Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Serious Malware Problems [Resolved]

Started by Yodoman , Feb 20 2008 03:30 PM

  • This topic is locked This topic is locked

#1
Yodoman
Posted 20 February 2008 - 03:30 PM

Yodoman

    Member

  • Member
  • PipPip
  • 13 posts
I'm going to start by saying that I recently downloaded a file (wasn't porn I swear) that installed some nasty stuff on my computer. I've tried to run SpyBot with no avail, the thing wont even open. I click on it and nothing happens, which never used to be the case. I was looking around for resolutions and saw where people said to download HiJackThis which I did and I'm guessing that whatever I'm infected with is preventing it from opening because I can't open the .exe file. The same with the Vundo program. I've also ran the Microsoft malware removal program....LOL :) Hilariously ineffective. I've ran AdAware and it took off some of the stuff, but there's still a lot of things wrong here.

There's an icon in my icon tray that's a red circle badge looking thing with an X in it that pops up saying "Your computer is infected! It is recomended to use special antispyware tools to prevent data loss. Click here to install.". I clicked it the first time i saw it and a prgram called WinReanimator starts up and starts to run a "scan" on my computer. I instantly closed it to prevent any other damage.

I ran Security Task Manager to see what processes were running and came up with these items:

braviax.exe

ljjggf.dll

wpzifyyo.dll

ddayz.dll

Process ID 3564 (yes that's how it showed up) (it also seems that whenever i restart, the number changes ex. ID 2708)

76AB0B87-C830-4CE6-A8BD-BF847484E4EC

cru629.dat


Help would be VERY much appreciated. I've attached the AdAware log to maybe assist in figuring this problem out.


Ad-Aware 2007 Build
Log File Created on: 2008-02-20 16:20:12
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: MIKES-COMPUTER
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 2
Processor type: Genuine Intel® CPU T2050 @ 1.60GHz
Memory Available: 39%
Total Physical Memory: 1063301120 Bytes
Available Physical Memory: 409731072 Bytes
Total Page File Size: 4155777024 Bytes
Available On Page File: 3589533696 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1917288448 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 53
Build Number: 0
Build Date and Time: 2008/02/18 09:35:34

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 279684
Infections Detected: 6
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 1 1
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 2 2
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 0 0
File Hash Scan..: 1 1

Infections Found
===========================
Family Id: 1837 Name: Winreanimator Category: Misc TAI:3
Item Id: 103703 Value: File: C:\Program Files\WinReanimator\WinReanimator.dll
Item Id: 300042402 Value: Root: HKLM Path: software\winreanimator
Item Id: 400002717 Value: Folder: C:\Program Files\WinReanimator
Item Id: 400002718 Value: Folder: C:\Documents and Settings\All Users\Start Menu\Programs\WinReanimator
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\Charles\Recent Count: 5
Item Id: 3 Value: MRU Registry Key: S-1-5-21-3874291876-3396085023-4039167382-1006\Software\Microsoft\Internet Explorer\TypedURLs Count: 1

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\sxs.dll

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\cscdll.dll

c:\program files\common files\microsoft shared\ink\loginkey.dll

c:\windows\system32\atl.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\tabbtnwl.dll

c:\windows\system32\hid.dll

c:\windows\system32\tabbtn.dll

c:\windows\system32\tpgwlnot.dll

c:\windows\system32\samlib.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ljjjggf.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\wininet.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\cscui.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\es.dll

c:\windows\system32\comres.dll

c:\windows\system32\clbcatq.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\ddayx.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\wininet.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\scecli.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\psbase.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\qmgr.dll

c:\windows\system32\mpr.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\es.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\sens.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\colbact.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\resutils.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\winspool.drv

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\wscsvc.dll

c:\windows\system32\msi.dll

c:\windows\system32\browser.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\hid.dll

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\wups2.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\mlang.dll

c:\windows\system32\xmlprovi.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\winrnr.dll

c:\program files\bonjour\mdnsnsp.dll

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
c:\program files\intel\wireless\bin\evteng.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\intel\wireless\bin\psregapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\program files\intel\wireless\bin\traceapi.dll

c:\windows\system32\atl.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\program files\common files\system\ado\msado15.dll

c:\windows\system32\msdart.dll

c:\program files\common files\system\ole db\oledb32.dll

c:\program files\common files\system\ole db\oledb32r.dll

c:\program files\common files\system\ole db\msdasql.dll

c:\program files\common files\system\ole db\msdatl3.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\odbcint.dll

c:\program files\common files\system\ole db\msdasqlr.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\colbact.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\resutils.dll

c:\windows\system32\userenv.dll

c:\windows\system32\odbcjt32.dll

c:\windows\system32\msjet40.dll

c:\windows\system32\mswstr10.dll

c:\windows\system32\odbcji32.dll

c:\windows\system32\msjter40.dll

c:\windows\system32\msjint40.dll

c:\windows\system32\odbccp32.dll

c:\program files\common files\system\msadc\msadce.dll

c:\program files\common files\system\msadc\msadcer.dll

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\KEYBOARDSURROGATE.EXE
c:\program files\common files\microsoft shared\ink\keyboardsurrogate.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\program files\common files\microsoft shared\ink\loginkey.dll

c:\windows\system32\atl.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\program files\common files\microsoft shared\ink\tipskins.dll

c:\windows\system32\shell32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\faultrep.dll

c:\windows\system32\userenv.dll

c:\windows\system32\setupapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\tipres.dll

c:\windows\system32\mscoree.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll

c:\windows\system32\sxs.dll

c:\windows\system32\rsaenh.dll

c:\windows\assembly\gac\softkeyboardlogic\1.7.2600.2180__31bf3856ad364e35\softkeyboardlogic.dll

c:\windows\assembly\gac\interop.softkeyboardinterface\1.7.2600.2180__31bf3856ad364e35\interop.softkeyboardinterface.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll

c:\windows\assembly\gac\sklibrary\1.7.2600.2180__31bf3856ad364e35\sklibrary.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system\ba0e3a22211ba7343e0116b051f2965a\system.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\0e83aac37b2623f1a24c70979f31dd56\system.drawing.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3d8c79c45aa674e43f075e2e66b8caf5\system.windows.forms.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\accessibility\c6772fd12a581ad3be49e3f2a80b5622\accessibility.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\eee9b48577689e92db5a7b5c5de98d9b\system.configuration.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\c98cb65a79cfccb44ea727ebe4593ede\system.xml.ni.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\assembly\gac\kbcresources\1.7.2600.2180_en_31bf3856ad364e35\kbcresources.dll

c:\program files\common files\microsoft shared\ink\kbchook.dll

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
c:\program files\intel\wireless\bin\s24evmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\program files\intel\wireless\bin\traceapi.dll

c:\program files\intel\wireless\bin\psregapi.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\atl.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\netapi32.dll

c:\program files\intel\wireless\bin\libeay32.dll

c:\windows\system32\wsock32.dll

c:\program files\intel\wireless\bin\intstngs.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\version.dll

c:\program files\intel\wireless\bin\iwmsprov.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\userenv.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\regsvc.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware 2007\ceapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\lavasoft\ad-aware 2007\pkarchive85u.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\oleaut32.dll

c:\program files\lavasoft\ad-aware 2007\update.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

