infested ?

old boy · 26-11-2007 11:58pm #1

mate of mine has xp, e sure anti virus, the 1 u pay for, machine is barely moving i loaded c cleaner, and a anti spyware on a memory stick, but the machine will not allow either to load, any help is appreciated,

ActorSeeksJob · 27-11-2007 12:03am

Hello

Download avz4en.zip from here
Save it to your desktop and unzip it to a folder on your desktop
Double click on AVZ.exe to run it.
Choose from the menu "File" => "System Investigation"
Close all windows except for AVZ
Click on "Start" and save the report to your desktop.
Let the scan run and click "No" on the right when it asks you if you want to view it.
Upload the report you saved on your desktop onto this site in your next reply.

Sully · 27-11-2007 3:22am

What is that application ASJ? Never came across it before!

ActorSeeksJob · 27-11-2007 3:36am

Not many have except for Russians. It is a really strong anti-malware application, however it requires training to use it properly. You can easily destroy a PC with it.

It has a huge amount of features. For example you can restore a lot of features that get disabled by malware, like access to your registry/control panel/restore safeboot keys/and a lot more.

It also has a thing called AVZGuard which will pretty much stop any infection from running no matter how bad it is, which is a huge advantage for removing malware.

But the most important thing is the System Investigation feature. This is something that the average joe should be careful using. It gives a really in-depth scan of the users PC which they upload onto a forum and have an expert analyze, showing a lot of possible areas that can be Hijacked. You then construct a script to remove the bad entries, have the user run that in AVZ, and then they will be clean from malware.

Oh, and it has a feature called "Boot Cleaner". What this does is pretty much remove any file you ask it to. Legitimate files needed by the OS are generally very hard to delete, for example if you deleted a legit file like lsass.exe, you can say goodbye to booting up your PC again. However sometimes you need to run the Boot Cleaner to delete malware, so you have to be very careful, especially when you have malware impersonating legitimate files, eg : lsasss.exe

It also has an anti-spyware scanner like Spybot etc, and an excellent rootkit scanner and heuristic scanner. Honestly there are so many features !

Hope that helps

Shad0w · 27-11-2007 3:45am

Sounds Good, will have to give it a try!!!!

ActorSeeksJob · 27-11-2007 3:46am

It is

Just be careful with the heuristic scanner, it will detect legit files as suspicious ones.

Sully · 27-11-2007 1:04pm

Sounds very advanced, how come its not used more often?

ActorSeeksJob · 27-11-2007 8:58pm

Well you partly answered your own question Sully

Sounds very advanced

It is and thats the reason why not many people actually use it. It is a tough tool to use properly. The other is the fact that it is a Russian tool so it is hard to find out information on using it to the best of it's ability, or for asking questions about features.

old boy · 27-11-2007 10:40pm

i cannot post the results until tomorrow, as my mate is away.

old boy · 28-11-2007 9:53pm

Hi A S J Have the file on desktop, but unable to upload, keep getting the message " Invalid File "

ActorSeeksJob · 28-11-2007 10:27pm

Zip the file or put it in a rar file, then upload that.

old boy · 28-11-2007 10:58pm

here goes

ActorSeeksJob · 28-11-2007 11:15pm

Well the users PC is clean. The problem is more likely due to the fact that you have multiple security programs conflicting.

First off go to Start > Control Panel > Add or Remove Programs > Remove ZoneAlarm

Next download and run the McAfee Removal Tool

http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

Finally

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

The Ace Face · 30-11-2007 9:39pm

ActorSeeksJob wrote: »

Well you partly answered your own question Sully

It is and thats the reason why not many people actually use it. It is a tough tool to use properly. The other is the fact that it is a Russian tool so it is hard to find out information on using it to the best of it's ability, or for asking questions about features.

Hi ASJ,

I am a boarder but never here before. My laptop is in trouble... I have Nortons but it is poor...only picks up trojans/downlaoder viruses but every 5 miniutes they are back....... when I google it changes my link to porn sites.:eek:... IEdefender constantly pops up all the time saying I have a trojan.zlob (?)

Nortons can't seem to clean my system...not being a computer expert I'm lost.. do I reboot total system and lose all my files or can I clean this **** up.

I done your Ruski search.. here are results
ttention !!! The database was last updated 04/17/2007 - it is necessary to update the bases using automatic updates (File/Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.25
Scanning started at 11/30/2007 8:07:26 PM
Database loaded: 103395 signatures, 2 NN profile(s), 55 microprograms of healing, signature database released 17.04.2007 15:26
Heuristic microprograms loaded : 369
Digital signatures of system files loaded: 58493
Heuristic analyzer mode: Medium heuristics level
Healing mode: disabled
Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights
1. Searching for rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section: .text
Analysis: ntdll.dll, export table found in section: .text
Analysis: user32.dll, export table found in section: .text
Analysis: advapi32.dll, export table found in section: .text
Analysis: ws2_32.dll, export table found in section: .text
Analysis: wininet.dll, export table found in section: .text
Analysis: rasapi32.dll, export table found in section: .text
Analysis: urlmon.dll, export table found in section: .text
Analysis: netapi32.dll, export table found in section: .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=07B380)
Kernel ntkrnlpa.exe found in the memory at the address 804D7000
SDT = 80552380
KiST = 805011FC (284)
Function NtConnectPort (1F) intercepted (805986E6->8261F0E8), hook not defined
Functions checked: 284, intercepted: 1, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
The extended monitoring driver (AVZPM) is not installed, examination is not performed
2. Scanning memory
Number of processes found: 63
Number of modules loaded: 485
Memory checking - complete
3. Scanning disks
Direct reading C:\Documents and Settings\Cormac\Application Data\Microsoft\Internet Explorer\brndlog.bak
Direct reading C:\Documents and Settings\Cormac\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi
Direct reading C:\Documents and Settings\Cormac\Local Settings\Temp\datB.tmp
Direct reading C:\Documents and Settings\Cormac\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\fix_homepage[1].htm
Direct reading C:\Documents and Settings\Cormac\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\menu[1].htm
Direct reading C:\Documents and Settings\Cormac\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\page[1].js
Direct reading C:\Documents and Settings\Cormac\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\montage42[1].js
Direct reading C:\Documents and Settings\Cormac\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\s_code[1].js
Direct reading C:\Documents and Settings\Cormac\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\default[1].htm
Direct reading C:\Documents and Settings\Cormac\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\home42[1].js
Direct reading C:\Documents and Settings\Cormac\Templates\winword.doc
Direct reading C:\Documents and Settings\Jade\Application Data\Microsoft\Internet Explorer\brndlog.bak
Direct reading C:\Documents and Settings\Jade\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi
Direct reading C:\Documents and Settings\Jade\Local Settings\Temp\datC.tmp
Direct reading C:\Documents and Settings\Jade\Local Settings\Temp\InfoWindow.dll
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\controller[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\fix_homepage[2].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\guide_ads[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\hpb[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\hptg[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\intl_getrde601[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\loader[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\newreal[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\player[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\pp_top_static[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\search[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\sn_data[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\sol3[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\sports[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\zeitgeist_detector[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\all[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\audiohelp_install[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\guide[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\home42[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\live_football_scores_links[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\main_[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\newreal[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\results[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\rp10-bbc-en-setup[1].exe
C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\rp10-bbc-en-setup[1].exe Cannot open file "C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\rp10-bbc-en-setup[1].exe". Access is denied
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\search[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\search[2].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\shared[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\sol3[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\urchin[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\av[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\bet[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\bet[2].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\commentaries[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\controller[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\dropnav[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\dynamichtml[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\index_upsell_manager[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\JavascriptInsert[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\live[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\menu[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\montage42[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\nol4[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\player[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\search[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\s_code[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\s_code[2].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\zeitgeist_detector[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\app[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\audiohelp[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\bet[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\common[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\dap[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\default[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\guide_nav[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\guide_slideshow[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\ifl_getCSS[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\page[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\player[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\prototype.rn.lite[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\real[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\rp10-bbc-en-setup[1].exe
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\search[1].htm
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\status_module[1].js
Direct reading C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\v51[1].js
Direct reading C:\Documents and Settings\Jade\Templates\winword.doc
C:\Documents and Settings\Ray\My Documents\hbtools.exe >>>>> AdvWare.Win32.HotBar.bi
Direct reading C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119291.exe >>>>> AdvWare.Win32.180Solutions.ay
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119298.dll >>>>> AdvWare.Win32.HotBar.be
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119302.dll >>>>> AdvWare.Win32.Hotbar.ar
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119304.dll >>>>> AdvWare.Win32.HotBar.bj
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119305.exe >>>>> AdvWare.Win32.HotBar.bt
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119312.dll >>> suspicion for AdvWare.Win32.HotBar.be ( 006CD0E0 00000000 001BE153 0025BD1C 73728)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119314.exe >>>>> AdvWare.Win32.HotBar.bw
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119316.dll >>> suspicion for AdvWare.Win32.Hotbar.ar ( 007BA19A 00000000 0021BC0C 00206A5D 53248)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119318.dll >>>>> AdvWare.Win32.HotBar.bj
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119319.exe >>> suspicion for AdvWare.Win32.HotBar.bt ( 005A22F3 02DD3CB0 0024C82E 001F32E9 53248)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119326.exe >>> suspicion for AdvWare.Win32.HotBar.bw ( 00622AA7 00000000 0020A67A 0023C47D 253952)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119328.dll >>>>> AdvWare.Win32.HotBar.bj
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119329.exe >>> suspicion for AdvWare.Win32.HotBar.bt ( 005B80CF 02DD3CB0 0024C82E 001F32E9 53248)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP243\A0119341.dll >>> suspicion for AdvWare.Win32.Hotbar.ar ( 007C6A1E 00000000 0021BC0C 00206A5D 53248)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP296\A0231242.exe >>>>> not-a-virus:Downloader.Win32.WinFixer.o
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP296\A0231243.exe >>> suspicion for AdvWare.Win32.HotBar.bw ( 00622AA7 00000000 0020A67A 0023C47D 253952)
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious programs
checking disabled by user
7. Heuristic system check
Latent loading of libraries through AppInit_DLLs suspected: "C:\WINDOWS\system32\__c00B0EEF.dat"
Checking complete
Files scanned: 88442, extracted from archives: 66570, malicious programs found 10
Scanning finished at 11/30/2007 8:33:02 PM
Time of scanning: 00:25:37
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference

Any help would be great.....;)

ActorSeeksJob · 30-11-2007 9:53pm

Hello Ace

We can fix that up for sure.

