Spyware Problems, Need Major Help!

Unknown · April 2008

Lately my computer has been running extremely slow. The desktop on my computer has been compromised, also I cannot access the task bar manager.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:41 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SVCH0ST.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tmrsrv32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\MYWEBS~2\bar\5.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~2\bar\5.bin\mwsoemon.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\STK014_V2.01\STK014M.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zune\ZuneNss.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\AIM6\anotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: windows network (system) - Unknown owner - C:\WINDOWS\system32\system.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3813 bytes

Thomas · April 2008

Welcome to Icrontic bigboi00000,

Some MyWebSearch infection showing here, but not much more. Really not much more of anything - looks like you have been disabling or removing all startups there. Let's take a more detailed look for now.

Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

You can break up logs or use extra posts if needed for that.

bigboi00000 · April 2008

Thanks for the help.

Here is the main text.

Deckard's System Scanner v20071014.68
Run by Lef on 2008-04-16 18:35:56
Computer is in Normal Mode.

Backed up registry hives.

Total Physical Memory: 448 MiB (512 MiB recommended).

-- HijackThis (run as Lef.exe)

logfile has no content; running clone.
-- HijackThis Clone

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-16 18:39:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\SVCH0ST.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\MyWebSearch\bar\5.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\QdrModule\QdrModule15.exe
C:\Program Files\QdrPack\QdrPack15.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\AIM6\anotify.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Lef\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: TB Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {22BE22A4-D4AF-45A1-88EF-0DA547A670Bc} - C:\WINDOWS\system32\xvakpbxg.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {38A44BA6-15FB-4F2C-895E-F525F3F76DEe} - C:\WINDOWS\system32\xvakpbxg.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {4819392B-7D08-4C72-9620-7AC5AF2ACE3e} - C:\WINDOWS\system32\xvakpbxg.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fccbaxv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7AD70C3B-75F4-4DE1-8D13-B1287FEF6CEB} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {857C00DD-86E6-4251-A3D5-03454D6EDB17} - C:\WINDOWS\system32\xvakpbxg.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: {0d036441-0f2c-20e9-9d04-ab7740e98f0a} - {a0f89e04-77ba-40d9-9e02-c2f0144630d0} - C:\WINDOWS\system32\fqvaioig.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: Ars Plugin - {DABE0C57-5B57-4E2D-837A-08F290F7458E} - C:\Program Files\ArcadeRockstar\arsplg.dll
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - 8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2 - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [NI.UWFX6_0001_N68M2301] "C:\Documents and Settings\Compaq_Owner's\Local Settings\Temporary Internet Files\Content.IE5\452F0HQR\WinFixer2006FreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Kalef\Local Settings\Temporary Internet Files\Content.IE5\XRVKPGGB\WinAntiVirusPro2006FreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\5.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BMdb5c1a60] Rundll32.exe "C:\WINDOWS\system32\xjgfldmc.dll",s
O4 - HKLM\..\Run: [d86f29fc] rundll32.exe "C:\WINDOWS\system32\ivksneex.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\5.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BMdb5c1a60] Rundll32.exe "C:\WINDOWS\system32\ijpcxole.dll",s
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] dfrgsrv.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: STK014 PNP Monitor.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191296473369
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.30.16/ttinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: fccbaxv - C:\WINDOWS\system32\fccbaxv.dll
O20 - Winlogon Notify: iqmjkusk - C:\WINDOWS\system32\iqmjkusk.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll
O20 - Winlogon Notify: lcrxirxv - C:\WINDOWS\system32\lcrxirxv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qooklqxp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: windows network (system) - Unknown owner - C:\WINDOWS\system32\system.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 19597 bytes

-- File Associations

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R2 DP1112 - c:\windows\system32\drivers\dp.sys
R3 scrcap - c:\windows\system32\drivers\scrcap.sys <Not Verified; ZD Soft; ZD Soft Screen Capture Series>

S3 msdirectx - c:\documents and settings\compaq_owner's\msdirectx.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 system (windows network) - c:\windows\system32\system.exe -netsata
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe (file missing)
S4 COM+ Messages - "c:\windows\system32\svchosts.exe" -e mc-110-12-0000103
S4 DomainService - c:\windows\system32\qooklqxp.exe /service <Not Verified; ; DDC>

-- Device Manager: Disabled

No disabled devices found.

-- Scheduled Tasks

2008-04-16 18:41:00 412 --a

C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-04-16 00:33:00 412 --a

C:\WINDOWS\Tasks\ParetoLogic Update.job
2008-04-11 20:00:01 530 --a

C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Kalef.job
2008-04-11 20:00:00 544 --a

C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job

-- Files created between 2008-03-16 and 2008-04-16

2008-04-16 18:11:23 94272 --a

C:\WINDOWS\system32\fqvaioig.dll
2008-04-16 18:08:33 87616 --a

C:\WINDOWS\system32\ivksneex.dll
2008-04-16 18:06:01 95808 --a

C:\WINDOWS\system32\xjgfldmc.dll
2008-04-16 17:20:35 87616

n--- C:\WINDOWS\system32\yakhmucq.dll
2008-04-16 17:17:33 94272 --a

C:\WINDOWS\system32\bnmxkkkw.dll
2008-04-16 17:16:20 95808 --a

C:\WINDOWS\system32\fbgedidb.dll
2008-04-16 17:10:27 286336 ---hs---- C:\WINDOWS\system32\dfhkj.ini2
2008-04-16 14:37:20 86592 --a

