hi,
here you go. the antivirus is the program i took off and did not install the new version yet (AVG)
Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINDOWS\system32\huqenhiu.dll
C:\WINDOWS\system32\huqenhiu.dll NOT unregistered.
C:\WINDOWS\system32\huqenhiu.dll moved successfully.
File/Folder C:\WINDOWS\system32\msasvc.exe not found.
File/Folder C:\WINDOWS\system32\msnins.exe not found.
< purity >
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05042008_160805
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 04, 2008 7:59:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 739760
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan Statistics:
Total number of scanned objects: 107264
Number of viruses found: 14
Number of infected objects: 62
Number of suspicious objects: 0
Duration of the scan process: 02:40:15
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ATI MMC\AtiCCap.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ATI MMC\ATICCDB.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ATI MMC\ATi_MLDB.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ATI MMC\ATi_MLDB.mdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ATI MMC\ErrorLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ATI MMC\TV-Live.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ATI MMC\TV-Play.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dad\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Incomplete\CORRUPT-0-Wicked Remix (mama).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\vmware-Dad\K3YHUP83\desktop.ini Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dad\My Documents\Download_1clickdvdcopyprosetuprn3[1].1.3.5.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\Documents and Settings\Dad\My Documents\PC Games-The Sims 2 - University.zip/Sims2 University.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya skipped
C:\Documents and Settings\Dad\My Documents\PC Games-The Sims 2 - University.zip/Sims2 University.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\Documents and Settings\Dad\My Documents\PC Games-The Sims 2 - University.zip/Sims2 University.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\Documents and Settings\Dad\My Documents\PC Games-The Sims 2 - University.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Dad\ntuser.dat Object is locked skipped
C:\Documents and Settings\Dad\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\NNSCAA638.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\LogMeIn\update\2-30-545.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c skipped
C:\Program Files\LogMeIn\update\2-30-547.bak\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\LogMeIn\update\2-30-547.bak\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\LogMeIn\update\2-30-547.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c skipped
C:\Program Files\LogMeIn\update\2-30-555.bak\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\LogMeIn\update\2-30-555.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c skipped
C:\Program Files\Windows TaskAd\WinProject.dll Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\Program Files\Windows TaskAd\WinSched.exe Infected: not-a-virus:AdWare.Win32.WinAD skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{714AD81B-1B28-4C51-BC39-06358DBB0CE8}\RP244\A0040329.exe Infected: Trojan.Win32.Delf.bur skipped
C:\System Volume Information\_restore{714AD81B-1B28-4C51-BC39-06358DBB0CE8}\RP284\A0043996.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{714AD81B-1B28-4C51-BC39-06358DBB0CE8}\RP287\A0044193.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{714AD81B-1B28-4C51-BC39-06358DBB0CE8}\RP288\A0044221.exe/data0000.cab/is202093.exe Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{714AD81B-1B28-4C51-BC39-06358DBB0CE8}\RP288\A0044221.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{714AD81B-1B28-4C51-BC39-06358DBB0CE8}\RP288\A0044221.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{714AD81B-1B28-4C51-BC39-06358DBB0CE8}\RP288\change.log Object is locked skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Ad-Aware 2007 Pro 7.0.2.6/Lavasoft Ad-Aware 2007 PRO 7.0.2.6.exe/data0000.cab/is202093.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Ad-Aware 2007 Pro 7.0.2.6/Lavasoft Ad-Aware 2007 PRO 7.0.2.6.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Ad-Aware 2007 Pro 7.0.2.6/Lavasoft Ad-Aware 2007 PRO 7.0.2.6.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/HijackThis 2.0.2/HijackThis 2.0.2.exe/data0000.cab/is202093.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/HijackThis 2.0.2/HijackThis 2.0.2.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/HijackThis 2.0.2/HijackThis 2.0.2.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spy Sweeper 5.5.7.48/Webroot Spy Sweeper 5.5.7.48.exe/data0000.cab/is202093.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spy Sweeper 5.5.7.48/Webroot Spy Sweeper 5.5.7.48.