Deckard's System Scanner v20071014.68 Run by Andre on 2008-03-16 18:13:26 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 10: 2008-03-16 06:18:08 UTC - RP333 - Deckard's System Scanner Restore Point 9: 2008-03-16 00:35:37 UTC - RP332 - System Checkpoint 8: 2008-03-13 12:56:34 UTC - RP331 - System Checkpoint 7: 2008-03-12 05:18:20 UTC - RP330 - Deckard's System Scanner Restore Point 6: 2008-03-12 04:41:37 UTC - RP329 - Installed Opera 9.26 -- First Restore Point -- 1: 2008-03-09 13:11:03 UTC - RP324 - Installed Ad-Aware 2007 Performed disk cleanup. [color=red]Percentage of Memory in Use: 87% (more than 75%).[/color] [color=red]Total Physical Memory: 256 MiB (512 MiB recommended).[/color] -- HijackThis (run as Andre.exe) ----------------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-03-16 18:22:27 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16441) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\McAfee\McAfee AntiSpyware\MASSrv.exe C:\Program Files\McAfee.com\Agent\Mcdetect.exe C:\Program Files\McAfee.com\Agent\McTskshd.exe C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Andre\Desktop\dss.exe C:\Program Files\Trend Micro\HijackThis\Andre.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie F0 - system.ini: Shell=Explorer.exe F2 - REG:system.ini: Shell=Explorer.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe, O1 - Hosts: 10.18.250.4 ad.doubleclick.net O1 - Hosts: 10.18.250.4 ad.fastclick.net O1 - Hosts: 10.18.250.4 ads.fastclick.net O1 - Hosts: 10.18.250.4 ar.atwola.com O1 - Hosts: 10.18.250.4 atdmt.com O1 - Hosts: 10.18.250.4 avp.ch O1 - Hosts: 10.18.250.4 avp.com O1 - Hosts: 10.18.250.4 avp.ru O1 - Hosts: 10.18.250.4 awaps.net O1 - Hosts: 10.18.250.4 banner.fastclick.net O1 - Hosts: 10.18.250.4 banners.fastclick.net O1 - Hosts: 10.18.250.4 ca.com O1 - Hosts: 10.18.250.4 click.atdmt.com O1 - Hosts: 10.18.250.4 clicks.atdmt.com O1 - Hosts: 10.18.250.4 customer.symantec.com O1 - Hosts: 10.18.250.4 dispatch.mcafee.com O1 - Hosts: 10.18.250.4 download.mcafee.com O1 - Hosts: 10.18.250.4 downloads-us1.kaspersky-labs.com O1 - Hosts: 10.18.250.4 downloads-us2.kaspersky-labs.com O1 - Hosts: 10.18.250.4 downloads-us3.kaspersky-labs.com O1 - Hosts: 10.18.250.4 downloads1.kaspersky-labs.com O1 - Hosts: 10.18.250.4 downloads2.kaspersky-labs.com O1 - Hosts: 10.18.250.4 downloads3.kaspersky-labs.com O1 - Hosts: 10.18.250.4 downloads4.kaspersky-labs.com O1 - Hosts: 10.18.250.4 engine.awaps.net O1 - Hosts: 10.18.250.4 f-secure.com O1 - Hosts: 10.18.250.4 fastclick.net O1 - Hosts: 10.18.250.4 ftp.avp.ch O1 - Hosts: 10.18.250.4 ftp.downloads1.kaspersky-labs.com O1 - Hosts: 10.18.250.4 ftp.downloads2.kaspersky-labs.com O1 - Hosts: 10.18.250.4 ftp.downloads3.kaspersky-labs.com O1 - Hosts: 10.18.250.4 ftp.f-secure.com O1 - Hosts: 10.18.250.4 ftp.kasperskylab.ru O1 - Hosts: 10.18.250.4 ftp.sophos.com O1 - Hosts: 10.18.250.4 ids.kaspersky-labs.com O1 - Hosts: 10.18.250.4 kaspersky-labs.com O1 - Hosts: 10.18.250.4 kaspersky.com O1 - Hosts: 10.18.250.4 liveupdate.symantec.com O1 - Hosts: 10.18.250.4 liveupdate.symantecliveupdate.com O1 - Hosts: 10.18.250.4 mast.mcafee.com O1 - Hosts: 10.18.250.4 mcafee.com O1 - Hosts: 10.18.250.4 media.fastclick.net O1 - Hosts: 10.18.250.4 my-etrust.com O1 - Hosts: 10.18.250.4 nai.com O1 - Hosts: 10.18.250.4 networkassociates.com O1 - Hosts: 10.18.250.4 norton.com O1 - Hosts: 10.18.250.4 phx.corporate-ir.net O1 - Hosts: 10.18.250.4 rads.mcafee.com O1 - Hosts: 10.18.250.4 secure.nai.com O1 - Hosts: 10.18.250.4 securityresponse.symantec.com O1 - Hosts: 10.18.250.4 service1.symantec.com O1 - Hosts: 10.18.250.4 sophos.com O1 - Hosts: 10.18.250.4 spd.atdmt.com O1 - Hosts: 10.18.250.4 symantec.com O1 - Hosts: 10.18.250.4 trendmicro.com O1 - Hosts: 10.18.250.4 update.symantec.com O1 - Hosts: 10.18.250.4 updates.symantec.com O1 - Hosts: 10.18.250.4 updates1.kaspersky-labs.com O1 - Hosts: 10.18.250.4 updates2.kaspersky-labs.com O1 - Hosts: 10.18.250.4 updates3.kaspersky-labs.com O1 - Hosts: 10.18.250.4 updates4.kaspersky-labs.com O1 - Hosts: 10.18.250.4 updates5.kaspersky-labs.com O1 - Hosts: 10.18.250.4 us.mcafee.com O1 - Hosts: 10.18.250.4 vil.nai.com O1 - Hosts: 10.18.250.4 viruslist.com O1 - Hosts: 10.18.250.4 viruslist.ru O1 - Hosts: 10.18.250.4 virusscan.jotti.org O1 - Hosts: 10.18.250.4 virustotal.com O1 - Hosts: 10.18.250.4 www.avp.ch O1 - Hosts: 10.18.250.4 www.avp.com O1 - Hosts: 10.18.250.4 www.avp.ru O1 - Hosts: 10.18.250.4 www.awaps.net O1 - Hosts: 10.18.250.4 www.ca.com O1 - Hosts: 10.18.250.4 www.f-secure.com O1 - Hosts: 10.18.250.4 www.fastclick.net O1 - Hosts: 10.18.250.4 www.grisoft.com O1 - Hosts: 10.18.250.4 www.kaspersky-labs.com O1 - Hosts: 10.18.250.4 www.kaspersky.com O1 - Hosts: 10.18.250.4 www.kaspersky.ru O1 - Hosts: 10.18.250.4 www.mcafee.com O1 - Hosts: 10.18.250.4 www.my-etrust.com O1 - Hosts: 10.18.250.4 www.nai.com O1 - Hosts: 10.18.250.4 www.networkassociates.com O1 - Hosts: 10.18.250.4 www.sophos.com O1 - Hosts: 10.18.250.4 www.symantec.com O1 - Hosts: 10.18.250.4 www.trendmicro.com O1 - Hosts: 10.18.250.4 www.viruslist.com O1 - Hosts: 10.18.250.4 www.viruslist.ru O1 - Hosts: 10.18.250.4 www.virustotal.