C:\WINDOWS\system32\yablextw.dll
2008-04-16 11:49:28 92224 --a

C:\WINDOWS\system32\ybulkwgb.dll
2008-04-16 11:45:42 95296 --a

C:\WINDOWS\system32\aanmwktp.dll
2008-04-16 11:06:26 92224 --a

C:\WINDOWS\system32\ckygavjx.dll
2008-04-16 11:03:27 83008 --a

C:\WINDOWS\system32\rikkqpis.dll
2008-04-16 11:00:35 95296 --a

C:\WINDOWS\system32\kttiqlpt.dll
2008-04-16 10:50:44 95296 --a

C:\WINDOWS\system32\vtrduxiv.dll
2008-04-15 22:28:21 91712 --a

C:\WINDOWS\system32\fxblowwn.dll
2008-04-15 22:19:51 96320 --a

C:\WINDOWS\system32\jaskvcdi.dll
2008-04-15 19:29:01 91712 --a

C:\WINDOWS\system32\ymagfopp.dll
2008-04-15 19:24:21 96320 --a

C:\WINDOWS\system32\ribnvajq.dll
2008-04-15 15:00:58 91712 --a

C:\WINDOWS\system32\elhhrurv.dll
2008-04-15 14:57:44 86080 --a

C:\WINDOWS\system32\qhlnkpyc.dll
2008-04-15 14:55:18 96320 --a

C:\WINDOWS\system32\secspibp.dll
2008-04-15 14:39:28 91712 --a

C:\WINDOWS\system32\ampehemk.dll
2008-04-15 14:38:03 96320 --a

C:\WINDOWS\system32\qqwoipvo.dll
2008-04-15 12:48:02 91712 --a

C:\WINDOWS\system32\ghmuxvyn.dll
2008-04-15 12:39:35 96320 --a

C:\WINDOWS\system32\xecnejfa.dll
2008-04-14 22:05:11 92224 --a

C:\WINDOWS\system32\khsydxcj.dll
2008-04-14 22:02:11 3648 --a

C:\WINDOWS\system32\dwsrljof.dll
2008-04-14 21:59:15 96320 --a

C:\WINDOWS\system32\mljvupsg.dll
2008-04-14 21:53:26 3648 --a

C:\WINDOWS\system32\yqgqpphw.dll
2008-04-14 21:50:54 96320 --a

C:\WINDOWS\system32\utrhveqq.dll
2008-04-14 21:10:37 3648 --a

C:\WINDOWS\system32\yidetkmo.dll
2008-04-14 21:08:04 96320 --a

C:\WINDOWS\system32\scayxvsu.dll
2008-04-14 19:34:59 92224 --a

C:\WINDOWS\system32\nahiklgt.dll
2008-04-14 19:29:20 3648 --a

C:\WINDOWS\system32\dncdsskh.dll
2008-04-14 19:26:56 96320 --a

C:\WINDOWS\system32\yqbeaiew.dll
2008-04-14 18:40:37 92224 --a

C:\WINDOWS\system32\jirpllst.dll
2008-04-14 18:34:38 3648 --a

C:\WINDOWS\system32\uqidypce.dll
2008-04-14 18:32:38 0 d

C:\Program Files\Trend Micro
2008-04-14 18:31:43 96320 --a

C:\WINDOWS\system32\mlxkjhnw.dll
2008-04-14 18:23:06 92224 --a

C:\WINDOWS\system32\cbwrkwlq.dll
2008-04-14 18:20:05 3648 --a

C:\WINDOWS\system32\ytaxcloe.dll
2008-04-14 18:18:05 96320 --a

C:\WINDOWS\system32\fsvxrgpe.dll
2008-04-14 16:36:12 92224 --a

C:\WINDOWS\system32\ublenydq.dll
2008-04-14 16:30:12 3648 --a

C:\WINDOWS\system32\fgorofnf.dll
2008-04-14 16:27:32 96320 --a

C:\WINDOWS\system32\vchchkml.dll
2008-04-14 14:16:02 92224 --a

C:\WINDOWS\system32\fhxicgmt.dll
2008-04-14 14:07:06 3648 --a

C:\WINDOWS\system32\ximysjml.dll
2008-04-14 14:04:26 96320 --a

C:\WINDOWS\system32\yoixwymp.dll
2008-04-13 22:48:05 92736 --a

C:\WINDOWS\system32\npbwvaqt.dll
2008-04-13 22:42:03 3648 --a

C:\WINDOWS\system32\jousount.dll
2008-04-13 22:40:04 95296 --a

C:\WINDOWS\system32\xoarlopl.dll
2008-04-13 17:57:22 92736 --a

C:\WINDOWS\system32\jedwstey.dll
2008-04-13 17:45:18 3648 --a

C:\WINDOWS\system32\peycplxv.dll
2008-04-13 17:42:37 95296 --a

C:\WINDOWS\system32\munilthn.dll
2008-04-13 11:55:04 92736 --a

C:\WINDOWS\system32\ghjjemqb.dll
2008-04-13 11:52:07 3648 --a

C:\WINDOWS\system32\fgdfaxbd.dll
2008-04-13 11:49:39 95296 --a

C:\WINDOWS\system32\qtbfpjve.dll
2008-04-12 23:27:31 92736 --a

C:\WINDOWS\system32\wdoalunl.dll
2008-04-12 23:24:36 3648 --a

C:\WINDOWS\system32\qvvssawq.dll
2008-04-12 23:24:13 94272 --a

C:\WINDOWS\system32\tuchptaq.dll
2008-04-12 17:17:00 92736 --a

C:\WINDOWS\system32\rmxnfkmd.dll
2008-04-12 17:08:07 3648 --a

C:\WINDOWS\system32\yjxselxh.dll
2008-04-12 17:05:12 94272 --a

C:\WINDOWS\system32\wastbrxm.dll
2008-04-12 16:08:16 92736 --a

C:\WINDOWS\system32\nkjuvpfy.dll
2008-04-12 15:59:16 3648 --a

C:\WINDOWS\system32\ehdqwvnq.dll
2008-04-12 15:56:26 94272 --a

C:\WINDOWS\system32\aundotxr.dll
2008-04-12 13:09:00 92736 --a

C:\WINDOWS\system32\ukrvguji.dll
2008-04-12 13:03:01 3648 --a

C:\WINDOWS\system32\eqvxdhod.dll
2008-04-12 13:01:28 94272 --a

C:\WINDOWS\system32\nvmrashf.dll
2008-04-12 12:42:02 92736 --a

C:\WINDOWS\system32\dehgsfkr.dll
2008-04-12 12:36:17 86592 --a

C:\WINDOWS\system32\iogtsglb.dll
2008-04-12 12:33:04 3648 --a

C:\WINDOWS\system32\kecumcwb.dll
2008-04-12 12:32:03 94272 --a

C:\WINDOWS\system32\rnootvkt.dll
2008-04-12 09:04:45 92736 --a

C:\WINDOWS\system32\qtbuwlnv.dll
2008-04-12 08:58:44 3648 --a

C:\WINDOWS\system32\njnfhhke.dll
2008-04-12 08:55:55 94272 --a

C:\WINDOWS\system32\dldlfbbw.dll
2008-04-11 18:43:18 91712 --a