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spy Sweeper 5.5.7.48/Webroot Spy Sweeper 5.5.7.48.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spybot Search & Destroy 1.5.2/Spybot Search & Destroy 1.5.2.exe/data0000.cab/is202093.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spybot Search & Destroy 1.5.2/Spybot Search & Destroy 1.5.2.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spybot Search & Destroy 1.5.2/Spybot Search & Destroy 1.5.2.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spyware Blaster 3.5.1/Spyware Blaster 3.5.1.exe/data0000.cab/is202093.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spyware Blaster 3.5.1/Spyware Blaster 3.5.1.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spyware Blaster 3.5.1/Spyware Blaster 3.5.1.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spyware Doctor 5.5.0.204/Spyware Doctor 5.5.0.204.exe/data0000.cab/is202093.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spyware Doctor 5.5.0.204/Spyware Doctor 5.5.0.204.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/Spyware Doctor 5.5.0.204/Spyware Doctor 5.5.0.204.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/SUPERAntiSpyware Professional 4.0.0.1146/Setup.exe/data0000.cab/is202093.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/SUPERAntiSpyware Professional 4.0.0.1146/Setup.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip/Anti-Spyware/SUPERAntiSpyware Professional 4.0.0.1146/Setup.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Torrents\Anti-Spyware.zip ZIP: infected - 21 skipped
C:\Torrents\Over 300 serials & keygens\over 300 serials & keygen\avast keygen.exe/packed Infected: Trojan-Downloader.JS.IstBar.j skipped
C:\Torrents\Over 300 serials & keygens\over 300 serials & keygen\avast keygen.exe GZIP: infected - 1 skipped
C:\Torrents\WGA_Crack_Working_All_Versions.zip/install.exe Infected: Trojan-Downloader.Win32.Agent.ejw skipped
C:\Torrents\WGA_Crack_Working_All_Versions.zip ZIP: infected - 1 skipped
C:\ventfe1.exe/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.e skipped
C:\ventfe1.exe NSIS: infected - 1 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\aaawfaqq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cv3wanv28.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7213.sys Object is locked skipped
C:\WINDOWS\system32\dsgkugyq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\iiffFyVL.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkkLBtSL.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\khfGYoOe.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\koqslacq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ljJDUklL.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\mlJCSkhE.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\nnnoPIaw.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\qtawmtqj.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\05042008_160805\WINDOWS\system32\huqenhiu.dll Infected: Trojan.Win32.Monder.gen skipped
Scan process completed.
Deckard's System Scanner v20071014.68
Run by Dad on 2008-05-04 20:02:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
109: 2008-05-05 00:02:21 UTC - RP289 - Deckard's System Scanner Restore Point
108: 2008-05-04 14:15:55 UTC - RP288 - System Checkpoint
107: 2008-05-03 13:38:12 UTC - RP287 - Installed Ad-Aware 2007
106: 2008-05-02 20:54:42 UTC - RP286 - Installed AVG 7.5
105: 2008-05-02 20:54:17 UTC - RP285 - Removed AVG 7.5
-- First Restore Point --
1: 2008-05-02 18:06:34 UTC - RP181 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Dad.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:50 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
C:\HIJACK~1\Dad.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {2D287CBB-F7BB-49A2-9575-64786F7D4D33} - C:\WINDOWS\system32\mlJCSkhE.dll
O2 - BHO: (no name) - {654EDA56-A28C-4882-AAE8-6510FE4D7F82} - C:\WINDOWS\system32\ljJDUklL.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {e90a62eb-4a27-6bb8-b4f4-f1a1d4100cab} - {bac0014d-1a1f-4f4b-8bb6-72a4be26a09e} - C:\WINDOWS\system32\qtawmtqj.dll
O2 - BHO: (no name) - {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} - C:\WINDOWS\system32\iiffFyVL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [BMfff58a50] Rundll32.exe "C:\WINDOWS\system32\huqenhiu.dll",s
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -
http://www.symantec....trl/tgctlsi.cabO16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
http://www.symantec....trl/tgctlsr.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
http://www.symantec....rl/LSSupCtl.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemreq.../sysreqlab2.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec....rl/SymAData.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logme...ivex/RACtrl.cabO20 - Winlogon Notify: iiffFyVL - C:\WINDOWS\SYSTEM32\iiffFyVL.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
--
