9t7j0epdv.exe -> %SystemRoot%\System32\lphc9t7j0epdv.exe -> [Ver = | Size = 194560 bytes | Created Date = 2008-08-17 23:58:49 | Attr = ]
ojclujsr.exe -> %SystemRoot%\System32\ojclujsr.exe -> [Ver = | Size = 90112 bytes | Created Date = 2008-08-17 23:43:37 | Attr = ]
ojupcfwb.exe -> %SystemRoot%\System32\ojupcfwb.exe -> [Ver = | Size = 81920 bytes | Created Date = 2008-08-17 10:46:48 | Attr = ]
phc9t7j0epdv.bmp -> %SystemRoot%\System32\phc9t7j0epdv.bmp -> [Ver = | Size = 625208 bytes | Created Date = 2008-08-17 23:58:55 | Attr = ]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
qrepqvsx.exe -> %SystemRoot%\System32\qrepqvsx.exe -> [Ver = | Size = 81920 bytes | Created Date = 2008-08-17 18:13:51 | Attr = ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2894 bytes | Created Date = 2008-08-18 12:19:20 | Attr = ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
vufqhifs.exe -> %SystemRoot%\System32\vufqhifs.exe -> [Ver = | Size = 90112 bytes | Created Date = 2008-08-17 23:58:50 | Attr = ]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 2008-08-18 12:17:50 | Attr = ]
zafgfaxi.exe -> %SystemRoot%\System32\zafgfaxi.exe -> [Ver = | Size = 86016 bytes | Created Date = 2008-08-16 21:44:55 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2008-08-17 22:28:06 | Attr = ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
eSellerateEngine.dll -> %SystemRoot%\eSellerateEngine.dll -> eSellerate Inc. [Ver = 3.6.2.8 | Size = 356352 bytes | Created Date = 2008-08-14 17:34:49 | Attr = ]
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 2008-08-17 22:27:22 | Attr = ]
grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 2008-08-17 22:27:22 | Attr = ]
Lisa Yellow.bmp -> %SystemRoot%\Lisa Yellow.bmp -> [Ver = | Size = 1934918 bytes | Created Date = 2008-08-09 18:48:39 | Attr = ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 2008-08-17 22:27:23 | Attr = ]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 2008-08-17 23:37:11 | Attr = ]
sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 2008-08-17 22:27:22 | Attr = ]
swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008-08-17 22:27:22 | Attr = ]
swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-08-17 22:27:22 | Attr = ]
swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-08-17 22:27:22 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 2008-08-17 23:53:24 | Attr = ]
VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2008-08-17 22:27:22 | Attr = ]
zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 2008-08-17 22:27:22 | Attr = ]