C:\WINDOWS\system32\gexhbyvf.dll
2008-04-11 18:41:41 3648 --a

C:\WINDOWS\system32\cybibfsw.dll
2008-04-11 18:41:20 94784 --a

C:\WINDOWS\system32\iqppgnqs.dll
2008-04-11 14:14:49 0 d

C:\04-11-2008_14-14
2008-04-11 12:30:12 90176 --a

C:\WINDOWS\system32\iiynnymn.dll
2008-04-11 12:24:14 3648 --a

C:\WINDOWS\system32\vlqeekie.dll
2008-04-11 12:22:55 94784 --a

C:\WINDOWS\system32\dpjjegmp.dll
2008-04-10 14:47:02 93248 --a

C:\WINDOWS\system32\nmkbuudx.dll
2008-04-10 12:49:01 3648 --a

C:\WINDOWS\system32\cqrdedtg.dll
2008-04-10 12:46:27 88128 --a

C:\WINDOWS\system32\dyvjrohh.dll
2008-04-10 00:17:49 91712 --a

C:\WINDOWS\system32\fwbnnobb.dll
2008-04-10 00:11:49 3648 --a

C:\WINDOWS\system32\mmybeqnn.dll
2008-04-10 00:10:14 89664 --a

C:\WINDOWS\system32\ijpcxole.dll
2008-04-09 22:58:23 91712 --a

C:\WINDOWS\system32\ovfbmhfv.dll
2008-04-09 22:49:59 3648 --a

C:\WINDOWS\system32\avyicpne.dll
2008-04-09 22:49:36 89664 --a

C:\WINDOWS\system32\vmdnwnqg.dll
2008-04-09 06:54:07 90688 --a

C:\WINDOWS\system32\wilcyyrp.dll
2008-04-09 06:51:07 3648 --a

C:\WINDOWS\system32\vqruoooa.dll
2008-04-09 06:48:53 87616 --a

C:\WINDOWS\system32\obnbxktw.dll
2008-04-08 23:03:32 91712 --a

C:\WINDOWS\system32\vkbnorpf.dll
2008-04-08 23:00:34 3648 --a

C:\WINDOWS\system32\meuxggws.dll
2008-04-08 22:57:54 88640 --a

C:\WINDOWS\system32\widwohqc.dll
2008-04-08 21:29:43 0 d

C:\04-08-2008_21-29
2008-04-08 18:15:52 91712 --a

C:\WINDOWS\system32\fxpysqng.dll
2008-04-08 18:09:52 83520 --a

C:\WINDOWS\system32\leslcttr.dll
2008-04-08 18:06:54 3648 --a

C:\WINDOWS\system32\hxmdvslb.dll
2008-04-08 18:04:49 88640 --a

C:\WINDOWS\system32\uabdkcni.dll
2008-04-08 17:30:58 91712 --a

C:\WINDOWS\system32\fjrwopls.dll
2008-04-08 17:27:53 3648 --a

C:\WINDOWS\system32\fftkuiqi.dll
2008-04-08 17:25:03 88640 --a

C:\WINDOWS\system32\qkvgyfqe.dll
2008-04-08 15:44:55 91712 --a

C:\WINDOWS\system32\mmsboohp.dll
2008-04-08 15:41:47 3648 --a

C:\WINDOWS\system32\rqvrdvgd.dll
2008-04-08 15:41:00 88640 --a

C:\WINDOWS\system32\gduyeawm.dll
2008-04-08 00:05:57 90176 --a

C:\WINDOWS\system32\nxoejwmg.dll
2008-04-08 00:05:50 88128 --a

C:\WINDOWS\system32\lvrflndy.dll
2008-04-07 20:59:34 0 d

C:\04-07-2008_20-59
2008-04-07 20:42:39 0 d

C:\04-07-2008_20-42
2008-04-07 13:39:20 90176 --a

C:\WINDOWS\system32\dqddcacg.dll
2008-04-07 13:35:05 88128 --a

C:\WINDOWS\system32\vlhtvxto.dll
2008-04-06 23:24:14 89664 --a

C:\WINDOWS\system32\barnkpcp.dll
2008-04-06 23:21:01 85056 --a

C:\WINDOWS\system32\gtuveghl.dll
2008-04-06 23:19:21 87104 --a

C:\WINDOWS\system32\paavvhcy.dll
2008-04-06 12:28:57 89664 --a

C:\WINDOWS\system32\orbqlxud.dll
2008-04-06 12:27:18 87104 --a

C:\WINDOWS\system32\wunmsxxb.dll
2008-04-06 04:46:56 89664 --a

C:\WINDOWS\system32\xtpcbtwt.dll
2008-04-06 04:40:56 87104 --a

C:\WINDOWS\system32\kwbvegar.dll
2008-04-06 02:25:09 89664 --a

C:\WINDOWS\system32\qkhagiif.dll
2008-04-06 02:22:03 85056 --a

C:\WINDOWS\system32\iromanlf.dll
2008-04-06 02:19:24 87104 --a

C:\WINDOWS\system32\iswomxls.dll
2008-04-06 01:48:09 89664 --a

C:\WINDOWS\system32\yxgjsahd.dll
2008-04-06 01:42:15 87104 --a

C:\WINDOWS\system32\vivrtgir.dll
2008-04-05 01:42:51 90176 --a

C:\WINDOWS\system32\qndmyrxr.dll
2008-04-05 01:41:23 87104 --a

C:\WINDOWS\system32\uktcmbrx.dll
2008-04-04 17:58:48 90176 --a

C:\WINDOWS\system32\elavyngh.dll
2008-04-04 17:55:45 83520 --a

C:\WINDOWS\system32\vrgeewjt.dll
2008-04-04 17:54:15 87104 --a

C:\WINDOWS\system32\fvwfwjbt.dll
2008-04-04 15:02:49 90176 --a

C:\WINDOWS\system32\wuvwlxrc.dll
2008-04-04 14:57:09 87104 --a

C:\WINDOWS\system32\qvxufcss.dll
2008-04-04 02:12:37 86592 --a

C:\WINDOWS\system32\pbqgdanv.dll
2008-04-04 02:09:39 89152 --a

C:\WINDOWS\system32\ddixtixh.dll
2008-04-04 02:06:49 88640 --a

C:\WINDOWS\system32\qhnsmbxd.dll
2008-04-02 14:57:00 91712 --a

C:\WINDOWS\system32\bfscpvcs.dll
2008-04-02 14:54:22 88128 --a

C:\WINDOWS\system32\njuocosp.dll
2008-04-02 14:44:08 0 d

C:\acccore
2008-04-01 20:49:28 0 d

C:\04-01-2008_19-46
2008-04-01 19:26:57 90688 --a

C:\WINDOWS\system32\ehpbakvy.dll
2008-04-01 19:23:24 88128 --a

C:\WINDOWS\system32\fhrmlwxp.dll
2008-04-01 06:40:30 90688 --a

C:\WINDOWS\system32\upomdsit.dll
2008-04-01 06:38:37 85568 --a

C:\WINDOWS\system32\yuhoawar.dll
2008-03-31 16:07:32 91712 --a

C:\WINDOWS\system32\fserixxo.dll
2008-03-30 13:27:36 90176 --a