End of file - 4303 bytes
-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------
backup-20060820-022332-844 O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
backup-20060820-094918-561 R3 - Default URLSearchHook is missing
backup-20060820-094918-632 O20 - Winlogon Notify: SMDEn - C:\WINDOWS\
backup-20060820-094918-790 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
backup-20060820-095056-456 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
backup-20060820-100103-399 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20060820-100103-490 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20060820-100103-544 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
backup-20060820-141128-196 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20060820-141128-801 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
backup-20060820-141128-973 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
backup-20060820-141159-241 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
backup-20061015-182815-996 O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
backup-20061230-163949-110 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-163949-137 O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels1118.exe
backup-20061230-163949-199 O2 - BHO: (no name) - {371EE1EF-F177-1390-7807-08525DC0E55C} - C:\WINDOWS\system32\nweipeg.dll (file missing)
backup-20061230-163949-398 O4 - HKLM\..\Run: [once balm 64 title] C:\Documents and Settings\All Users\Application Data\Vga audio once balm\axisblah.exe
backup-20061230-163949-523 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-163949-567 O4 - HKCU\..\Run: [help each] C:\DOCUME~1\Dad\APPLIC~1\4BLAHA~1\Does Way.exe
backup-20061230-163949-614 O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
backup-20061230-163949-743 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-163949-815 O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels1118.exe
backup-20061230-163949-826 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-163949-932 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-163949-981 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-164023-727 O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
backup-20061230-170622-180 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-170622-381 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-170622-559 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-170622-710 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-170622-785 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-170622-901 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-170622-909 O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
backup-20061230-170711-149 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-170711-332 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-170711-339 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-170711-409 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-170711-839 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-170711-886 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-222635-232 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-222635-315 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-222635-407 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-222635-450 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-222635-628 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-222635-717 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-222635-916 O4 - HKCU\..\Run: [help each] C:\DOCUME~1\Dad\APPLIC~1\4BLAHA~1\Does Way.exe
backup-20061231-023455-254 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-023455-286 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-023455-463 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-023455-474 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-023455-557 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-023455-649 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-032204-256 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-032204-345 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-032204-441 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-032204-522 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-032204-544 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-032204-604 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-150340-156 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-150340-334 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-150340-424 O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
backup-20061231-150340-520 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-150340-561 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-150340-622 O4 - HKCU\..\Run: [help each] C:\DOCUME~1\Dad\APPLIC~1\4BLAHA~1\Does Way.exe