Do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

The Ace Face · 30-11-2007 10:29pm

cheers ASJ,

I am being slowly driven mad!

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 04:24 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/04/2007 07:13 PM]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [10/27/2005 10:00 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [09/28/2007 01:17 AM]
"HuaWeiEVDO.exe"="C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband.exe" [05/31/2007 07:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/01/2005 3:04:53 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvutro]
tuvutro.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00B0EEF.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmk.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{441498b2-5b9b-11dc-8364-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6007b602-5ee9-11dc-836e-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6007b603-5ee9-11dc-836e-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fbb0966-5be2-11dc-8368-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fbb0967-5be2-11dc-8368-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b136fc0e-5b9c-11dc-8365-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

*Newly Created Service* - AVZ
*Newly Created Service* - WINDEFEND

-- End of Deckard's System Scanner: finished at 2007-11-30 21:24:41

Deckard's System Scanner v20071014.68
Run by Ray on 2007-11-30 21:18:37
Computer is in Normal Mode.

-- System Restore

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
94: 2007-11-30 21:18:45 UTC - RP301 - Deckard's System Scanner Restore Point
93: 2007-11-30 21:15:37 UTC - RP300 - Installed Windows Defender
92: 2007-11-29 22:53:40 UTC - RP299 - Removed SUPERAntiSpyware Professional
91: 2007-11-29 22:52:48 UTC - RP298 - Removed RegistryClear
90: 2007-11-29 22:40:51 UTC - RP297 - Installed RegistryClear

-- First Restore Point --
1: 2007-10-02 17:33:53 UTC - RP208 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis Clone

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-30 21:23:02
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Rebecca\My Documents\Res.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Documents and Settings\Ray\Desktop\avz4en\avz4en\avz.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Ray\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eircom.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: (no name) - {26FD4FFD-9CCF-48AA-A2FF-0B45DC8E94AC} - (no file)
O2 - BHO: Video On-line - {323301C5-CB6B-490C-B59F-E7FAD4D69C93} - C:\WINDOWS\system32\PowerVideo.dll
O2 - BHO: (no name) - {3F0D3F2A-CAB8-49B9-92AD-6507B3FEE1F5} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: {60988613-7599-0f78-0304-9408d079e03a} - {a30e970d-8049-4030-87f0-995731688906} - C:\DOCUME~1\Ray\LOCALS~1\Temp\lgbxnmda.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Documents and Settings\Rebecca\My Documents\Res.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{EF5E4E19-A9C5-4144-9AE6-66F53DDB30EC}: NameServer = 62.40.32.33 62.40.32.34
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00B0EEF.dat
O20 - Winlogon Notify: tuvutro - C:\WINDOWS\system32\tuvutro.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSVC - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
O24 - Desktop Component 0: - http://cachef.screensavers.com/images/screensaver_fl_spongebob_215_02.gif

--
End of file - 14418 bytes

-- File Associations

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>

S2 DLCCCustomerConnect -

-- Device Manager: Disabled

No disabled devices found.

-- Scheduled Tasks

2007-11-30 21:23:00 366 --a

C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-11-30 21:20:50 330 --ah

C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-11-30 20:00:23 544 --a

C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Ray.job
2007-11-29 22:42:20 422 --a

C:\WINDOWS\Tasks\RegistryClear Scheduled Scan.job
2007-11-26 21:36:07 284 --a

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-10-30 and 2007-11-30

2007-11-30 21:15:41 0 d

C:\Program Files\Windows Defender
2007-11-30 21:12:13 0 d

C:\WINDOWS\LastGood
2007-11-30 20:07:31 7168 --a

C:\WINDOWS\system32\drivers\utg1ndm2.sys <Not Verified; ; AVZ Driver>
2007-11-29 22:42:10 0 d

C:\Documents and Settings\Ray\Application Data\RegistryClear
2007-11-29 22:40:53 0 d

C:\Program Files\RegistryClear
2007-11-29 22:04:12 94162 ---hs---- C:\WINDOWS\system32\nqtwa.ini2
2007-11-29 21:40:09 0 d

C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-29 21:39:07 0 d

C:\Program Files\SUPERAntiSpyware
2007-11-29 21:39:06 0 d

C:\Documents and Settings\Ray\Application Data\SUPERAntiSpyware.com
2007-11-29 21:09:56 66390 --a

C:\WINDOWS\system32\qpfgtjse.dll
2007-11-29 21:06:40 79936 --a

C:\WINDOWS\system32\affhnwat.dll
2007-11-28 21:07:08 81984 --a

C:\WINDOWS\system32\lkymcfvj.dll
2007-11-28 21:05:05 81630 --a

C:\WINDOWS\system32\pefjtmbl.dll
2007-11-28 19:34:46 80360 --a

C:\WINDOWS\system32\jraahrau.dll
2007-11-28 19:31:48 81984 --a

C:\WINDOWS\system32\reguukpn.dll
2007-11-27 20:09:46 38450 --a

C:\WINDOWS\system32\pclkegcv.dll
2007-11-26 20:37:05 0 d

C:\Program Files\Windows Media Connect 2
2007-11-26 20:33:16 0 d

C:\WINDOWS\system32\LogFiles
2007-11-26 20:33:16 0 d

C:\WINDOWS\system32\drivers\UMDF
2007-11-26 10:05:34 83585 --a

C:\WINDOWS\system32\jfpfwmfo.dll
2007-11-26 01:55:25 84855

n--- C:\WINDOWS\system32\tkmdidav.dll
2007-11-26 01:55:21 79936 --a

C:\WINDOWS\system32\lxnwhuxe.dll
2007-11-26 01:01:02 0 d

C:\Program Files\IE Defender
2007-11-25 23:10:06 79936 --a

C:\WINDOWS\system32\kqglbepv.dll
2007-11-25 23:07:17 82900 --a

C:\WINDOWS\system32\wddiyqfo.dll
2007-11-25 21:36:37 224256 --a

C:\WINDOWS\system32\PowerVideo.dll <Not Verified; 3gp.org; >
2007-11-25 20:06:23 79936 --a

C:\WINDOWS\system32\absxntru.dll
2007-11-25 19:09:24 79936 --a

C:\WINDOWS\system32\nxmfbwqx.dll
2007-11-25 18:41:13 79936 --a

C:\WINDOWS\system32\gitudphw.dll
2007-11-25 18:13:47 79936 --a

C:\WINDOWS\system32\ubacahno.dll
2007-11-25 17:21:42 79936 --a

C:\WINDOWS\system32\cdssbjbl.dll
2007-11-25 15:32:46 79936 --a

C:\WINDOWS\system32\tbweyvti.dll
2007-11-25 14:18:28 82900 --a

C:\WINDOWS\system32\pwobefrx.dll
2007-11-25 14:15:17 79936 --a

C:\WINDOWS\system32\wbsnoueo.dll
2007-11-24 22:21:41 81472 --a

C:\WINDOWS\system32\ytddmwcc.dll
2007-11-24 21:24:49 81472 --a

C:\WINDOWS\system32\aodedkxl.dll
2007-11-24 19:41:06 81472 --a

C:\WINDOWS\system32\dckgmkwp.dll
2007-11-24 14:29:13 81472 --a

C:\WINDOWS\system32\wbvccbdh.dll
2007-11-24 12:22:41 81472 --a

C:\WINDOWS\system32\dcmayfiu.dll
2007-11-24 12:16:42 6700 --a

C:\WINDOWS\system32\bnuiulpd.dll
2007-11-24 11:38:38 81472 --a

C:\WINDOWS\system32\jrinwumf.dll
2007-11-23 22:06:28 83520 --a

C:\WINDOWS\system32\jwimkcrk.dll
2007-11-23 21:52:46 83520 --a

C:\WINDOWS\system32\frmtragr.dll
2007-11-23 20:59:19 0 d

c- C:\WINDOWS\system32\DRVSTORE
2007-11-23 20:57:44 0 d

C:\Program Files\Common Files\Apple
2007-11-23 20:57:41 0 d

C:\Documents and Settings\All Users\Application Data\Apple
2007-11-23 19:59:03 83520 --a