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {85DA32C2-9D9B-4DCB-9FBB-35882FC4D2F8} - (no file) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file) O2 - BHO: Google Search Assistant - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file) O2 - BHO: {4b8473a5-03cb-6c88-bfe4-c1ea2f57835b} - {b53875f2-ae1c-4efb-88c6-bc305a3748b4} - C:\WINDOWS\system32\fnluqwgk.dll (file missing) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1205149217.dll (file missing) O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file) O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file) O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [cc9fb054] rundll32.exe "C:\WINDOWS\system32\rfnbkkci.dll",b O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [BMcfac83c8] Rundll32.exe "C:\WINDOWS\system32\esalcwdd.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - (file missing) O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} () - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer = 202.27.158.40,202.27.156.72 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: acfffaeddbcec - C:\WINDOWS\system32\acfffaeddbcec.dll O20 - Winlogon Notify: bdebafab - C:\WINDOWS\system32\bdebafab.dll O20 - Winlogon Notify: opnlkhi - C:\WINDOWS\system32\opnlkhi.dll (file missing) O20 - Winlogon Notify: tuvww - C:\WINDOWS\system32\tuvww.dll (file missing) O20 - Winlogon Notify: winvfe32 - C:\WINDOWS\system32\winvfe32.dll (file missing) O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll (file missing) O21 - SSODL: ServiceSetup - {07f7210c-30b3-4e00-81ee-487aeb2523d9} - C:\WINDOWS\Installer\{07f7210c-30b3-4e00-81ee-487aeb2523d9}\ServiceSetup.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\MASSrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- End of file - 13806 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71[/COLOR] [COLOR=red].ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/COLOR] [COLOR=red].js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2[/COLOR] [COLOR=red].reg - regfile - shell\open\command - "regedit.exe" "%1"[/COLOR] [COLOR=red].txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys R3 SASENUM - c:\program files\superantispyware\sasenum.sys S3 Maplom - c:\windows\system32\drivers\maplom.sys S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys (file missing) S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) S3 ZSMC302 (VIMICRO USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 McAfee AntiSpyware Service - "c:\progra~1\mcafee\mcafee antispyware\massrv.exe" -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Process Modules ------------------------------------------------------------- C:\WINDOWS\system32\winlogon.exe (pid 492) 2007-04-19 12:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2008-03-10 22:25:55 93184 -----n--- C:\WINDOWS\system32\acfffaeddbcec.dll 2004-08-07 08:36:14 218624 --a------ C:\WINDOWS\system32\uxtheme.dll 2008-03-04 12:48:44 108562 -----n--- C:\WINDOWS\system32\bdebafab.dll 2002-07-08 10:14:24 1294336 --a------ C:\WINDOWS\system32\vorbis.acm C:\WINDOWS\system32\svchost.exe (pid 696) 2004-08-07 08:36:14 218624 --a------ C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\svchost.exe (pid 868) 2004-08-07 08:36:14 218624 --a------ C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\svchost.exe (pid 1416) 2004-08-07 08:36:14 218624 --a------ C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\system32\svchost.exe (pid 1540) 2004-08-07 08:36:14 218624 --a------ C:\WINDOWS\system32\uxtheme.dll C:\WINDOWS\explorer.exe (pid 1924) 2004-08-07 08:36:14 218624 --a------ C:\WINDOWS\system32\uxtheme.dll 2008-03-10 18:53:54 89664 --a------ C:\WINDOWS\system32\esalcwdd.dll C:\WINDOWS\system32\rundll32.exe (pid 1624) 2004-08-07 08:36:14 218624 --a------ C:\WINDOWS\system32\uxtheme.dll 2008-03-10 18:53:54 89664 --a------ C:\WINDOWS\system32\esalcwdd.dll -- Scheduled Tasks ------------------------------------------------------------- 2008-03-16 18:00:09 258 --ah----- C:\WINDOWS\Tasks\A8713B3C918EB1D4.job 2008-03-16 