[Files/Folders - Modified Within 30 days]
.DS_Store -> %SystemDrive%\.DS_Store -> [Ver = | Size = 24580 bytes | Modified Date = 2008-08-03 21:59:31 | Attr = H ]
08.jpg -> %SystemDrive%\08.jpg -> [Ver = | Size = 172645 bytes | Modified Date = 2008-08-15 13:27:45 | Attr = ]
11.jpg -> %SystemDrive%\11.jpg -> [Ver = | Size = 134167 bytes | Modified Date = 2008-08-16 20:12:25 | Attr = ]
1217594129-Zr928H.jpg -> %SystemDrive%\1217594129-Zr928H.jpg -> [Ver = | Size = 100872 bytes | Modified Date = 2008-08-03 23:32:29 | Attr = ]
1622624610_0ff31af956_o.jpg -> %SystemDrive%\1622624610_0ff31af956_o.jpg -> [Ver = | Size = 1055642 bytes | Modified Date = 2008-08-05 22:04:26 | Attr = ]
22576300.jpg -> %SystemDrive%\22576300.jpg -> [Ver = | Size = 4114 bytes | Modified Date = 2008-08-05 22:05:39 | Attr = ]
Acrobat Install Instructions.doc -> %SystemDrive%\Acrobat Install Instructions.doc -> [Ver = | Size = 25088 bytes | Modified Date = 2008-08-17 13:01:05 | Attr = ]
Amanda-02.jpg -> %SystemDrive%\Amanda-02.jpg -> [Ver = | Size = 60631 bytes | Modified Date = 2008-08-15 13:18:45 | Attr = ]
Apple Motion Tutorial.dmg -> %SystemDrive%\Apple Motion Tutorial.dmg -> [Ver = | Size = 272239960 bytes | Modified Date = 2008-07-25 15:34:38 | Attr = ]
black.jpg -> %SystemDrive%\black.jpg -> [Ver = | Size = 68334 bytes | Modified Date = 2008-08-11 13:56:12 | Attr = ]
bodyinmind_maya_6.jpg -> %SystemDrive%\bodyinmind_maya_6.jpg -> [Ver = | Size = 210157 bytes | Modified Date = 2008-08-03 23:33:33 | Attr = ]
brown 2.jpg -> %SystemDrive%\brown 2.jpg -> [Ver = | Size = 60962 bytes | Modified Date = 2008-08-03 23:39:08 | Attr = ]
brown.jpg -> %SystemDrive%\brown.jpg -> [Ver = | Size = 48189 bytes | Modified Date = 2008-08-03 23:38:46 | Attr = ]
carin_ashley_getimage07_JWtCVLk_sized.jpg -> %SystemDrive%\carin_ashley_getimage07_JWtCVLk_sized.jpg -> [Ver = | Size = 102427 bytes | Modified Date = 2008-08-05 12:49:54 | Attr = ]
chari 2.jpg -> %SystemDrive%\chari 2.jpg -> [Ver = | Size = 205888 bytes | Modified Date = 2008-08-16 20:11:20 | Attr = ]
chari.jpg -> %SystemDrive%\chari.jpg -> [Ver = | Size = 219953 bytes | Modified Date = 2008-08-16 20:09:58 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2008-08-17 23:56:08 | Attr = ]
cpVPiK-1217854437.jpg -> %SystemDrive%\cpVPiK-1217854437.jpg -> [Ver = | Size = 46095 bytes | Modified Date = 2008-08-04 22:19:03 | Attr = ]
Downloaded Programs -> %SystemDrive%\Downloaded Programs -> [Folder | Modified Date = 2008-08-17 14:09:20 | Attr = ]
fantasy.jpg -> %SystemDrive%\fantasy.jpg -> [Ver = | Size = 19838 bytes | Modified Date = 2008-08-05 22:08:59 | Attr = ]
float.jpg -> %SystemDrive%\float.jpg -> [Ver = | Size = 136989 bytes | Modified Date = 2008-08-06 11:22:35 | Attr = ]
Fonts -> %SystemDrive%\Fonts -> [Folder | Modified Date = 2008-08-16 23:29:44 | Attr = R S]
hoot132006_028.jpg -> %SystemDrive%\hoot132006_028.jpg -> [Ver = | Size = 26695 bytes | Modified Date = 2008-08-04 18:52:33 | Attr = ]
hRnyV5-1217854245.jpg -> %SystemDrive%\hRnyV5-1217854245.jpg -> [Ver = | Size = 34622 bytes | Modified Date = 2008-08-04 22:17:52 | Attr = ]
k5FwKf-1218722829.jpg -> %SystemDrive%\k5FwKf-1218722829.jpg -> [Ver = | Size = 20624 bytes | Modified Date = 2008-08-15 13:21:28 | Attr = ]
KuT8z2-1218553055.jpg -> %SystemDrive%\KuT8z2-1218553055.jpg -> [Ver = | Size = 59478 bytes | Modified Date = 2008-08-15 13:30:09 | Attr = ]
lrg-8987-ic0855_115.jpg -> %SystemDrive%\lrg-8987-ic0855_115.jpg -> [Ver = | Size = 27991 bytes | Modified Date = 2008-08-11 13:42:52 | Attr = ]
lrg-9174-wmk-_dsc0093.jpg -> %SystemDrive%\lrg-9174-wmk-_dsc0093.jpg -> [Ver = | Size = 45824 bytes | Modified Date = 2008-08-15 13:15:03 | Attr = ]
MB Slideshow Slates -> %SystemDrive%\MB Slideshow Slates -> [Folder | Modified Date = 2008-07-20 00:27:48 | Attr = ]
moto.jpg -> %SystemDrive%\moto.jpg -> [Ver = | Size = 33563 bytes | Modified Date = 2008-08-16 20:12:00 | Attr = ]
Movavi files -> %SystemDrive%\Movavi files -> [Folder | Modified Date = 2008-08-14 17:21:40 | Attr = ]
My Documents -> %SystemDrive%\My Documents -> [Folder | Modified Date = 2008-08-16 11:56:30 | Attr = ]
Myrtle Beach 2008 Music -> %SystemDrive%\Myrtle Beach 2008 Music -> [Folder | Modified Date = 2008-08-17 01:57:18 | Attr = ]
o76ovt-1218553058.jpg -> %SystemDrive%\o76ovt-1218553058.jpg -> [Ver = | Size = 38392 bytes | Modified Date = 2008-08-15 13:29:43 | Attr = ]
Picture1.jpg -> %SystemDrive%\Picture1.jpg -> [Ver = | Size = 56280 bytes | Modified Date = 2008-08-16 12:43:42 | Attr = ]
Picture1a.jpg -> %SystemDrive%\Picture1a.jpg -> [Ver = | Size = 60359 bytes | Modified Date = 2008-08-16 12:52:04 | Attr = ]
Picture1aa.jpg -> %SystemDrive%\Picture1aa.jpg -> [Ver = | Size = 90693 bytes | Modified Date = 2008-08-16 12:54:03 | Attr = ]
Picture1b.jpg -> %SystemDrive%\Picture1b.jpg -> [Ver = | Size = 51263 bytes | Modified Date = 2008-08-16 12:52:17 | Attr = ]
Picture1c.jpg -> %SystemDrive%\Picture1c.jpg -> [Ver = | Size = 38370 bytes | Modified Date = 2008-08-16 12:52:40 | Attr = ]
Picture1s.jpg -> %SystemDrive%\Picture1s.jpg -> [Ver = | Size = 80009 bytes | Modified Date = 2008-08-16 12:55:10 | Attr = ]
Picture1ss.jpg -> %SystemDrive%\Picture1ss.jpg -> [Ver = | Size = 94583 bytes | Modified Date = 2008-08-16 12:55:46 | Attr = ]
Picture1sss.jpg -> %SystemDrive%\Picture1sss.jpg -> [Ver = | Size = 72551 bytes | Modified Date = 2008-08-16 12:56:01 | Attr = ]