C:\WINDOWS\SYSTEM32\WISPTIS.EXE
c:\windows\system32\wisptis.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\hid.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\msctf.dll

c:\program files\common files\microsoft shared\ink\tiptsf.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\psapi.dll

c:\program files\common files\microsoft shared\ink\tpcps.dll

C:\WINDOWS\SYSTEM32\TABBTNU.EXE
c:\windows\system32\tabbtnu.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\tabbtn.dll

c:\windows\system32\ole32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\msctf.dll

c:\program files\common files\microsoft shared\ink\tiptsf.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\version.dll

c:\windows\system32\psapi.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\jnwmon.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\msonpmon.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

c:\windows\system32\msi.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\tcpmib.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mgmtapi.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\wsnmp32.dll

c:\windows\system32\dlxzizil.dll

c:\windows\system32\mpr.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll

c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\browseui.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ddayx.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\wsock32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\mslbui.dll

c:\windows\system32\setupapi.dll

c:\progra~1\micros~2\office12\gra8e1~1.dll

c:\progra~1\micros~2\office12\grooveutil.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

c:\progra~1\micros~2\office12\groovenew.dll

c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\atl80.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\actxprxy.dll

c:\program files\common files\microsoft shared\ink\tipband.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\mlang.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\sensapi.dll

c:\program files\windows journal\nbmaptip.dll

c:\program files\common files\microsoft shared\ink\tiptsf.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\ime\sptip.dll

c:\windows\ime\spgrmr.dll

c:\windows\system32\shdoclc.dll

c:\windows\system32\msimtf.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winsta.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\stobject.dll

c:\windows\system32\batmeter.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\wtsapi32.dll

c:\progra~1\micros~2\office12\gr99d3~1.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\ljjjggf.dll

c:\program files\common files\microsoft shared\ink\tipcomponentsps.dll

c:\progra~1\micros~2\office12\gr326c~1.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\msctfp.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\samlib.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\wzcdlg.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\browselc.dll

c:\windows\system32\duser.dll

c:\program files\microsoft office\office12\1033\grooveintlresource.dll

c:\windows\system32\mydocs.dll

c:\program files\microsoft office\office12\msohevi.dll

  • 0

Advertisements

#2
kahdah
Posted 20 February 2008 - 05:26 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Yodoman

Welcome to G2Go. :)
===================
Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0

#3
Yodoman
Posted 20 February 2008 - 10:37 PM

Yodoman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here's the log, hope it helps.




"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" ["Yahoo! Inc."]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]
"SyncMyCal" = "C:\Program Files\Synchronization Technologies Inc\SyncMyCal\SyncMyCal.exe" [null data]
"braviax" = "C:\WINDOWS\system32\braviax.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TabletWizard" = "C:\WINDOWS\help\SplshWrp.exe" [MS]
"TabletTip" = ""C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume" [MS]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"IntelZeroConfig" = ""C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"" ["Intel Corporation"]
"IntelWireless" = ""C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"YSearchProtection" = ""C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"" ["Yahoo! Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"IAAnotif" = ""C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"" ["Intel Corporation"]
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{393C2547-B2AB-422C-87AF-385238C73416}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ljjjggf.dll" [null data]
{F90F4BF5-E4D3-4EF8-8C90-C4CB57D78D11}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ddayx.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI.dll" ["Yahoo! Inc."]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{97090E2F-3062-4459-855B-014F0D3CDBB1}" = "Windows Search Deskbar"
-> {HKCU...CLSID} = "Windows Search Deskbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\deskbar.dll" [MS]
-> {HKLM...CLSID} = "Windows Search Deskbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\deskbar.dll" [MS]
"{13E7F612-F261-4391-BEA2-39DF4F3FA311}" = "Windows Desktop Search"
-> {HKLM...CLSID} = "Windows Desktop Search"
\InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\msnlExt.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
<<!>> "{56F9679E-7826-4C84-81F3-532071A8BCC5}" = (no title provided)
-> {HKLM...CLSID} = "Windows Desktop Search Namespace Manager"
\InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [MS]
<<!>> "{393C2547-B2AB-422C-87AF-385238C73416}" = "*i" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ljjjggf.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "cru629.dat" [null data]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]
<<!>> ljjjggf\DLLName = "ljjjggf.dll" [null data]
<<!>> loginkey\DLLName = "C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll" [MS]
<<!>> TabBtnWL\DLLName = "TabBtnWL.dll" [MS]
<<!>> tpgwlnotify\DLLName = "tpgwlnot.dll" [MS]
<<!>> wpzifyyo\DLLName = "wpzifyyo.dll" [file not found]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI.dll" ["Yahoo! Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Charles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ELECTR~1.SCR" (ElectricSheep.scr) [null data]


Startup items in "Charles" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Charles\Start Menu\Programs\Startup
"OneNote 2007 Screen Clipper and Launcher" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Windows Desktop Search" -> shortcut to: "C:\Program Files\Windows Desktop Search\WindowsSearch.exe /startup" [MS]


Enabled Scheduled Tasks:
------------------------

"Low Battery Alarm Program" -> WARNING -- The file "Low Battery Alarm Program.job" is corrupt! (no executable)


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Send to OneNote"
"MenuText" = "S&end to OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search && Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
Intel® Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" ["Intel Corporation"]
Intel® PROSet/Wireless Event Log, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
Intel® PROSet/Wireless Registry Service, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
Intel® PROSet/Wireless Service, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
PrismXL, PrismXL, "C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS" ["New Boundary Technologies, Inc."]
Windows Search, WSearch, "C:\WINDOWS\system32\SearchIndexer.exe /Embedding" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Journal Note Port\Driver = "jnwmon.dll" [MS]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]
Status Monitor Language Monitor for Dell Color Laser 5110cn\Driver = "DLXZIZIL.DLL" ["Dell Inc."]


---------- (launch time: 2008-02-20 23:30:14)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 105 seconds.
---------- (total run time: 199 seconds)
  • 0

#4
kahdah
Posted 21 February 2008 - 03:33 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I do not see any antivirus running.
The first thing I will need you to do is to Download this anti-virus program and install it.
This is free.
AVG free
=====================================================================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\ljjjggf.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ljjjggf.dll
C:\WINDOWS\cru629.dat
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\braviax.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
============================
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
Yodoman
Posted 21 February 2008 - 09:24 AM

Yodoman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I don't know if it's something I did wrong or what, but the combofix.exe file wouldn't open. I saved it to the desktop, but it just wont open. It shows the loading hourglass thing next to my cursor for a split second. Also, I don't have HiJackThis installed nor am I able to open the file to install it. And by the way, I couldn't install AVG. You said to post a new HiJackThis log, but I haven't given you one, unless you're referring to the adaware log which in that case I can provide. I didn't want to run it for fear of screwing up your process. Here's the MoveIt log though I don't know if it was done correctly with the reboot thing. It asked me to reboot and what not, but I didn't see the program start up when I rebooted...I don't know if that's a problem or what but let me know. Here's the log...



C:\WINDOWS\system32\braviax.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljjjggf.dll
C:\WINDOWS\system32\ljjjggf.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ljjjggf.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayx.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ddayx.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljjjggf.dll
C:\WINDOWS\system32\ljjjggf.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ljjjggf.dll scheduled to be moved on reboot.
C:\WINDOWS\cru629.dat moved successfully.
C:\WINDOWS\system32\cru629.dat moved successfully.
C:\WINDOWS\braviax.exe moved successfully.

OTMoveIt2 v1.0.20 log created on 02212008_100745





My computer is now popping up with a lot of fake errors one such error is showing up in the icon task bar that says:

A critical error could occur

***STOP: 0x000007B (0xF20184, 0x00000, 0xCC0034)***
Inaccessible handler or device.
Click this balloon to fix the problem.


It has the same red icon with an X in it as the combofix.exe. I don't want to click the icon or the bubble that pops up so....HELP!!!



Another is a windows pop up that shows up that looks like this:

Header:

SysFader: IEXPLORE.EXE - Potential Application Error

Body:

The instruction at "0x01d62739" referenced memory at "0x02354e50". The memory could not be "read. Click on OK to terminate.



It seems like it's getting worst :)




I just restarted my laptop and upon startup this windows pop up came up

Header:

Important - Potential Errors found in the system

Body:

During a scan of files at system startup, potential errors in the system registry were found.
p-07-0100 irql: 1fSYSVER 0xff00024
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED



ALSO, when it started up it showed what looked like a Windows Update icon (yellow triangle) for a brief second....i feel like I'm making it worst tell me if and what I'm doing to make it worst if this is the case...





It just keeps adding up....As I was reading an article, my Spybot resident popped up with a window that said:

Spybot - Search & Destroy has encountered and terminated a process that is listed as part of a malicious software.

Process ID: 3664
Filename: windows
Found in: C:\WINDOWS\system32\
Identified as: Win32.Inject.bw




This came up too....


Header:

Your system could become unstable

Body:

A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer.
****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000

Edited by Yodoman, 21 February 2008 - 02:09 PM.

  • 0

#6
kahdah
Posted 21 February 2008 - 07:44 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok it will get better as we go.
The infection you have is a nasty one that prevents combofix from running.
Please do the following for now.
===================
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#7
Yodoman
Posted 21 February 2008 - 09:08 PM

Yodoman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I hope so....