15:49:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-12-18 05:30:00 362 --a------ C:\WINDOWS\Tasks\McAfee AntiSpyware.job 2006-08-27 21:56:41 256 --a------ C:\WINDOWS\Tasks\BugDoctorAndre.job -- Files created between 2008-02-16 and 2008-03-16 ----------------------------- 2008-03-13 12:16:54 0 d-------- C:\VundoFix Backups 2008-03-12 16:41:46 0 d-------- C:\Program Files\Opera 2008-03-11 20:04:33 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-03-11 20:04:33 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-03-11 20:04:33 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-03-11 20:04:33 73728 --a------ C:\WINDOWS\system32\fdsv.exe 2008-03-11 20:04:16 53248 --a------ C:\WINDOWS\PSEXESVC.EXE 2008-03-11 16:12:20 0 d-------- C:\Program Files\Trend Micro 2008-03-11 01:34:59 0 d-------- C:\Documents and Settings\Andre\Application Data\Grisoft 2008-03-11 01:05:03 2572 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-11 01:03:34 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-03-11 01:03:34 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-03-11 01:03:34 86528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-03-11 01:03:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-03-11 01:03:34 53248 --a------ C:\WINDOWS\system32\Process.exe 2008-03-11 01:03:34 82432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-03-11 01:03:34 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-03-11 00:53:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-10 18:53:53 89664 --a------ C:\WINDOWS\system32\esalcwdd.dll 2008-03-10 18:52:54 166689 --ahs---- C:\WINDOWS\system32\mopoq.ini2 2008-03-10 17:56:52 211909 ---hs---- C:\WINDOWS\system32\wwvut.ini2 2008-03-10 16:13:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-10 16:09:51 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-10 16:09:49 0 d-------- C:\Documents and Settings\Andre\Application Data\SUPERAntiSpyware.com 2008-03-10 12:38:52 91200 -----n--- C:\WINDOWS\system32\albinkab.dll 2008-03-10 12:37:14 89664 --a------ C:\WINDOWS\system32\grdspycw.dll 2008-03-10 01:55:00 91200 --a------ C:\WINDOWS\system32\tobofkeh.dll 2008-03-10 01:52:31 89664 --a------ C:\WINDOWS\system32\jjvarbag.dll 2008-03-10 01:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-10 01:07:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-10 00:54:34 0 d-------- C:\WINDOWS\FLEOK 2008-03-10 00:51:58 24320 --a------ C:\WINDOWS\system32\MSNSA32.dll 2008-03-10 00:51:57 16384 --a------ C:\WINDOWS\msapasrc.dll 2008-03-10 00:51:57 11264 --a------ C:\WINDOWS\msa64chk.dll 2008-03-10 00:51:32 11008 --a------ C:\WINDOWS\system32\SIPSPI32.dll 2008-03-10 00:51:28 15360 --a------ C:\WINDOWS\system32\shdocpe.dll 2008-03-10 00:51:28 11776 --a------ C:\WINDOWS\system32\ntnut32.exe 2008-03-10 00:51:27 14848 --a------ C:\WINDOWS\shdocpl.dll 2008-03-10 00:51:27 29184 --a------ C:\WINDOWS\ntnut.exe 2008-03-10 00:51:26 20224 --a------ C:\WINDOWS\shdocpe.dll 2008-03-10 00:51:10 24832 --a------ C:\WINDOWS\winsb.dll 2008-03-10 00:51:05 26624 --a------ C:\WINDOWS\browserad.dll 2008-03-10 00:51:04 29184 --a------ C:\WINDOWS\aviwrap32.dll 2008-03-10 00:51:03 21248 --a------ C:\WINDOWS\avisynthex32.dll 2008-03-10 00:51:03 15872 --a------ C:\WINDOWS\avifile32.dll 2008-03-10 00:51:03 31744 --a------ C:\WINDOWS\autodisc32.dll 2008-03-10 00:51:02 30208 --a------ C:\WINDOWS\audiosrv32.dll 2008-03-10 00:51:01 13824 --a------ C:\WINDOWS\ati2dvag32.dll 2008-03-10 00:51:01 20480 --a------ C:\WINDOWS\ati2dvaa32.dll 2008-03-10 00:51:00 12288 --a------ C:\WINDOWS\athprxy32.dll 2008-03-10 00:51:00 15872 --a------ C:\WINDOWS\asycfilt32.dll 2008-03-10 00:51:00 16384 --a------ C:\WINDOWS\asferror32.dll 2008-03-10 00:50:59 20480 --a------ C:\WINDOWS\apphelp32.dll 2008-03-10 00:50:54 21504 --a------ C:\WINDOWS\changeurl_30.dll 2008-03-09 21:59:51 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-09 21:49:52 18944 --a------ C:\WINDOWS\system32\wowfx.dll 2008-03-09 21:26:13 92224 --a------ C:\WINDOWS\system32\psrautoc.dll 2008-03-09 21:25:49 39936 --a------ C:\WINDOWS\system32\vtuvvwx.dll 2008-03-09 21:20:16 88640 --a------ C:\WINDOWS\system32\qjajusck.dll 2008-03-06 12:55:27 96832 --a------ C:\WINDOWS\system32\pjsmllpb.dll 2008-03-06 12:49:29 91712 --a------ C:\WINDOWS\system32\dmvvxpnp.dll 2008-03-06 12:40:49 96832 --a------ C:\WINDOWS\system32\lwdnoiwl.dll 2008-03-06 12:37:49 91712 --a------ C:\WINDOWS\system32\jglughgb.dll 2008-03-05 14:48:29 96832 --a------ C:\WINDOWS\system32\vexahhaa.dll 2008-03-05 14:45:29 89664 --a------ C:\WINDOWS\system32\uxvjmeeb.dll 2008-03-05 14:42:30 91712 --a------ C:\WINDOWS\system32\aakbgmdi.dll 2008-03-05 12:07:50 