Picture1ssss.jpg -> %SystemDrive%\Picture1ssss.jpg -> [Ver = | Size = 105311 bytes | Modified Date = 2008-08-16 12:56:10 | Attr = ]
Picture1sssss.jpg -> %SystemDrive%\Picture1sssss.jpg -> [Ver = | Size = 95896 bytes | Modified Date = 2008-08-16 12:56:28 | Attr = ]
Picture1ssssss.jpg -> %SystemDrive%\Picture1ssssss.jpg -> [Ver = | Size = 78725 bytes | Modified Date = 2008-08-16 12:57:05 | Attr = ]
Picture1v.jpg -> %SystemDrive%\Picture1v.jpg -> [Ver = | Size = 50117 bytes | Modified Date = 2008-08-16 12:59:31 | Attr = ]
Picture2.jpg -> %SystemDrive%\Picture2.jpg -> [Ver = | Size = 49821 bytes | Modified Date = 2008-08-16 12:45:22 | Attr = ]
Picture3.jpg -> %SystemDrive%\Picture3.jpg -> [Ver = | Size = 65143 bytes | Modified Date = 2008-08-16 12:45:29 | Attr = ]
Picture4.jpg -> %SystemDrive%\Picture4.jpg -> [Ver = | Size = 47869 bytes | Modified Date = 2008-08-16 12:45:41 | Attr = ]
Picture5.jpg -> %SystemDrive%\Picture5.jpg -> [Ver = | Size = 50222 bytes | Modified Date = 2008-08-16 12:46:10 | Attr = ]
Pierce -> %SystemDrive%\Pierce -> [Folder | Modified Date = 2008-08-08 23:25:17 | Attr = ]
PqXMNV-1217861893.jpg -> %SystemDrive%\PqXMNV-1217861893.jpg -> [Ver = | Size = 28190 bytes | Modified Date = 2008-08-04 22:17:36 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-08-17 14:08:01 | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008-08-17 23:39:33 | Attr = ]
RwSMBB-1217861894.jpg -> %SystemDrive%\RwSMBB-1217861894.jpg -> [Ver = | Size = 25931 bytes | Modified Date = 2008-08-04 22:19:51 | Attr = ]
S9aEaG-1217854558.jpg -> %SystemDrive%\S9aEaG-1217854558.jpg -> [Ver = | Size = 46507 bytes | Modified Date = 2008-08-04 22:19:38 | Attr = ]
SCJh6s-1217942286.jpg -> %SystemDrive%\SCJh6s-1217942286.jpg -> [Ver = | Size = 51014 bytes | Modified Date = 2008-08-06 11:29:29 | Attr = ]
SF -> %SystemDrive%\SF -> [Folder | Modified Date = 2008-08-03 21:23:10 | Attr = ]
SF 2 -> %SystemDrive%\SF 2 -> [Folder | Modified Date = 2008-08-03 21:47:52 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2008-08-17 23:59:00 | Attr = HS]
Thumbs.db -> %SystemDrive%\Thumbs.db -> [Ver = | Size = 2305024 bytes | Modified Date = 2008-08-17 16:28:02 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable
TO Knights Tryouts Flyer DRAFT 1.pdf -> %SystemDrive%\TO Knights Tryouts Flyer DRAFT 1.pdf -> [Ver = | Size = 412396 bytes | Modified Date = 2008-08-17 16:21:26 | Attr = ]
TO Knights Tryouts Flyer DRAFT 1.tif -> %SystemDrive%\TO Knights Tryouts Flyer DRAFT 1.tif -> [Ver = | Size = 15230516 bytes | Modified Date = 2008-08-17 16:20:08 | Attr = ]
VIDEO_TS -> %SystemDrive%\VIDEO_TS -> [Folder | Modified Date = 2008-08-05 16:46:17 | Attr = ]
VIDEO_TS_01 -> %SystemDrive%\VIDEO_TS_01 -> [Folder | Modified Date = 2008-08-05 16:55:23 | Attr = ]
w31c1I-1217861896.jpg -> %SystemDrive%\w31c1I-1217861896.jpg -> [Ver = | Size = 27535 bytes | Modified Date = 2008-08-04 22:20:10 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-08-18 03:45:49 | Attr = ]
xPEhUS-1217529253.jpg -> %SystemDrive%\xPEhUS-1217529253.jpg -> [Ver = | Size = 37217 bytes | Modified Date = 2008-08-03 23:36:17 | Attr = ]
AnyDVD.sys -> %SystemRoot%\System32\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.4.5.9 | Size = 99648 bytes | Modified Date = 2008-08-01 06:27:35 | Attr = ]
ElbyCDIO.sys -> %SystemRoot%\System32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 1, 2 | Size = 24392 bytes | Modified Date = 2008-07-21 05:11:58 | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-08-17 23:55:58 | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 2008-08-17 23:55:58 | Attr = ]
hosts.20080807-232149.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080807-232149.backup -> [Ver = | Size = 253288 bytes | Modified Date = 2008-07-20 10:02:06 | Attr = R ]
hosts.20080808-194634.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080808-194634.backup -> [Ver = | Size = 257976 bytes | Modified Date = 2008-08-07 23:21:49 | Attr = R ]
hosts.20080816-211611.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080816-211611.backup -> [Ver = | Size = 257976 bytes | Modified Date = 2008-08-08 19:46:34 | Attr = R ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Modified Date = 2008-08-18 12:19:03 | Attr = ]
blphc9t7j0epdv.scr -> %SystemRoot%\System32\blphc9t7j0epdv.scr -> Sysinternals [Ver = 3.2 | Size = 118784 bytes | Modified Date = 2008-08-17 23:58:56 | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-08-15 20:53:29 | Attr = ]
12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2008-08-17 23:38:08 | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2008-08-14 15:32:42 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-08-17 23:54:59 | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 2067184 bytes | Modified Date = 2008-08-17 17:23:57 | Attr = ]
fsvepgni.exe -> %SystemRoot%\System32\fsvepgni.exe -> [Ver = | Size = 86016 bytes | Modified Date = 2008-08-16 20:33:48 | Attr = ]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Modified Date = 2008-08-14 21:52:23 | Attr = ]
kxmjqleh.exe -> %SystemRoot%\System32\kxmjqleh.exe -> [Ver = | Size = 86016 bytes | Modified Date = 2008-08-16 22:46:45 | Attr = ]
lklktclk.exe -> %SystemRoot%\System32\lklktclk.exe -> [Ver = | Size = 90112 bytes | Modified Date = 2008-08-17 23:21:00 | Attr = ]
lphc9t7j0epdv.exe -> %SystemRoot%\System32\lphc9t7j0epdv.exe -> [Ver = | Size = 194560 bytes | Modified Date = 2008-08-17 23:58:49 | Attr = ]