C:\WINDOWS\system32\aoilchae.dll
2007-11-23 12:52:23 83520 --a

C:\WINDOWS\system32\ikdukqvp.dll
2007-11-23 12:44:34 83520 --a

C:\WINDOWS\system32\mwjfpatw.dll
2007-11-22 19:50:53 79936 --a

C:\WINDOWS\system32\bwriivyr.dll
2007-11-22 19:40:26 79936 --a

C:\WINDOWS\system32\wqujjoiv.dll
2007-11-22 19:37:21 6700 --a

C:\WINDOWS\system32\lppyexmg.dll
2007-11-21 18:48:55 80960 --a

C:\WINDOWS\system32\ijlirhdm.dll
2007-11-20 10:52:35 84544 --a

C:\WINDOWS\system32\qgnwthdy.dll
2007-11-15 16:16:36 79936 --a

C:\WINDOWS\system32\pbncepxq.dll
2007-11-15 12:47:20 79936 --a

C:\WINDOWS\system32\kjrgeory.dll
2007-11-15 11:27:01 79936 --a

C:\WINDOWS\system32\gwcdxfhe.dll
2007-11-15 01:02:31 0 d

C:\66fd757c31aa84e349996286bcd363
2007-11-14 15:57:17 79424 --a

C:\WINDOWS\system32\xixnkmow.dll
2007-11-12 22:07:26 9240 --a

C:\WINDOWS\system32\ngvddwuq.dll
2007-11-12 21:11:12 66390 --a

C:\WINDOWS\system32\emrtkirn.dll
2007-11-12 21:06:24 79936 --a

C:\WINDOWS\system32\torodlbk.dll
2007-11-11 22:51:07 79936 --a

C:\WINDOWS\system32\qcqvkfgw.dll
2007-11-11 22:50:58 65805 --a

C:\WINDOWS\system32\xahcsdag.dll
2007-11-11 22:08:12 79936 --a

C:\WINDOWS\system32\qgtmktnf.dll
2007-11-11 22:05:26 66390 --a

C:\WINDOWS\system32\gcdavkuh.dll
2007-11-11 17:29:40 7970 --a

C:\WINDOWS\system32\fyxqysit.dll
2007-11-11 11:06:49 66390 --a

C:\WINDOWS\system32\ydwtyuuy.dll
2007-11-07 18:45:22 66390 --a

C:\WINDOWS\system32\sowmfsrh.dll
2007-11-06 20:20:54 67075 --a

C:\WINDOWS\system32\cyqnbumn.dll
2007-11-06 19:36:39 0 d--h

C:\Settings
2007-11-06 17:48:41 66390 --a

C:\WINDOWS\system32\ywppjipd.dll
2007-11-06 15:42:24 66390 --a

C:\WINDOWS\system32\pbkfpqwj.dll
2007-11-05 11:29:03 66390 --a

C:\WINDOWS\system32\bltxyond.dll
2007-11-04 19:14:57 66390 --a

C:\WINDOWS\system32\nmemycyv.dll
2007-11-04 19:12:07 78912 --a

C:\WINDOWS\system32\wqukgtum.dll
2007-11-04 17:48:21 78912 --a

C:\WINDOWS\system32\jnjtjawa.dll
2007-11-04 17:45:21 66390 --a

C:\WINDOWS\system32\wkqwrmvn.dll
2007-11-04 16:46:03 66390 --a

C:\WINDOWS\system32\dunnoxyi.dll
2007-11-04 16:43:02 78912 --a

C:\WINDOWS\system32\rakyrmoa.dll
2007-11-04 14:43:06 66390 --a

C:\WINDOWS\system32\esicdrgk.dll
2007-11-04 14:40:25 78912 --a

C:\WINDOWS\system32\vlukoijh.dll
2007-11-04 14:29:30 66390 --a

C:\WINDOWS\system32\vhcrdnii.dll
2007-11-04 14:26:35 78912 --a

C:\WINDOWS\system32\xxlfaffx.dll
2007-11-04 14:12:54 66390 --a

C:\WINDOWS\system32\sixqkaix.dll
2007-11-03 15:41:41 66390 --a

C:\WINDOWS\system32\qsktcvnv.dll
2007-11-02 19:35:00 65120 --a

C:\WINDOWS\system32\wpaesgch.dll
2007-11-02 19:34:48 82496 --a

C:\WINDOWS\system32\wgwhuesv.dll
2007-11-02 14:44:18 66390 --a

C:\WINDOWS\system32\uvgrxlaa.dll
2007-11-02 14:41:18 82496 --a

C:\WINDOWS\system32\oemwfiam.dll
2007-11-01 14:36:35 66390 --a

C:\WINDOWS\system32\uiwnkhku.dll
2007-11-01 14:33:35 79936 --a

C:\WINDOWS\system32\qldxsqpn.dll
2007-10-31 19:03:20 79936 --a

C:\WINDOWS\system32\onorxbek.dll
2007-10-31 15:45:47 79936 --a

C:\WINDOWS\system32\txwirmiy.dll
2007-10-31 11:28:30 79936 --a

C:\WINDOWS\system32\clabtkox.dll
2007-10-30 11:26:02 79936 --a

C:\WINDOWS\system32\wjrwdytl.dll

-- Find3M Report

2007-11-30 21:19:57 0 d

C:\Program Files\Common Files\Symantec Shared
2007-11-30 17:51:20 0 d

C:\Program Files\Common Files
2007-11-29 22:04:17 102860 ---hs---- C:\WINDOWS\system32\nqtwa.bak2
2007-11-27 22:38:56 0 d

C:\Program Files\Poker Tracker V2
2007-11-26 10:05:33 95258 ---hs---- C:\WINDOWS\system32\nqtwa.bak1
2007-11-23 21:12:13 0 d