89664 --a------ C:\WINDOWS\system32\bdobqtqk.dll 2008-03-05 12:05:03 96832 --a------ C:\WINDOWS\system32\eamfsdfd.dll 2008-03-05 12:04:49 91712 --a------ C:\WINDOWS\system32\vwyhjkxh.dll 2008-03-04 19:22:18 95296 --a------ C:\WINDOWS\system32\knhfypop.dll 2008-03-04 19:16:19 91712 --a------ C:\WINDOWS\system32\vdapvbcw.dll 2008-03-04 18:41:43 0 d-------- C:\Program Files\SmartFTP Client 2008-03-04 18:39:15 0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files 2008-03-04 12:54:51 95296 --a------ C:\WINDOWS\system32\wiybjvwe.dll 2008-03-04 12:51:52 91712 --a------ C:\WINDOWS\system32\msanlmqk.dll 2008-03-04 12:17:17 95296 --a------ C:\WINDOWS\system32\mjnirgsr.dll 2008-03-04 12:17:06 91712 --a------ C:\WINDOWS\system32\blhdevry.dll 2008-03-03 12:34:41 89664 --a------ C:\WINDOWS\system32\lolchhbw.dll 2008-03-03 12:31:41 84544 --a------ C:\WINDOWS\system32\spycibrv.dll 2008-03-03 12:29:52 91712 --a------ C:\WINDOWS\system32\pjlabpkb.dll 2008-03-03 00:35:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-03 00:32:21 0 d-------- C:\Program Files\Windows Live 2008-03-03 00:30:10 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-02 15:11:52 89664 --a------ C:\WINDOWS\system32\ohgdflff.dll 2008-03-02 15:05:58 91712 --a------ C:\WINDOWS\system32\pwbaalor.dll 2008-03-01 16:15:21 88640 --a------ C:\WINDOWS\system32\uitskogr.dll 2008-03-01 16:12:19 91712 --a------ C:\WINDOWS\system32\aldtvvtr.dll 2008-03-01 13:53:38 28435 --a------ C:\WINDOWS\system32\qjchfvwe.dll 2008-03-01 13:50:45 64 --a------ C:\WINDOWS\system32\cxdlkxio.dll 2008-03-01 13:50:39 64 --a------ C:\WINDOWS\system32\cibpunoy.dll 2008-02-29 19:02:29 0 dr-h----- C:\Documents and Settings\Chloe\Recent 2008-02-29 18:42:18 89664 --a------ C:\WINDOWS\system32\rnwexqew.dll 2008-02-29 18:39:19 84544 --a------ C:\WINDOWS\system32\otwuvwdg.dll 2008-02-29 18:37:20 91712 --a------ C:\WINDOWS\system32\vteruxds.dll 2008-02-29 13:26:28 84544 --a------ C:\WINDOWS\system32\fxjshkry.dll 2008-02-29 13:23:29 89664 --a------ C:\WINDOWS\system32\dgqjmamm.dll 2008-02-29 13:20:30 91712 --a------ C:\WINDOWS\system32\nrmweutp.dll 2008-02-29 11:41:27 89664 --a------ C:\WINDOWS\system32\nxlqjoro.dll 2008-02-29 11:37:02 91712 --a------ C:\WINDOWS\system32\xlkexhnm.dll 2008-02-29 00:10:13 0 d-------- C:\Program Files\PokerStars.NET 2008-02-28 23:05:52 84544 --a------ C:\WINDOWS\system32\isvfgkvm.dll 2008-02-28 23:03:05 89664 --a------ C:\WINDOWS\system32\yudqdbil.dll 2008-02-28 22:59:50 91712 --a------ C:\WINDOWS\system32\dwyjrvdq.dll 2008-02-28 22:38:12 89664 --a------ C:\WINDOWS\system32\oanxoijc.dll 2008-02-28 22:35:11 91712 --a------ C:\WINDOWS\system32\slryupkh.dll 2008-02-28 16:05:53 85056 --a------ C:\WINDOWS\system32\ydorecnu.dll 2008-02-28 16:02:50 90176 --a------ C:\WINDOWS\system32\dhlrqabp.dll 2008-02-28 13:22:00 91712 --a------ C:\WINDOWS\system32\ukeibife.dll 2008-02-27 20:24:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia 2008-02-27 20:19:09 0 d-------- C:\Program Files\Macromedia 2008-02-27 20:19:09 0 d-------- C:\Program Files\Common Files\Macromedia 2008-02-27 19:53:12 89152 --a------ C:\WINDOWS\system32\whrxauxt.dll 2008-02-27 13:49:25 89152 --a------ C:\WINDOWS\system32\oeavsisr.dll 2008-02-27 13:46:25 86080 --a------ C:\WINDOWS\system32\tghsdvad.dll 2008-02-27 13:43:25 91712 --a------ C:\WINDOWS\system32\kmuducbj.dll 2008-02-26 13:21:19 90688 --a------ C:\WINDOWS\system32\wgbxrrlt.dll 2008-02-25 23:46:01 0 d-------- C:\Program Files\Audacity 2008-02-25 11:10:17 90176 --a------ C:\WINDOWS\system32\vldfgvtn.dll 2008-02-24 22:01:41 89152 --a------ C:\WINDOWS\system32\pbupkmnl.dll 2008-02-24 18:51:02 89152 --a------ C:\WINDOWS\system32\ydctoclo.dll 2008-02-24 12:17:24 89152 --a------ C:\WINDOWS\system32\vbuuvaam.dll 2008-02-24 00:16:54 89152 --a------ C:\WINDOWS\system32\javmqxts.dll 2008-02-22 11:44:11 93760 --a------ C:\WINDOWS\system32\lkqiimtm.dll 2008-02-20 10:55:11 89152 --a------ C:\WINDOWS\system32\knqeiyan.dll 2008-02-18 14:03:24 97344 --a------ C:\WINDOWS\system32\ebsvnsoe.dll 2008-02-18 12:03:33 97344 --a------ C:\WINDOWS\system32\xuvxrqyr.dll 2008-02-17 15:36:27 92736 --a------ C:\WINDOWS\system32\watgisxh.dll -- Find3M Report --------------------------------------------------------------- 2008-03-13 00:15:45 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-03-12 16:42:55 0 d-------- C:\Documents and Settings\Andre\Application Data\Opera 2008-03-10 22:25:55 93184 -----n--- C:\WINDOWS\system32\acfffaeddbcec.dll 2008-03-10 18:13:35 0 d-------- C:\Documents and Settings\Andre\Application Data\EXTRA LOCKS LOGO 2008-03-10 01:07:38 0 d-------- C:\Program Files\Common