ojclujsr.exe -> %SystemRoot%\System32\ojclujsr.exe -> [Ver = | Size = 90112 bytes | Modified Date = 2008-08-17 23:43:37 | Attr = ]
ojupcfwb.exe -> %SystemRoot%\System32\ojupcfwb.exe -> [Ver = | Size = 81920 bytes | Modified Date = 2008-08-17 10:46:48 | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 64372 bytes | Modified Date = 2008-08-15 10:31:20 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 409232 bytes | Modified Date = 2008-08-15 10:31:20 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 478464 bytes | Modified Date = 2008-08-15 10:31:20 | Attr = ]
phc9t7j0epdv.bmp -> %SystemRoot%\System32\phc9t7j0epdv.bmp -> [Ver = | Size = 625208 bytes | Modified Date = 2008-08-17 23:58:55 | Attr = ]
qrepqvsx.exe -> %SystemRoot%\System32\qrepqvsx.exe -> [Ver = | Size = 81920 bytes | Modified Date = 2008-08-17 18:13:51 | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2008-08-17 23:59:00 | Attr = ]
Thumbs.db -> %SystemRoot%\System32\Thumbs.db -> [Ver = | Size = 6656 bytes | Modified Date = 2008-08-03 20:42:25 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2894 bytes | Modified Date = 2008-08-18 14:03:57 | Attr = ]
vufqhifs.exe -> %SystemRoot%\System32\vufqhifs.exe -> [Ver = | Size = 90112 bytes | Modified Date = 2008-08-17 23:58:50 | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2008-08-15 10:31:20 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2008-08-17 23:58:19 | Attr = ]
zafgfaxi.exe -> %SystemRoot%\System32\zafgfaxi.exe -> [Ver = | Size = 86016 bytes | Modified Date = 2008-08-16 21:44:55 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008-08-14 15:32:29 | Attr = H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2008-08-17 23:52:53 | Attr = ]
Easy DVD Creator.INI -> %SystemRoot%\Easy DVD Creator.INI -> [Ver = | Size = 67 bytes | Modified Date = 2008-07-24 16:18:37 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2008-08-17 23:37:25 | Attr = ]
eSellerateEngine.dll -> %SystemRoot%\eSellerateEngine.dll -> eSellerate Inc. [Ver = 3.6.2.8 | Size = 356352 bytes | Modified Date = 2008-08-14 17:34:50 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2008-08-16 13:38:48 | Attr = R S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2008-08-14 15:32:35 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-08-14 15:32:46 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-08-14 17:34:00 | Attr = HS]
Lisa Yellow.bmp -> %SystemRoot%\Lisa Yellow.bmp -> [Ver = | Size = 1934918 bytes | Modified Date = 2008-08-18 03:49:24 | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 0 bytes | Modified Date = 2008-08-17 23:57:11 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 2008-08-14 17:56:25 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-08-18 12:46:51 | Attr = ]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-08-17 23:53:29 | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-08-18 14:03:57 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-08-05 17:23:36 | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 2008-08-18 03:45:49 | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 694272 bytes | Modified Date = 2008-08-17 16:28:01 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
Twain001.Mtx -> %SystemRoot%\Twain001.Mtx -> [Ver = | Size = 5 bytes | Modified Date = 2008-08-18 03:45:49 | Attr = ]
Twunk001.MTX -> %SystemRoot%\Twunk001.MTX -> [Ver = | Size = 156 bytes | Modified Date = 2008-08-18 03:45:49 | Attr = ]
vuepro32.ini -> %SystemRoot%\vuepro32.ini -> [Ver = | Size = 226 bytes | Modified Date = 2008-08-18 03:49:28 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 112 bytes | Modified Date = 2008-08-14 15:25:41 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-08-17 23:57:34 | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\0x4veggBGp\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\0x4veggBGp -> [Folder | Modified Date = 2007-12-25 22:27:33 | Attr = H ]
G8Ha8t3zNW.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\0x4veggBGp\G8Ha8t3zNW.dat -> [Ver = | Size = 879 bytes | Modified Date = 2005-03-15 02:44:40 | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2007-10-18 15:21:30 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5517 bytes | Modified Date = 2008-08-17 23:58:42 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5517 bytes | Modified Date = 2008-08-17 23:58:42 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 2008-06-17 21:05:07 | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2007-10-27 14:34:52 | Attr = ]
C:\Documents and Settings\Mark Fanjoy\Local Settings\temp\ -> C:\Documents and Settings\Mark Fanjoy\Local Settings\temp -> [Folder | Modified Date = 2008-08-18 14:04:32 | Attr = ]
CfgWin.dll -> C:\Documents and Settings\Mark Fanjoy\Local Settings\temp\CfgWin.dll -> [Ver = | Size = 122880 bytes | Modified Date = 2008-08-17 23:58:52 | Attr = ]
82 C:\Documents and Settings\Mark Fanjoy\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Mark Fanjoy\Local Settings\temp\*.tmp ->
C:\Documents and Settings\Mark Fanjoy\Local Settings\temp\nsu10.tmp\ -> C:\Documents and Settings\Mark Fanjoy\Local Settings\temp\nsu10.tmp\ -> [Folder | Modified Date = 2008-08-17 23:59:27 | Attr = ]
euladlg.dll -> C:\Documents and Settings\Mark Fanjoy\Local Settings\temp\nsu10.tmp\euladlg.dll -> [Ver = | Size = 69632 bytes | Modified Date = 2008-08-17 23:59:27 | Attr = ]