SmitFraudFix v2.293

Scan done at 22:06:35.40, Thu 02/21/2008
Run from C:\Documents and Settings\Charles\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charles\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Charles\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="cru629.dat"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D1848FD3-3CA8-4F67-883F-764934E0DD14}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D1848FD3-3CA8-4F67-883F-764934E0DD14}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#8
kahdah
Posted 21 February 2008 - 09:10 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Note if it will not run try to rename it to kahdah.exe and then try to run it.
Let me know if it works or not
  • 0

#9
Yodoman
Posted 21 February 2008 - 09:16 PM

Yodoman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Deckard's System Scanner v20071014.68
Run by Charles on 2008-02-21 22:12:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
86: 2008-02-22 03:12:21 UTC - RP165 - Deckard's System Scanner Restore Point
85: 2008-02-22 01:49:11 UTC - RP164 - Installed Roxio Easy Media Creator 9 Suite
84: 2008-02-21 20:01:08 UTC - RP163 - Installed AVG 7.5
83: 2008-02-21 17:27:28 UTC - RP162 - System Checkpoint
82: 2008-02-20 16:52:39 UTC - RP161 - Move file to quarantine: {7CC4D7E1-B052-49F2-98D7-6529E19AD87A}


-- First Restore Point --
1: 2008-02-20 04:44:44 UTC - RP80 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-21 22:15:14
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\tabbtnu.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Charles\Desktop\kadah.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
O2 - BHO: (no name) - {0F047431-17BC-462F-AB4E-9951024AEFC7} - (no file)
O2 - BHO: (no name) - {393C2547-B2AB-422C-87AF-385238C73416} - C:\WINDOWS\system32\ljjjggf.dll
O2 - BHO: (no name) - {4036EDEA-BC3D-4ED4-A2AD-80651EDA13FF} - C:\WINDOWS\system32\ddayx.dll
O2 - BHO: (no name) - {76AB0B87-C830-4CE6-A8BD-BF847484E4EC} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\yydwyvla.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SyncMyCal] C:\Program Files\Synchronization Technologies Inc\SyncMyCal\SyncMyCal.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: ljjjggf - C:\WINDOWS\system32\ljjjggf.dll
O20 - Winlogon Notify: wpzifyyo - C:\WINDOWS\system32\wpzifyyo.dll (file missing)
O20 - Winlogon Notify: yydwyvla - C:\WINDOWS\system32\yydwyvla.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


--
End of file - 10685 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S3 smserial - c:\windows\system32\drivers\smserial.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-26 05:31:28 110 --a------ C:\WINDOWS\Tasks\Low Battery Alarm Program.job


-- Files created between 2008-01-21 and 2008-02-21 -----------------------------

2008-02-21 22:02:29 3624 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-21 21:57:37 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-21 21:57:37 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-21 21:57:37 85504 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-21 21:57:37 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-21 21:57:37 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-21 21:57:37 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-21 21:57:37 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-21 21:15:15 7168 --a------ C:\WINDOWS\system32\windows
2008-02-21 21:04:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-02-21 21:04:45 0 d-------- C:\Documents and Settings\Charles\Application Data\Roxio
2008-02-21 20:51:29 0 d-------- C:\WINDOWS\system32\DLA
2008-02-21 20:51:02 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-21 20:50:27 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-02-21 20:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-21 20:48:58 0 d-------- C:\Program Files\SightSpeed
2008-02-21 20:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-21 20:45:45 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-02-21 20:45:45 0 d-------- C:\Program Files\Common Files\SightSpeed
2008-02-21 20:45:44 0 d-------- C:\Program Files\Roxio
2008-02-21 20:45:18 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-02-21 11:53:40 93760 --a------ C:\WINDOWS\system32\dylvfpmi.dll
2008-02-21 11:50:40 88128 --a------ C:\WINDOWS\system32\jhussphj.dll
2008-02-21 11:47:41 163904 --a------ C:\WINDOWS\system32\yydwyvla.dll
2008-02-21 11:47:40 163904 --a------ C:\WINDOWS\system32\wusjivwd.dll
2008-02-21 10:09:38 6144 --a------ C:\WINDOWS\system32\cru629.dat
2008-02-21 10:09:38 13312 --a------ C:\WINDOWS\system32\braviax.exe
2008-02-21 10:09:38 6144 --a------ C:\WINDOWS\cru629.dat
2008-02-21 10:09:38 13312 --a------ C:\WINDOWS\braviax.exe
2008-02-20 15:56:05 18836 --a------ C:\WINDOWS\yjicotyde.bat
2008-02-20 15:56:05 15843 --a------ C:\WINDOWS\system32\syzuhoxuqu.dat
2008-02-20 15:56:05 15952 --a------ C:\Program Files\Common Files\lezylef.pif
2008-02-20 15:56:05 13178 --a------ C:\Program Files\Common Files\feqe.scr
2008-02-20 15:56:05 19358 --a------ C:\Program Files\Common Files\cypaqu.dll
2008-02-20 15:56:05 16183 --a------ C:\Documents and Settings\Charles\Application Data\upumax.scr
2008-02-20 15:56:05 15047 --a------ C:\Documents and Settings\All Users\Application Data\yzikuxy.pif
2008-02-20 15:56:05 16414 --a------ C:\Documents and Settings\All Users\Application Data\saqoze.bin
2008-02-20 15:56:05 16314 --a------ C:\Documents and Settings\All Users\Application Data\osixafal.com
2008-02-20 12:40:33 0 d--hs---- C:\WINDOWS\CSC
2008-02-20 11:53:25 87616 --a------ C:\WINDOWS\system32\hklhqayj.dll
2008-02-20 11:50:29 94784 --a------ C:\WINDOWS\system32\uocnmxkv.dll
2008-02-20 11:47:26 163904 --a------ C:\WINDOWS\system32\hfcfhtxv.dll
2008-02-19 23:44:34 260723 --ahs---- C:\WINDOWS\system32\xyadd.ini2
2008-02-19 23:44:32 327168 --a------ C:\WINDOWS\system32\ddayx.dll
2008-02-19 23:40:25 6656 --a------ C:\WINDOWS\system32\users32.dat
2008-02-19 23:40:23 308712 --a------ C:\WINDOWS\system32\winistr.exe
2008-02-19 23:37:23 36864 --a------ C:\WINDOWS\mrofinu1535.exe
2008-02-19 23:37:04 41984 --a------ C:\WINDOWS\system32\ljjjggf.dll
2008-02-18 01:06:47 0 d-------- C:\Documents and Settings\Charles\Application Data\Apple Computer
2008-02-18 01:06:37 0 d-------- C:\Program Files\iPod
2008-02-18 01:06:33 0 d-------- C:\Program Files\iTunes
2008-02-18 01:05:42 0 d-------- C:\Program Files\QuickTime
2008-02-18 01:05:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-18 01:05:25 0 d-------- C:\Program Files\Apple Software Update
2008-02-18 01:05:10 0 d-------- C:\Program Files\Common Files\Apple
2008-02-18 01:05:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-15 13:24:34 1 --a------ C:\WINDOWS\system32\au3305adc.dll
2008-02-15 13:24:25 0 d-------- C:\Program Files\Apollo DVD Copy
2008-02-15 13:07:14 0 d-------- C:\Program Files\NewTech Infosystems
2008-02-15 13:07:12 116 -r-h----- C:\WINDOWS\system32\NTICDMK32.dll
2008-02-15 13:07:04 6016 --a------ C:\WINDOWS\system32\drivers\NTIDrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
2008-02-09 16:11:45 0 d-------- C:\WINDOWS\system32\(null)202
2008-02-07 09:46:20 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-07 09:46:20 3453 --a------ C:\WINDOWS\unins000.dat
2008-02-06 14:14:42 11 --a------ C:\WINDOWS\system32\(null)id
2008-02-06 13:23:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-02-05 11:03:14 0 d-------- C:\Documents and Settings\Charles\Application Data\skypePM
2008-02-05 11:03:14 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-05 11:01:27 0 d-------- C:\Documents and Settings\Charles\Application Data\Skype
2008-02-05 11:01:12 0 d-------- C:\Program Files\Skype
2008-02-05 11:01:11 0 d-------- C:\Program Files\Common Files\Skype
2008-02-05 11:01:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-03 20:37:12 0 d-------- C:\Documents and Settings\Charles\Application Data\WinRAR
2008-02-02 17:48:36 0 d-------- C:\Program Files\Synchronization Technologies Inc
2008-02-02 17:47:18 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-02-02 17:18:13 0 d-------- C:\Documents and Settings\Charles\Application Data\SyncMyCal
2008-02-02 16:30:57 0 d-------- C:\Documents and Settings\Charles\Application Data\RemoteCalendars
2008-01-31 23:30:03 0 d--h----- C:\WINDOWS\PIF
2008-01-31 22:10:16 0 d-------- C:\Documents and Settings\Charles\Application Data\Windows Desktop Search
2008-01-31 22:09:39 0 d-------- C:\Program Files\Windows Desktop Search
2008-01-28 11:49:10 0 d-------- C:\Program Files\MSBuild
2008-01-28 11:39:32 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-01-28 11:39:32 0 d-------- C:\Documents and Settings\Charles\Application Data\DAEMON Tools
2008-01-28 11:35:12 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-26 23:10:05 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-26 23:07:46 0 d-------- C:\Program Files\Bonjour
2008-01-26 23:02:07 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-26 21:19:28 0 d-------- C:\Program Files\Google
2008-01-26 21:19:28 0 d-------- C:\Documents and Settings\Charles\Application Data\Google
2008-01-26 21:05:27 0 d-------- C:\Program Files\Microsoft Works
2008-01-26 21:05:11 0 d-------- C:\Program Files\Microsoft.NET
2008-01-26 21:04:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-26 21:04:00 0 dr-h----- C:\MSOCache
2008-01-26 07:09:35 0 d-------- C:\Documents and Settings\Charles\Application Data\elefundesktops
2008-01-26 07:00:13 10 --a------ C:\Documents and Settings\Charles\(null)id