Files 2008-03-04 12:48:44 108562 -----n--- C:\WINDOWS\system32\bdebafab.dll 2008-02-27 22:58:38 0 d-------- C:\Documents and Settings\Andre\Application Data\Macromedia 2008-02-13 21:46:53 86080 --a------ C:\WINDOWS\system32\latnakye.dll 2008-02-13 21:40:11 93248 --a------ C:\WINDOWS\system32\mqhajueh.dll 2008-02-13 18:07:34 93248 --a------ C:\WINDOWS\system32\xfxrttmi.dll 2008-02-13 11:24:29 86080 --a------ C:\WINDOWS\system32\tyhijffy.dll 2008-02-13 11:19:54 93248 --a------ C:\WINDOWS\system32\vnnxhevr.dll 2008-02-12 19:21:44 86080 --a------ C:\WINDOWS\system32\rpnebppw.dll 2008-02-12 19:15:49 93248 --a------ C:\WINDOWS\system32\ghuvqued.dll 2008-02-12 18:46:34 0 d-------- C:\Documents and Settings\Andre\Application Data\Microsoft Games 2008-02-12 18:32:48 0 d-------- C:\Documents and Settings\Andre\Application Data\Adobe 2008-02-12 11:40:36 93248 --a------ C:\WINDOWS\system32\xjjkdkeo.dll 2008-02-12 00:54:19 93248 --a------ C:\WINDOWS\system32\jfhdeywe.dll 2008-02-11 14:05:12 93248 --a------ C:\WINDOWS\system32\yjpsnoxq.dll 2008-02-10 23:56:44 93248 --a------ C:\WINDOWS\system32\jpbuqoth.dll 2008-02-10 16:26:38 93760 --a------ C:\WINDOWS\system32\lelftaan.dll 2008-02-10 14:53:08 93760 --a------ C:\WINDOWS\system32\ungavyte.dll 2008-02-09 18:53:48 94784 --a------ C:\WINDOWS\system32\vttjqray.dll 2008-02-08 13:01:08 95808 --a------ C:\WINDOWS\system32\nodkdasf.dll 2008-02-08 12:53:14 95808 --a------ C:\WINDOWS\system32\awkyeqnk.dll 2008-02-08 00:00:27 95808 --a------ C:\WINDOWS\system32\hxiqgwhk.dll 2008-02-07 16:04:44 92224 --a------ C:\WINDOWS\system32\aanfdldq.dll 2008-02-06 20:58:03 90688 --a------ C:\WINDOWS\system32\ptpyipvn.dll 2008-02-06 20:55:04 94272 --a------ C:\WINDOWS\system32\ulooocjm.dll 2008-02-06 12:23:04 94272 --a------ C:\WINDOWS\system32\qnmjjnwd.dll 2008-02-06 00:17:41 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-02-05 17:52:44 93248 --a------ C:\WINDOWS\system32\fpdtlmjl.dll 2008-02-05 11:43:13 93248 --a------ C:\WINDOWS\system32\earagtsj.dll 2008-02-04 18:28:51 92736 --a------ C:\WINDOWS\system32\smjegtsm.dll 2008-02-04 17:13:00 92736 --a------ C:\WINDOWS\system32\ryvdyllf.dll 2008-02-04 11:59:38 92736 --a------ C:\WINDOWS\system32\mbwuyhdb.dll 2008-02-03 22:15:04 96832 --a------ C:\WINDOWS\system32\gqjnhynr.dll 2008-02-03 21:08:50 96832 --a------ C:\WINDOWS\system32\ejolvgji.dll 2008-02-03 15:52:00 96832 --a------ C:\WINDOWS\system32\kqgcwbcj.dll 2008-02-01 19:10:00 90688 --a------ C:\WINDOWS\system32\rwsmyvvq.dll 2008-02-01 19:07:01 94784 --a------ C:\WINDOWS\system32\reomjayr.dll 2008-01-31 12:39:23 92736 --a------ C:\WINDOWS\system32\aigphkbe.dll 2008-01-31 12:37:13 74304 --a------ C:\WINDOWS\system32\tpubxhvm.exe 2008-01-30 17:09:27 78912 --a------ C:\WINDOWS\system32\sieieuey.dll 2008-01-30 17:06:29 74304 --a------ C:\WINDOWS\system32\dsqxtuhe.exe 2008-01-28 19:38:30 89152 --a------ C:\WINDOWS\system32\ncsiigus.dll 2008-01-28 19:35:30 74304 --a------ C:\WINDOWS\system32\bycvqalq.exe 2008-01-28 19:33:16 78912 --a------ C:\WINDOWS\system32\dvdryuct.dll 2008-01-28 13:25:56 74304 --a------ C:\WINDOWS\system32\fvjbxjaw.exe 2008-01-28 13:25:33 78912 --a------ C:\WINDOWS\system32\jpjifblo.dll 2008-01-25 18:05:51 87616 --a------ C:\WINDOWS\system32\qpsmgele.dll 2008-01-25 17:58:47 74304 --a------ C:\WINDOWS\system32\xlipjvve.exe 2008-01-25 17:55:50 80448 --a------ C:\WINDOWS\system32\bvddhavv.dll 2008-01-25 16:30:03 80448 --a------ C:\WINDOWS\system32\iaurcuef.dll 2008-01-25 16:27:04 74304 --a------ C:\WINDOWS\system32\ycngioof.exe 2008-01-24 19:13:26 74304 --a------ C:\WINDOWS\system32\ehogavek.exe 2008-01-24 19:10:36 80960 --a------ C:\WINDOWS\system32\vuutlqnd.dll 2008-01-24 16:16:14 87616 --a------ C:\WINDOWS\system32\oniironh.dll 2008-01-24 16:07:28 74304 --a------ C:\WINDOWS\system32\gtckmary.exe 2008-01-24 16:07:09 80960 --a------ C:\WINDOWS\system32\rqupdbhx.dll 2008-01-23 22:02:59 89664 --a------ C:\WINDOWS\system32\fyhtufkn.dll 2008-01-23 21:59:53 77376 --a------ C:\WINDOWS\system32\fdigjsjr.dll 2008-01-23 21:56:48 74304 --a------ C:\WINDOWS\system32\cxrvxsax.exe 2008-01-23 19:42:55 89664 --a------ C:\WINDOWS\system32\yiqhnywn.dll 2008-01-23 19:39:52 74304 --a------ C:\WINDOWS\system32\myyjetih.exe 2008-01-23 19:36:52 77376 --a------ C:\WINDOWS\system32\eeaffsvh.dll 2008-01-23 15:22:01 74304 --a------ C:\WINDOWS\system32\uheaynvb.exe 2008-01-23 15:19:00 77376 --a------ C:\WINDOWS\system32\naeplmlc.dll 2008-01-23 12:16:38 74304 --a------ C:\WINDOWS\system32\ncyyelhh.exe 2008-01-23 12:16:34 77376 --a------ C:\WINDOWS\system32\hltlludy.dll 2008-01-22 22:52:39 77376 --a------ C:\WINDOWS\system32\nbwhnake.dll 