< End of report >
[/code]

 

[The Warden]

Hi Baabiouz. Is there anything you are waiting for from me?

Thanks for your help with this virus issue.

 

[Baabiouz]

I'll check the logs and then see what need to do. I'm busy now but I'll do my best to get the logs read.

 

[Baabiouz]

Hello

Step #1
Please disable Teatimer as it may interfere with the fix.
First:

• Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
• Choose Exit Spybot S&D Resident

Second:

• Open Spybot S&D
• Click Mode, check Advanced Mode
• Go To Left Panel, Click Tools, then also in left panel, click Resident
• If your firewall raises a question, say OK
• Uncheck the box labeled Resident Tea-Timer and OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Once your log is clean you can re-enable those settings in TeaTimer.

Step #2
Click Start | My Computer | Local Disk (C: ) .
In the menu bar at the top, go to File | New | Folder.
That will create a folder named "New Folder", which you can rename to "HijackThis". You have now created C:\HijackThis.
Now get your HijackThis.exe file and place it in your folder.

Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O4 - HKCU\..\Run: [uiapiset] C:\WINDOWS\system32\fsvepgni.exe
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O21 - SSODL: setdbutil - {282DFFB1-C51A-000A-53E2-06B769136807} - C:\Program Files\vvkyowb\setdbutil.dll


Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Step #3
Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  C:\Documents And Settings\All Users\Application Data\letgpgbo\bolynyzy.exe
  C:\Windows\system32\fsvepgni.exe
  C:\Windows\system32\lodedgni.exe
  C:\Windows\System32\fsvepgni.exe
  C:\Windows\System32\kxmjqleh.exe
  C:\Windows\System32\lklktclk.exe 
  C:\Windows\System32\lphc9t7j0epdv.exe 
  C:\Windows\System32\ojclujsr.exe
  C:\Windows\System32\ojupcfwb.exe
  C:\Windows\System32\phc9t7j0epdv.bmp
  C:\Windows\System32\qrepqvsx.exe
  C:\Windows\System32\vufqhifs.exe
  C:\Windows\System32\zafgfaxi.exe 
  C:\Program Files\vvkyowb

• Return to OTMoveIt2, right click in the "Paste List Of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step #4
Please download ATF-cleaner and save it to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.
  
  If you use Firefox browser:
  
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  If you use Opera browser:
  
• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
• Click Exit on the Main menu to close the program.

Step #5
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  Update Malwarebytes' Anti-Malware
  Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  Note:
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
• Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Step #6
Please post OtMoveit log, Mbam log and a fresh HijackThis log back here

 

[The Warden]

Hi Baabiouz. I followed your directions, but the Malwarebytes program re booted my computer and I lost the ITMoveIt2 report. Below is the Malwarebytes report. I hope this is okay.

I understand you are busy and I appreciate you helping me VERY MUCH!

Malwarebytes' Anti-Malware 1.25
Database version: 1071
Windows 5.1.2600 Service Pack 3

17:59:34 2008-08-19
mbam-log-08-19-2008 (17-59-34).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 231327
Time elapsed: 4 hour(s), 23 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 80
Registry Values Infected: 67
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 199