backup-20061231-150340-781 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-150340-864 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-152645-420 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-152645-575 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-152645-687 O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
backup-20061231-152645-784 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-152645-795 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-152645-878 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-152645-886 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabbackup-20061231-152645-970 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-161948-147 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-161948-250 O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
backup-20061231-161948-627 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-161948-741 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-161948-784 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-161948-848 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-161948-962 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20070119-102704-965 O4 - HKCU\..\Run: [help each] C:\DOCUME~1\Dad\APPLIC~1\4BLAHA~1\Does Way.exe
backup-20070129-181308-492 O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Dad\Local Settings\Application Data\hrcopul.dll",vuljcec
backup-20071026-002019-312 O4 - HKLM\..\Run: [close surf mail dupe] C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf\DVD CAKE.exe
backup-20071026-002019-394 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20071026-002019-486 O4 - HKCU\..\Run: [help each] C:\DOCUME~1\Dad\APPLIC~1\4BLAHA~1\Does Way.exe
backup-20071209-173124-352 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20071209-173124-384 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20071209-173124-572 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
backup-20071209-173124-651 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20071209-173124-655 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
backup-20071209-173124-747 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
backup-20071215-120627-151 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20071215-120627-976 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080219-233558-628 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080219-233558-711 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080504-094051-779 O4 - HKLM\..\Run: [BMfff58a50] Rundll32.exe "C:\WINDOWS\system32\huqenhiu.dll",s
backup-20080504-094051-999 O4 - HKLM\..\Run: [fcc6b9cc] rundll32.exe "C:\WINDOWS\system32\koqslacq.dll",b
backup-20080504-095910-133 O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
backup-20080504-095910-308 O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
backup-20080504-095910-779 O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
backup-20080504-095910-912 O23 - Service: MSN Auto-Update Util (MSNAuto-IT) - Unknown owner - C:\WINDOWS\system32\msnins.exe (file missing)
backup-20080504-095925-543 O4 - HKLM\..\Run: [BMfff58a50] Rundll32.exe "C:\WINDOWS\system32\huqenhiu.dll",s
backup-20080504-110434-856 O4 - HKLM\..\Run: [BMfff58a50] Rundll32.exe "C:\WINDOWS\system32\huqenhiu.dll",s
backup-20080504-160629-491 O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://pcpitstop.com...p/PCPitStop.CABbackup-20080504-160629-512 O4 - HKLM\..\Run: [BMfff58a50] Rundll32.exe "C:\WINDOWS\system32\huqenhiu.dll",s
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 RT2500 (RT2500 Wireless Driver) - c:\windows\system32\drivers\rt2500.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless PCI Adapters>
S3 ATI Remote Wonder II - c:\windows\system32\drivers\atirwvd.sys (file missing)
S3 ezplay (VSO Software ezplay) - c:\windows\system32\drivers\ezplay.sys <Not Verified; VSO Software; ezplay driver>
S3 Usblink (Usblink Driver) - c:\windows\system32\drivers\ulink.sys <Not Verified; ; USB SUPERLINK ADAPTER>
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys <Not Verified; VMware, Inc.; VMware virtual network adapter driver (32-bit)>
S3 Wdm1 (USB Bridge Cable Driver) - c:\windows\system32\drivers\usbbc.sys <Not Verified; ; PC-Linq Bridge Cable>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" (file missing)
S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-04 02:12:00 336 --a------ C:\WINDOWS\Tasks\Ad-Aware SE Professional.job
2008-05-03 06:35:00 324 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
-- Files created between 2008-04-04 and 2008-05-04 -----------------------------
2008-05-04 16:20:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 16:20:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-04 16:20:38 0 d-------- C:\WINDOWS\LastGood
2008-05-04 11:55:55 41984 --a------ C:\WINDOWS\system32\khfGYoOe.dll
2008-05-04 04:49:54 108096 --a------ C:\WINDOWS\system32\qtawmtqj.dll
2008-05-04 04:47:03 95296 --a------ C:\WINDOWS\system32\koqslacq.dll
2008-05-03 09:38:15 0 d-------- C:\Program Files\Lavasoft