C:\Program Files\QuickTime
2007-11-23 21:00:03 0 d

C:\Program Files\Apple Software Update
2007-11-22 19:51:54 0 d

C:\Program Files\Norton Internet Security
2007-10-30 19:37:57 0 d

C:\Program Files\Java
2007-10-29 21:48:09 0 d

C:\Program Files\PokerAce Hud
2007-10-29 15:16:45 79936 --a

C:\WINDOWS\system32\uiiasfyo.dll
2007-10-29 14:51:07 79936 --a

C:\WINDOWS\system32\eycxmcch.dll
2007-10-28 14:45:10 79936 --a

C:\WINDOWS\system32\vtmvberr.dll
2007-10-28 13:44:41 79936 --a

C:\WINDOWS\system32\eornqyav.dll
2007-10-27 13:10:45 79936 --a

C:\WINDOWS\system32\ugtekiso.dll
2007-10-26 11:27:40 0 d--h

C:\Program Files\InstallShield Installation Information
2007-10-26 10:45:46 0 d

C:\Program Files\Picasa2
2007-10-26 09:59:04 79936 --a

C:\WINDOWS\system32\agxkkqoh.dll
2007-10-25 21:19:42 79936 --a

C:\WINDOWS\system32\cuoehtth.dll
2007-10-25 19:33:02 79936 --a

C:\WINDOWS\system32\levksqfu.dll
2007-10-25 16:33:52 79936 --a

C:\WINDOWS\system32\lurnhhlo.dll
2007-10-25 09:18:47 79936 --a

C:\WINDOWS\system32\leakvnnr.dll
2007-10-24 19:43:46 79936 --a

C:\WINDOWS\system32\wmgeaqhc.dll
2007-10-24 18:49:21 79936 --a

C:\WINDOWS\system32\oidsiwld.dll
2007-10-24 11:02:56 79936 --a

C:\WINDOWS\system32\dvdcvjpb.dll
2007-10-23 17:21:20 79936 --a

C:\WINDOWS\system32\vuarfpah.dll
2007-10-23 14:03:38 79936 --a

C:\WINDOWS\system32\jakeomoj.dll
2007-10-22 22:23:14 79936 --a

C:\WINDOWS\system32\hyqlvxjx.dll
2007-10-22 20:20:46 79936 --a

C:\WINDOWS\system32\ikphfykt.dll
2007-10-22 18:44:10 79936 --a

C:\WINDOWS\system32\atarmjpu.dll
2007-10-22 11:56:25 79936 --a

C:\WINDOWS\system32\xnlgajhl.dll
2007-10-21 18:09:05 79936 --a

C:\WINDOWS\system32\ohiludka.dll
2007-10-21 10:44:20 79936 --a

C:\WINDOWS\system32\syljaotf.dll
2007-10-20 20:48:11 79936 --a

C:\WINDOWS\system32\cijderoi.dll
2007-10-20 17:59:32 79936 --a

C:\WINDOWS\system32\ykqturik.dll
2007-10-20 16:42:57 79936 --a

C:\WINDOWS\system32\fksspmos.dll
2007-10-20 03:50:53 79936 --a

C:\WINDOWS\system32\afiaadjv.dll
2007-10-19 19:34:04 79936 --a

C:\WINDOWS\system32\rbcmgmuh.dll
2007-10-19 15:41:27 79936 --a

C:\WINDOWS\system32\kjgfjpqu.dll
2007-10-19 11:56:07 79936 --a

C:\WINDOWS\system32\gxiccgdo.dll
2007-10-19 10:43:06 79936 --a

C:\WINDOWS\system32\kpkqxlwk.dll
2007-10-18 21:27:12 79936 --a

C:\WINDOWS\system32\tqgcxaos.dll
2007-10-18 20:18:18 79936 --a

C:\WINDOWS\system32\yfunpuqv.dll
2007-10-18 17:52:08 79936 --a

C:\WINDOWS\system32\imccsdqn.dll
2007-10-17 20:42:57 79936 --a

C:\WINDOWS\system32\pdyrbuly.dll
2007-10-17 17:57:22 79936 --a

C:\WINDOWS\system32\cdqhtmmm.dll
2007-10-17 16:07:16 79936 --a

C:\WINDOWS\system32\tcglgrvs.dll
2007-10-16 20:53:54 79936 --a

C:\WINDOWS\system32\bwduauyn.dll
2007-10-14 18:30:12 79936 --a

C:\WINDOWS\system32\rfbkbmei.dll
2007-10-14 15:54:14 79936 --a

C:\WINDOWS\system32\tmiivlho.dll
2007-10-14 11:08:14 79936 --a

C:\WINDOWS\system32\sehcyhtw.dll
2007-10-13 17:38:05 79936 --a

C:\WINDOWS\system32\ptvpymxg.dll
2007-10-13 16:45:55 0 d

C:\Program Files\Symantec
2007-10-13 09:55:40 79936 --a

C:\WINDOWS\system32\chjprbct.dll
2007-10-13 00:15:26 79936 --a

C:\WINDOWS\system32\vsasjdoj.dll
2007-10-12 23:38:06 79936 --a

C:\WINDOWS\system32\pegwrgdj.dll
2007-10-12 20:14:04 79936 --a

C:\WINDOWS\system32\fmedrtea.dll
2007-10-11 21:01:44 79936 --a

C:\WINDOWS\system32\rpwlsvny.dll
2007-10-11 20:41:24 79936 --a

C:\WINDOWS\system32\ohpbgiea.dll
2007-10-11 11:37:19 79936 --a

C:\WINDOWS\system32\mteevhif.dll
2007-10-10 11:32:36 79936 --a

C:\WINDOWS\system32\gyjnpbow.dll
2007-10-09 21:43:50 79936 --a

C:\WINDOWS\system32\kxnhywwi.dll
2007-10-09 20:10:01 79936 --a

C:\WINDOWS\system32\wxssqkvj.dll
2007-10-09 18:33:22 79936 --a

C:\WINDOWS\system32\rmbpxodo.dll
2007-10-08 18:16:01 0 d

C:\Program Files\Screensavers.com
2007-10-08 18:09:11 0 d

C:\Program Files\The Learning Company
2007-10-08 18:06:51 0 d

C:\Program Files\Sony Corporation
2007-10-08 17:44:56 0 d

C:\Program Files\Google
2007-10-08 17:38:45 0 d

C:\Program Files\CoralPoker
2007-10-08 11:08:11 79936 --a

C:\WINDOWS\system32\dhayjfbx.dll
2007-10-07 19:38:52 79936 --a

C:\WINDOWS\system32\gmvpekog.dll
2007-10-07 13:48:56 79936 --a

C:\WINDOWS\system32\mclvaixn.dll
2007-10-07 12:57:22 79936 --a

C:\WINDOWS\system32\jjwwjqhx.dll
2007-10-06 22:42:02 79936 --a

C:\WINDOWS\system32\brwpachk.dll
2007-10-06 22:32:51 79936 --a

C:\WINDOWS\system32\todleadk.dll
2007-10-06 00:17:38 79936 --a

C:\WINDOWS\system32\eppdgcdc.dll
2007-10-04 21:53:38 79936 --a

C:\WINDOWS\system32\hwpogahl.dll
2007-10-04 17:54:34 79936 --a

C:\WINDOWS\system32\qwaflosn.dll
2007-10-04 09:52:09 79936 --a

C:\WINDOWS\system32\qjvqdrql.dll
2007-10-03 19:38:57 79936 --a

C:\WINDOWS\system32\qnhandvh.dll
2007-10-03 16:25:58 79936 --a

C:\WINDOWS\system32\giskxpeo.dll
2007-10-03 16:24:03 11271 ---hs---- C:\WINDOWS\system32\kjkmp.bak2
2007-10-03 12:07:32 79936 --a

C:\WINDOWS\system32\tqvfhman.dll
2007-10-02 17:31:36 0 d

C:\Documents and Settings\Ray\Application Data\Skype
2007-10-02 14:59:44 79936 --a

C:\WINDOWS\system32\abrwsdfm.dll
2007-10-01 10:37:58 79936 --a

C:\WINDOWS\system32\gidblrws.dll
2007-10-01 10:36:18 24205 ---hs---- C:\WINDOWS\system32\knnmp.bak1
2007-09-28 10:02:30 6480 ---hs---- C:\WINDOWS\system32\kjkmp.bak1
2007-09-27 23:54:53 6480 ---hs---- C:\WINDOWS\system32\klnmp.bak1
2007-09-27 08:54:38 7279 ---hs---- C:\WINDOWS\system32\bdeeg.ini2
2007-09-26 16:29:07 6480 ---hs---- C:\WINDOWS\system32\bdeeg.bak1
2007-09-26 11:31:18 6480 ---hs---- C:\WINDOWS\system32\gjllm.bak1
2007-09-25 17:42:33 7091 --ahs---- C:\WINDOWS\system32\tvvwa.ini2
2007-09-25 17:42:33 6814 --ahs---- C:\WINDOWS\system32\rtstv.ini2
2007-09-25 17:42:33 6808 ---hs---- C:\WINDOWS\system32\gjkkj.ini2
2007-09-24 17:16:15 6480 ---hs---- C:\WINDOWS\system32\ijkmp.bak1
2007-09-24 11:59:14 6440 ---hs---- C:\WINDOWS\system32\dgjlm.bak1
2007-09-22 23:47:32 6720 ---hs---- C:\WINDOWS\system32\tttss.bak1
2007-09-22 17:47:40 6480 ---hs---- C:\WINDOWS\system32\srqss.bak1
2007-09-22 12:44:04 6953 ---hs---- C:\WINDOWS\system32\tvvwa.bak1
2007-09-21 22:47:59 6942 ---hs---- C:\WINDOWS\system32\rtstv.bak1
2007-09-21 18:30:46 6480 ---hs---- C:\WINDOWS\system32\gjkkj.bak1
2007-09-20 20:17:15 6480 ---hs---- C:\WINDOWS\system32\ghkmp.bak1
2007-09-20 17:19:26 6480 ---hs---- C:\WINDOWS\system32\jjkmp.bak1
2007-09-19 18:49:05 6664 ---hs---- C:\WINDOWS\system32\xybeg.bak2

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26FD4FFD-9CCF-48AA-A2FF-0B45DC8E94AC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323301C5-CB6B-490C-B59F-E7FAD4D69C93}]
11/25/2007 09:36 PM 224256 --a

C:\WINDOWS\system32\PowerVideo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F0D3F2A-CAB8-49B9-92AD-6507B3FEE1F5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a30e970d-8049-4030-87f0-995731688906}]
C:\DOCUME~1\Ray\LOCALS~1\Temp\lgbxnmda.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 04:33 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/19/2005 11:09 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/19/2005 11:06 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/19/2005 11:10 PM]
"@=" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/04/2005 11:26 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [09/15/2004 01:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/2007 04:03 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [10/13/2007 04:45 PM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [01/24/2005 06:58 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/22/2006 08:20 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 06:05 PM]
"USB Storage Toolbox"="C:\Documents and Settings\Rebecca\My Documents\Res.EXE" [09/14/2005 07:44 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 04:24 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/04/2007 07:13 PM]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [10/27/2005 10:00 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [09/28/2007 01:17 AM]
"HuaWeiEVDO.exe"="C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband.exe" [05/31/2007 07:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/01/2005 3:04:53 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvutro]
tuvutro.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00B0EEF.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmk.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{441498b2-5b9b-11dc-8364-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6007b602-5ee9-11dc-836e-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6007b603-5ee9-11dc-836e-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fbb0966-5be2-11dc-8368-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fbb0967-5be2-11dc-8368-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b136fc0e-5b9c-11dc-8365-001422e39d73}]
AutoRun\command- E:\AutoRun.exe

*Newly Created Service* - AVZ
*Newly Created Service* - WINDEFEND

-- End of Deckard's System Scanner: finished at 2007-11-30 21:24:41

ActorSeeksJob · 30-11-2007 10:42pm

Hello

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Under Additional Scans on the bottom right, check the boxes for Reg - Disabled MS Config Items and Reg - BotCheck.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

The Ace Face · 30-11-2007 11:09pm

WinPFind3 logfile created on: 11/30/2007 10:04:34 PM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Ray\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

503.37 Mb Total Physical Memory | 161.87 Mb Available Physical Memory | 32.16% Memory free
1.20 Gb Paging File | 0.56 Gb Available in Paging File | 46.78% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.80 Gb Total Space | 34.24 Gb Free Space | 64.84% Space Free
Drive