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4009f700-aeba-11d1-8344-00c04fb92eb7} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{480d5ca0-f032-11cf-a7d3-00a0c9056683} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af7d8180-a8f9-11cf-9a46-00aa00b7dad1} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b4ca2970-dd2b-11d0-9dfa-00aa00af3494} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b4ca2971-dd2b-11d0-9dfa-00aa00af3494} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c83b5610-e0df-11d0-9e00-00aa00af3494} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31345649-0000-0010-8000-00aa00389b71} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87ca6f02-49e4-11cf-a3fe-00aa003735be} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87ca6f04-49e4-11cf-a3fe-00aa003735be} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a2551f60-705f-11cf-a424-00aa003735be} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd323430-ce94-11ce-82dd-0800095a5b55} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd323431-ce94-11ce-82dd-0800095a5b55} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd323432-ce94-11ce-82dd-0800095a5b55} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd323433-ce94-11ce-82dd-0800095a5b55} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c69e8f40-d5c8-11d0-a520-145405c10000} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c69e8f41-d5c8-11d0-a520-145405c10000} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c69e8f42-d5c8-11d0-a520-145405c10000} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c69e8f43-d5c8-11d0-a520-145405c10000} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{81e9dd62-78d5-11d2-b47e-006097b3391b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b496ce1-811b-11cf-8c77-00aa006b6814} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a03cd5f0-3045-11cf-8c44-00aa006b6814} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b5730a90-1a2c-11cf-8c23-00aa006b6814} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{38be3000-dbf4-11d0-860e-00a024cfef6d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{38be3001-dbf4-11d0-860e-00a024cfef6d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{38be3002-dbf4-11d0-860e-00a024cfef6d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8dd6c641-98cb-11d1-9846-00a024cfef6d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{280a3020-86cf-11d1-abe6-00a0c905f375} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3ae86b20-7be8-11d1-abe6-00a0c905f375} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afb6c280-2c41-11d3-8a60-0000f81e0e4a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5753bbb-c5a8-4f50-9d81-210bab0c5fb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{075bb8a1-b7d8-11d2-a1c6-00609778ea66} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{598eba02-b49a-11d2-a1c1-00609778ea66} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{82ccd3e0-f71a-11d0-9fe5-00609778ea66} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{22e24591-49d0-11d2-bb50-006008320064} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8fe7e181-bb96-11d2-a1cb-00609778ea66} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0dad2fdd-5fd7-11d3-8f50-00c04f7971e2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{13b37a2a-546b-47bf-bbca-8ac97f1ebdcb} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{216c62df-6d7f-4e9a-8571-05f14edb766a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc0c0fe7-0485-4266-b93f-68fbf80ed834} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa4b375a-45b4-4d45-8440-263957b11623} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3301a7c2-0a8d-11d4-914d-00c04f610d24} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3301a7c4-0a8d-11d4-914d-00c04f610d24} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3301a7c5-0a8d-11d4-914d-00c04f610d24} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fc772ab0-0c7f-11d3-8ff2-00a0c9224cf4} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{370a1d5d-ddeb-418c-81cd-189e0d4fa443} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{814b9800-1c88-11d1-bad9-00609744111a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{814b9801-1c88-11d1-bad9-00609744111a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d8bd090d-3f39-45fd-b29a-7fc62c2e59c3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fac67227-e178-4fab-9fea-b4e77d3dbe7d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bc7acb90-622b-11d2-829d-00c04f8ec183} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{521fb373-7654-49f2-bdb1-0c6e6660714f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{06075fa6-f4b2-4052-a404-ea7d9d6ea633} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4facbba1-ffd8-4cd7-8228-61e2f65cb1ae} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9aada567-04e0-11d4-9148-00c04f610d24} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3baa3119-eca1-4a32-9a08-595e71ae9da9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e63a3134-580c-4079-b551-f1c6d7c5b88c} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12585bd1-22cd-47d0-a4f7-3f060130d152} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2298e50b-928a-436f-be7d-418609e1a85c} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ca5da7c-766b-4b48-9c8c-ac968947a444} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7ad4a902-0fc5-467e-bc42-cfe1ebb70ca5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84d61430-959f-4146-8402-dda7019ef00a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{97867603-a899-11d2-a6e6-0020af5c86d3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4950d6b-64dc-4215-a1b7-85f8c9366a87} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad6c8933-f31b-4f43-b5e4-0541c1452f6f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad6c8934-f31b-4f43-b5e4-0541c1452f6f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b245df02-bdb3-41aa-a531-86ed2a1367d9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fb34e35d-d416-4d6c-8d5f-70c8aac726c1} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{17694d64-ab0c-11d2-a6e6-0020af5c86d3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17694d65-ab0c-11d2-a6e6-0020af5c86d3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17694d66-ab0c-11d2-a6e6-0020af5c86d3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12686101-f7ce-4adf-937d-02a004b392c5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{78718652-e991-4a50-ad84-595c6fad7abe} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{17694d67-ab0c-11d2-a6e6-0020af5c86d3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{17694d68-ab0c-11d2-a6e6-0020af5c86d3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\AppRegAgent.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\AtMgr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\AtPlgUI.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\AtProj2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\AtProxy2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\AtPrvw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\AuthorCode.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\BmpRef.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\CDMedia.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\CDWriter.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\ChinaEffects.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DATCode.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DevCtrl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DiscCopy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DiscEdit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DiscRead.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DiscRite.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DsRead.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DsReadWrite.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DVDFormat.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DVDMRWFormat.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DVDPRWFormat.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\DVDRWMedia.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\dvProcs.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\Editing.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\HDMedia.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\ImageTools.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\iviaenc.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\iviaudio.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IviAuthorCtrl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IviAvCtl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IviAvSrc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IviBaseProxies.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IVIdemux.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IVIdemxx.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\iviDisc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IVIDownS.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\iviMenuCtrl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IviMProf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\ivimux.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IviOverlay.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IviPlayerCtrlProxies.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IVIScale.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IVIscapt.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IviScnDetect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IviSpic.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IviStreamRenderer.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\iviSurface.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IviTrans.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IVIVENC.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IVIVIDEO.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IVIwavex.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\IVIwrite.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\MEBase.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\MenuBase.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\MenuEditor.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\MenuMix.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\MijgJpeg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\Mpeg2Parser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\SmartRnd.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\SmBuffer.ax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\StorageTools.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\ThemeMgr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Common\Bin\VCDFormat.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\Common (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Common\Bin\acelpdec.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\AppRegAgent.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ativdaxx.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ativmvxx.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\AtMgr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\AtPlgUI.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\AtProj2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\AtProxy2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\AtPrvw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\AuthorCode.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\bdaplgin.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\BmpRef.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\CDMedia.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\CDWriter.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ChinaEffects.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DATCode.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DevCtrl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DiscCopy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DiscEdit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DiscRead.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DiscRite.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\divxdec.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\divxenc.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DivXMedia.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\dshowext.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DsRead.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DsReadWrite.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DVDFormat.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DVDMRWFormat.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DVDPRWFormat.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\DVDRWMedia.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\dvProcs.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Editing.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\g711codc.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\HDMedia.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\iac25_32.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ImageTools.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\InstActivation.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ipsink.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ir41_32.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ivfsrc.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\iviaenc.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\iviaudio.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IviAuthorCtrl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IviAvCtl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IviAvSrc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IviBaseProxies.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IVIdemux.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IVIdemxx.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\iviDisc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IVIDownS.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\iviMenuCtrl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IviMProf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ivimux.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IviOverlay.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IviPlayerCtrlProxies.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IVIresize.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IVIScale.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IVIscapt.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IviScnDetect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IviSpic.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IviStreamRenderer.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\iviSurface.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IviTrans.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IVIVENC.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IVIVIDEO.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IVIwavex.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\IVIwrite.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ksproxy.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\kstvtune.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\kswdmcap.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ksxbar.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\l3codecx.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\lfbmp13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\LFCMP13n.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\lfdrw13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\lfeps13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\lffax13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\LFJ2K13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\lfmsp13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\lfpcd13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\lfpcx13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Lfpng13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\lfpsd13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\lftga13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\lftif13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Lfwmf13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\LTCLR13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\LTDIS13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ltefx13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ltfil13n.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ltimg13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ltkrn13n.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\MEBase.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\MenuBase.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\MenuEditor.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\MenuMix.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\MijgJpeg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\mpeg2data.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Mpeg2Parser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\mpg2data.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\mpg2splt.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\mpg4ds32.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\msadds32.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\msdvbnp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\msscds32.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\PCDLIB32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Pfc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Pfc.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Pfc1028.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Pfc1031.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Pfc1033.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Pfc1034.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Pfc1036.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Pfc1040.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Pfc1041.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\Pfc2052.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\psisrndr.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\SmartRnd.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\SmBuffer.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\StorageTools.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\ThemeMgr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\vbicodec.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\vbisurf.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\VCDFormat.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\vidcap.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\wiasf.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\wmv8ds32.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\wmvds32.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\wstpager.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\wstrenderer.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\wstrendr.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Bin\xvid.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\AVI.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DV-AVI.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC AC3 EP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC AC3 GQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC AC3 HQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC AC3 LP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC AC3 SP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC EP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC GQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC HQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC LP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC LPCM EP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC LPCM GQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC LPCM HQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC LPCM LP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC LPCM SP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD NTSC SP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL AC3 EP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL AC3 GQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL AC3 HQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL AC3 LP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL AC3 SP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL EP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL GQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL HQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL LP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL LPCM EP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL LPCM GQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL LPCM HQ.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL LPCM LP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL LPCM SP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\DVD PAL SP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\SVCD NTSC SP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\SVCD PAL SP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\VCD NTSC.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\VCD PAL.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfARA.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfCHS.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfCHT.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfCSY.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfDAN.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfDEU.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfENU.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfESM.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfESN.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfESP.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfFIN.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfFRA.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfFRC.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfHEB.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfHUN.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfITA.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfJPN.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfKOR.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfNLD.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfNOR.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfPTB.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfPTG.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfRUS.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfSKY.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfSVE.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfTHA.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Common\Profiles\LocalizedProfiles\IviMProfTRK.ipf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\blphc9t7j0epdv.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