-- Find3M Report ---------------------------------------------------------------

2008-02-21 20:50:27 0 d-------- C:\Program Files\Common Files
2008-02-21 20:49:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-21 20:47:06 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-21 15:40:13 13009 --a------ C:\Documents and Settings\Charles\Application Data\Comma Separated Values (Windows).CAL
2008-02-21 15:39:29 38473 --a------ C:\Documents and Settings\Charles\Application Data\Comma Separated Values (Windows).ADR
2008-02-20 15:56:06 19923 --a------ C:\Program Files\Common Files\epepyfas.inf
2008-02-19 16:20:12 0 d-------- C:\Program Files\Trillian
2008-02-18 19:01:11 0 d-------- C:\Documents and Settings\Charles\Application Data\Azureus
2008-02-02 16:54:12 0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-01 12:27:42 0 d-------- C:\Documents and Settings\Charles\Application Data\OpenOffice.org2
2008-01-28 10:35:05 0 d-------- C:\Documents and Settings\Charles\Application Data\Adobe
2008-01-26 23:07:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-25 23:01:58 0 d-------- C:\Program Files\World of Warcraft
2008-01-17 22:41:06 0 d-------- C:\Documents and Settings\Charles\Application Data\U3
2008-01-15 17:57:18 0 d-------- C:\Program Files\Java
2008-01-13 22:35:53 134374 --a------ C:\Documents and Settings\Charles\Application Data\Cosmos Prefs
2008-01-12 14:52:59 0 d-------- C:\Program Files\Security Task Manager
2008-01-08 16:05:43 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-01 23:15:45 0 d-------- C:\Program Files\Xvid
2008-01-01 23:14:54 0 d-------- C:\Program Files\DivX
2007-12-31 05:46:39 0 d-------- C:\Documents and Settings\Charles\Application Data\Sun
2007-12-27 20:21:47 0 d-------- C:\Documents and Settings\Charles\Application Data\InstallShield
2007-12-27 20:00:34 0 d-------- C:\Program Files\Intel
2007-12-25 23:38:23 1158 --a------ C:\WINDOWS\mozver.dat
2007-12-25 01:57:37 48456 --a------ C:\WINDOWS\system32\UninstallElectricSheep.exe
2007-12-25 01:17:11 0 d-------- C:\Program Files\Lavasoft
2007-12-25 01:16:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 17:28:25 0 d-------- C:\Program Files\Azureus
2007-12-24 17:25:30 0 d-------- C:\Program Files\LimeWire
2007-12-24 17:24:49 0 d-------- C:\Program Files\Common Files\Java
2007-12-24 16:44:56 0 d-------- C:\Documents and Settings\Charles\Application Data\Winamp
2007-12-24 16:39:26 0 d-------- C:\Program Files\Winamp
2007-12-24 16:30:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-24 16:30:35 0 d-------- C:\Documents and Settings\Charles\Application Data\Mozilla
2007-12-24 14:42:49 0 d-------- C:\Documents and Settings\Charles\Application Data\Yahoo!
2007-12-24 14:40:18 0 d-------- C:\Program Files\Yahoo!
2007-12-24 14:39:54 0 d-------- C:\Program Files\Cosmi


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F047431-17BC-462F-AB4E-9951024AEFC7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{393C2547-B2AB-422C-87AF-385238C73416}]
02/19/2008 11:37 PM 41984 --a------ C:\WINDOWS\system32\ljjjggf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4036EDEA-BC3D-4ED4-A2AD-80651EDA13FF}]
02/19/2008 11:44 PM 327168 --a------ C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76AB0B87-C830-4CE6-A8BD-BF847484E4EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
02/21/2008 11:47 AM 163904 --a------ C:\WINDOWS\system32\yydwyvla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [08/04/2004 07:00 AM]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [08/04/2004 07:00 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/07/2005 12:54 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/07/2005 12:52 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 01:55 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 01:56 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [09/29/2006 12:39 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 01:55 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 04:52 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 04:55 PM]
"SigmatelSysTrayApp"="stsystra.exe" [12/27/2005 10:20 AM C:\WINDOWS\stsystra.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [07/31/2006 09:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/17/2008 11:51 AM]
"SyncMyCal"="C:\Program Files\Synchronization Technologies Inc\SyncMyCal\SyncMyCal.exe" [01/11/2008 06:21 PM]
"braviax"="C:\WINDOWS\system32\braviax.exe" [02/21/2008 08:54 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta

C:\Documents and Settings\Charles\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]
"{393C2547-B2AB-422C-87AF-385238C73416}"= C:\WINDOWS\system32\ljjjggf.dll [02/19/2008 11:37 PM 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjggf]
ljjjggf.dll 02/19/2008 11:37 PM 41984 C:\WINDOWS\system32\ljjjggf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 08/04/2004 07:00 AM 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 08/29/2002 05:41 AM 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 08/04/2004 07:00 AM 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wpzifyyo]
wpzifyyo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yydwyvla]
yydwyvla.dll 02/21/2008 11:47 AM 163904 C:\WINDOWS\system32\yydwyvla.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - DLABMFSM
*Newly Created Service* - DLABOIOM
*Newly Created Service* - DLADRESM
*Newly Created Service* - DLAIFS_M
*Newly Created Service* - DLAOPIOM
*Newly Created Service* - DLAPOOLM
*Newly Created Service* - DLARTL_M
*Newly Created Service* - DLAUDFAM
*Newly Created Service* - DLAUDF_M
*Newly Created Service* - DRVNDDM
*Newly Created Service* - ROXIO_UPNP_SERVER_9
*Newly Created Service* - ROXLIVESHARE9
*Newly Created Service* - ROXMEDIADB9
*Newly Created Service* - ROXWATCH9



-- End of Deckard's System Scanner: finished at 2008-02-21 22:15:52 ------------









Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2050 @ 1.60GHz
CPU 1: Genuine Intel® CPU T2050 @ 1.60GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1014.04 MiB / 662.55 MiB
Pagefile Memory (total/avail): 3963.27 MiB / 3574.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919 MiB

C: is Fixed (NTFS) - 111.79 GiB total, 52.58 GiB free.
D: is CDROM (Unformatted)
E: is Removable (FAT)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - SD1 Device - 121.25 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 121.2 MiB - E:

\\.\PHYSICALDRIVE0 - WDC WD1200BEVS-22RST0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\WINDOWS\\system32\\ElectricSheep.scr"="C:\\WINDOWS\\system32\\ElectricSheep.scr:*:Enabled:ElectricSheep"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Charles\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MIKES-COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Charles
LOGONSERVER=\\MIKES-COMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Charles\LOCALS~1\Temp
TMP=C:\DOCUME~1\Charles\LOCALS~1\Temp
USERDOMAIN=MIKES-COMPUTER
USERNAME=Charles
USERPROFILE=C:\Documents and Settings\Charles
VSTO_LOGALERTS=1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Charles (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
--> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
--> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
--> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brochure Magic --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Cosmi\Brochure Magic\DeIsL1.isu" -c"C:\Program Files\Cosmi\Brochure Magic\_ISREG32.DLL"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
ElectricSheep 2.6.6 --> C:\WINDOWS\system32\UninstallElectricSheep.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® Matrix Storage Manager --> C:\WINDOWS\System32\Imsmudlg.exe
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire 4.4.3 --> "C:\Program Files\LimeWire\uninstall.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote 2007 --> MsiExec.exe /X{91120000-00A1-0000-0000-0000000FF1CE}
Microsoft Office OneNote 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ONENOTER /dll OSETUP.DLL
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Print Perfect Clip Art --> MsiExec.exe /I{6880C2C5-E920-4EC4-A957-D1862334B4EB}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Easy Media Creator 9 Suite --> MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
SightSpeed (remove only) --> "C:\Program Files\SightSpeed\uninst.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncMyCal --> MsiExec.exe /X{5F28CC00-224B-4DD1-A714-CFB148607645}
Tablet PC Tutorials for Microsoft Windows XP SP2 --> MsiExec.exe /X{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
Visual Studio 2005 Tools for Office Second Edition Runtime --> c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Desktop Search 3.01 --> MsiExec.exe /X {E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Desktop Search 3.01 --> MsiExec.exe /X{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type1144 / Error
Event Submitted/Written: 02/21/2008 10:02:44 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Roxio_Central33.exe, version 3.30.45.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1143 / Error
Event Submitted/Written: 02/21/2008 09:53:47 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application winamp.exe, version 5.5.1.1763, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1092 / Error
Event Submitted/Written: 02/21/2008 05:55:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winamp.exe, version 5.5.1.1763, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001095.
Processing media-specific event for [winamp.exe!ws!]

Event Record #/Type1048 / Error
Event Submitted/Written: 02/20/2008 05:30:51 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module ddayx.dll, version 0.0.0.0, fault address 0x000282a0.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1047 / Error
Event Submitted/Written: 02/20/2008 05:30:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module ddayx.dll, version 0.0.0.0, fault address 0x000282a0.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7256 / Error
Event Submitted/Written: 02/21/2008 08:26:58 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.116 for the Network Card with network address 00130283B48C has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type7223 / Error
Event Submitted/Written: 02/21/2008 08:18:41 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type7222 / Error
Event Submitted/Written: 02/21/2008 08:16:05 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type7221 / Error
Event Submitted/Written: 02/21/2008 08:16:05 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type7220 / Error
Event Submitted/Written: 02/21/2008 08:16:05 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished
  • 0

#10
kahdah
Posted 21 February 2008 - 09:30 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\ljjjggf.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\yydwyvla.dll
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\dylvfpmi.dll
C:\WINDOWS\system32\jhussphj.dll
C:\WINDOWS\system32\yydwyvla.dll
C:\WINDOWS\system32\wusjivwd.dll
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\cru629.dat
C:\WINDOWS\braviax.exe
C:\WINDOWS\yjicotyde.bat
C:\WINDOWS\system32\syzuhoxuqu.dat
C:\Program Files\Common Files\lezylef.pif
C:\Program Files\Common Files\feqe.scr
C:\Program Files\Common Files\cypaqu.dll
C:\Documents and Settings\Charles\Application Data\upumax.scr
C:\Documents and Settings\All Users\Application Data\yzikuxy.pif
C:\Documents and Settings\All Users\Application Data\saqoze.bin
C:\Documents and Settings\All Users\Application Data\osixafal.com
C:\WINDOWS\system32\hklhqayj.dll
C:\WINDOWS\system32\uocnmxkv.dll
C:\WINDOWS\system32\hfcfhtxv.dll
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\winistr.exe
C:\WINDOWS\mrofinu1535.exe
C:\WINDOWS\system32\au3305adc.dll

Folders to delete:
C:\WINDOWS\system32\windows

Registry keys to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Registry keys to delete:
HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjggf
HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\wpzifyyo
HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\yydwyvla


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh dss log or (kahdah.exe) by using Add/Reply
  • 0

Advertisements

#11
Yodoman
Posted 21 February 2008 - 09:43 PM

Yodoman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\amjnkbil

*******************

Script file located at: \??\C:\WINDOWS\gtqcrkmo.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\ljjjggf.dll deleted successfully.
File C:\WINDOWS\system32\ddayx.dll deleted successfully.
File C:\WINDOWS\system32\yydwyvla.dll deleted successfully.
File C:\WINDOWS\system32\braviax.exe deleted successfully.
File C:\WINDOWS\system32\dylvfpmi.dll deleted successfully.
File C:\WINDOWS\system32\jhussphj.dll deleted successfully.


File C:\WINDOWS\system32\yydwyvla.dll not found!
Deletion of file C:\WINDOWS\system32\yydwyvla.dll failed!

Could not process line:
C:\WINDOWS\system32\yydwyvla.dll
Status: 0xc0000034

File C:\WINDOWS\system32\wusjivwd.dll deleted successfully.
File C:\WINDOWS\system32\cru629.dat deleted successfully.


File C:\WINDOWS\system32\braviax.exe not found!
Deletion of file C:\WINDOWS\system32\braviax.exe failed!

Could not process line:
C:\WINDOWS\system32\braviax.exe
Status: 0xc0000034

File C:\WINDOWS\cru629.dat deleted successfully.
File C:\WINDOWS\braviax.exe deleted successfully.
File C:\WINDOWS\yjicotyde.bat deleted successfully.
File C:\WINDOWS\system32\syzuhoxuqu.dat deleted successfully.
File C:\Program Files\Common Files\lezylef.pif deleted successfully.
File C:\Program Files\Common Files\feqe.scr deleted successfully.
File C:\Program Files\Common Files\cypaqu.dll deleted successfully.
File C:\Documents and Settings\Charles\Application Data\upumax.scr deleted successfully.
File C:\Documents and Settings\All Users\Application Data\yzikuxy.pif deleted successfully.
File C:\Documents and Settings\All Users\Application Data\saqoze.bin deleted successfully.
File C:\Documents and Settings\All Users\Application Data\osixafal.com deleted successfully.
File C:\WINDOWS\system32\hklhqayj.dll deleted successfully.
File C:\WINDOWS\system32\uocnmxkv.dll deleted successfully.
File C:\WINDOWS\system32\hfcfhtxv.dll deleted successfully.
File C:\WINDOWS\system32\xyadd.ini2 deleted successfully.


File C:\WINDOWS\system32\ddayx.dll not found!
Deletion of file C:\WINDOWS\system32\ddayx.dll failed!

Could not process line:
C:\WINDOWS\system32\ddayx.dll
Status: 0xc0000034

File C:\WINDOWS\system32\users32.dat deleted successfully.
File C:\WINDOWS\system32\winistr.exe deleted successfully.
File C:\WINDOWS\mrofinu1535.exe deleted successfully.
File C:\WINDOWS\system32\au3305adc.dll deleted successfully.


Error: C:\WINDOWS\system32\windows is not a folder! It may instead be a file.
Deletion of folder C:\WINDOWS\system32\windows failed!

Could not process line:
C:\WINDOWS\system32\windows
Status: 0xc0000103


Registry key \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs not found!
Replacement with dummy of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs failed!
Status: 0xc0000034

Registry key HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjggf deleted successfully.
Registry key HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\wpzifyyo deleted successfully.
Registry key HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\yydwyvla deleted successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vwbppkeo

*******************

Script file located at: \??\C:\WINDOWS\xporjfsp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\ljjjggf.dll not found!
Deletion of file C:\WINDOWS\system32\ljjjggf.dll failed!

Could not process line:
C:\WINDOWS\system32\ljjjggf.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ddayx.dll not found!
Deletion of file C:\WINDOWS\system32\ddayx.dll failed!

Could not process line:
C:\WINDOWS\system32\ddayx.dll
Status: 0xc0000034



File C:\WINDOWS\system32\yydwyvla.dll not found!
Deletion of file C:\WINDOWS\system32\yydwyvla.dll failed!