2008-01-22 22:49:34 74304 --a------ C:\WINDOWS\system32\htkkdaep.exe 2008-01-22 20:49:01 88640 --a------ C:\WINDOWS\system32\xmtghjhs.dll 2008-01-22 20:45:57 74304 --a------ C:\WINDOWS\system32\creyptxc.exe 2008-01-22 20:43:51 78912 --a------ C:\WINDOWS\system32\jgwjhqqr.dll 2008-01-22 17:37:50 88640 --a------ C:\WINDOWS\system32\yaoxmbit.dll 2008-01-22 17:35:49 74304 --a------ C:\WINDOWS\system32\lxdrmeyh.exe 2008-01-22 17:35:20 78912 --a------ C:\WINDOWS\system32\etloqrqo.dll 2008-01-22 16:05:13 74304 --a------ C:\WINDOWS\system32\sjcgyqyd.exe 2008-01-22 16:03:20 78912 --a------ C:\WINDOWS\system32\injlwarn.dll 2008-01-22 14:10:25 74304 --a------ C:\WINDOWS\system32\csijxxyw.exe 2008-01-22 14:07:26 78912 --a------ C:\WINDOWS\system32\wkkvbphs.dll 2008-01-21 16:36:43 85568 --a------ C:\WINDOWS\system32\vcirlutn.dll 2008-01-21 16:33:43 79424 --a------ C:\WINDOWS\system32\twvdjwui.dll 2008-01-21 16:30:42 74304 --a------ C:\WINDOWS\system32\hvhtisbq.exe 2008-01-20 17:10:41 74304 --a------ C:\WINDOWS\system32\kyvoeilk.exe 2008-01-20 17:09:29 78400 --a------ C:\WINDOWS\system32\gefvhsff.dll 2008-01-18 20:53:34 64 --a------ C:\WINDOWS\system32\ihrthapa.dll 2008-01-18 20:49:21 64 --a------ C:\WINDOWS\system32\nxromyit.dll 2008-01-18 11:53:31 86592 --a------ C:\WINDOWS\system32\gjnkeuhu.dll 2008-01-18 11:50:28 74304 --a------ C:\WINDOWS\system32\yvdenjbw.exe 2008-01-18 11:47:35 77376 --a------ C:\WINDOWS\system32\gqreuuvh.dll 2008-01-17 12:38:22 76864 --a------ C:\WINDOWS\system32\orikbdft.dll 2008-01-17 12:38:12 74304 --a------ C:\WINDOWS\system32\ojqcstns.exe 2008-01-17 10:01:39 86592 --a------ C:\WINDOWS\system32\pdrqhmjf.dll 2008-01-17 09:58:38 74304 --a------ C:\WINDOWS\system32\itahkyxp.exe 2008-01-17 09:55:46 76864 --a------ C:\WINDOWS\system32\sneyfsgk.dll 2008-01-16 18:55:14 79936 --a------ C:\WINDOWS\system32\qxtdemhl.dll 2008-01-16 18:52:20 74304 --a------ C:\WINDOWS\system32\fhuxheni.exe 2008-01-16 12:04:20 79936 --a------ C:\WINDOWS\system32\hdcqsaxy.dll 2008-01-16 12:04:08 74304 --a------ C:\WINDOWS\system32\dpfnllrl.exe 2008-01-15 16:30:56 74304 --a------ C:\WINDOWS\system32\qojfihhx.exe 2008-01-15 16:30:49 77888 --a------ C:\WINDOWS\system32\iluephmi.dll 2008-01-15 13:41:11 89152 --a------ C:\WINDOWS\system32\otlckofp.dll 2008-01-15 13:40:51 74304 --a------ C:\WINDOWS\system32\tlqbjovx.exe 2008-01-15 13:38:30 77888 --a------ C:\WINDOWS\system32\wrlskwyi.dll 2008-01-15 11:21:27 89152 --a------ C:\WINDOWS\system32\plorygqj.dll 2008-01-15 11:18:22 74304 --a------ C:\WINDOWS\system32\wxxauokt.exe 2008-01-15 11:18:13 77888 --a------ C:\WINDOWS\system32\saoneopc.dll 2008-01-14 21:24:25 90176 --a------ C:\WINDOWS\system32\ticglxde.dll 2008-01-14 21:22:26 76864 --a------ C:\WINDOWS\system32\enqmlsgb.dll 2008-01-14 21:18:46 74304 --a------ C:\WINDOWS\system32\vohqcquo.exe 2008-01-14 18:10:09 74304 --a------ C:\WINDOWS\system32\qomkalhh.exe 2008-01-14 18:08:59 79936 --a------ C:\WINDOWS\system32\mcfysdih.dll 2008-01-14 12:37:13 90176 --a------ C:\WINDOWS\system32\duhqbidv.dll 2008-01-14 12:34:18 74304 --a------ C:\WINDOWS\system32\fhcbwets.exe 2008-01-14 12:34:10 79936 --a------ C:\WINDOWS\system32\mntvafhs.dll 2008-01-13 12:07:37 90176 --a------ C:\WINDOWS\system32\rgyrieib.dll 2008-01-13 12:04:37 76864 --a------ C:\WINDOWS\system32\erbnbcng.dll 2008-01-13 12:01:32 74304 --a------ C:\WINDOWS\system32\xtijatws.exe 2008-01-12 14:36:42 74304 --a------ C:\WINDOWS\system32\mxntotbj.exe 2008-01-12 14:34:08 76864 --a------ C:\WINDOWS\system32\ektnacrs.dll 2008-01-11 23:24:17 74304 --a------ C:\WINDOWS\system32\cdimyxxf.exe 2008-01-11 23:21:28 76864 --a------ C:\WINDOWS\system32\mytdtntt.dll 2008-01-11 22:13:49 90176 --a------ C:\WINDOWS\system32\jgledbcx.dll 2008-01-11 22:10:38 74304 --a------ C:\WINDOWS\system32\yuxvvrow.exe 2008-01-11 22:07:46 76864 --a------ C:\WINDOWS\system32\emnwuibn.dll 2008-01-11 21:42:09 90176 --a------ C:\WINDOWS\system32\sfjneibe.dll 2008-01-11 21:40:36 74304 --a------ C:\WINDOWS\system32\rnoxpcgw.exe 2008-01-11 21:39:36 76864 --a------ C:\WINDOWS\system32\slkkuwtt.dll 2008-01-11 11:44:53 90176 --a------ C:\WINDOWS\system32\vjphrjye.dll 2008-01-11 11:41:25 79424 --a------ C:\WINDOWS\system32\axeykeup.dll 2008-01-11 11:38:20 74304 --a------ C:\WINDOWS\system32\tburhgrm.exe 2008-01-10 18:33:08 74304 --a------ C:\WINDOWS\system32\pkvwqpxk.exe 2008-01-10 18:30:06 79424 --a------ C:\WINDOWS\system32\ceayoewi.dll 2008-01-10 14:13:13 74304 --a------ C:\WINDOWS\system32\jkwwmrqo.exe 2008-01-10 14:10:14 79936 --a------ C:\WINDOWS\system32\vyqbgkdi.dll 2008-01-09 11:47:49 74304 --a------ C:\WINDOWS\system32\prtwmhhh.exe 