 

[Baabiouz]

Hello

Would you please send a fresh HijackThis log back here ?

 

[The Warden]

Okay, here is a new HiJackThis scan...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:54, on 2008-08-19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\HOMECO~1\X10COM32.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\DVDFab Platinum 4\DVDFabPlatinum.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R800 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P32 "EPSON Stylus Photo R800 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Policies\Explorer\Run: [6E5Gg3vDdM] C:\Documents and Settings\All Users\Application Data\letgpgbo\bolynyzy.exe
O4 - Startup: X10 Communications Link.lnk = C:\Program Files\Home Control\X10BURST.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.34/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192746063328
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1213762217531
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://longsdrugs.digitalcameradeveloping.com/upload/FujifilmUploadClient.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\MARKFA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9662 bytes

 

[Baabiouz]

Hello

Please rescan OtScanIt and upload it's log here:
http://rapidshare.de/
And post the link to the file here

 

[The Warden]

Okay, here is the OTSScanIT log file link...

http://rapidshare.de/files/40282128/OTScanIt.Txt.html

 

[The Warden]

Hi Baabiouz. So far today I appear to be clean from attacks. Nothing popping up and internet access is clean and fast again. I do not want to run anymore scans or add or delete any programs (or re set my clock and settings) until you review the last scan I sent and tell me if there is anything else you want me to do.