| 0.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
Drive E: | 8.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: DBK6HX1J
Current User Name: Ray
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> Intel [Ver = 9, 0, 1, 33 | Size = 245760 bytes | Modified Date = 09/07/2004 4:03:40 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 05/15/2006 5:24:34 PM | Attr = ]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.19 | Size = 45056 bytes | Modified Date = 08/19/2004 2:40:08 PM | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 09/13/2004 4:33:20 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
avz.exe -> %UserDesktop%\avz4en\avz4en\avz.exe -> Kaspersky Lab, 2007 [Ver = 4.25.0.1 | Size = 712704 bytes | Modified Date = 11/30/2007 8:06:58 PM | Attr = ]
camtray.exe -> %ProgramFiles%\Creative\Shared Files\CamTray.exe -> Creative Technology Ltd [Ver = 3.60.07 | Size = 299008 bytes | Modified Date = 10/27/2005 10:00:22 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 49768 bytes | Modified Date = 01/08/2007 4:03:20 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 185960 bytes | Modified Date = 01/08/2007 4:03:20 PM | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 103.5.9.2 | Size = 239264 bytes | Modified Date = 06/13/2006 2:02:50 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 177768 bytes | Modified Date = 01/08/2007 4:03:20 PM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 3:06:00 AM | Attr = ]
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 09/15/2004 1:01:00 AM | Attr = ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 03/15/2007 10:09:36 AM | Attr = ]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 02/23/2005 4:19:56 PM | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 09/07/2004 4:02:40 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 07/04/2007 7:13:32 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 77824 bytes | Modified Date = 07/19/2005 11:06:12 PM | Attr = ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 10/30/2004 2:59:54 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 114688 bytes | Modified Date = 07/19/2005 11:10:06 PM | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 159744 bytes | Modified Date = 07/19/2005 11:06:04 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 03/14/2007 6:05:42 PM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 07/27/2004 4:50:18 PM | Attr = ]
issvc.exe -> %ProgramFiles%\Norton Internet Security\ISSVC.exe -> Symantec Corporation [Ver = 8.2.0.34 | Size = 83584 bytes | Modified Date = 03/15/2005 3:55:58 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 03/14/2007 6:05:48 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 09/25/2007 1:11:36 AM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe -> Symantec Corporation [Ver = 11.5.8.1 | Size = 128160 bytes | Modified Date = 04/05/2007 1:32:24 PM | Attr = ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 03/03/2005 11:29:02 PM | Attr = ]
nmain.exe -> %CommonProgramFiles%\Symantec Shared\NMain.exe -> Symantec Corporation [Ver = 103.5.0.90 | Size = 702064 bytes | Modified Date = 03/15/2005 3:56:00 PM | Attr = ]
nsmdtr.exe -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NSMdtr.exe -> Symantec Corporation [Ver = 8.2.0.34 | Size = 120448 bytes | Modified Date = 03/15/2005 3:55:58 PM | Attr = ]
o2 broadband.exe -> %ProgramFiles%\O2\O2 Broadband USB Modem\O2 Broadband.exe -> Huawei Technologies Co., Ltd. [Ver = HOSTA63.11.06.01.02.116 | Size = 921600 bytes | Modified Date = 05/31/2007 7:43:38 PM | Attr = ]
picasamediadetector.exe -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.37.32 | Size = 443968 bytes | Modified Date = 09/28/2007 1:17:38 AM | Attr = ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> [Ver = 1, 0, 0, 1 | Size = 606208 bytes | Modified Date = 03/04/2005 11:26:08 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 08/22/2006 8:20:14 PM | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 09/07/2004 4:02:04 PM | Attr = ]
res.exe -> %SystemDrive%\Documents and Settings\Rebecca\My Documents\Res.exe -> ali [Ver = 1, 0, 0, 1 | Size = 65536 bytes | Modified Date = 09/14/2005 7:44:14 PM | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 09/07/2004 4:05:10 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 03/28/2007 5:41:56 PM | Attr = ]
ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.0.00.13241 | Size = 81920 bytes | Modified Date = 01/24/2005 6:58:02 PM | Attr = ]
ssscsisv.exe -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.0.00.13241 | Size = 69632 bytes | Modified Date = 01/24/2005 5:36:52 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.8.54.841 | Size = 826512 bytes | Modified Date = 11/01/2005 3:13:38 PM | Attr = ]
symscui.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\SymSCUI.exe -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 382080 bytes | Modified Date = 08/05/2004 5:23:08 PM | Attr = ]
symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\symwsc.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/02/2004 4:59:50 PM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/06/2004 1:05:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 09/07/2004 4:12:32 PM | Attr = ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 45 | Size = 389120 bytes | Modified Date = 09/07/2004 4:08:02 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 05/15/2006 5:24:34 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 185960 bytes | Modified Date = 01/08/2007 4:03:20 PM | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 103.5.9.2 | Size = 239264 bytes | Modified Date = 06/13/2006 2:02:50 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 83560 bytes | Modified Date = 01/08/2007 4:03:20 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 177768 bytes | Modified Date = 01/08/2007 4:03:20 PM | Attr = ]
(DLCCCustomerConnect) DLCCCustomerConnect [Win32_Own | Auto | Stopped] -> -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 08/04/2004 5:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 03/07/2007 2:47:46 PM | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 09/07/2004 4:02:40 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 02/15/2007 10:17:22 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 03/14/2007 6:05:42 PM | Attr = ]
(ISSVC) ISSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\ISSVC.exe -> Symantec Corporation [Ver = 8.2.0.34 | Size = 83584 bytes | Modified Date = 03/15/2005 3:55:58 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.166 | Size = 2086592 bytes | Modified Date = 05/15/2006 5:24:34 PM | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 01/26/2005 2:30:04 PM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe -> Symantec Corporation [Ver = 11.5.8.1 | Size = 128160 bytes | Modified Date = 04/05/2007 1:32:24 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 03/03/2005 11:29:02 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 01/26/2005 2:25:34 PM | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 09/07/2004 4:02:04 PM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 09/07/2004 4:05:10 PM | Attr = ]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 08/26/2005 1:22:48 PM | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.5.7.2 | Size = 67184 bytes | Modified Date = 10/07/2005 1:56:46 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 03/28/2007 5:41:56 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,5,0,122 | Size = 992864 bytes | Modified Date = 03/15/2005 3:56:08 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 69718 bytes | Modified Date = 01/26/2005 2:20:14 PM | Attr = ]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.0.00.13241 | Size = 69632 bytes | Modified Date = 01/24/2005 5:36:52 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.8.54.841 | Size = 826512 bytes | Modified Date = 11/01/2005 3:13:38 PM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Security Center\symwsc.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/02/2004 4:59:50 PM | Attr = ]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 09/07/2004 4:12:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 09/13/2004 4:33:20 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 49768 bytes | Modified Date = 01/08/2007 4:03:20 PM | Attr = ]
Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> [Ver = 1, 0, 0, 1 | Size = 606208 bytes | Modified Date = 03/04/2005 11:26:08 AM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/06/2004 1:05:00 AM | Attr = ]
DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 09/15/2004 1:01:00 AM | Attr = ]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 02/23/2005 4:19:56 PM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 77824 bytes | Modified Date = 07/19/2005 11:06:12 PM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 114688 bytes | Modified Date = 07/19/2005 11:10:06 PM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 94208 bytes | Modified Date = 07/19/2005 11:09:26 PM | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 10/30/2004 2:59:54 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 07/27/2004 4:50:42 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 07/27/2004 4:50:18 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 03/14/2007 6:05:48 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/14/2007 11:43:10 PM | Attr = ]
SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.0.00.13241 | Size = 81920 bytes | Modified Date = 01/24/2005 6:58:02 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 09/25/2007 1:11:36 AM | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 100056 bytes | Modified Date = 10/13/2007 4:45:24 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 08/22/2006 8:20:14 PM | Attr = ]
USB Storage Toolbox -> %SystemDrive%\Documents and Settings\Rebecca\My Documents\Res.exe -> ali [Ver = 1, 0, 0, 1 | Size = 65536 bytes | Modified Date = 09/14/2005 7:44:14 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Creative WebCam Tray -> %ProgramFiles%\Creative\Shared Files\CamTray.exe -> Creative Technology Ltd [Ver = 3.60.07 | Size = 299008 bytes | Modified Date = 10/27/2005 10:00:22 AM | Attr = ]
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 03/15/2007 10:09:36 AM | Attr = ]
HuaWeiEVDO.exe -> %ProgramFiles%\O2\O2 Broadband USB Modem\O2 Broadband.exe -> Huawei Technologies Co., Ltd. [Ver = HOSTA63.11.06.01.02.116 | Size = 921600 bytes | Modified Date = 05/31/2007 7:43:38 PM | Attr = ]
Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.37.32 | Size = 443968 bytes | Modified Date = 09/28/2007 1:17:38 AM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 07/04/2007 7:13:32 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 3:06:00 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\WINDOWS\system32\__c00B0EEF.dat -> %System32%\__c00B0EEF.dat -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4363 | Size = 135168 bytes | Modified Date = 07/19/2005 11:05:16 PM | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 1, 0 | Size = 110592 bytes | Modified Date = 09/07/2004 4:08:06 PM | Attr = ]
tuvutro -> tuvutro.dll -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> -1 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.eircom.net ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.euro.dell.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Search_URL -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.eircom.net/ ->
HKCU: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\ [HKLM] -> Reg Data - Key not found [ScriptInocUI Class] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{26FD4FFD-9CCF-48AA-A2FF-0B45DC8E94AC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{323301C5-CB6B-490C-B59F-E7FAD4D69C93} [HKLM] -> %System32%\PowerVideo.dll [Video On-line] -> 3gp.org [Ver = 1.2.0.0 | Size = 224256 bytes | Modified Date = 11/25/2007 9:36:38 PM | Attr = ]
{3F0D3F2A-CAB8-49B9-92AD-6507B3FEE1F5} [HKLM] -> Reg Data - Key not found [Reg Data - Value does not exist] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/06/2004 1:05:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 09/25/2007 1:11:34 AM | Attr = ]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 8.2.0.34 | Size = 104064 bytes | Modified Date = 03/15/2005 3:55:58 PM | Attr = ]
{a30e970d-8049-4030-87f0-995731688906} [HKLM] -> %SystemDrive%\DOCUME~1\Ray\LOCALS~1\Temp\lgbxnmda.dll [Reg Data - Value does not exist] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 01/19/2007 11:55:32 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 07/04/2007 7:13:30 PM | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 11.5.7.2 | Size = 218736 bytes | Modified Date = 10/07/2005 1:43:20 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{2D51D869-C36B-42BD-AE68-0A81BC771FA5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security] -> Symantec Corporation [Ver = 8.2.0.34 | Size = 104064 bytes | Modified Date = 03/15/2005 3:55:58 PM | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 01/19/2007 11:55:32 PM | Attr = R ]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.5.7.2 | Size = 218736 bytes | Modified Date = 10/07/2005 1:43:20 PM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 08/17/2005 3:53:18 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 01/19/2007 11:55:32 PM | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.5.7.2 | Size = 218736 bytes | Modified Date = 10/07/2005 1:43:20 PM | Attr = ]
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security] -> Symantec Corporation [Ver = 8.2.0.34 | Size = 104064 bytes | Modified Date = 03/15/2005 3:55:58 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 01/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 08/17/2005 3:53:18 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 09/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 09/25/2007 1:11:34 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [ButtonText: PartyPoker.com] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{4ED8AA26-9C32-4FCE-82C6-0E2FF542433C} -> (Broadcom 440x 10/100 Integrated Controller) ->
{72229362-0299-4A9A-839B-6FD75D10A703} -> (1394 Net Adapter) ->
{A7DC1D4D-B6A6-4B26-A0BE-391AE0E0C4B5} -> () ->
{FF4C2194-2AA5-498C-96BF-3501217C9142} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0;C:\WINDOWS\system32\mllmk.dll; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1076 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> HEXêÐ€ºêÜ6Ï;7Kff49a253
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> MyùªïÑ¾F ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> ´‰n«ù ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> x´™D˜áC
Òé—¡{¸ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> ÂˆMbŽáÅ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 36389 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Ray\Desktop\LimeWire\LimeWire.exe -> C:\Documents and Settings\Ray\Desktop\LimeWire\LimeWire.exe:*:Disabled:LimeWire ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rk.exe -> C:\WINDOWS\system32\rk.exe:*:Disabled:rk.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial ->