2008-05-03 09:38:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-03 09:37:44 41984 --a------ C:\WINDOWS\system32\nnnoPIaw.dll
2008-05-03 09:29:44 0 d-------- C:\Program Files\SpywareBlaster
2008-05-03 09:29:21 41984 --a------ C:\WINDOWS\system32\jkkLBtSL.dll
2008-05-03 04:47:01 104512 --a------ C:\WINDOWS\system32\dsgkugyq.dll
2008-05-03 04:46:54 103488 --a------ C:\WINDOWS\system32\aaawfaqq.dll
2008-05-02 16:54:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-02 16:43:30 541823 --ahs---- C:\WINDOWS\system32\EhkSCJlm.ini2
2008-05-02 16:43:28 280576 --a------ C:\WINDOWS\system32\mlJCSkhE.dll
2008-05-02 14:06:24 6771 --ahs---- C:\WINDOWS\system32\LlkUDJjl.ini2
2008-05-02 14:01:10 41984 --a------ C:\WINDOWS\system32\iiffFyVL.dll
2008-05-01 18:20:55 0 dr-h----- C:\Documents and Settings\Dad\Recent
2008-04-12 11:30:15 0 d-------- C:\Program Files\SystemRequirementsLab
2008-04-10 18:46:43 0 d-------- C:\Documents and Settings\Lauren\Application Data\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-05-04 16:40:43 0 d-------- C:\Documents and Settings\Dad\Application Data\ATI MMC
2008-05-04 09:21:16 0 d-------- C:\Program Files\LogMeIn
2008-05-04 09:13:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Vso
2008-05-03 09:37:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 17:52:07 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft
2008-04-27 22:03:11 0 d-------- C:\Documents and Settings\Dad\Application Data\LimeWire
2008-04-27 21:25:59 0 d-------- C:\Program Files\LimeWire
2008-04-18 09:01:17 0 d-------- C:\Documents and Settings\Dad\Application Data\dvdcss
2008-04-12 11:55:26 0 d-------- C:\Program Files\Java
2008-04-12 11:43:29 0 d-a------ C:\Program Files\Common Files
2008-04-11 20:29:44 0 d-------- C:\Documents and Settings\Dad\Application Data\VMware
2008-03-06 18:08:24 34 --a------ C:\Documents and Settings\Dad\Application Data\pcouffin.log
2008-03-06 18:08:19 47360 --a------ C:\Documents and Settings\Dad\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-06 18:08:19 1144 --a------ C:\Documents and Settings\Dad\Application Data\pcouffin.inf
2008-03-06 18:08:19 7887 --a------ C:\Documents and Settings\Dad\Application Data\pcouffin.cat
2008-03-06 18:08:17 0 d-------- C:\Program Files\1Click DVD Copy Pro
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D287CBB-F7BB-49A2-9575-64786F7D4D33}]
05/02/2008 04:43 PM 280576 --a------ C:\WINDOWS\system32\mlJCSkhE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{654EDA56-A28C-4882-AAE8-6510FE4D7F82}]
C:\WINDOWS\system32\ljJDUklL.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bac0014d-1a1f-4f4b-8bb6-72a4be26a09e}]
05/04/2008 04:49 AM 108096 --a------ C:\WINDOWS\system32\qtawmtqj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}]
05/02/2008 02:01 PM 41984 --a------ C:\WINDOWS\system32\iiffFyVL.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/21/2005 05:42 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [04/17/2007 02:03 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"BMfff58a50"="C:\WINDOWS\system32\huqenhiu.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Scheduler"="C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE" [06/14/2005 09:50 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}"= C:\WINDOWS\system32\iiffFyVL.dll [05/02/2008 02:01 PM 41984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffFyVL]
iiffFyVL.dll 05/02/2008 02:01 PM 41984 C:\WINDOWS\system32\iiffFyVL.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 07:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJCSkhE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^Zeno.lnk]
path=C:\Documents and Settings\Dad\Start Menu\Programs\Startup\Zeno.lnk
backup=C:\WINDOWS\pss\Zeno.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^Z_Start.lnk]
path=C:\Documents and Settings\Dad\Start Menu\Programs\Startup\Z_Start.lnk
backup=C:\WINDOWS\pss\Z_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdRoarUpdate]
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C.tmp]
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU1]
C:\Program Files\Common Files\VCClient\VCClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU2]
C:\Program Files\Common Files\VCClient\VCMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIPCMAE]
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NJv7jy]
"C:\WINDOWS\system32\dgfgql.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\q8lg]
"C:\WINDOWS\system32\slk8x2peu.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
C:\Program Files\SurfSideKick 3\Ssk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ulsthcxA]
C:\WINDOWS\ulsthcxA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{6B-B9-96-63-ZN}]
C:\windows\system32\dwdsregt.exe CORN001
-- Hosts -----------------------------------------------------------------------
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
8301 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-05-04 20:03:15 ------------