Thank you for your help and I will not do any changes until you say we are done.

 

[Baabiouz]

Hello
I'm sorry for the delay.

Step #1
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O4 - HKLM\..\Policies\Explorer\Run: [6E5Gg3vDdM] C:\Documents and Settings\All Users\Application Data\letgpgbo\bolynyzy.exe


Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Step #2
View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) optio
Click Yes to confirm
Click OK

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Documents and Settings\All Users\Application Data\letgpgbo

Reboot your computer.

Step #3
Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window

C:\Program Files\Home Control\X10BURST.EXE

Click Submit/Send File
Please post back, to let me know the results.

If Jotti is too busy please try Virustotal

Step #4
Now we need run one scanner to make sure your computer is clean:
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

Step #5
Please post Kaspersky's results, Jotti/Virustotal results and a fresh HijackThis log back here

 

[The Warden]

Thank you, Baabiouz. I have to go out of town until Sunday. I completed the first steps and the online test showed all clean. I will run the longer scan when I return and post the logs.

Thank you for all your hard work!!!

 

[Baabiouz]

Hello

That's Ok. Have fun :

 

[The Warden]

JOTTI REPORT...

Scan taken on 23 Aug 2008 17:50:07 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

SECOND HALF OF JOTTI REPORT STATISTICS SECTION...

Last file scanned at least one scanner reported something about: 17.exe (MD5: 0dda1ae71c1c6dcd8c1ba52d4ade4238, size: 7168 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Inject.GP.1
ArcaVir X
Avast X
AVG Antivirus X
BitDefender Trojan.Inject.HC
ClamAV X
CPsecure Troj.W32.Inject.t
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X

KASPERSKY REPORT...

Saturday, August 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 22, 2008 18:44:27
Records in database: 1124860


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
F:\
G:\
L:\

Scan statistics
Files scanned 177666
Threat name 14
Infected objects 26
Suspicious objects 6
Duration of the scan 04:47:20

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C700000.VBN Infected: Trojan-Downloader.Win32.Small.aapu 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C700002.VBN Infected: Trojan-Downloader.Win32.Small.aapu 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C700004.VBN Infected: Trojan-Downloader.Win32.Exchanger.lj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FB00000.VBN Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FB00002.VBN Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Mark Fanjoy\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Mark Fanjoy\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Downloaded Programs\keyfinder\keyfinder.exe Infected: not-a-virusSWTool.Win32.RAS.a 2

C:\Downloaded Programs\Permanent Installed Programs\DVDFabPlatinum4060.rar Infected: Trojan.Win32.Delf.bur 1

C:\Downloaded Programs\Permanent Installed Programs\Mero Update 5 - Version 6.6.1.15d_wch.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1

C:\My Documents\Outlook Archive\emailarchive.pst Suspicious: Exploit.HTML.Iframe.FileDownload 3

C:\WINDOWS\system32\1B.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\1C.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\1D.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\1E.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\1F.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\20.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\21.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\ncngzmjq.exe Infected: Trojan-Downloader.Win32.Small.abpq 1

F:\20082008_001504_BackUp G to F\G\Music\Love Train.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

F:\20082208_003001_BackUp C to F\C\My Documents\Outlook Archive\emailarchive.pst Suspicious: Exploit.HTML.Iframe.FileDownload 3

F:\Photoshop Plugins\11Installed\Alien.Skin.Eye.Candy.v5.1.Impact.Retail.for.Adobe.Photoshop.Incl.KeyGen-SCOTCH\aseci51a.zip Infected: Trojan-Dropper.Win32.Agent.qgq 1

F:\Photoshop Plugins\Panopticum.AlphaStrip.v1.33.for.Adobe.Photoshop-SCOTCH\s-pas133.zip Infected: Trojan-Dropper.Win32.Agent.qgq 1

F:\Photoshop Plugins\Panopticum.Digitalizer.v1.24.for.Adobe.Photoshop.incl.KeyGen-SCOTCH\s-apd124.zip Infected: Trojan-Dropper.Win32.Agent.qgq 1

F:\Photoshop Plugins\Panopticum.IcePattern.v1.22.for.Adobe.Photoshop-SCOTCH\s-ip122b.zip Infected: Trojan-Dropper.Win32.Agent.uin 1

F:\Photoshop Plugins\Panopticum.Lens.Pro.III.v3.84.for.Adobe.Photoshop.incl.KeyGen-SCOTCH\s-lp384c.zip Infected: Trojan-Dropper.Win32.Agent.udo 1

G:\Music\Love Train.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

The selected area was scanned.

HIJACKTHIS REPORT...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:17, on 2008-08-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\HOMECO~1\X10COM32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R800 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P32 "EPSON Stylus Photo R800 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - Startup: X10 Communications Link.lnk = C:\Program Files\Home Control\X10BURST.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.34/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192746063328
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1213762217531
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://longsdrugs.digitalcameradeveloping.com/upload/FujifilmUploadClient.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\MARKFA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9205 bytes