[Files/Folders - Created Within 30 days]
66fd757c31aa84e349996286bcd363 -> %SystemDrive%\66fd757c31aa84e349996286bcd363 -> [Folder | Created Date = 11/15/2007 1:02:31 AM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 11/30/2007 9:18:14 PM | Attr = ]
Settings -> %SystemDrive%\Settings -> [Folder | Created Date = 11/06/2007 7:36:39 PM | Attr = H ]
Settings.ini -> %SystemDrive%\Settings.ini -> [Ver = | Size = 516 bytes | Created Date = 11/06/2007 7:36:39 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 11/30/2007 9:48:50 PM | Attr = ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 11/26/2007 8:39:25 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 11/27/2007 11:45:31 PM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 11/27/2007 11:44:29 PM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 11/27/2007 11:45:09 PM | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 11/15/2007 11:27:52 AM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 11/26/2007 8:38:28 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 11/26/2007 8:34:02 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 11/26/2007 8:36:36 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 11/26/2007 8:33:02 PM | Attr = H ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 11/30/2007 9:18:47 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 11/30/2007 9:12:13 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 11/30/2007 10:46:36 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 11/30/2007 10:46:36 AM | Attr = H ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 11/23/2007 9:00:30 PM | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Created Date = 11/30/2007 9:20:49 PM | Attr = H ]
RegistryClear Scheduled Scan.job -> %SystemRoot%\tasks\RegistryClear Scheduled Scan.job -> [Ver = | Size = 422 bytes | Created Date = 11/29/2007 10:42:14 PM | Attr = ]
aarvouxx.ini -> %System32%\aarvouxx.ini -> [Ver = | Size = 671805 bytes | Created Date = 11/15/2007 12:44:28 PM | Attr = HS]
absxntru.dll -> %System32%\absxntru.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/25/2007 8:06:23 PM | Attr = ]
aodedkxl.dll -> %System32%\aodedkxl.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/24/2007 9:24:49 PM | Attr = ]
aoilchae.dll -> %System32%\aoilchae.dll -> [Ver = | Size = 83520 bytes | Created Date = 11/23/2007 7:59:03 PM | Attr = ]
avgiyttv.ini -> %System32%\avgiyttv.ini -> [Ver = | Size = 4134 bytes | Created Date = 11/23/2007 8:02:50 PM | Attr = HS]
avsinwar.ini -> %System32%\avsinwar.ini -> [Ver = | Size = 452 bytes | Created Date = 11/25/2007 5:19:01 PM | Attr = HS]
bnuiulpd.dll -> %System32%\bnuiulpd.dll -> [Ver = | Size = 6700 bytes | Created Date = 11/24/2007 12:16:42 PM | Attr = ]
bseqlhpy.ini -> %System32%\bseqlhpy.ini -> [Ver = | Size = 4914 bytes | Created Date = 11/24/2007 7:38:06 PM | Attr = HS]
bwriivyr.dll -> %System32%\bwriivyr.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/22/2007 7:50:53 PM | Attr = ]
cdssbjbl.dll -> %System32%\cdssbjbl.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/25/2007 5:21:42 PM | Attr = ]
cdyvludq.ini -> %System32%\cdyvludq.ini -> [Ver = | Size = 669122 bytes | Created Date = 11/13/2007 9:00:11 PM | Attr = HS]
cejduowc.ini -> %System32%\cejduowc.ini -> [Ver = | Size = 5214 bytes | Created Date = 11/25/2007 2:29:37 PM | Attr = HS]
cjncgggy.ini -> %System32%\cjncgggy.ini -> [Ver = | Size = 673800 bytes | Created Date = 11/19/2007 9:07:23 PM | Attr = HS]
dcbeg.tmp -> %System32%\dcbeg.tmp -> [Ver = | Size = 107720 bytes | Created Date = 11/21/2007 6:00:33 PM | Attr = HS]
dckgmkwp.dll -> %System32%\dckgmkwp.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/24/2007 7:41:06 PM | Attr = ]
dcmayfiu.dll -> %System32%\dcmayfiu.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/24/2007 12:22:41 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 11/23/2007 8:59:19 PM | Attr = ]
ebxpjkkt.ini -> %System32%\ebxpjkkt.ini -> [Ver = | Size = 670110 bytes | Created Date = 11/15/2007 4:14:09 PM | Attr = HS]
fjnnyyct.ini -> %System32%\fjnnyyct.ini -> [Ver = | Size = 673214 bytes | Created Date = 11/18/2007 2:48:33 PM | Attr = HS]
fnciydis.ini -> %System32%\fnciydis.ini -> [Ver = | Size = 1232 bytes | Created Date = 11/26/2007 7:57:58 PM | Attr = HS]
frmtragr.dll -> %System32%\frmtragr.dll -> [Ver = | Size = 83520 bytes | Created Date = 11/23/2007 9:52:46 PM | Attr = ]
fsbephlb.ini -> %System32%\fsbephlb.ini -> [Ver = | Size = 5154 bytes | Created Date = 11/24/2007 10:24:51 PM | Attr = HS]
fyxqysit.dll -> %System32%\fyxqysit.dll -> [Ver = | Size = 7970 bytes | Created Date = 11/11/2007 5:29:40 PM | Attr = ]
gitudphw.dll -> %System32%\gitudphw.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/25/2007 6:41:13 PM | Attr = ]
gjutrxbw.ini -> %System32%\gjutrxbw.ini -> [Ver = | Size = 3774 bytes | Created Date = 11/22/2007 7:47:57 PM | Attr = HS]
gmsuuvwh.ini -> %System32%\gmsuuvwh.ini -> [Ver = | Size = 932 bytes | Created Date = 11/25/2007 11:09:58 PM | Attr = HS]
gwcdxfhe.dll -> %System32%\gwcdxfhe.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/15/2007 11:27:01 AM | Attr = ]
hatlmrgi.ini -> %System32%\hatlmrgi.ini -> [Ver = | Size = 812 bytes | Created Date = 11/25/2007 8:09:27 PM | Attr = HS]
ijlirhdm.dll -> %System32%\ijlirhdm.dll -> [Ver = | Size = 80960 bytes | Created Date = 11/21/2007 6:48:55 PM | Attr = ]
ikdukqvp.dll -> %System32%\ikdukqvp.dll -> [Ver = | Size = 83520 bytes | Created Date = 11/23/2007 12:52:23 PM | Attr = ]
ioijbpyp.ini -> %System32%\ioijbpyp.ini -> [Ver = | Size = 672674 bytes | Created Date = 11/18/2007 1:18:59 PM | Attr = HS]
itnwrpcw.ini -> %System32%\itnwrpcw.ini -> [Ver = | Size = 4014 bytes | Created Date = 11/23/2007 12:55:30 PM | Attr = HS]
jnjtjawa.dll -> %System32%\jnjtjawa.dll -> [Ver = | Size = 78912 bytes | Created Date = 11/04/2007 5:48:21 PM | Attr = ]
jqbveboo.ini -> %System32%\jqbveboo.ini -> [Ver = | Size = 4494 bytes | Created Date = 11/24/2007 11:41:42 AM | Attr = HS]
jrinwumf.dll -> %System32%\jrinwumf.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/24/2007 11:38:38 AM | Attr = ]
jwimkcrk.dll -> %System32%\jwimkcrk.dll -> [Ver = | Size = 83520 bytes | Created Date = 11/23/2007 10:06:28 PM | Attr = ]
khfodqfw.ini -> %System32%\khfodqfw.ini -> [Ver = | Size = 692 bytes | Created Date = 11/25/2007 6:44:20 PM | Attr = HS]
kjrgeory.dll -> %System32%\kjrgeory.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/15/2007 12:47:20 PM | Attr = ]
kkpjetdm.ini -> %System32%\kkpjetdm.ini -> [Ver = | Size = 332 bytes | Created Date = 11/25/2007 3:29:36 PM | Attr = HS]
kqglbepv.dll -> %System32%\kqglbepv.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/25/2007 11:10:06 PM | Attr = ]
kshplyat.ini -> %System32%\kshplyat.ini -> [Ver = | Size = 4254 bytes | Created Date = 11/23/2007 9:49:55 PM | Attr = HS]
ksjegxbv.ini -> %System32%\ksjegxbv.ini -> [Ver = | Size = 4374 bytes | Created Date = 11/23/2007 10:03:27 PM | Attr = HS]
lkymcfvj.dll -> %System32%\lkymcfvj.dll -> [Ver = | Size = 81984 bytes | Created Date = 11/28/2007 9:07:08 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 11/26/2007 8:33:16 PM | Attr = ]
lppyexmg.dll -> %System32%\lppyexmg.dll -> [Ver = | Size = 6700 bytes | Created Date = 11/22/2007 7:37:21 PM | Attr = ]
lvuxsrsi.ini -> %System32%\lvuxsrsi.ini -> [Ver = | Size = 3894 bytes | Created Date = 11/23/2007 12:41:51 PM | Attr = HS]
lxnwhuxe.dll -> %System32%\lxnwhuxe.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/26/2007 1:55:21 AM | Attr = ]
mgtbenol.ini -> %System32%\mgtbenol.ini -> [Ver = | Size = 673610 bytes | Created Date = 11/18/2007 8:14:22 PM | Attr = HS]
mtbjlywy.ini -> %System32%\mtbjlywy.ini -> [Ver = | Size = 572 bytes | Created Date = 11/25/2007 6:10:39 PM | Attr = HS]
mwjfpatw.dll -> %System32%\mwjfpatw.dll -> [Ver = | Size = 83520 bytes | Created Date = 11/23/2007 12:44:34 PM | Attr = ]
ngvddwuq.dll -> %System32%\ngvddwuq.dll -> [Ver = | Size = 9240 bytes | Created Date = 11/12/2007 10:07:26 PM | Attr = ]
nhylvdjn.ini -> %System32%\nhylvdjn.ini -> [Ver = | Size = 670428 bytes | Created Date = 11/16/2007 4:12:32 PM | Attr = HS]
nqtss.tmp -> %System32%\nqtss.tmp -> [Ver = | Size = 95796 bytes | Created Date = 11/16/2007 8:00:37 PM | Attr = HS]
nqtwa.ini -> %System32%\nqtwa.ini -> [Ver = | Size = 58536 bytes | Created Date = 11/02/2007 7:31:42 PM | Attr = HS]
nqtwa.ini2 -> %System32%\nqtwa.ini2 -> [Ver = | Size = 94162 bytes | Created Date = 11/29/2007 10:04:12 PM | Attr = HS]
nryspjnk.ini -> %System32%\nryspjnk.ini -> [Ver = | Size = 828572 bytes | Created Date = 11/21/2007 6:52:06 PM | Attr = HS]
nxmfbwqx.dll -> %System32%\nxmfbwqx.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/25/2007 7:09:24 PM | Attr = ]
oemwfiam.dll -> %System32%\oemwfiam.dll -> [Ver = | Size = 82496 bytes | Created Date = 11/02/2007 2:41:18 PM | Attr = ]
opeybwqp.ini -> %System32%\opeybwqp.ini -> [Ver = | Size = 672854 bytes | Created Date = 11/18/2007 2:00:24 PM | Attr = HS]
oqstv.tmp -> %System32%\oqstv.tmp -> [Ver = | Size = 6472 bytes | Created Date = 11/14/2007 9:05:39 PM | Attr = HS]
owflipch.ini -> %System32%\owflipch.ini -> [Ver = | Size = 671960 bytes | Created Date = 11/14/2007 3:59:06 PM | Attr = HS]
pbncepxq.dll -> %System32%\pbncepxq.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/15/2007 4:16:36 PM | Attr = ]
pmvudbsh.ini -> %System32%\pmvudbsh.ini -> [Ver = | Size = 679413 bytes | Created Date = 11/17/2007 8:34:36 PM | Attr = HS]
PowerVideo.dll -> %System32%\PowerVideo.dll -> 3gp.org [Ver = 1.2.0.0 | Size = 224256 bytes | Created Date = 11/25/2007 9:36:37 PM | Attr = ]
qgnwthdy.dll -> %System32%\qgnwthdy.dll -> [Ver = | Size = 84544 bytes | Created Date = 11/20/2007 10:52:35 AM | Attr = ]
qjfyxkcc.ini -> %System32%\qjfyxkcc.ini -> [Ver = | Size = 672794 bytes | Created Date = 11/18/2007 1:29:48 PM | Attr = HS]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.3 | Size = 49152 bytes | Created Date = 11/14/2007 11:43:22 PM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.3 | Size = 65536 bytes | Created Date = 11/14/2007 11:43:22 PM | Attr = ]
rakyrmoa.dll -> %System32%\rakyrmoa.dll -> [Ver = | Size = 78912 bytes | Created Date = 11/04/2007 4:43:02 PM | Attr = ]
reguukpn.dll -> %System32%\reguukpn.dll -> [Ver = | Size = 81984 bytes | Created Date = 11/28/2007 7:31:48 PM | Attr = ]
rpkbtlny.ini -> %System32%\rpkbtlny.ini -> [Ver = | Size = 2072 bytes | Created Date = 11/26/2007 9:56:52 PM | Attr = HS]
tbweyvti.dll -> %System32%\tbweyvti.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/25/2007 3:32:46 PM | Attr = ]
tcrgkyvr.ini -> %System32%\tcrgkyvr.ini -> [Ver = | Size = 4974 bytes | Created Date = 11/24/2007 9:21:44 PM | Attr = HS]
ubacahno.dll -> %System32%\ubacahno.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/25/2007 6:13:47 PM | Attr = ]
uqcpcejl.ini -> %System32%\uqcpcejl.ini -> [Ver = | Size = 3654 bytes | Created Date = 11/2