Could not process line:
C:\WINDOWS\system32\yydwyvla.dll
Status: 0xc0000034

File C:\WINDOWS\system32\braviax.exe deleted successfully.


File C:\WINDOWS\system32\dylvfpmi.dll not found!
Deletion of file C:\WINDOWS\system32\dylvfpmi.dll failed!

Could not process line:
C:\WINDOWS\system32\dylvfpmi.dll
Status: 0xc0000034



File C:\WINDOWS\system32\jhussphj.dll not found!
Deletion of file C:\WINDOWS\system32\jhussphj.dll failed!

Could not process line:
C:\WINDOWS\system32\jhussphj.dll
Status: 0xc0000034



File C:\WINDOWS\system32\yydwyvla.dll not found!
Deletion of file C:\WINDOWS\system32\yydwyvla.dll failed!

Could not process line:
C:\WINDOWS\system32\yydwyvla.dll
Status: 0xc0000034



File C:\WINDOWS\system32\wusjivwd.dll not found!
Deletion of file C:\WINDOWS\system32\wusjivwd.dll failed!

Could not process line:
C:\WINDOWS\system32\wusjivwd.dll
Status: 0xc0000034

File C:\WINDOWS\system32\cru629.dat deleted successfully.


File C:\WINDOWS\system32\braviax.exe not found!
Deletion of file C:\WINDOWS\system32\braviax.exe failed!

Could not process line:
C:\WINDOWS\system32\braviax.exe
Status: 0xc0000034



Could not delete file C:\WINDOWS\cru629.dat
Deletion of file C:\WINDOWS\cru629.dat failed!

Could not process line:
C:\WINDOWS\cru629.dat
Status: 0xc0000035



Could not delete file C:\WINDOWS\braviax.exe
Deletion of file C:\WINDOWS\braviax.exe failed!

Could not process line:
C:\WINDOWS\braviax.exe
Status: 0xc0000035



File C:\WINDOWS\yjicotyde.bat not found!
Deletion of file C:\WINDOWS\yjicotyde.bat failed!

Could not process line:
C:\WINDOWS\yjicotyde.bat
Status: 0xc0000034



File C:\WINDOWS\system32\syzuhoxuqu.dat not found!
Deletion of file C:\WINDOWS\system32\syzuhoxuqu.dat failed!

Could not process line:
C:\WINDOWS\system32\syzuhoxuqu.dat
Status: 0xc0000034



File C:\Program Files\Common Files\lezylef.pif not found!
Deletion of file C:\Program Files\Common Files\lezylef.pif failed!

Could not process line:
C:\Program Files\Common Files\lezylef.pif
Status: 0xc0000034



File C:\Program Files\Common Files\feqe.scr not found!
Deletion of file C:\Program Files\Common Files\feqe.scr failed!

Could not process line:
C:\Program Files\Common Files\feqe.scr
Status: 0xc0000034



File C:\Program Files\Common Files\cypaqu.dll not found!
Deletion of file C:\Program Files\Common Files\cypaqu.dll failed!

Could not process line:
C:\Program Files\Common Files\cypaqu.dll
Status: 0xc0000034



File C:\Documents and Settings\Charles\Application Data\upumax.scr not found!
Deletion of file C:\Documents and Settings\Charles\Application Data\upumax.scr failed!

Could not process line:
C:\Documents and Settings\Charles\Application Data\upumax.scr
Status: 0xc0000034



File C:\Documents and Settings\All Users\Application Data\yzikuxy.pif not found!
Deletion of file C:\Documents and Settings\All Users\Application Data\yzikuxy.pif failed!

Could not process line:
C:\Documents and Settings\All Users\Application Data\yzikuxy.pif
Status: 0xc0000034



File C:\Documents and Settings\All Users\Application Data\saqoze.bin not found!
Deletion of file C:\Documents and Settings\All Users\Application Data\saqoze.bin failed!

Could not process line:
C:\Documents and Settings\All Users\Application Data\saqoze.bin
Status: 0xc0000034



File C:\Documents and Settings\All Users\Application Data\osixafal.com not found!
Deletion of file C:\Documents and Settings\All Users\Application Data\osixafal.com failed!

Could not process line:
C:\Documents and Settings\All Users\Application Data\osixafal.com
Status: 0xc0000034



File C:\WINDOWS\system32\hklhqayj.dll not found!
Deletion of file C:\WINDOWS\system32\hklhqayj.dll failed!

Could not process line:
C:\WINDOWS\system32\hklhqayj.dll
Status: 0xc0000034



File C:\WINDOWS\system32\uocnmxkv.dll not found!
Deletion of file C:\WINDOWS\system32\uocnmxkv.dll failed!

Could not process line:
C:\WINDOWS\system32\uocnmxkv.dll
Status: 0xc0000034



File C:\WINDOWS\system32\hfcfhtxv.dll not found!
Deletion of file C:\WINDOWS\system32\hfcfhtxv.dll failed!

Could not process line:
C:\WINDOWS\system32\hfcfhtxv.dll
Status: 0xc0000034



File C:\WINDOWS\system32\xyadd.ini2 not found!
Deletion of file C:\WINDOWS\system32\xyadd.ini2 failed!

Could not process line:
C:\WINDOWS\system32\xyadd.ini2
Status: 0xc0000034



File C:\WINDOWS\system32\ddayx.dll not found!
Deletion of file C:\WINDOWS\system32\ddayx.dll failed!

Could not process line:
C:\WINDOWS\system32\ddayx.dll
Status: 0xc0000034



File C:\WINDOWS\system32\users32.dat not found!
Deletion of file C:\WINDOWS\system32\users32.dat failed!

Could not process line:
C:\WINDOWS\system32\users32.dat
Status: 0xc0000034



File C:\WINDOWS\system32\winistr.exe not found!
Deletion of file C:\WINDOWS\system32\winistr.exe failed!

Could not process line:
C:\WINDOWS\system32\winistr.exe
Status: 0xc0000034



File C:\WINDOWS\mrofinu1535.exe not found!
Deletion of file C:\WINDOWS\mrofinu1535.exe failed!

Could not process line:
C:\WINDOWS\mrofinu1535.exe
Status: 0xc0000034



File C:\WINDOWS\system32\au3305adc.dll not found!
Deletion of file C:\WINDOWS\system32\au3305adc.dll failed!

Could not process line:
C:\WINDOWS\system32\au3305adc.dll
Status: 0xc0000034



Error: C:\WINDOWS\system32\windows is not a folder! It may instead be a file.
Deletion of folder C:\WINDOWS\system32\windows failed!

Could not process line:
C:\WINDOWS\system32\windows
Status: 0xc0000103


Registry key \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs not found!
Replacement with dummy of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs failed!
Status: 0xc0000034



Registry key HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjggf not found!
Deletion of registry key HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjggf failed!
Status: 0xc0000034



Registry key HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\wpzifyyo not found!
Deletion of registry key HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\wpzifyyo failed!
Status: 0xc0000034



Registry key HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\yydwyvla not found!
Deletion of registry key HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\yydwyvla failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.















Deckard's System Scanner v20071014.68
Run by Charles on 2008-02-21 22:42:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-21 22:42:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\tabbtnu.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Synchronization Technologies Inc\SyncMyCal\SyncMyCal.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charles\Desktop\kadah.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
O2 - BHO: (no name) - {0F047431-17BC-462F-AB4E-9951024AEFC7} - (no file)
O2 - BHO: (no name) - {393C2547-B2AB-422C-87AF-385238C73416} - C:\WINDOWS\system32\ljjjggf.dll (file missing)
O2 - BHO: (no name) - {76AB0B87-C830-4CE6-A8BD-BF847484E4EC} - (no file)
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SyncMyCal] C:\Program Files\Synchronization Technologies Inc\SyncMyCal\SyncMyCal.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: ljjjggf - C:\WINDOWS\system32\
O20 - Winlogon Notify: wpzifyyo - C:\WINDOWS\system32\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