2008-01-09 11:47:42 77888 --a------ C:\WINDOWS\system32\ebtcuser.dll 2008-01-08 14:06:33 90176 --a------ C:\WINDOWS\system32\dymldwdb.dll 2008-01-08 14:03:42 76864 --a------ C:\WINDOWS\system32\lgquuguf.dll 2008-01-08 14:00:37 74304 --a------ C:\WINDOWS\system32\nggrsece.exe 2008-01-07 23:03:50 76864 --a------ C:\WINDOWS\system32\ljhdyfbq.dll 2008-01-07 23:03:39 74304 --a------ C:\WINDOWS\system32\nypecljv.exe 2008-01-07 21:30:56 90176 --a------ C:\WINDOWS\system32\mapcnluk.dll 2008-01-07 21:29:10 76864 --a------ C:\WINDOWS\system32\ugqtygkb.dll 2008-01-07 21:26:26 74304 --a------ C:\WINDOWS\system32\ohetdfhv.exe 2008-01-07 19:04:58 74304 --a------ C:\WINDOWS\system32\tcerysux.exe 2008-01-07 19:01:54 76864 --a------ C:\WINDOWS\system32\rdmaesju.dll 2008-01-06 21:46:48 75840 --a------ C:\WINDOWS\system32\qrihkklr.dll 2008-01-06 21:46:44 74304 --a------ C:\WINDOWS\system32\vhcvismm.exe 2008-01-06 18:50:45 75840 --a------ C:\WINDOWS\system32\estmqdrr.dll 2008-01-06 18:50:41 74304 --a------ C:\WINDOWS\system32\seldigcc.exe 2008-01-06 18:13:40 90176 --a------ C:\WINDOWS\system32\ismyhvhi.dll 2008-01-06 18:13:17 74304 --a------ C:\WINDOWS\system32\puwrbbhb.exe 2008-01-06 18:09:50 78912 --a------ C:\WINDOWS\system32\igqbasgq.dll 2008-01-05 20:18:32 78912 --a------ C:\WINDOWS\system32\wwecyiru.dll 2008-01-05 20:15:30 74304 --a------ C:\WINDOWS\system32\jmrvwyli.exe 2008-01-05 19:02:23 90176 --a------ C:\WINDOWS\system32\audornpy.dll 2008-01-05 19:02:14 78912 --a------ C:\WINDOWS\system32\ystwbnwk.dll 2008-01-05 19:02:04 74304 --a------ C:\WINDOWS\system32\lyynwagx.exe 2008-01-04 21:37:53 74304 --a------ C:\WINDOWS\system32\rpuoqkja.exe 2008-01-04 21:34:45 77376 --a------ C:\WINDOWS\system32\redtyufc.dll 2008-01-04 14:42:23 87104 --a------ C:\WINDOWS\system32\viwivulv.dll 2008-01-04 14:39:24 74304 --a------ C:\WINDOWS\system32\ukosgsjc.exe 2008-01-04 14:36:24 78400 --a------ C:\WINDOWS\system32\loovqjit.dll 2008-01-04 13:33:01 87104 --a------ C:\WINDOWS\system32\edanavmo.dll 2008-01-04 13:30:02 74304 --a------ C:\WINDOWS\system32\vfvjagxn.exe 2008-01-04 13:27:23 78400 --a------ C:\WINDOWS\system32\xlvdvvjb.dll 2008-01-04 12:56:30 78400 --a------ C:\WINDOWS\system32\vasveioe.dll 2008-01-04 11:05:21 87104 --a------ C:\WINDOWS\system32\ycwejsaw.dll 2008-01-04 11:02:21 78400 --a------ C:\WINDOWS\system32\mahwyfis.dll 2008-01-04 10:59:22 74304 --a------ C:\WINDOWS\system32\rseoudwm.exe 2008-01-03 12:44:30 74304 --a------ C:\WINDOWS\system32\kvldlrvn.exe 2008-01-03 12:41:30 78400 --a------ C:\WINDOWS\system32\yubdxbyc.dll 2008-01-02 16:13:35 74304 --a------ C:\WINDOWS\system32\jectcjuk.exe 2008-01-01 10:25:25 90176 --a------ C:\WINDOWS\system32\xpbfbafa.dll 2008-01-01 10:24:07 74304 --a------ C:\WINDOWS\system32\uccnvwyw.exe 2008-01-01 00:53:53 74304 --a------ C:\WINDOWS\system32\jxxlsamr.exe 2007-12-31 18:26:55 74304 --a------ C:\WINDOWS\system32\sgtrllbm.exe 2007-12-30 18:14:17 74304 --a------ C:\WINDOWS\system32\cescurvb.exe 2007-12-29 22:08:35 53584 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2007-12-29 19:18:55 74304 --a------ C:\WINDOWS\system32\rxrquikw.exe 2007-12-28 21:24:10 74304 --a------ C:\WINDOWS\system32\vdvsjijn.exe 2007-12-28 13:26:58 74304 --a------ C:\WINDOWS\system32\omwkjejf.exe 2007-12-27 17:51:21 90176 --a------ C:\WINDOWS\system32\sgfsiufq.dll 2007-12-27 17:51:18 74304 --a------ C:\WINDOWS\system32\rgextalc.exe 2007-12-27 11:48:31 74304 --a------ C:\WINDOWS\system32\vuphagcc.exe 2007-12-26 23:18:28 74304 --a------ C:\WINDOWS\system32\ymjccbli.exe 2007-12-26 20:47:19 74304 --a------ C:\WINDOWS\system32\omiskduo.exe 2007-12-26 12:18:20 87104 --a------ C:\WINDOWS\system32\agchuxlt.dll 2007-12-26 12:18:15 74304 --a------ C:\WINDOWS\system32\xjxxwaxk.exe 2007-12-25 18:00:25 74304 --a------ C:\WINDOWS\system32\xbkrhwef.exe 2007-12-25 11:08:41 74304 --a------ C:\WINDOWS\system32\ptsrtxey.exe 2007-12-24 12:54:15 87104 --a------ C:\WINDOWS\system32\lcuuogtb.dll 2007-12-24 12:51:19 74304 --a------ C:\WINDOWS\system32\uuhenara.exe 2007-12-23 18:46:53 74304 --a------ C:\WINDOWS\system32\udtynivj.exe 2007-12-23 12:45:44 87104 --a------ C:\WINDOWS\system32\aytexrku.dll 2007-12-23 12:42:37 74304 --a------ C:\WINDOWS\system32\gtgmodmg.exe 2007-12-23 12:25:39 74304 --a------ C:\WINDOWS\system32\txdranio.exe 2007-12-22 21:43:23 74304 --a------ C:\WINDOWS\system32\odycwwju.exe 2007-12-21 23:21:10 85568 --a------ C:\WINDOWS\system32\vkndsvhn.dll 2007-12-21 23:20:58 74304 --a------ C:\WINDOWS\system32\xykaqsvw.exe 2007-12-21 12:34:04 74304 --a------ C:\WINDOWS\system32\llmuemna.exe 2007-12-20 19:54:49 74304 --a------ C:\WINDOWS\system32\qtalfwqi.exe 2007-12-19 18:59:51 74304 --a------ C:\WINDOWS\system32\krcenjvm.exe 2007-12-18 17:51:32 85568 --a------ C:\WINDOWS\system32\jvwmmkrd.dll 2007-12-18 17:48:20 74304 --a------ C:\WINDOWS\system32\rmnxgdby.exe 2007-12-17 17:48:32 74304 --a------ C:\WINDOWS\system32\sbiumtia.exe 2007-12-16 23:03:48 74304 --a------ C:\WINDOWS\system32\elrrcyih.exe 2007-12-16 21:36:02 74304 --a------ C:\WINDOWS\system32\awwnbukf.exe 2007-12-16 13:01:28 74304 --a------ C:\WINDOWS\system32\dhwoiukm.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85DA32C2-9D9B-4DCB-9FBB-35882FC4D2F8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4E7CAAB-6535-4243-99BD-F12350B584A2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b53875f2-ae1c-4efb-88c6-bc305a3748b4}] C:\WINDOWS\system32\fnluqwgk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}] C:\Program Files\Helper\1205149217.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [2005-11-11 17:00] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 18:29] "Printer"="C:\WINDOWS\system32\printer.exe" [] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "cc9fb054"="C:\WINDOWS\system32\rfnbkkci.dll" [] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 21:25] "BMcfac83c8"="C:\WINDOWS\system32\esalcwdd.dll" [2008-03-10 18:53] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 00:00] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03] "Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=1 (0x1) "DisableTaskMgr"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "Ghp`amfUbrhLds"=0 (0x0) "DisableTaskMgr"=1 (0x1) "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "UpdateManager"=C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "Mn@iboddPubswLfov"=0 (0x0) "Mn@mlrf"=0 (0x0) "MnOndNeg"=0 (0x0) "MnQtm"=0 (0x0) "NoControlPanel"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "ServiceSetup"= {07f7210c-30b3-4e00-81ee-487aeb2523d9} - C:\WINDOWS\Installer\{07f7210c-30b3-4e00-81ee-487aeb2523d9}\ServiceSetup.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe " "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acfffaeddbcec] C:\WINDOWS\system32\acfffaeddbcec.dll 2008-03-10 22:25 93184 C:\WINDOWS\system32\acfffaeddbcec.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bdebafab] C:\WINDOWS\system32\bdebafab.dll 2008-03-04 12:48 108562 C:\WINDOWS\system32\bdebafab.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlkhi] opnlkhi.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvww] C:\WINDOWS\system32\tuvww.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winvfe32] winvfe32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb] C:\WINDOWS\system32\wudb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\wowfx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll, xlibgfl254.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andre^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk] backup=C:\WINDOWS\pss\Thoosje Vista Sidebar.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp] C:\WINDOWS\TEMP\win33A.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\build delete remote idol] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc9fb054] rundll32.exe "C:\WINDOWS\system32\vpkqdywl.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive] rundll32.exe C:\WINDOWS\system32\drvkuj.dll,startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\holatgnw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\holatgnw.dll" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ListDog] C:\DOCUME~1\Chloe\APPLIC~1\EXTRAL~1\BalmModeElse.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mrolstqt] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\part chin math idol] C:\Documents and Settings\All Users\Application Data\That size part chin\Chic Enc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer] rundll32.exe "C:\WINDOWS\system32\sowcmqfy.dll",sitypnow [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr] mgrs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\xyartwbp.dll",forkonce [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uhilsrix] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\uhilsrix.dll" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xmtefmno] -- Hosts ----------------------------------------------------------------------- 10.18.250.4 ad.doubleclick.net 10.18.250.4 ad.fastclick.net 10.18.250.4 ads.fastclick.net 10.18.250.4 ar.atwola.com 10.18.250.4 atdmt.com 10.18.250.4 avp.ch 10.18.250.4 avp.com 10.18.250.4 avp.ru 10.18.250.4 awaps.net 10.18.250.4 banner.fastclick.net 79 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-03-16 19:04:31 ------------