ActorSeeksJob · 30-11-2007 11:48pm

Hello

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> C:\WINDOWS\system32\__c00B0EEF.dat -> %System32%\__c00B0EEF.dat
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> tuvutro -> tuvutro.dll
< Internet Explorer Settings > ->
YN -> HKCU: URLSearchHooks\\ [HKLM] -> Reg Data - Key not found [ScriptInocUI Class]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {26FD4FFD-9CCF-48AA-A2FF-0B45DC8E94AC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YY -> {323301C5-CB6B-490C-B59F-E7FAD4D69C93} [HKLM] -> %System32%\PowerVideo.dll [Video On-line]
YN -> {3F0D3F2A-CAB8-49B9-92AD-6507B3FEE1F5} [HKLM] -> Reg Data - Key not found [Reg Data - Value does not exist]
YN -> {a30e970d-8049-4030-87f0-995731688906} [HKLM] -> %SystemDrive%\DOCUME~1\Ray\LOCALS~1\Temp\lgbxnmda.dll [Reg Data - Value does not exist]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {2D51D869-C36B-42BD-AE68-0A81BC771FA5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0;C:\WINDOWS\system32\mllmk.dll;
[Files/Folders - Created Within 30 days]
NY -> aarvouxx.ini -> %System32%\aarvouxx.ini
NY -> absxntru.dll -> %System32%\absxntru.dll
NY -> aodedkxl.dll -> %System32%\aodedkxl.dll
NY -> aoilchae.dll -> %System32%\aoilchae.dll
NY -> avgiyttv.ini -> %System32%\avgiyttv.ini
NY -> avsinwar.ini -> %System32%\avsinwar.ini
NY -> bnuiulpd.dll -> %System32%\bnuiulpd.dll
NY -> bseqlhpy.ini -> %System32%\bseqlhpy.ini
NY -> bwriivyr.dll -> %System32%\bwriivyr.dll
NY -> cdssbjbl.dll -> %System32%\cdssbjbl.dll
NY -> cdyvludq.ini -> %System32%\cdyvludq.ini
NY -> cejduowc.ini -> %System32%\cejduowc.ini
NY -> cjncgggy.ini -> %System32%\cjncgggy.ini
NY -> dcbeg.tmp -> %System32%\dcbeg.tmp
NY -> dckgmkwp.dll -> %System32%\dckgmkwp.dll
NY -> dcmayfiu.dll -> %System32%\dcmayfiu.dll
NY -> ebxpjkkt.ini -> %System32%\ebxpjkkt.ini
NY -> fjnnyyct.ini -> %System32%\fjnnyyct.ini
NY -> fnciydis.ini -> %System32%\fnciydis.ini
NY -> frmtragr.dll -> %System32%\frmtragr.dll
NY -> fsbephlb.ini -> %System32%\fsbephlb.ini
NY -> fyxqysit.dll -> %System32%\fyxqysit.dll
NY -> gitudphw.dll -> %System32%\gitudphw.dll
NY -> gjutrxbw.ini -> %System32%\gjutrxbw.ini
NY -> gmsuuvwh.ini -> %System32%\gmsuuvwh.ini
NY -> gwcdxfhe.dll -> %System32%\gwcdxfhe.dll
NY -> hatlmrgi.ini -> %System32%\hatlmrgi.ini
NY -> ijlirhdm.dll -> %System32%\ijlirhdm.dll
NY -> ikdukqvp.dll -> %System32%\ikdukqvp.dll
NY -> ioijbpyp.ini -> %System32%\ioijbpyp.ini
NY -> itnwrpcw.ini -> %System32%\itnwrpcw.ini
NY -> jnjtjawa.dll -> %System32%\jnjtjawa.dll
NY -> jqbveboo.ini -> %System32%\jqbveboo.ini
NY -> jrinwumf.dll -> %System32%\jrinwumf.dll
NY -> jwimkcrk.dll -> %System32%\jwimkcrk.dll
NY -> khfodqfw.ini -> %System32%\khfodqfw.ini
NY -> kjrgeory.dll -> %System32%\kjrgeory.dll
NY -> kkpjetdm.ini -> %System32%\kkpjetdm.ini
NY -> kqglbepv.dll -> %System32%\kqglbepv.dll
NY -> kshplyat.ini -> %System32%\kshplyat.ini
NY -> ksjegxbv.ini -> %System32%\ksjegxbv.ini
NY -> lkymcfvj.dll -> %System32%\lkymcfvj.dll
NY -> lppyexmg.dll -> %System32%\lppyexmg.dll
NY -> lvuxsrsi.ini -> %System32%\lvuxsrsi.ini
NY -> lxnwhuxe.dll -> %System32%\lxnwhuxe.dll
NY -> mgtbenol.ini -> %System32%\mgtbenol.ini
NY -> mtbjlywy.ini -> %System32%\mtbjlywy.ini
NY -> mwjfpatw.dll -> %System32%\mwjfpatw.dll
NY -> ngvddwuq.dll -> %System32%\ngvddwuq.dll
NY -> nhylvdjn.ini -> %System32%\nhylvdjn.ini
NY -> nqtss.tmp -> %System32%\nqtss.tmp
NY -> nqtwa.ini -> %System32%\nqtwa.ini
NY -> nqtwa.ini2 -> %System32%\nqtwa.ini2
NY -> nryspjnk.ini -> %System32%\nryspjnk.ini
NY -> nxmfbwqx.dll -> %System32%\nxmfbwqx.dll
NY -> oemwfiam.dll -> %System32%\oemwfiam.dll
NY -> opeybwqp.ini -> %System32%\opeybwqp.ini
NY -> oqstv.tmp -> %System32%\oqstv.tmp
NY -> owflipch.ini -> %System32%\owflipch.ini
NY -> pbncepxq.dll -> %System32%\pbncepxq.dll
NY -> pmvudbsh.ini -> %System32%\pmvudbsh.ini
NY -> PowerVideo.dll -> %System32%\PowerVideo.dll
NY -> qgnwthdy.dll -> %System32%\qgnwthdy.dll
NY -> qjfyxkcc.ini -> %System32%\qjfyxkcc.ini
NY -> rakyrmoa.dll -> %System32%\rakyrmoa.dll
NY -> reguukpn.dll -> %System32%\reguukpn.dll
NY -> rpkbtlny.ini -> %System32%\rpkbtlny.ini
NY -> tbweyvti.dll -> %System32%\tbweyvti.dll
NY -> tcrgkyvr.ini -> %System32%\tcrgkyvr.ini
NY -> ubacahno.dll -> %System32%\ubacahno.dll
NY -> uqcpcejl.ini -> %System32%\uqcpcejl.ini
NY -> uqcpcejl.tmp -> %System32%\uqcpcejl.tmp
NY -> vadidmkt.ini -> %System32%\vadidmkt.ini
NY -> vlukoijh.dll -> %System32%\vlukoijh.dll
NY -> vqnwkeko.ini -> %System32%\vqnwkeko.ini
NY -> wbsnoueo.dll -> %System32%\wbsnoueo.dll
NY -> wbvccbdh.dll -> %System32%\wbvccbdh.dll
NY -> wgwhuesv.dll -> %System32%\wgwhuesv.dll
NY -> wpaesgch.dll -> %System32%\wpaesgch.dll
NY -> wqujjoiv.dll -> %System32%\wqujjoiv.dll
NY -> wqukgtum.dll -> %System32%\wqukgtum.dll
NY -> xbadd.tmp -> %System32%\xbadd.tmp
NY -> xfxerjif.ini -> %System32%\xfxerjif.ini
NY -> xixnkmow.dll -> %System32%\xixnkmow.dll
NY -> xlhbwfql.ini -> %System32%\xlhbwfql.ini
NY -> xxlfaffx.dll -> %System32%\xxlfaffx.dll
NY -> yjgogumb.ini -> %System32%\yjgogumb.ini
NY -> yntuokvt.ini -> %System32%\yntuokvt.ini
NY -> ytddmwcc.dll -> %System32%\ytddmwcc.dll
[Files/Folders - Modified Within 30 days]
NY -> aarvouxx.ini -> %System32%\aarvouxx.ini
NY -> absxntru.dll -> %System32%\absxntru.dll
NY -> amcompat.tlb -> %System32%\amcompat.tlb
NY -> aodedkxl.dll -> %System32%\aodedkxl.dll
NY -> aoilchae.dll -> %System32%\aoilchae.dll
NY -> avgiyttv.ini -> %System32%\avgiyttv.ini
NY -> avsinwar.ini -> %System32%\avsinwar.ini
NY -> bnuiulpd.dll -> %System32%\bnuiulpd.dll
NY -> bseqlhpy.ini -> %System32%\bseqlhpy.ini
NY -> bwriivyr.dll -> %System32%\bwriivyr.dll
NY -> cdssbjbl.dll -> %System32%\cdssbjbl.dll
NY -> cdyvludq.ini -> %System32%\cdyvludq.ini
NY -> cejduowc.ini -> %System32%\cejduowc.ini
NY -> cjncgggy.ini -> %System32%\cjncgggy.ini
NY -> dcbeg.tmp -> %System32%\dcbeg.tmp
NY -> dckgmkwp.dll -> %System32%\dckgmkwp.dll
NY -> dcmayfiu.dll -> %System32%\dcmayfiu.dll
NY -> ebxpjkkt.ini -> %System32%\ebxpjkkt.ini
NY -> fjnnyyct.ini -> %System32%\fjnnyyct.ini
NY -> fnciydis.ini -> %System32%\fnciydis.ini
NY -> frmtragr.dll -> %System32%\frmtragr.dll
NY -> fsbephlb.ini -> %System32%\fsbephlb.ini
NY -> fyxqysit.dll -> %System32%\fyxqysit.dll
NY -> gitudphw.dll -> %System32%\gitudphw.dll
NY -> gjutrxbw.ini -> %System32%\gjutrxbw.ini
NY -> gmsuuvwh.ini -> %System32%\gmsuuvwh.ini
NY -> gwcdxfhe.dll -> %System32%\gwcdxfhe.dll
NY -> hatlmrgi.ini -> %System32%\hatlmrgi.ini
NY -> ijlirhdm.dll -> %System32%\ijlirhdm.dll
NY -> ikdukqvp.dll -> %System32%\ikdukqvp.dll
NY -> ioijbpyp.ini -> %System32%\ioijbpyp.ini
NY -> itnwrpcw.ini -> %System32%\itnwrpcw.ini
NY -> jnjtjawa.dll -> %System32%\jnjtjawa.dll
NY -> jqbveboo.ini -> %System32%\jqbveboo.ini
NY -> jrinwumf.dll -> %System32%\jrinwumf.dll
NY -> jwimkcrk.dll -> %System32%\jwimkcrk.dll
NY -> khfodqfw.ini -> %System32%\khfodqfw.ini
NY -> kjrgeory.dll -> %System32%\kjrgeory.dll
NY -> kkpjetdm.ini -> %System32%\kkpjetdm.ini
NY -> kqglbepv.dll -> %System32%\kqglbepv.dll
NY -> kshplyat.ini -> %System32%\kshplyat.ini
NY -> ksjegxbv.ini -> %System32%\ksjegxbv.ini
NY -> lkymcfvj.dll -> %System32%\lkymcfvj.dll
NY -> lppyexmg.dll -> %System32%\lppyexmg.dll
NY -> lvuxsrsi.ini -> %System32%\lvuxsrsi.ini
NY -> lxnwhuxe.dll -> %System32%\lxnwhuxe.dll
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mgtbenol.ini -> %System32%\mgtbenol.ini
NY -> mtbjlywy.ini -> %System32%\mtbjlywy.ini
NY -> mwjfpatw.dll -> %System32%\mwjfpatw.dll
NY -> ngvddwuq.dll -> %System32%\ngvddwuq.dll
NY -> nhylvdjn.ini -> %System32%\nhylvdjn.ini
NY -> nqtss.tmp -> %System32%\nqtss.tmp
NY -> nqtwa.bak1 -> %System32%\nqtwa.bak1
NY -> nqtwa.bak2 -> %System32%\nqtwa.bak2
NY -> nqtwa.ini2 -> %System32%\nqtwa.ini2
NY -> nryspjnk.ini -> %System32%\nryspjnk.ini
NY -> nxmfbwqx.dll -> %System32%\nxmfbwqx.dll
NY -> oemwfiam.dll -> %System32%\oemwfiam.dll
NY -> opeybwqp.ini -> %System32%\opeybwqp.ini
NY -> oqstv.tmp -> %System32%\oqstv.tmp
NY -> owflipch.ini -> %System32%\owflipch.ini
NY -> pbncepxq.dll -> %System32%\pbncepxq.dll
NY -> pmvudbsh.ini -> %System32%\pmvudbsh.ini
NY -> PowerVideo.dll -> %System32%\PowerVideo.dll
NY -> qgnwthdy.dll -> %System32%\qgnwthdy.dll
NY -> qjfyxkcc.ini -> %System32%\qjfyxkcc.ini
NY -> rakyrmoa.dll -> %System32%\rakyrmoa.dll
NY -> reguukpn.dll -> %System32%\reguukpn.dll
NY -> rpkbtlny.ini -> %System32%\rpkbtlny.ini
NY -> tbweyvti.dll -> %System32%\tbweyvti.dll
NY -> tcrgkyvr.ini -> %System32%\tcrgkyvr.ini
NY -> ubacahno.dll -> %System32%\ubacahno.dll
NY -> uqcpcejl.ini -> %System32%\uqcpcejl.ini
NY -> uqcpcejl.tmp -> %System32%\uqcpcejl.tmp
NY -> vadidmkt.ini -> %System32%\vadidmkt.ini
NY -> vlukoijh.dll -> %System32%\vlukoijh.dll
NY -> vqnwkeko.ini -> %System32%\vqnwkeko.ini
NY -> wbsnoueo.dll -> %System32%\wbsnoueo.dll
NY -> wbvccbdh.dll -> %System32%\wbvccbdh.dll
NY -> wgwhuesv.dll -> %System32%\wgwhuesv.dll
NY -> wpaesgch.dll -> %System32%\wpaesgch.dll
NY -> wqujjoiv.dll -> %System32%\wqujjoiv.dll
NY -> wqukgtum.dll -> %System32%\wqukgtum.dll
NY -> xbadd.tmp -> %System32%\xbadd.tmp
NY -> xfxerjif.ini -> %System32%\xfxerjif.ini
NY -> xixnkmow.dll -> %System32%\xixnkmow.dll
NY -> xlhbwfql.ini -> %System32%\xlhbwfql.ini
NY -> xxlfaffx.dll -> %System32%\xxlfaffx.dll
NY -> yjgogumb.ini -> %System32%\yjgogumb.ini
NY -> yntuokvt.ini -> %System32%\yntuokvt.ini
NY -> ytddmwcc.dll -> %System32%\ytddmwcc.dll
NY -> utg1ndm2.sys -> %System32%\drivers\utg1ndm2.sys
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %System32%\bnuiulpd.dll
NY -> UPX! , UPX0 , -> %System32%\fyxqysit.dll
NY -> UPX! , UPX0 , -> %System32%\lppyexmg.dll
NY -> UPX! , UPX0 , -> %System32%\ngvddwuq.dll
NY -> UPX! , UPX0 , -> %System32%\wpaesgch.dll
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.

infested ?

Comments