--
End of file - 10813 bytes

-- Files created between 2008-01-21 and 2008-02-21 -----------------------------

2008-02-21 22:41:34 6656 --a------ C:\WINDOWS\system32\users32.dat
2008-02-21 22:41:33 308712 --a------ C:\WINDOWS\system32\winistr.exe
2008-02-21 22:37:44 0 --------- C:\WINDOWS\system32\drivers\b
2008-02-21 22:36:17 60416 --a------ C:\WINDOWS\system32\drivers\myvahfxa.sys
2008-02-21 22:35:35 60416 --a------ C:\WINDOWS\system32\drivers\lkdwglvw.sys
2008-02-21 22:35:35 1080 --a------ C:\dvsmavpl.bat
2008-02-21 22:02:29 3624 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-21 21:57:37 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-21 21:57:37 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-21 21:57:37 85504 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-21 21:57:37 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-21 21:57:37 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-21 21:57:37 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-21 21:57:37 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-21 21:15:15 7168 --a------ C:\WINDOWS\system32\windows
2008-02-21 21:04:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-02-21 21:04:45 0 d-------- C:\Documents and Settings\Charles\Application Data\Roxio
2008-02-21 20:51:29 0 d-------- C:\WINDOWS\system32\DLA
2008-02-21 20:51:02 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-21 20:50:27 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-02-21 20:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-21 20:48:58 0 d-------- C:\Program Files\SightSpeed
2008-02-21 20:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-21 20:45:45 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-02-21 20:45:45 0 d-------- C:\Program Files\Common Files\SightSpeed
2008-02-21 20:45:44 0 d-------- C:\Program Files\Roxio
2008-02-21 20:45:18 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-02-21 10:09:38 6144 --a------ C:\WINDOWS\cru629.dat
2008-02-21 10:09:38 13312 --a------ C:\WINDOWS\braviax.exe
2008-02-20 12:40:33 0 d--hs---- C:\WINDOWS\CSC
2008-02-18 01:06:47 0 d-------- C:\Documents and Settings\Charles\Application Data\Apple Computer
2008-02-18 01:06:37 0 d-------- C:\Program Files\iPod
2008-02-18 01:06:33 0 d-------- C:\Program Files\iTunes
2008-02-18 01:05:42 0 d-------- C:\Program Files\QuickTime
2008-02-18 01:05:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-18 01:05:25 0 d-------- C:\Program Files\Apple Software Update
2008-02-18 01:05:10 0 d-------- C:\Program Files\Common Files\Apple
2008-02-18 01:05:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-15 13:24:25 0 d-------- C:\Program Files\Apollo DVD Copy
2008-02-15 13:07:14 0 d-------- C:\Program Files\NewTech Infosystems
2008-02-15 13:07:12 116 -r-h----- C:\WINDOWS\system32\NTICDMK32.dll
2008-02-15 13:07:04 6016 --a------ C:\WINDOWS\system32\drivers\NTIDrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
2008-02-09 16:11:45 0 d-------- C:\WINDOWS\system32\(null)202
2008-02-07 09:46:20 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-07 09:46:20 3453 --a------ C:\WINDOWS\unins000.dat
2008-02-06 14:14:42 11 --a------ C:\WINDOWS\system32\(null)id
2008-02-06 13:23:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-02-05 11:03:14 0 d-------- C:\Documents and Settings\Charles\Application Data\skypePM
2008-02-05 11:03:14 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-05 11:01:27 0 d-------- C:\Documents and Settings\Charles\Application Data\Skype
2008-02-05 11:01:12 0 d-------- C:\Program Files\Skype
2008-02-05 11:01:11 0 d-------- C:\Program Files\Common Files\Skype
2008-02-05 11:01:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-03 20:37:12 0 d-------- C:\Documents and Settings\Charles\Application Data\WinRAR
2008-02-02 17:48:36 0 d-------- C:\Program Files\Synchronization Technologies Inc
2008-02-02 17:47:18 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-02-02 17:18:13 0 d-------- C:\Documents and Settings\Charles\Application Data\SyncMyCal
2008-02-02 16:30:57 0 d-------- C:\Documents and Settings\Charles\Application Data\RemoteCalendars
2008-01-31 23:30:03 0 d--h----- C:\WINDOWS\PIF
2008-01-31 22:10:16 0 d-------- C:\Documents and Settings\Charles\Application Data\Windows Desktop Search
2008-01-31 22:09:39 0 d-------- C:\Program Files\Windows Desktop Search
2008-01-28 11:49:10 0 d-------- C:\Program Files\MSBuild
2008-01-28 11:39:32 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-01-28 11:39:32 0 d-------- C:\Documents and Settings\Charles\Application Data\DAEMON Tools
2008-01-28 11:35:12 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-26 23:10:05 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-26 23:07:46 0 d-------- C:\Program Files\Bonjour
2008-01-26 23:02:07 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-26 21:19:28 0 d-------- C:\Program Files\Google
2008-01-26 21:19:28 0 d-------- C:\Documents and Settings\Charles\Application Data\Google
2008-01-26 21:05:27 0 d-------- C:\Program Files\Microsoft Works
2008-01-26 21:05:11 0 d-------- C:\Program Files\Microsoft.NET
2008-01-26 21:04:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-26 21:04:00 0 dr-h----- C:\MSOCache
2008-01-26 07:09:35 0 d-------- C:\Documents and Settings\Charles\Application Data\elefundesktops
2008-01-26 07:00:13 10 --a------ C:\Documents and Settings\Charles\(null)id


-- Find3M Report ---------------------------------------------------------------

2008-02-21 22:39:55 0 d-------- C:\Program Files\Common Files
2008-02-21 20:49:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-21 20:47:06 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-21 15:40:13 13009 --a------ C:\Documents and Settings\Charles\Application Data\Comma Separated Values (Windows).CAL
2008-02-21 15:39:29 38473 --a------ C:\Documents and Settings\Charles\Application Data\Comma Separated Values (Windows).ADR
2008-02-20 15:56:06 19923 --a------ C:\Program Files\Common Files\epepyfas.inf
2008-02-19 16:20:12 0 d-------- C:\Program Files\Trillian
2008-02-18 19:01:11 0 d-------- C:\Documents and Settings\Charles\Application Data\Azureus
2008-02-02 16:54:12 0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-01 12:27:42 0 d-------- C:\Documents and Settings\Charles\Application Data\OpenOffice.org2
2008-01-28 10:35:05 0 d-------- C:\Documents and Settings\Charles\Application Data\Adobe
2008-01-26 23:07:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-25 23:01:58 0 d-------- C:\Program Files\World of Warcraft
2008-01-17 22:41:06 0 d-------- C:\Documents and Settings\Charles\Application Data\U3
2008-01-15 17:57:18 0 d-------- C:\Program Files\Java
2008-01-13 22:35:53 134374 --a------ C:\Documents and Settings\Charles\Application Data\Cosmos Prefs
2008-01-12 14:52:59 0 d-------- C:\Program Files\Security Task Manager
2008-01-08 16:05:43 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-01 23:15:45 0 d-------- C:\Program Files\Xvid
2008-01-01 23:14:54 0 d-------- C:\Program Files\DivX
2007-12-31 05:46:39 0 d-------- C:\Documents and Settings\Charles\Application Data\Sun
2007-12-27 20:21:47 0 d-------- C:\Documents and Settings\Charles\Application Data\InstallShield
2007-12-27 20:00:34 0 d-------- C:\Program Files\Intel
2007-12-25 23:38:23 1158 --a------ C:\WINDOWS\mozver.dat
2007-12-25 01:57:37 48456 --a------ C:\WINDOWS\system32\UninstallElectricSheep.exe
2007-12-25 01:17:11 0 d-------- C:\Program Files\Lavasoft
2007-12-25 01:16:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 17:28:25 0 d-------- C:\Program Files\Azureus
2007-12-24 17:25:30 0 d-------- C:\Program Files\LimeWire
2007-12-24 17:24:49 0 d-------- C:\Program Files\Common Files\Java
2007-12-24 16:44:56 0 d-------- C:\Documents and Settings\Charles\Application Data\Winamp
2007-12-24 16:39:26 0 d-------- C:\Program Files\Winamp
2007-12-24 16:30:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-24 16:30:35 0 d-------- C:\Documents and Settings\Charles\Application Data\Mozilla
2007-12-24 14:42:49 0 d-------- C:\Documents and Settings\Charles\Application Data\Yahoo!
2007-12-24 14:40:18 0 d-------- C:\Program Files\Yahoo!
2007-12-24 14:39:54 0 d-------- C:\Program Files\Cosmi