C:\WINDOWS\system32\xjaxcbop.dll
2008-03-30 12:32:26 87104 --a

C:\WINDOWS\system32\ycbldwcu.dll
2008-03-30 12:28:48 90176 --a

C:\WINDOWS\system32\ktpetbhp.dll
2008-03-30 12:04:08 29457 --a

C:\WINDOWS\system32\jlnzlfp.exe
2008-03-29 04:34:33 90688 --a

C:\WINDOWS\system32\nhtedwjs.dll
2008-03-28 23:16:02 90688 --a

C:\WINDOWS\system32\wqtpljuh.dll
2008-03-28 19:50:50 90688 --a

C:\WINDOWS\system32\uqmmcveg.dll
2008-03-28 19:15:47 90688 --a

C:\WINDOWS\system32\toebgcjc.dll
2008-03-28 17:08:52 90688 --a

C:\WINDOWS\system32\fnsqkafy.dll
2008-03-28 13:52:16 90688 --a

C:\WINDOWS\system32\biklaayn.dll
2008-03-28 13:49:21 87616 --a

C:\WINDOWS\system32\kiqosenv.dll
2008-03-28 12:04:46 28978 --a

C:\WINDOWS\system32\xdrzxa.exe
2008-03-28 02:05:02 92224 --a

C:\WINDOWS\system32\vpxrxtbg.dll
2008-03-28 02:02:03 93248 --a

C:\WINDOWS\system32\wubqdtwq.dll
2008-03-27 02:06:47 92736 --a

C:\WINDOWS\system32\kycppobd.dll
2008-03-27 02:01:02 90688 --a

C:\WINDOWS\system32\hvpvdyid.dll
2008-03-26 20:01:32 89152 --a

C:\WINDOWS\system32\ospmnrmx.dll
2008-03-26 19:58:36 92736 --a

C:\WINDOWS\system32\voipqpav.dll
2008-03-26 19:55:41 90688 --a

C:\WINDOWS\system32\eseksmhk.dll
2008-03-26 19:37:20 92736 --a

C:\WINDOWS\system32\tnlgdjhi.dll
2008-03-26 19:35:57 90688 --a

C:\WINDOWS\system32\qpoxojdv.dll
2008-03-26 10:49:52 92736 --a

C:\WINDOWS\system32\ypuldfli.dll
2008-03-26 10:47:10 90688 --a

C:\WINDOWS\system32\iktcafrt.dll
2008-03-25 22:43:23 94272 --a

C:\WINDOWS\system32\ulhuocqu.dll
2008-03-25 22:40:21 89152 --a

C:\WINDOWS\system32\lbpnoadg.dll
2008-03-25 22:37:32 90688 --a

C:\WINDOWS\system32\dacdxtcg.dll
2008-03-25 14:37:35 94272 --a

C:\WINDOWS\system32\knbqyxwf.dll
2008-03-25 14:31:56 90688 --a

C:\WINDOWS\system32\hksspicl.dll
2008-03-25 12:07:57 94272 --a

C:\WINDOWS\system32\uiukomuw.dll
2008-03-25 12:05:09 89152 --a

C:\WINDOWS\system32\jkwdrjrt.dll
2008-03-25 12:02:14 90688 --a

C:\WINDOWS\system32\cupnhpij.dll
2008-03-25 00:44:46 93248 --a

C:\WINDOWS\system32\fsdmoebx.dll
2008-03-25 00:38:42 91200 --a

C:\WINDOWS\system32\utjceigf.dll
2008-03-24 00:39:20 92736 --a

C:\WINDOWS\system32\okityhsm.dll
2008-03-24 00:36:31 90176 --a

C:\WINDOWS\system32\csdsgjty.dll
2008-03-23 15:48:05 92736 --a

C:\WINDOWS\system32\aphuqypm.dll
2008-03-23 15:47:42 90176 --a

C:\WINDOWS\system32\etgpgnwf.dll
2008-03-22 15:33:21 0 d

C:\Documents and Settings\Lef\Application Data\Image Zone Express
2008-03-22 12:34:24 93248 --a

C:\WINDOWS\system32\fvbeynao.dll
2008-03-22 12:33:01 92224 --a

C:\WINDOWS\system32\jnoxbhrq.dll
2008-03-21 20:40:20 94784 --a

C:\WINDOWS\system32\yaodqwgy.dll
2008-03-21 20:36:38 91712 --a

C:\WINDOWS\system32\skjspyfp.dll
2008-03-21 13:03:52 94784 --a

C:\WINDOWS\system32\gelecwth.dll
2008-03-21 13:00:54 91712 --a

C:\WINDOWS\system32\jcjwvmkv.dll
2008-03-20 21:12:10 87104 --a

C:\WINDOWS\system32\uswgxsiw.dll
2008-03-20 21:08:20 91712 --a

C:\WINDOWS\system32\bjaeglab.dll
2008-03-20 21:06:22 89664 --a

C:\WINDOWS\system32\eqqrddra.dll
2008-03-20 17:11:37 91712 --a

C:\WINDOWS\system32\iyrchlpd.dll
2008-03-20 17:05:43 89664 --a

C:\WINDOWS\system32\euvkeyev.dll
2008-03-20 14:46:31 0 d

C:\Documents and Settings\Kalef.YOUR-22CA86D5C4\Application Data\DivX
2008-03-20 14:20:34 91712 --a

C:\WINDOWS\system32\vudtiror.dll
2008-03-20 14:15:47 89664 --a

C:\WINDOWS\system32\biuetjlp.dll
2008-03-19 15:32:00 0 d

C:\Documents and Settings\Kalef.YOUR-22CA86D5C4\Application Data\acccore
2008-03-19 11:40:43 88640 --a

C:\WINDOWS\system32\hchcbcgp.dll
2008-03-19 11:37:39 93248 --a

C:\WINDOWS\system32\tawfqddr.dll
2008-03-19 11:31:36 90688 --a

C:\WINDOWS\system32\wetunarh.dll
2008-03-18 22:54:16 92736 --a

C:\WINDOWS\system32\eqqblwqt.dll
2008-03-18 22:52:26 91200 --a

C:\WINDOWS\system32\yrlhpkkb.dll
2008-03-17 22:54:18 93760 --a

C:\WINDOWS\system32\msaptnxq.dll
2008-03-17 22:51:23 87616 --a

C:\WINDOWS\system32\jybqsliw.dll
2008-03-17 22:51:14 91200 --a

C:\WINDOWS\system32\ldsalwfd.dll
2008-03-16 18:47:28 99904 --a

C:\WINDOWS\system32\sjcbfjfs.dll
2008-03-16 18:46:00 95296 --a

C:\WINDOWS\system32\xpatmvdb.dll
2008-03-16 16:10:09 99904 --a

C:\WINDOWS\system32\yklscohq.dll
2008-03-16 16:07:17 95296 --a

C:\WINDOWS\system32\kxuutigl.dll

-- Find3M Report

2008-04-16 18:28:21 4 --a

C:\WINDOWS\system32\stfv.bin
2008-04-16 18:04:17 272984 ---hs---- C:\WINDOWS\system32\dfhkj.bak1
2008-04-16 10:49:35 0 d

C:\Program Files\QdrModule
2008-04-16 00:01:34 12 --a

C:\WINDOWS\system32\sl.bin
2008-04-11 14:25:42 0 d

C:\Documents and Settings\Lef\Application Data\Yahoo!
2008-04-10 00:40:42 0 d

C:\Documents and Settings\Lef\Application Data\uTorrent
2008-04-09 22:56:18 0 d

C:\Documents and Settings\Lef\Application Data\LimeWire
2008-04-08 23:27:26 0 d

C:\Program Files\QdrPack
2008-03-26 01:35:02 0 d

C:\Documents and Settings\Lef\Application Data\Apple Computer
2008-03-21 18:32:41 0 d

C:\Program Files\LimeWire
2008-03-15 16:07:35 98368 --a

C:\WINDOWS\system32\hholqrsy.dll
2008-03-15 16:05:40 98368 --a

C:\WINDOWS\system32\chwoovtk.dll
2008-03-14 15:27:49 98368 --a

C:\WINDOWS\system32\twknwfoc.dll
2008-03-14 14:36:22 96832 --a

C:\WINDOWS\system32\jiqkmtuh.dll
2008-03-13 23:23:23 86080 --a

C:\WINDOWS\system32\dymrrllq.dll
2008-03-13 23:20:19 93760 --a

C:\WINDOWS\system32\wpqmosnv.dll
2008-03-13 23:18:42 90176 --a

C:\WINDOWS\system32\xlxalwlw.dll
2008-03-13 19:09:54 93760 --a

C:\WINDOWS\system32\ywskgexn.dll
2008-03-13 19:07:52 90176 --a

C:\WINDOWS\system32\edsovopv.dll
2008-03-12 18:37:22 93760 --a

C:\WINDOWS\system32\mfiyacby.dll
2008-03-12 18:34:22 89152 --a

C:\WINDOWS\system32\ckndpgpd.dll
2008-03-11 23:50:35 93248 --a

C:\WINDOWS\system32\sieffajq.dll
2008-03-11 23:43:12 90688 --a

C:\WINDOWS\system32\cnurbaqj.dll
2008-03-11 16:52:47 93248 --a

C:\WINDOWS\system32\xdtbkkbr.dll
2008-03-11 16:51:51 90688 --a

C:\WINDOWS\system32\xsqpixfa.dll
2008-03-11 11:24:49 93248 --a

C:\WINDOWS\system32\hthsayge.dll
2008-03-11 11:21:48 90688 --a

C:\WINDOWS\system32\rjomrkrd.dll
2008-03-10 11:28:10 93760 --a

C:\WINDOWS\system32\theupiej.dll
2008-03-10 11:22:10 89152 --a

C:\WINDOWS\system32\ulridlkt.dll
2008-03-10 10:58:12 18432 --a

C:\WINDOWS\sysrlb32.exe <Not Verified; Microsoft Corp.; Project1>
2008-03-10 01:00:31 12 --a

C:\WINDOWS\system32\gtv_sd.bin
2008-03-09 16:33:53 91200 --a

C:\WINDOWS\system32\teevxfjc.dll
2008-03-09 16:31:11 86592 --a

C:\WINDOWS\system32\naluaulo.dll
2008-03-09 16:28:03 89664 --a

C:\WINDOWS\system32\ixdggdkl.dll
2008-03-08 18:55:15 92224 --a

C:\WINDOWS\system32\gxqejkok.dll
2008-03-08 18:52:16 88640 --a

C:\WINDOWS\system32\xqgtblsu.dll
2008-03-08 17:30:15 88640 --a

C:\WINDOWS\system32\sfyoilhg.dll
2008-03-08 15:44:54 92224 --a

C:\WINDOWS\system32\tgiwtvyi.dll
2008-03-08 15:35:57 88640 --a

C:\WINDOWS\system32\jdydfxsv.dll
2008-03-07 15:43:16 90688 --a

C:\WINDOWS\system32\atrjdoti.dll
2008-03-07 15:37:24 88640 --a

C:\WINDOWS\system32\iwnpdepp.dll
2008-03-06 16:32:38 96320 --a

C:\WINDOWS\system32\vudblyvt.dll
2008-03-06 14:36:13 92736 --a

C:\WINDOWS\system32\jwnvmtha.dll
2008-03-05 13:45:24 96832 --a

C:\WINDOWS\system32\onufjjup.dll
2008-03-05 13:42:57 91712 --a

C:\WINDOWS\system32\bovticbk.dll
2008-03-05 13:22:21 96832 --a

C:\WINDOWS\system32\dxsjbbwp.dll
2008-03-05 13:19:30 91712 --a

C:\WINDOWS\system32\hbqhfvgu.dll
2008-03-05 13:11:27 96832 --a

C:\WINDOWS\system32\uqikwnyr.dll
2008-03-05 13:08:34 91712 --a

C:\WINDOWS\system32\vtetbgjt.dll
2008-03-05 13:04:42 96832 --a

C:\WINDOWS\system32\hplrcxlg.dll
2008-03-05 13:02:29 91712 --a

C:\WINDOWS\system32\fpwdhgyi.dll
2008-03-04 18:33:44 96832 --a

C:\WINDOWS\system32\yjeaejip.dll
2008-03-04 18:30:55 91712 --a

C:\WINDOWS\system32\vdbaahkd.dll
2008-03-04 11:04:04 27568 --a

C:\WINDOWS\system32\uuzrpvmrh.exe
2008-03-03 23:06:50 93248 --a

C:\WINDOWS\system32\fryfocuv.dll
2008-03-03 23:03:48 95296 --a

C:\WINDOWS\system32\xquljbaw.dll
2008-03-03 23:02:01 91712 --a

C:\WINDOWS\system32\tlhdqnja.dll
2008-03-03 19:18:39 95296 --a

C:\WINDOWS\system32\bofassin.dll
2008-03-03 19:14:01 91712 --a

C:\WINDOWS\system32\hcvgljed.dll
2008-03-02 19:15:01 89664 --a

C:\WINDOWS\system32\dsdvwlud.dll
2008-03-02 19:08:54 91712 --a

C:\WINDOWS\system32\ssxcuqby.dll
2008-03-02 12:35:48 89664 --a

C:\WINDOWS\system32\wydytoqs.dll
2008-03-02 12:34:12 91712 --a

C:\WINDOWS\system32\fwfaewgc.dll
2008-03-02 02:50:46 85568 --a

C:\WINDOWS\system32\iafvsncl.dll
2008-03-02 02:44:46 89664 --a

C:\WINDOWS\system32\oqnvfheu.dll
2008-03-02 02:43:12 91712 --a

C:\WINDOWS\system32\wqakeyvs.dll
2008-03-02 02:10:29 89664 --a

C:\WINDOWS\system32\cvwjjsps.dll
2008-03-02 02:01:42 91712 --a

C:\WINDOWS\system32\jxilgaqu.dll
2008-03-01 16:36:12 89664 --a

C:\WINDOWS\system32\yblwbjbi.dll
2008-03-01 16:31:50 91712 --a

C:\WINDOWS\system32\tthgbhog.dll
2008-03-01 00:22:56 88640 --a

C:\WINDOWS\system32\gldvixwx.dll
2008-03-01 00:21:25 91712 --a

C:\WINDOWS\system32\ymtncgkw.dll
2008-02-29 23:22:50 88640 --a

C:\WINDOWS\system32\nrxdqdoa.dll
2008-02-29 23:16:50 91712 --a

C:\WINDOWS\system32\rwnerkcu.dll
2008-02-28 23:29:23 89664 --a

C:\WINDOWS\system32\wywvrkpl.dll
2008-02-28 23:17:26 84544 --a

C:\WINDOWS\system32\tlijupab.dll
2008-02-28 23:16:08 91712 --a

C:\WINDOWS\system32\nhprmdxe.dll
2008-02-28 00:13:26 90176 --a

C:\WINDOWS\system32\avxmimoc.dll
2008-02-28 00:07:28 91712 --a

C:\WINDOWS\system32\vgjwwxou.dll
2008-02-27 16:47:06 90176 --a

C:\WINDOWS\system32\svpqmlrq.dll
2008-02-27 16:44:16 91712 --a

C:\WINDOWS\system32\ufbynpcb.dll
2008-02-27 15:40:53 90176 --a

C:\WINDOWS\system32\ftjyhigb.dll
2008-02-27 15:38:03 91712 --a

C:\WINDOWS\system32\arlsswme.dll
2008-02-27 07:37:14 90176 --a

C:\WINDOWS\system32\rsuqvpml.dll
2008-02-27 07:34:36 91712 --a

C:\WINDOWS\system32\mkpnfovm.dll
2008-02-26 16:17:24 89152 --a

C:\WINDOWS\system32\hglcfhch.dll
2008-02-26 16:14:24 91712 --a

C:\WINDOWS\system32\ekingjyc.dll
2008-02-25 16:16:35 90688 --a

C:\WINDOWS\system32\vagtysac.dll
2008-02-24 16:12:44 90176 --a

C:\WINDOWS\system32\cgodtlvx.dll
2008-02-24 15:40:13 90176 --a

C:\WINDOWS\system32\dcplxqgd.dll
2008-02-24 11:47:21 90176 --a

C:\WINDOWS\system32\infkciuy.dll
2008-02-24 11:45:19 86592 --a

C:\WINDOWS\system32\nvusokdr.dll
2008-02-24 02:01:47 89152 --a

C:\WINDOWS\system32\ddkjpnxi.dll
2008-02-23 02:02:54 89664 --a

C:\WINDOWS\system32\tyfcggkl.dll
2008-02-23 02:01:29 84544 --a

C:\WINDOWS\system32\ykpocsqj.dll
2008-02-22 14:26:17 89664 --a

C:\WINDOWS\system32\vidlbtto.dll
2008-02-22 14:17:02 89664 --a

C:\WINDOWS\system32\oqoispcr.dll
2008-02-21 22:19:15 93760 --a

C:\WINDOWS\system32\gasdeamx.dll
2008-02-20 22:16:15 94784 --a

C:\WINDOWS\system32\hfetrptf.dll
2008-02-20 16:16:38 94784 --a

C:\WINDOWS\system32\oqmptknx.dll
2008-02-20 11:07:56 94784 --a

C:\WINDOWS\system32\mdmxmgfo.dll
2008-02-19 11:17:39 89152 --a

C:\WINDOWS\system32\glkaexba.dll
2008-02-19 07:49:08 89152 --a

C:\WINDOWS\system32\emycfbem.dll
2008-02-19 00:52:32 93248 --a

C:\WINDOWS\system32\hyiwmvpm.dll
2008-02-18 00:55:28 97344 --a

C:\WINDOWS\system32\liqyipns.dll
2008-02-17 00:49:56 92736 --a

C:\WINDOWS\system32\siuoetbl.dll
2008-02-16 00:50:59 91712 --a

C:\WINDOWS\system32\hsaittbm.dll
2008-02-15 19:00:31 91712 --a

C:\WINDOWS\system32\yhxklrjc.dll
2008-02-14 13:49:58 91200 --a

C:\WINDOWS\system32\pdyotcfg.dll
2008-02-06 07:35:21 323072 --a

C:\WINDOWS\system32\slzweqsfj.exe
2008-01-17 20:20:59 294912 --a

bigboi00000 · April 2008

Here is the rest of the main text.

C:\WINDOWS\system32\oiamalu.exe

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000026-8735-428D-B81F-DD098223B25F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000006b1-19b5-414a-849f-2a3c64ae6939}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}]
09/06/2007 01:43 AM 184320 --a

C:\Program Files\WinBudget\bin\matrix.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BE22A4-D4AF-45A1-88EF-0DA547A670Bc}]
11/25/2006 08:36 PM 132116 --a

C:\WINDOWS\system32\xvakpbxg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30000273-8230-4dd4-be4f-6889d1e74167}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38A44BA6-15FB-4F2C-895E-F525F3F76DEe}]
11/25/2006 08:36 PM 132116 --a

C:\WINDOWS\system32\xvakpbxg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}]
C:\Program Files\VSAdd-in\VSAdd-in.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4819392B-7D08-4C72-9620-7AC5AF2ACE3e}]
11/25/2006 08:36 PM 132116 --a

C:\WINDOWS\system32\xvakpbxg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
08/15/2007 04:03 AM 287766 --a

C:\WINDOWS\system32\fccbaxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AD70C3B-75F4-4DE1-8D13-B1287FEF6CEB}]
08/15/2007 04:08 AM 266304 --a

C:\WINDOWS\system32\jkhfd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{857C00DD-86E6-4251-A3D5-03454D6EDB17}]
11/25/2006 08:36 PM 132116 --a

C:\WINDOWS\system32\xvakpbxg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
10/24/2007 09:17 AM 180224 --a

C:\Program Files\ISM\BndDrive7.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FB5B012-E8CB-46cd-B6D2-ED428FAE9043}]
09/27/2007 01:47 PM 196608 --a

C:\Program Files\ISM\BndDrive5.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0f89e04-77ba-40d9-9e02-c2f0144630d0}]
04/16/2008 06:11 PM 94272 --a

C:\WINDOWS\system32\fqvaioig.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
12/02/2007 05:53 PM 21504 --a

C:\WINDOWS\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}]
06/13/2006 11:00 AM 114688 --a

C:\Program Files\ToolBar888\MyToolBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{74DD705D-6834-439C-A735-A6DBE2677452}"= C:\Program Files\VSAdd-in\VSAdd-in.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{74DD705D-6834-439C-A735-A6DBE2677452}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/10/2006 10:24 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [10/10/2006 10:24 PM]
"EPSON Stylus CX6400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.exe" []
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/10/2006 10:24 PM]
"NI.UWFX6_0001_N68M2301"="C:\Documents and Settings\Compaq_Owner's\Local Settings\Temporary Internet Files\Content.IE5\452F0HQR\WinFixer2006FreeInstall[1].exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/10/2006 10:24 PM]
"NI.UWA6P_0001_N822M1605"="C:\Documents and Settings\Kalef\Local Settings\Temporary Internet Files\Content.IE5\XRVKPGGB\WinAntiVirusPro2006FreeInstall[1].exe" []
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [10/31/2006 02:34 PM]
"P2P Networking"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" [11/22/2007 06:23 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~2\bar\5.bin\m3SrchMn.exe" [11/25/2007 10:00 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~2\bar\5.bin\mwsoemon.exe" [11/25/2007 10:00 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [12/10/2002 06:54 PM]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [12/10/2002 07:32 PM]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [12/10/2002 07:31 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 04:22 AM]
"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [01/12/2004 09:40 PM]
"yxtenehgte"="c:\windows\system32\yxtenehgte.exe" [04/12/2008 12:31 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"BMdb5c1a60"="C:\WINDOWS\system32\xjgfldmc.dll" [04/16/2008 06:06 PM]
"d86f29fc"="C:\WINDOWS\system32\ivksneex.dll" [04/16/2008 06:08 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"AIM"="C:\Program Files\AIM95\aim.exe" [10/10/2006 10:24 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 11:20 AM]
"ares"="C:\Program Files\Ares\Ares.exe" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~2\bar\5.bin\mwsoemon.exe" [11/25/2007 10:00 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [11/14/2007 06:33 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [01/05/2008 01:09 PM]
"BMdb5c1a60"="C:\WINDOWS\system32\ijpcxole.dll,s" []
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [04/03/2008 09:53 AM]
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" [04/04/2008 04:17 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [8/9/2004 4:59:58 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [1/5/2008 1:09:14 PM]
STK014 PNP Monitor.lnk - C:\Program Files\STK014_V2.01\STK014M.exe [1/29/2008 10:26:25 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"=dfrgsrv.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F621BA}"= C:\WINDOWS\system32\bdscheca001.dll [11/24/2006 09:04 PM 12036]
"{55667788-ABCD-1234-5678-00C04FD8DBD8}"= C:\WINDOWS\system32\jbloader.dll [12/18/2006 09:01 PM 2560]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\fccbaxv.dll [08/15/2007 04:03 AM 287766]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbaxv]
fccbaxv.dll 08/15/2007 04:03 AM 287766 C:\WINDOWS\system32\fccbaxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iqmjkusk]
iqmjkusk.dll 09/16/2006 05:43 PM 188948 C:\WINDOWS\system32\iqmjkusk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfd]
C:\WINDOWS\system32\jkhfd.dll 08/15/2007 04:08 AM 266304 C:\WINDOWS\system32\jkhfd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lcrxirxv]
lcrxirxv.dll 08/10/2006 08:34 PM 188948 C:\WINDOWS\system32\lcrxirxv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
"C:\Program Files\AIM\AIM Pro\aimpro.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]
C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6400 (Copy 1)]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P28 "EPSON Stylus CX6400 (Copy 1)" /O5 "LPT1:" /M "Stylus CX6400"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1160089029\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j1271938]
rundll32 C:\WINDOWS\system32\j1271938.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{D86F2953-07CE-1033-0902-040804030001}]
"C:\Program Files\Common Files\{D86F2953-07CE-1033-0902-040804030001}\Update.exe" mc-110-12-0000103

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{D86F2953-07CF-1033-0902-040804030001}]
"C:\Program Files\Common Files\{D86F2953-07CF-1033-0902-040804030001}\Update.exe" mc-110-12-0000103

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{D86F2953-07D0-1033-0902-040804030001}]
"C:\Program Files\Common Files\{D86F2953-07D0-1033-0902-040804030001}\Update.exe" mc-110-12-0000103

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
C:\WINDOWS\system32\msorcl32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E02310B4E666}]
C:\WINDOWS\system32\tmrsrv32.exe

-- End of Deckard's System Scanner: finished at 2008-04-16 18:47:02

bigboi00000 · April 2008

Extra Text
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) 3000+
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 447.48 MiB / 112.96 MiB
Pagefile Memory (total/avail): 1057.36 MiB / 591.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.92 MiB

C: is Fixed (NTFS) - 111.81 GiB total, 29.92 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP1203N - 111.81 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.81 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - HP Photosmart C3180 USB Device

-- Security Center

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Norton AntiVirus v2004 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Lef\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-22CA86D5C4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Lef
LOGONSERVER=\\YOUR-22CA86D5C4
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Lef\LOCALS~1\Temp
TMP=C:\DOCUME~1\Lef\LOCALS~1\Temp
USERDOMAIN=YOUR-22CA86D5C4
USERNAME=Lef
USERPROFILE=C:\Documents and Settings\Lef
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles

Compaq_Owner (admin)
Compaq_Owner's (admin)
Lef (admin)
Kalef.YOUR-22CA86D5C4 (admin)

-- Add/Remove Programs

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems PCI Soft Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Explorer --> C:\Program Files\Common Files\AOL\1160089029\ee\services\browser\ver1_1_1042\uninst.exe
AOL Instant Messenger --> C:\PROGRA~1\AIM95\uninstll.exe -LOG= C:\PROGRA~1\AIM95\install.log -OEM=
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
ArcadeRockStar --> rundll32.exe url.dll,FileProtocolHandler http://www.arcaderockstar.com/deactivate.php
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Camtasia Studio 4 --> MsiExec.exe /I{950A8D14-C48E-4508-B377-1EA45A18FA3D}
CC_ccStart --> MsiExec.exe /I{27639E2B-595C-4BE4-830E-6B0FE4EEC9BE}
ccCommon --> MsiExec.exe /I{4266386E-84FA-4AB0-8AB4-D0566A5C93F6}
Compaq Connections --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 6750491
Cowabanga by OIN --> C:\Program Files\Cowabanga\uninstaller.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON ES CX6400 Manual --> C:\Program Files\epson\guide\cx6400_e\uninstall.exe
EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B53B71D-9E2F-42B8-9123-96354872D166}\setup.exe" -l0x9 MyUninstall
EPSON PhotoStarter3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" -l0x9 uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
EPSON Scan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\Setup.exe" -l0x9 UNINSTALL
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
ESPN RunTime --> C:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photosmart and Deskjet 7.0.A --> C:\Program Files\Hewlett-Packard\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HyperCam --> "C:\Program Files\HyperCam\Uninstall.exe"
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Karen's Cookie Viewer --> C:\Program Files\Karen's Power Tools\Cookie Viewer\uninst.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
My Web Search (Webfetti) --> rundll32 C:\PROGRA~1\MYWEBS~2\bar\5.bin\mwsbar.dll,O
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Neffy 1,2,0,6 --> C:\Program Files\Neffy\uninst.exe
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{1D27FAF0-960B-4102-A5F5-E1358E6B6C92}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OCR Software by I.R.I.S 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Opera --> C:\PROGRA~1\Opera\uninst\unwise.exe C:\PROGRA~1\Opera\uninst\install.log
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
P2P Networking --> C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /UNINSTALL
ParetoLogic Privacy Controls --> MsiExec.exe /I{742DFC87-1703-46D8-AC24-F87FDCD7C1AB}
PC Pitstop Erase 1.1 --> "C:\Program Files\PCPitstop\Erase\unins000.exe"
Peer Points Manager --> "C:\Program Files\Altnet\Download Manager\AltnetUninstall.exe" -m
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
ShortKeys Lite --> C:\PROGRA~1\SHORTK~1\UNWISE.EXE C:\PROGRA~1\SHORTK~1\INSTALL.LOG
Silkroad --> C:\Program Files\Silkroad\Remove.Exe
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam --> C:\PROGRA~1\Valve\Steam\UNWISE.EXE C:\PROGRA~1\Valve\Steam\INSTALL.LOG
STK014_V2.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7C401C6-B490-4C92-9E6D-F6A862A27B65}\Setup.exe" -l0x9
SwiftSwitch --> C:\Program Files\SwiftSwitch\Uninstal.exe
TargetSaver --> C:\WINDOWS\system32\tsuninst.exe /u
The Chronicles of Riddick: Escape From Butcher Bay Demo --> C:\Program Files\Starbreeze Studios\Riddick EFBB Demo\Uninstall.exe
ToolBar888 --> C:\Program Files\ToolBar888\Uninst.exe
TVUPlayer 1.5.12 --> C:\Program Files\TVU Player\uninst.exe
Ulead Photo Express 5 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}\setup.exe" -l0x9
Unreal Tournament Demo --> C:\TournamentDemo\System\Setup.exe uninstall "Unreal Tournament Demo"
VIA/S3G Display Driver --> VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VSAdd-in for Internet Explorer --> regsvr32.exe /u /s "C:\Program Files\VSAdd-in\VSAdd-in.dll"
WeatherBug Browser Bar - powered by MyWebSearch --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\w6Bar.dll,O
Windows Driver Package - Microsoft WPD (8/28/2006 1.0.0.2) --> rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\Zune_9C3D37D5063B767B2FEA1899B50894F1AC95FAA6\Zune.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPop --> C:\Program Files\WinPop\UnInstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZD Soft Screen Recorder --> "C:\Program Files\ZD Soft\Screen Recorder\Uninstall.exe"
ZD Soft Screen Video Decoder --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\scrvid.inf
Zune --> MsiExec.exe /X{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}

-- Application Event Log

Event Record #/Type7895 / Error
Event Submitted/Written: 04/16/2008 06:20:51 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.5730.11, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010de3.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7894 / Error
Event Submitted/Written: 04/16/2008 06:20:27 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.5730.11, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010de3.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7893 / Error
Event Submitted/Written: 04/16/2008 06:05:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application stk014m.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000105f8.
Processing media-specific event for [stk014m.exe!ws!]

Event Record #/Type7883 / Error
Event Submitted/Written: 04/16/2008 05:22:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application logonui.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x6c1e06a3.
Processing media-specific event for [logonui.exe!ws!]

Event Record #/Type7881 / Error
Event Submitted/Written: 04/16/2008 05:14:54 PM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application logonui.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x6c1e06a3.
Error in creating result PEAP-TLV in response to received PEAP-TLV (logonui.exe!ld!)

-- Security Event Log

No Errors/Warnings found.

-- System Event Log

Event Record #/Type8738 / Warning
Event Submitted/Written: 04/16/2008 06:24:30 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8734 / Error
Event Submitted/Written: 04/16/2008 06:08:39 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type8733 / Error
Event Submitted/Written: 04/16/2008 06:08:17 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type8716 / Error
Event Submitted/Written: 04/16/2008 06:03:29 PM / 04/16/2008 06:03:30 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the windows network service to connect.

Event Record #/Type8707 / Error
Event Submitted/Written: 04/16/2008 05:19:14 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

-- End of Deckard's System Scanner: finished at 2008-04-16 18:47:02

Thomas · April 2008

Holy smokes but that is a slew of malware recreated there. Must have been infected for quite some time now.

Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel. If any give you troubles just skip them and move on to the next. If any mandate web access to complete the uninstall skip these as well. These are all adware, adware related or flat out malware:

ArcadeRockStar
Cowabanga by OIN
Internet Speed Monitor
My Web Search (Webfetti)
P2P Networking
Peer Points Manager
TargetSaver
ToolBar888
Viewpoint Media Player
VSAdd-in for Internet Explorer
WeatherBug Browser Bar
WinPop

And I personally would not trust any of these streaming video players out of the People's Republic of China. But as long as you are from there, or are okay with your computer having an unsupervised open connection with the PRC, it is your choice:

TVUPlayer 1.5.12

Then too many malware files to target individually, so we'll scan some out now.

Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

And although in ways it duplicates that last scan, also Go here and download the free version of SUPERAntiSpyware and install it.

After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings.

Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is).

Start-up Options:
*Start SUPERAntiSpyware when Windows starts

Automatic Updates:
*Check for program updates when the application starts.
Start-up Scanning:
*Check for updates before scanning on startup.

Then select Close. Don't scan just yet though.

Also Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.

On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"

===============================================

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

Open SUPERAntiSpyware and click the Scan your Computer button. You may need to start SUPERAntiSpyware, then right click the Taskbar icon (the little bug shaped icon) and select "Scan for Spyware, Adware, Malware..." to access the scan panel. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.

SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).

Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here.

After the reboot, Still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Extra Log, uncheck all the boxes except this one:

Security Center

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Post back that, the MBAM log and the SUPERAntiSpyware log please.

Spyware Problems, Need Major Help!

Comments