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F047431-17BC-462F-AB4E-9951024AEFC7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{393C2547-B2AB-422C-87AF-385238C73416}]
C:\WINDOWS\system32\ljjjggf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76AB0B87-C830-4CE6-A8BD-BF847484E4EC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [08/04/2004 07:00 AM]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [08/04/2004 07:00 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/07/2005 12:54 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/07/2005 12:52 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 01:55 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 01:56 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [09/29/2006 12:39 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 01:55 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 04:52 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 04:55 PM]
"SigmatelSysTrayApp"="stsystra.exe" [12/27/2005 10:20 AM C:\WINDOWS\stsystra.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [07/31/2006 09:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/17/2008 11:51 AM]
"SyncMyCal"="C:\Program Files\Synchronization Technologies Inc\SyncMyCal\SyncMyCal.exe" [01/11/2008 06:21 PM]
"braviax"="C:\WINDOWS\system32\braviax.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta

C:\Documents and Settings\Charles\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]
"{393C2547-B2AB-422C-87AF-385238C73416}"= C:\WINDOWS\system32\ljjjggf.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjggf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 08/04/2004 07:00 AM 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 08/29/2002 05:41 AM 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 08/04/2004 07:00 AM 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wpzifyyo]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-02-21 22:43:05 ------------
  • 0

#12
kahdah
Posted 21 February 2008 - 09:52 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#13
Yodoman
Posted 21 February 2008 - 10:11 PM

Yodoman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Don't know if this is normal, but upon opening of the log after it removed the files, a window came up saying that some Windows Files had been replaced by unknown files and prompted me to put in an XP cd. I chose not to and proceeded with the reboot.....hope that was right....




Malwarebytes' Anti-Malware 1.05
Database version: 391

Scan type: Quick Scan
Objects scanned: 31271
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{393c2547-b2ab-422c-87af-385238c73416} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{393c2547-b2ab-422c-87af-385238c73416} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{393c2547-b2ab-422c-87af-385238c73416} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wpzifyyo.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yydwyvla.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (BackDoor.Ntrootkit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\users32.dat (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\windows (Trojan.Zapchast) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winistr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (BackDoor.Ntrootkit) -> Quarantined and deleted successfully.
C:\WINDOWS\braviax.exe (Rogue.Installer) -> Delete on reboot.
C:\WINDOWS\cru629.dat (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charles\Local Settings\Temporary Internet Files\Content.IE5\Y7O9KNOF\Installer[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charles\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
  • 0

#14
kahdah
Posted 22 February 2008 - 03:06 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
It is because of these files that were overwritten by malware:
C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
luckily this can be replaced.
======================================
Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum

  • 0

#15
Yodoman
Posted 22 February 2008 - 08:33 AM

Yodoman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Everything is looking pretty good, I ran AVG last night when I didn't hear anything else from you after my last post, I don't think that interfered with your process, if so then I apologize. Here's the report though....





SDFix: Version 1.144

Run by Charles on Fri 02/22/2008 at 09:17 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Charles\Desktop\SDFix

Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 09:21:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f4,84,99,99,45,74,29,c6,8b,fa,8c,7e,44,45,00,35,2d,78,6f,d0,03,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,98,a7,01,b6,19,e7,58,65,50,ee,37,51,1c,be,5d,84,be,..
"khjeh"=hex:74,82,76,b8,33,18,2c,9f,aa,d5,12,40,e4,fa,c3,9f,a8,54,86,ef,7f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e1,b7,f0,d5,c5,b0,39,bb,aa,b0,5b,18,22,1b,b9,92,0c,3a,5a,79,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f4,84,99,99,45,74,29,c6,8b,fa,8c,7e,44,45,00,35,2d,78,6f,d0,03,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,98,a7,01,b6,19,e7,58,65,50,ee,37,51,1c,be,5d,84,be,..
"khjeh"=hex:74,82,76,b8,33,18,2c,9f,aa,d5,12,40,e4,fa,c3,9f,a8,54,86,ef,7f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e1,b7,f0,d5,c5,b0,39,bb,aa,b0,5b,18,22,1b,b9,92,0c,3a,5a,79,56,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000034
"TracesSuccessful"=dword:00000002

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\WINDOWS\\system32\\ElectricSheep.scr"="C:\\WINDOWS\\system32\\ElectricSheep.scr:*:Enabled:ElectricSheep"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:



Files with Hidden Attributes:

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 15 Feb 2008 116 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Sun 29 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\BITF.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT6.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT4.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT8.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT7.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT9.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT5.tmp"
Thu 28 Oct 2004 977,218 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Inthelp\inthelp.exe"
Wed 13 Oct 2004 871,373 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Inthelp\fscommand\FAQ_1.exe"
Wed 13 Oct 2004 871,373 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Inthelp\fscommand\FAQ_2.exe"
Wed 13 Oct 2004 871,373 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Inthelp\fscommand\FAQ_3.exe"
Wed 13 Oct 2004 871,373 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Inthelp\fscommand\FAQ_4.exe"
Mon 28 Jan 2008 20,480 A..H. --- "C:\Documents and Settings\Charles\Local Settings\Application Data\Microsoft\Journal\Cache\NB5.tmp"
Mon 28 Jan 2008 20,480 A..H. --- "C:\Documents and Settings\Charles\Local Settings\Application Data\Microsoft\Journal\Cache\NB77.tmp"
Mon 28 Apr 2003 36,864 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Driver\Inst\ENGLISH\LN2030.exe"
Mon 28 Apr 2003 36,864 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Driver\Inst\ENGLISH\LN2040.exe"
Mon 28 Apr 2003 36,864 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Driver\Inst\ENGLISH\LN2070N.exe"
Thu 26 Aug 2004 28,672 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Driver\Inst\ENGLISH\NWPP2.dll"
Mon 13 Sep 2004 204,800 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Driver\Inst\ENGLISH\PSDLL.dll"
Thu 15 Jul 2004 117,200 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Driver\Inst\ENGLISH\setup.exe"
Thu 30 Sep 2004 77,824 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Driver\Inst\ENGLISH\_IsUser2.dll"
Tue 21 Oct 2003 45,056 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Network\Portdrv\ENGLISH\PtrcENG.dll"
Mon 18 Feb 2008 43,304 A..H. --- "C:\Deckard\System Scanner\20080221224204\backup\DOCUME~1\Charles\LOCALS~1\Temp\[email protected]"
Mon 18 Feb 2008 36,536 A..H. --- "C:\Deckard\System Scanner\20080221224204\backup\DOCUME~1\Charles\LOCALS~1\Temp\[email protected]"
Mon 18 Feb 2008 28,520 A..H. --- "C:\Deckard\System Scanner\20080221224204\backup\DOCUME~1\Charles\LOCALS~1\Temp\[email protected]"
Mon 18 Feb 2008 1,409 A..H. --- "C:\Deckard\System Scanner\20080221224204\backup\DOCUME~1\Charles\LOCALS~1\Temp\[email protected]"
Mon 18 Feb 2008 1,409 A..H. --- "C:\Deckard\System Scanner\20080221224204\backup\DOCUME~1\Charles\LOCALS~1\Temp\[email protected]"
Mon 18 Feb 2008 1,409 A..H. --- "C:\Deckard\System Scanner\20080221224204\backup\DOCUME~1\Charles\LOCALS~1\Temp\[email protected]"
Tue 25 Jan 2005 86,016 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Network\Portdrv\ENGLISH\BLP95\blpmon.dll"
Thu 20 Jan 2005 57,344 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Network\Portdrv\ENGLISH\BLP95\BlpRC.dll"
Tue 25 Jan 2005 33,792 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Network\Portdrv\ENGLISH\BLPNT\blpmon.dll"
Thu 20 Jan 2005 57,344 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Network\Portdrv\ENGLISH\BLPNT\BlpRC.dll"
Tue 10 Jun 2003 57,344 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Network\Portdrv\ENGLISH\BNT95\BntRC.dll"
Fri 25 Jul 2003 73,728 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Network\Portdrv\ENGLISH\BNT95\brntmn95.dll"
Tue 10 Jun 2003 57,344 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Network\Portdrv\ENGLISH\BNTNT\BntRC.dll"
Fri 25 Jul 2003 77,824 A..H. --- "C:\Documents and Settings\Charles\My Documents\ENGLISH\Network\Portdrv\ENGLISH\BNTNT\brntmnnt.dll"

Finished!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP