Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

computer full of spyware and viruses

Started by terrykugh92 , May 25 2008 10:47 AM

Please log in to reply

#1
terrykugh92

Posted 25 May 2008 - 10:47 AM

Member

Member
20 posts

My computer is basically infected with numerous amounts of spyware and viruses that blocks my google, yahoo, and doesnt allow me to use normal mode on my computer. (Online in safe mode) Any help or suggestions would be amazing because ive had this problem for about 2 months now.

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-25 09:28:00
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.

-- Last 5 Restore Point(s) --
42: 2008-04-05 02:35:49 UTC - RP566 - Windows Defender Checkpoint
41: 2008-04-05 02:35:49 UTC - RP565 - Windows Defender Checkpoint
40: 2008-04-05 02:35:49 UTC - RP564 - Windows Defender Checkpoint
39: 2008-04-05 02:35:48 UTC - RP563 - Windows Defender Checkpoint
38: 2008-04-05 02:35:48 UTC - RP562 - Restore Operation

-- First Restore Point --
1: 2008-04-05 02:35:37 UTC - RP525 - Removed My Sam's Club Digital Photo Center

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 495 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-25 09:33:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O1 - Hosts: 124.217.251.147 google.dk
O1 - Hosts: 124.217.251.147 google.se
O1 - Hosts: 124.217.251.147 google.co.nz
O1 - Hosts: 124.217.251.147 google.cn
O1 - Hosts: 124.217.251.147 google.com.pr
O1 - Hosts: 124.217.251.147 google.com.ca
O1 - Hosts: 124.217.251.147 google.com.ch
O1 - Hosts: 124.217.251.147 google.fi
O1 - Hosts: 124.217.251.147 google.co.in
O1 - Hosts: 124.217.251.147 google.co.uk
O1 - Hosts: 124.217.251.147 google.lv
O1 - Hosts: 124.217.251.147 google.co.hu
O1 - Hosts: 124.217.251.147 google.lk
O1 - Hosts: 124.217.251.147 google.com.au
O1 - Hosts: 124.217.251.147 google.ru
O1 - Hosts: 124.217.251.147 google.nl
O1 - Hosts: 124.217.251.147 google.be
O1 - Hosts: 124.217.251.147 google.de
O1 - Hosts: 124.217.251.147 gogle.de
O1 - Hosts: 124.217.251.147 googel.de
O1 - Hosts: 124.217.251.147 google.ro
O1 - Hosts: 124.217.251.147 google.kz
O1 - Hosts: 124.217.251.147 google.by
O1 - Hosts: 124.217.251.147 google.no
O1 - Hosts: 124.217.251.147 google.pl
O1 - Hosts: 124.217.251.147 google.com.pl
O1 - Hosts: 124.217.251.147 google.es
O1 - Hosts: 124.217.251.147 google.pt
O1 - Hosts: 124.217.251.147 google.com.br
O1 - Hosts: 124.217.251.147 google.vc
O1 - Hosts: 124.217.251.147 google.co.za
O1 - Hosts: 124.217.251.147 google.tm
O1 - Hosts: 124.217.251.147 google.com.my
O1 - Hosts: 124.217.251.147 google.bg
O1 - Hosts: 124.217.251.147 google.co.jp
O1 - Hosts: 124.217.251.147 google.ie
O1 - Hosts: 124.217.251.147 google.co.ck
O1 - Hosts: 124.217.251.147 google.com.mx
O1 - Hosts: 124.217.251.147 google.com.om
O1 - Hosts: 124.217.251.147 google.fr
O1 - Hosts: 124.217.251.147 google.mu
O1 - Hosts: 124.217.251.147 google.com.ph
O1 - Hosts: 124.217.251.147 google.com.jm
O1 - Hosts: 124.217.251.147 google.com
O1 - Hosts: 124.217.251.147 google.us
O1 - Hosts: 124.217.251.147 google.ro
O1 - Hosts: 124.217.251.147 www.google.dk
O1 - Hosts: 124.217.251.147 www.google.se
O1 - Hosts: 124.217.251.147 www.google.co.nz
O1 - Hosts: 124.217.251.147 www.google.cn
O1 - Hosts: 124.217.251.147 www.google.com.pr
O1 - Hosts: 124.217.251.147 www.google.com.ca
O1 - Hosts: 124.217.251.147 www.google.com.ch
O1 - Hosts: 124.217.251.147 www.google.fi
O1 - Hosts: 124.217.251.147 www.google.co.in
O1 - Hosts: 124.217.251.147 www.google.co.uk
O1 - Hosts: 124.217.251.147 www.google.lv
O1 - Hosts: 124.217.251.147 www.google.co.hu
O1 - Hosts: 124.217.251.147 www.google.lk
O1 - Hosts: 124.217.251.147 www.google.com.au
O1 - Hosts: 124.217.251.147 www.google.ru
O1 - Hosts: 124.217.251.147 www.google.nl
O1 - Hosts: 124.217.251.147 www.google.be
O1 - Hosts: 124.217.251.147 www.google.de
O1 - Hosts: 124.217.251.147 www.gogle.de
O1 - Hosts: 124.217.251.147 www.googel.de
O1 - Hosts: 124.217.251.147 www.google.ro
O1 - Hosts: 124.217.251.147 www.google.kz
O1 - Hosts: 124.217.251.147 www.google.by
O1 - Hosts: 124.217.251.147 www.google.no
O1 - Hosts: 124.217.251.147 www.google.pl
O1 - Hosts: 124.217.251.147 www.google.com.pl
O1 - Hosts: 124.217.251.147 www.google.es
O1 - Hosts: 124.217.251.147 www.google.pt
O1 - Hosts: 124.217.251.147 www.google.com.br
O1 - Hosts: 124.217.251.147 www.google.vc
O1 - Hosts: 124.217.251.147 www.google.co.za
O1 - Hosts: 124.217.251.147 www.google.tm
O1 - Hosts: 124.217.251.147 www.google.com.my
O1 - Hosts: 124.217.251.147 www.google.bg
O1 - Hosts: 124.217.251.147 www.google.co.jp
O1 - Hosts: 124.217.251.147 www.google.ie
O1 - Hosts: 124.217.251.147 www.google.co.ck
O1 - Hosts: 124.217.251.147 www.google.com.mx
O1 - Hosts: 124.217.251.147 www.google.com.om
O1 - Hosts: 124.217.251.147 www.google.fr
O1 - Hosts: 124.217.251.147 www.google.mu
O1 - Hosts: 124.217.251.147 www.google.com.ph
O1 - Hosts: 124.217.251.147 www.google.com.jm
O1 - Hosts: 124.217.251.147 www.google.com
O1 - Hosts: 124.217.251.147 www.google.us
O1 - Hosts: 124.217.251.147 www.google.ro
O1 - Hosts: 124.217.251.147 www.video.google.com
O1 - Hosts: 124.217.251.147 www.maps.google.com
O1 - Hosts: 124.217.251.147 www.groups.google.com
O1 - Hosts: 124.217.251.147 www.news.google.com
O1 - Hosts: 124.217.251.147 www.images.google.com
O1 - Hosts: 124.217.251.147 www.earth.google.com
O1 - Hosts: 124.217.251.147 www.code.google.com
O1 - Hosts: 124.217.251.147 www.directory.google.com
O1 - Hosts: 124.217.251.147 www.labs.google.com
O1 - Hosts: 124.217.251.147 www.desktop.google.com
O1 - Hosts: 124.217.251.147 www.blogsearch.google.com
O1 - Hosts: 124.217.251.147 www.books.google.com
O1 - Hosts: 124.217.251.147 www.docs.google.com
O1 - Hosts: 124.217.251.147 www.scholar.google.com
O1 - Hosts: 124.217.251.147 www.pages.google.com
O1 - Hosts: 124.217.251.147 www.finance.google.com
O1 - Hosts: 124.217.251.147 www.pack.google.com
O1 - Hosts: 124.217.251.147 www.sketchup.google.com
O1 - Hosts: 124.217.251.147 www.base.google.com
O1 - Hosts: 124.217.251.147 www.gears.google.com
O1 - Hosts: 124.217.251.147 www.checkout.google.com
O1 - Hosts: 124.217.251.147 www.catalogs.google.com
O1 - Hosts: 124.217.251.147 video.google.com
O1 - Hosts: 124.217.251.147 maps.google.com
O1 - Hosts: 124.217.251.147 groups.google.com
O1 - Hosts: 124.217.251.147 news.google.com
O1 - Hosts: 124.217.251.147 images.google.com
O1 - Hosts: 124.217.251.147 earth.google.com
O1 - Hosts: 124.217.251.147 code.google.com
O1 - Hosts: 124.217.251.147 directory.google.com
O1 - Hosts: 124.217.251.147 labs.google.com
O1 - Hosts: 124.217.251.147 desktop.google.com
O1 - Hosts: 124.217.251.147 blogsearch.google.com
O1 - Hosts: 124.217.251.147 books.google.com
O1 - Hosts: 124.217.251.147 docs.google.com
O1 - Hosts: 124.217.251.147 scholar.google.com
O1 - Hosts: 124.217.251.147 pages.google.com
O1 - Hosts: 124.217.251.147 finance.google.com
O1 - Hosts: 124.217.251.147 pack.google.com
O1 - Hosts: 124.217.251.147 sketchup.google.com
O1 - Hosts: 124.217.251.147 base.google.com
O1 - Hosts: 124.217.251.147 gears.google.com
O1 - Hosts: 124.217.251.147 checkout.google.com
O1 - Hosts: 124.217.251.147 catalogs.google.com
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\yayyvWQj.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {BCD5B47E-73DB-4FBD-A3C3-D77E83D5A515} - C:\WINDOWS\system32\khFwTKca.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [windows defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe
O4 - HKLM\..\Run: [vlc] C:\WINDOWS\vlc.exe
O4 - HKLM\..\Run: [tomcatstartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [statusclient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE
O4 - HKLM\..\Run: [seekmo] C:\WINDOWS\system32\head2.exe
O4 - HKLM\..\Run: [pinga64] C:\WINDOWS\pinga.exe
O4 - HKLM\..\Run: [phime2002async] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [phime2002a] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe
O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [msvtt] C:\WINDOWS\system32\gavurjjf.exe
O4 - HKLM\..\Run: [mspy2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imjpmig8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hphupd06] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [hphmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [hpdj taskbar utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [hp component manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccapp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [a4f165dc] rundll32.exe "C:\WINDOWS\system32\vawpvkfq.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA4538] command /c del "C:\WINDOWS\system32\inugljji.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4583] cmd /c del "C:\WINDOWS\system32\inugljji.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA824] command /c del "C:\WINDOWS\system32\jgaavxfe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2619] cmd /c del "C:\WINDOWS\system32\jgaavxfe.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8780] command /c del "C:\WINDOWS\system32\wind32.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3959] cmd /c del "C:\WINDOWS\system32\wind32.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4557] command /c del "C:\WINDOWS\system32\cimothqx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6875] cmd /c del "C:\WINDOWS\system32\cimothqx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1740] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4526] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8737] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5055] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1227] command /c del "C:\WINDOWS\system32\cimothqx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9728] cmd /c del "C:\WINDOWS\system32\cimothqx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9045] command /c del "C:\WINDOWS\system32\frrycmjm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4047] cmd /c del "C:\WINDOWS\system32\frrycmjm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6912] command /c del "C:\WINDOWS\system32\qkgeygvo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2679] cmd /c del "C:\WINDOWS\system32\qkgeygvo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4946] command /c del "C:\WINDOWS\system32\ssqRLDVO.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3684] cmd /c del "C:\WINDOWS\system32\ssqRLDVO.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8858] command /c del "C:\Program Files\Helper\1207886533.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6439] cmd /c del "C:\Program Files\Helper\1207886533.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9086] command /c del "C:\WINDOWS\system32\efcBtutr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1138] cmd /c del "C:\WINDOWS\system32\efcBtutr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3593] command /c del "C:\WINDOWS\system32\bumpeohj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6012] cmd /c del "C:\WINDOWS\system32\bumpeohj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2114] command /c del "C:\WINDOWS\system32\efcBtutr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3927] cmd /c del "C:\WINDOWS\system32\efcBtutr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3664] command /c del "C:\WINDOWS\system32\yaYPJyAr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6423] cmd /c del "C:\WINDOWS\system32\yaYPJyAr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5274] command /c del "C:\WINDOWS\system32\geBRLDvS.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD604] cmd /c del "C:\WINDOWS\system32\geBRLDvS.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9050] command /c del "C:\WINDOWS\system32\hexcrjcq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4073] cmd /c del "C:\WINDOWS\system32\hexcrjcq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2223] command /c del "C:\WINDOWS\system32\ixuliuim.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6384] cmd /c del "C:\WINDOWS\system32\ixuliuim.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1570] command /c del "C:\WINDOWS\system32\geBRLDvS.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7231] cmd /c del "C:\WINDOWS\system32\geBRLDvS.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1021] command /c del "C:\WINDOWS\system32\hexcrjcq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9529] cmd /c del "C:\WINDOWS\system32\hexcrjcq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6004] command /c del "C:\WINDOWS\system32\ixuliuim.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2422] cmd /c del "C:\WINDOWS\system32\ixuliuim.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [jWeeDUr0Kf] C:\Documents and Settings\All Users\Application Data\mdqbivaz\sdkjwnqj.exe
O4 - HKUS\S-1-5-18\..\Run: [xicwzfyr] C:\WINDOWS\system32\gjivmxqd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [xicwzfyr] C:\WINDOWS\system32\gjivmxqd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_12) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1CDF7E2-2888-4685-A4E0-0DC513BCEDD4}: NameServer = 85.255.115.27,85.255.112.202
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.202
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.202
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.202
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: iSecurity.cpl
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\system32\winload.dll
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - (no file)
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - (no file)
O23 - Service: apple mobile device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: bonjour service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: caevtsvc - Unknown owner - C:\WINDOWS\system32\CaEvtSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: cxevtsvc - Unknown owner - C:\WINDOWS\system32\CxEvtSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DHCP Client Dhcpmnmsrvc (dhcpmnmsrvc) - Unknown owner - C:\WINDOWS\system32\3076qc.exe
O23 - Service: Fast User Switching Compatibility FastUserSwitchingCompatibilityRasAuto (fastuserswitchingcompatibilityrasauto) - Unknown owner - C:\WINDOWS\system32\3com_dmil.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\HPBOID.EXE
O23 - Service: iPod Service (ipodservice) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LPTRDC server (lptrdcsrv) - Unknown owner - C:\WINDOWS\ctfmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Routing and Remote Access RemoteAccessNetman (remoteaccessnetman) - Unknown owner - C:\WINDOWS\system32\2052r.exe
O23 - Service: Remote Procedure Call (RPC) Locator RpcLocatorWebClient (rpclocatorwebclient) - Unknown owner - C:\WINDOWS\system32\acleditc.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Performance Logs and Alerts SysmonLog AntiVirus (sysmonlog antivirus) - Unknown owner - C:\WINDOWS\system32\adsnwu.exe
O23 - Service: Viewpoint Manager Service ViewpointHidServ (viewpointhidserv) - Unknown owner - C:\WINDOWS\system32\Adobev.exe
O23 - Service: WebClient WebClientLmHosts (webclientlmhosts) - Unknown owner - C:\WINDOWS\system32\fasd522.exe srv
O23 - Service: Security Center wscsvcNetman (wscsvcnetman) - Unknown owner - C:\WINDOWS\system32\3076q.exe
O23 - Service: Security Center wscsvcNetman wscsvcnetmanSavRoam (wscsvcnetmansavroam) - Unknown owner - C:\WINDOWS\system32\acelpdeck.exe

--
End of file - 21986 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - inifile - shell\open\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.pif - piffile - shell\open\command - "%1" %*"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S0 afu01 - c:\windows\system32\drivers\afu01.sys (file missing)
S0 bix33 - c:\windows\system32\drivers\bix33.sys (file missing)
S0 Bkc28 - c:\windows\system32\drivers\bkc28.sys (file missing)
S0 Bld42 - c:\windows\system32\drivers\bld42.sys (file missing)
S0 Cac57 - c:\windows\system32\drivers\cac57.sys (file missing)
S0 cha82 - c:\windows\system32\drivers\cha82.sys (file missing)
S0 chh66 - c:\windows\system32\drivers\chh66.sys (file missing)
S0 crr15 - c:\windows\system32\drivers\crr15.sys (file missing)
S0 cuk43 - c:\windows\system32\drivers\cuk43.sys (file missing)
S0 dgq44 - c:\windows\system32\drivers\dgq44.sys (file missing)
S0 din53 - c:\windows\system32\drivers\din53.sys (file missing)
S0 dlb44 - c:\windows\system32\drivers\dlb44.sys (file missing)
S0 Dxi88 - c:\windows\system32\drivers\dxi88.sys (file missing)
S0 ebt55 - c:\windows\system32\drivers\ebt55.sys (file missing)
S0 ecj34 - c:\windows\system32\drivers\ecj34.sys (file missing)
S0 ecy56 - c:\windows\system32\drivers\ecy56.sys (file missing)
S0 Eej34 - c:\windows\system32\drivers\eej34.sys (file missing)
S0 Eer81 - c:\windows\system32\drivers\eer81.sys (file missing)
S0 ert64 - c:\windows\system32\drivers\ert64.sys (file missing)
S0 Ery52 - c:\windows\system32\drivers\ery52.sys (file missing)
S0 eyl10 - c:\windows\system32\drivers\eyl10.sys (file missing)
S0 fad71 - c:\windows\system32\drivers\fad71.sys (file missing)
S0 fif11 - c:\windows\system32\drivers\fif11.sys (file missing)
S0 Fsf74 - c:\windows\system32\drivers\fsf74.sys (file missing)
S0 gak23 - c:\windows\system32\drivers\gak23.sys (file missing)
S0 gqq84 - c:\windows\system32\drivers\gqq84.sys (file missing)
S0 hco45 - c:\windows\system32\drivers\hco45.sys (file missing)
S0 hrp56 - c:\windows\system32\drivers\hrp56.sys (file missing)
S0 Hrr45 - c:\windows\system32\drivers\hrr45.sys (file missing)
S0 Ikn83 - c:\windows\system32\drivers\ikn83.sys (file missing)
S0 iku51 - c:\windows\system32\drivers\iku51.sys (file missing)
S0 ini60 - c:\windows\system32\drivers\ini60.sys (file missing)
S0 ivv36 - c:\windows\system32\drivers\ivv36.sys (file missing)
S0 Ixl33 - c:\windows\system32\drivers\ixl33.sys (file missing)
S0 jnl16 - c:\windows\system32\drivers\jnl16.sys (file missing)
S0 jqg33 - c:\windows\system32\drivers\jqg33.sys (file missing)
S0 Kap44 - c:\windows\system32\drivers\kap44.sys (file missing)
S0 kfi45 - c:\windows\system32\drivers\kfi45.sys (file missing)
S0 koy11 - c:\windows\system32\drivers\koy11.sys (file missing)
S0 lgg14 - c:\windows\system32\drivers\lgg14.sys (file missing)
S0 lls71 - c:\windows\system32\drivers\lls71.sys (file missing)
S0 lov36 - c:\windows\system32\drivers\lov36.sys (file missing)
S0 Lsl82 - c:\windows\system32\drivers\lsl82.sys (file missing)
S0 lve82 - c:\windows\system32\drivers\lve82.sys (file missing)
S0 map13 - c:\windows\system32\drivers\map13.sys (file missing)
S0 mcm75 - c:\windows\system32\drivers\mcm75.sys (file missing)
S0 mka67 - c:\windows\system32\drivers\mka67.sys (file missing)
S0 mmh67 - c:\windows\system32\drivers\mmh67.sys (file missing)
S0 moe76 - c:\windows\system32\drivers\moe76.sys (file missing)
S0 mrc66 - c:\windows\system32\drivers\mrc66.sys (file missing)
S0 Nix36 - c:\windows\system32\drivers\nix36.sys (file missing)
S0 nnd65 - c:\windows\system32\drivers\nnd65.sys (file missing)
S0 nsl36 - c:\windows\system32\drivers\nsl36.sys (file missing)
S0 nxp03 - c:\windows\system32\drivers\nxp03.sys (file missing)
S0 Oer20 - c:\windows\system32\drivers\oer20.sys (file missing)
S0 Oot10 - c:\windows\system32\drivers\oot10.sys (file missing)
S0 paa58 - c:\windows\system32\drivers\paa58.sys (file missing)
S0 pfa22 - c:\windows\system32\drivers\pfa22.sys (file missing)
S0 phk38 - c:\windows\system32\drivers\phk38.sys (file missing)
S0 pkw66 - c:\windows\system32\drivers\pkw66.sys (file missing)
S0 prk85 - c:\windows\system32\drivers\prk85.sys (file missing)
S0 qis34 - c:\windows\system32\drivers\qis34.sys (file missing)
S0 rrp34 - c:\windows\system32\drivers\rrp34.sys (file missing)
S0 Rry82 - c:\windows\system32\drivers\rry82.sys (file missing)
S0 sap13 - c:\windows\system32\drivers\sap13.sys (file missing)
S0 sgi68 - c:\windows\system32\drivers\sgi68.sys (file missing)
S0 sik21 - c:\windows\system32\drivers\sik21.sys (file missing)
S0 snb04 - c:\windows\system32\drivers\snb04.sys (file missing)
S0 tmc36 - c:\windows\system32\drivers\tmc36.sys (file missing)
S0 toe18 - c:\windows\system32\drivers\toe18.sys (file missing)
S0 Ttq24 - c:\windows\system32\drivers\ttq24.sys (file missing)
S0 Ttw67 - c:\windows\system32\drivers\ttw67.sys (file missing)
S0 twh44 - c:\windows\system32\drivers\twh44.sys (file missing)
S0 urr25 - c:\windows\system32\drivers\urr25.sys (file missing)
S0 uxx88 - c:\windows\system32\drivers\uxx88.sys (file missing)
S0 vds85 - c:\windows\system32\drivers\vds85.sys (file missing)
S0 veg17 - c:\windows\system32\drivers\veg17.sys (file missing)
S0 vel85 - c:\windows\system32\drivers\vel85.sys (file missing)
S0 vin55 - c:\windows\system32\drivers\vin55.sys (file missing)
S0 vly25 - c:\windows\system32\drivers\vly25.sys (file missing)
S0 vnn58 - c:\windows\system32\drivers\vnn58.sys (file missing)
S0 Vot33 - c:\windows\system32\drivers\vot33.sys (file missing)
S0 vyv27 - c:\windows\system32\drivers\vyv27.sys (file missing)
S0 wac47 - c:\windows\system32\drivers\wac47.sys (file missing)
S0 waw84 - c:\windows\system32\drivers\waw84.sys (file missing)
S0 wcf18 - c:\windows\system32\drivers\wcf18.sys (file missing)
S0 Wfr75 - c:\windows\system32\drivers\wfr75.sys (file missing)
S0 wkv74 - c:\windows\system32\drivers\wkv74.sys (file missing)
S0 Wmr74 - c:\windows\system32\drivers\wmr74.sys (file missing)
S0 wwh06 - c:\windows\system32\drivers\wwh06.sys (file missing)
S0 wwo72 - c:\windows\system32\drivers\wwo72.sys (file missing)
S0 wyr22 - c:\windows\system32\drivers\wyr22.sys (file missing)
S0 Xds11 - c:\windows\system32\drivers\xds11.sys (file missing)
S0 Xis31 - c:\windows\system32\drivers\xis31.sys (file missing)
S0 xnq33 - c:\windows\system32\drivers\xnq33.sys (file missing)
S0 xxq30 - c:\windows\system32\drivers\xxq30.sys (file missing)
S0 Yel55 - c:\windows\system32\drivers\yel55.sys (file missing)
S0 yev58 - c:\windows\system32\drivers\yev58.sys (file missing)
S0 You41 - c:\windows\system32\drivers\you41.sys (file missing)
S0 yyj86 - c:\windows\system32\drivers\yyj86.sys (file missing)
S1 itcoe (itcoe adapter) - c:\windows\system32\itcoe.sys
S1 nqaplwj - c:\windows\nqaplwj.sys
S1 ydhqzop - c:\windows\ydhqzop.sys
S1 zeqbqwp - c:\windows\zeqbqwp.sys
S2 grande48 - c:\windows\system32\drivers\grande48.sys (file missing)
S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 apf47 - c:\windows\system32\drivers\apf47.sys (file missing)
S3 Arf25 - c:\windows\system32\drivers\arf25.sys (file missing)
S3 Asushwio - c:\windows\system32\drivers\asushwio.sys
S3 Blv44 - c:\windows\system32\drivers\blv44.sys (file missing)
S3 Bxn61 - c:\windows\system32\drivers\bxn61.sys
S3 byj66 - c:\windows\system32\drivers\byj66.sys (file missing)
S3 Chu74 - c:\windows\system32\drivers\chu74.sys (file missing)
S3 eraserutildrv10741 - c:\program files\common files\symantec shared\eengine\eraserutildrv10741.sys (file missing)
S3 eraserutilrebootdrv - c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys (file missing)
S3 Eyh44 - c:\windows\system32\drivers\eyh44.sys (file missing)
S3 Ffw41 - c:\windows\system32\drivers\ffw41.sys (file missing)
S3 Hcp13 - c:\windows\system32\drivers\hcp13.sys (file missing)
S3 Jog17 - c:\windows\system32\drivers\jog17.sys (file missing)
S3 liq00 - c:\windows\system32\drivers\liq00.sys (file missing)
S3 lsv86 - c:\windows\system32\drivers\lsv86.sys (file missing)
S3 npa41 - c:\windows\system32\drivers\npa41.sys (file missing)
S3 Uac22 - c:\windows\system32\drivers\uac22.sys (file missing)
S3 Vsb40 - c:\windows\system32\drivers\vsb40.sys (file missing)
S3 Xau46 - c:\windows\system32\drivers\xau46.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 apple mobile device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 bonjour service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S2 caevtsvc - c:\windows\system32\caevtsvc.exe -k netsvcs
S2 cxevtsvc - c:\windows\system32\cxevtsvc.exe -k netsvcs
S2 dhcpmnmsrvc (DHCP Client Dhcpmnmsrvc) - c:\windows\system32\3076qc.exe srv
S2 fastuserswitchingcompatibilityrasauto (Fast User Switching Compatibility FastUserSwitchingCompatibilityRasAuto) - c:\windows\system32\3com_dmil.exe srv
S2 lptrdcsrv (LPTRDC server) - c:\windows\ctfmon.exe
S2 remoteaccessnetman (Routing and Remote Access RemoteAccessNetman) - c:\windows\system32\2052r.exe srv
S2 rpclocatorwebclient (Remote Procedure Call (RPC) Locator RpcLocatorWebClient) - c:\windows\system32\acleditc.exe srv
S2 sysmonlog antivirus (Performance Logs and Alerts SysmonLog AntiVirus) - c:\windows\system32\adsnwu.exe srv
S2 viewpointhidserv (Viewpoint Manager Service ViewpointHidServ) - c:\windows\system32\adobev.exe srv
S2 webclientlmhosts (WebClient WebClientLmHosts) - c:\windows\system32\fasd522.exe srv (file missing)
S2 wscsvcnetman (Security Center wscsvcNetman) - c:\windows\system32\3076q.exe srv
S2 wscsvcnetmansavroam (Security Center wscsvcNetman wscsvcnetmanSavRoam) - c:\windows\system32\acelpdeck.exe srv

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-25 09:11:50 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-06 01:30:00 508 --a------ C:\WINDOWS\Tasks\WebReg 20080406003000.job
2008-04-06 01:28:27 368 --a------ C:\WINDOWS\Tasks\HP Usg Daily FY04.job
2008-03-28 00:36:59 508 --a------ C:\WINDOWS\Tasks\WebReg 20080327233659.job
2008-03-26 18:44:24 508 --a------ C:\WINDOWS\Tasks\WebReg 20080326174422.job

-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-24 21:36:24 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-24 09:41:51 8704 --a------ C:\WINDOWS\2020search.dll
2008-05-24 09:41:50 15104 --a------ C:\WINDOWS\updatetc.exe
2008-05-24 08:07:44 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-24 08:06:08 0 d-------- C:\Program Files\Spyware Doctor
2008-05-24 08:06:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-05-24 07:54:49 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-17 18:50:06 0 d-------- C:\Program Files\iTunes
2008-05-17 18:28:23 0 d-------- C:\Program Files\Bonjour
2008-05-17 18:00:27 0 d-------- C:\Program Files\Apple Software Update
2008-05-17 17:58:49 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-17 17:51:41 0 d-------- C:\Program Files\Common Files\Apple
2008-05-17 17:51:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-12 15:09:14 41984 -r-hs---- C:\WINDOWS\system32\acelpdeck.exe
2008-05-10 17:37:54 28672 --a------ C:\WINDOWS\2020search2.dll
2008-05-10 17:37:53 32512 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-05-10 12:20:19 0 d-------- C:\Program Files\Advanced Spyware Remover
2008-05-10 06:31:29 3499695 --ahs---- C:\WINDOWS\system32\a3det.sys
2008-05-06 18:06:20 41984 -r-hs---- C:\WINDOWS\system32\3076qc.exe
2008-05-05 16:40:32 0 d-------- C:\Program Files\Error Expert
2008-05-03 12:25:06 37888 -r-hs---- C:\WINDOWS\system32\2052r.exe
2008-04-29 15:08:05 37888 -r-hs---- C:\WINDOWS\system32\Adobev.exe
2008-04-27 20:04:51 0 d-------- C:\Program Files\180search assistant
2008-04-27 20:04:50 0 d-------- C:\Program Files\180solutions
2008-04-27 20:04:50 0 d-------- C:\Program Files\180searchassistant
2008-04-27 19:23:36 7 --a------ C:\WINDOWS\system32\ngxt.bin
2008-04-27 19:15:39 0 d-------- C:\6fc469863b6d6b9e6bfdcbc7b1d854f1
2008-04-27 19:01:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-27 19:01:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-04-27 19:01:15 0 d-------- C:\Program Files\Yahoo!
2008-04-27 19:01:14 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-04-27 18:52:22 0 d-------- C:\WINDOWS\LastGood
2008-04-27 18:51:39 94784 --a------ C:\WINDOWS\system32\vawpvkfq.dll
2008-04-27 18:50:47 514822 --ahs---- C:\WINDOWS\system32\acKTwFhk.ini2
2008-04-27 18:50:36 281600 -----n--- C:\WINDOWS\system32\khFwTKca.dll
2008-04-27 15:35:10 335 --a------ C:\WINDOWS\mozregistry.dat
2008-04-27 15:28:58 94784 --a------ C:\WINDOWS\system32\mwqidrpt.dll
2008-04-27 15:12:31 105024 --a------ C:\WINDOWS\system32\rthlmbon.dll
2008-04-27 14:47:02 5120 --a------ C:\WINDOWS\system32\fasd575.exe
2008-04-27 14:46:56 7680 --a------ C:\WINDOWS\system32\fasd574.exe
2008-04-27 14:46:54 29136 --a------ C:\WINDOWS\system32\fasd576.exe
2008-04-27 14:46:53 233984 --a------ C:\WINDOWS\system32\fasd573.exe
2008-04-26 11:43:43 107072 --a------ C:\WINDOWS\system32\oykoedtj.dll
2008-04-26 11:40:40 525518 --ahs---- C:\WINDOWS\system32\bcbKQXyb.ini2
2008-04-26 10:19:10 9216 --a------ C:\WINDOWS\stcloader.exe
2008-04-26 10:19:10 0 d-------- C:\Program Files\seekmo
2008-04-26 10:19:08 0 d-------- C:\Program Files\zango
2008-04-26 10:19:05 0 d-------- C:\WINDOWS\FLEOK
2008-04-26 07:19:40 0 --a------ C:\WINDOWS\system32\k86.bin
2008-04-26 07:17:45 8816 --a------ C:\WINDOWS\system32\drivers\Ahf81.sys
2008-04-25 16:11:47 10240 --a------ C:\WINDOWS\system32\fasd570.exe
2008-04-25 16:11:34 79872 --a------ C:\WINDOWS\system32\fasd449.exe
2008-04-25 16:11:31 28672 --a------ C:\WINDOWS\system32\fasd564.exe

-- Find3M Report ---------------------------------------------------------------

2008-05-25 09:09:43 12246 --a------ C:\WINDOWS\system32\mt_32.dll
2008-05-24 21:40:21 229376 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-24 08:25:47 2560 --a------ C:\WINDOWS\system32\itcoe.sys
2008-05-18 14:47:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-05-17 18:48:07 0 d-------- C:\Program Files\iPod
2008-05-17 18:17:21 0 d-------- C:\Program Files\QuickTime
2008-05-17 17:51:41 0 d-------- C:\Program Files\Common Files
2008-05-16 11:04:18 2024 --a------ C:\WINDOWS\mozver.dat
2008-05-16 10:53:48 0 d-------- C:\Program Files\WINForms Desktop
2008-05-12 15:09:19 32 --a-s---- C:\WINDOWS\system32\494392728.dat
2008-05-11 09:20:49 0 d-------- C:\Program Files\Alwil Software
2008-05-11 00:13:51 5120 --a------ C:\WINDOWS\system32\ftp33.dll
2008-05-11 00:09:40 834 --a------ C:\WINDOWS\system32\a15k.sys
2008-05-10 12:37:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-10 06:31:00 563 --a-s---- C:\WINDOWS\system32\3127182004.dat
2008-04-27 19:16:54 45568 --a------ C:\WINDOWS\system32\fasd563.exe
2008-04-27 16:29:52 4380 --a------ C:\WINDOWS\system32\fasd532.exe
2008-04-26 11:29:08 516094 --ahs---- C:\WINDOWS\system32\SvDLRBeg.ini2
2008-04-24 15:00:36 37888 -rahs---- C:\WINDOWS\system32\acleditc.exe
2008-04-24 14:48:21 34816 --a------ C:\WINDOWS\system32\head2.exe
2008-04-23 18:29:03 0 d-------- C:\Program Files\Helper
2008-04-23 17:57:17 21504 --ahs---- C:\WINDOWS\system32\3076qy.dll
2008-04-23 17:57:15 16384 --ahs---- C:\WINDOWS\system32\6to4svcr.dll
2008-04-23 17:57:09 23552 --ahs---- C:\WINDOWS\system32\activedsio.dll
2008-04-23 17:45:55 444416 --a------ C:\autoex.dll
2008-04-23 17:45:54 233984 --a------ C:\WINDOWS\system32\fasd556.exe
2008-04-23 17:45:46 83471 --a------ C:\WINDOWS\system32\fasd541.exe
2008-04-23 17:45:39 37376 --a------ C:\WINDOWS\system32\qoMdeBrp.dll
2008-04-23 17:45:36 8704 --a------ C:\WINDOWS\system32\fasd559.exe
2008-04-23 17:45:32 32 --a------ C:\smp.bat
2008-04-23 17:45:29 11776 --a------ C:\d.exe
2008-04-23 17:45:25 2 --a------ C:\-1527683725
2008-04-23 17:45:15 61874 --a------ C:\WINDOWS\ydhqzop.sys
2008-04-23 17:45:07 577024 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-23 17:45:06 201216 --a------ C:\WINDOWS\system32\nvrsma.dll
2008-04-23 17:45:03 87040 --a------ C:\WINDOWS\system32\ntpl.bin
2008-04-23 17:45:03 87040 --a------ C:\ktgmhs.exe
2008-04-23 17:45:01 65536 --a------ C:\wxebxbo.exe
2008-04-23 17:44:59 13824 --a------ C:\rwhucv.exe
2008-04-23 17:44:58 29136 --a------ C:\WINDOWS\system32\fasd558.exe
2008-04-22 21:49:58 423729 --ahs---- C:\WINDOWS\system32\hQpqrXyb.ini2
2008-04-22 19:22:25 143080 --a------ C:\WINDOWS\system32\fasd469.exe
2008-04-22 19:09:54 37376 --a------ C:\WINDOWS\system32\qoMeEWmL.dll
2008-04-22 19:08:53 67506 --a------ C:\WINDOWS\fkjdfje.sys
2008-04-22 19:08:44 61952 --a------ C:\WINDOWS\system32\gavurjjf.exe
2008-04-22 19:08:44 61952 --a------ C:\gavurjjf.exe
2008-04-22 19:08:41 71168 --a------ C:\lilsesn.exe
2008-04-22 19:08:34 13824 --a------ C:\gjtxc.exe
2008-04-22 19:08:11 24576 --a------ C:\WINDOWS\system32\userinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-22 19:08:03 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-22 19:07:55 268660 --a------ C:\WINDOWS\system32\fasd550.exe
2008-04-22 14:54:53 37888 --a------ C:\WINDOWS\system32\fasd555.exe
2008-04-22 03:06:48 90112 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-22 03:06:48 184320 --a------ C:\WINDOWS\dpevflbg.dll
2008-04-22 03:06:44 282624 --a------ C:\WINDOWS\qnmargolqgp.dll
2008-04-22 03:06:42 98304 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-21 15:06:21 48585 --a------ C:\WINDOWS\system32\activedsi.sys
2008-04-21 15:06:18 23040 --ahs---- C:\WINDOWS\system32\adsmsexti.dll
2008-04-21 14:53:42 11776 --a------ C:\WINDOWS\system32\fasd251.exe
2008-04-21 14:53:34 257180 --a------ C:\WINDOWS\system32\fasd549.exe
2008-04-20 22:50:16 32768 --a------ C:\pagefile.dll <Not Verified; ; SunJavaBHO Module>
2008-04-20 22:50:12 1024 --a------ C:\WINDOWS\system32\fasd545.exe
2008-04-20 16:08:55 0 d-------- C:\Program Files\FBrowserAdvisor
2008-04-20 11:36:01 37888 -rahs---- C:\WINDOWS\system32\3com_dmil.exe
2008-04-20 11:33:05 132096 --a------ C:\WINDOWS\system32\CxEvtSvc.exe
2008-04-20 11:23:53 11776 --a------ C:\WINDOWS\system32\fasd544.exe
2008-04-18 18:53:25 22016 --ahs---- C:\WINDOWS\system32\adsldpw.dll
2008-04-18 18:51:53 41984 -rahs---- C:\WINDOWS\system32\adsnwu.exe
2008-04-18 18:49:30 109568 --a------ C:\WINDOWS\system32\CaEvtSvc.exe
2008-04-18 18:39:05 5120 --a------ C:\WINDOWS\system32\fasd540.exe
2008-04-18 07:12:13 319439 --ahs---- C:\WINDOWS\system32\dMlVyyay.ini2
2008-04-16 15:17:46 132096 --a------ C:\WINDOWS\kavir.exe
2008-04-16 15:16:56 10752 --a------ C:\WINDOWS\system32\fasd534.exe
2008-04-16 15:16:47 12800 --a------ C:\WINDOWS\system32\fasd529.exe
2008-04-16 12:08:27 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-16 12:08:26 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-16 12:08:26 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-16 12:08:26 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-16 12:08:26 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-16 12:08:26 4096 --a------ C:\WINDOWS\a.bat
2008-04-16 12:08:25 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-16 12:08:25 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-16 12:08:25 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-16 12:08:25 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-16 12:08:25 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-16 12:08:25 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-16 12:08:25 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-16 12:08:25 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-16 12:08:25 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-16 12:08:25 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-16 12:08:24 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-16 12:08:23 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-16 12:08:23 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-16 12:08:23 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-16 12:08:23 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-16 12:08:23 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-16 12:08:23 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-16 12:08:23 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-16 12:08:23 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-16 12:08:23 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-16 12:08:23 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-16 12:08:23 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-16 12:08:22 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-16 12:08:22 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-16 12:08:22 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-16 12:08:22 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-16 12:08:22 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-16 12:08:22 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-16 12:08:22 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-16 12:08:22 4096 --a------ C:\WINDOWS\bdn.com
2008-04-16 12:08:08 94208 --a------ C:\WINDOWS\system32\gjivmxqd.exe
2008-04-16 12:07:57 36352 --a------ C:\WINDOWS\system32\oPijhHaY.dll
2008-04-16 12:07:34 346112 --a------ C:\WINDOWS\system32\efcywuu.dll
2008-04-16 12:06:42 37376 --a------ C:\WINDOWS\system32\yayyvWQj.dll
2008-04-16 12:05:55 55218 --a------ C:\WINDOWS\qaszpurn.sys
2008-04-16 12:05:27 233984 --a------ C:\WINDOWS\system32\fasd527.exe
2008-04-16 12:05:20 25040 --a------ C:\WINDOWS\system32\fasd531.exe
2008-04-15 23:45:25 4380 --a------ C:\WINDOWS\system32\fasd491.exe
2008-04-13 14:07:54 12288 --a------ C:\WINDOWS\system32\fasd525.exe
2008-04-13 14:07:51 10000 --a------ C:\WINDOWS\system32\djki397g.dll
2008-04-13 14:07:48 10000 --a------ C:\WINDOWS\system32\hdxjd4g.dll
2008-04-13 13:28:56 22016 --ahs---- C:\WINDOWS\system32\a3de.dll
2008-04-13 13:27:28 41984 -rahs---- C:\WINDOWS\system32\3076q.exe
2008-04-13 13:14:02 11264 --a------ C:\WINDOWS\system32\fasd436.exe
2008-04-12 14:01:43 14849 --a------ C:\WINDOWS\system32\sysmgr.exe
2008-04-12 13:12:14 102456 --a------ C:\WINDOWS\system32\msvcrt2.dll
2008-04-11 23:32:40 322202 --ahs---- C:\WINDOWS\system32\rAyJPYay.ini2
2008-04-11 11:40:15 22016 --ahs---- C:\WINDOWS\system32\aaaamons.dll
2008-04-11 11:39:14 233984 --a------ C:\WINDOWS\system32\fasd517.exe
2008-04-11 11:39:04 7680 --a------ C:\WINDOWS\system32\fasd521.exe
2008-04-11 11:38:46 20944 --a------ C:\WINDOWS\system32\fasd518.exe
2008-04-11 11:38:45 37376 --a------ C:\WINDOWS\system32\pmnMccCv.dll
2008-04-11 11:38:36 14848 --a------ C:\WINDOWS\system32\fasd523.exe <Not Verified; Microsoft Corporation; Microsoft>
2008-04-11 11:32:02 3648 --a------ C:\WINDOWS\system32\rwnyslqt.dll
2008-04-11 08:37:58 212992 --a------ C:\WINDOWS\temlxopqgdk.dll
2008-04-11 08:37:54 172032 --a------ C:\WINDOWS\qdnkewfa.dll
2008-04-11 08:37:54 217088 --a------ C:\WINDOWS\mgsvflkw.dll
2008-04-11 01:29:24 407004 --ahs---- C:\WINDOWS\system32\rtutBcfe.ini2
2008-04-10 21:40:00 3648 --a------ C:\WINDOWS\system32\husnvmvp.dll
2008-04-10 21:30:04 23040 --a------ C:\WINDOWS\swin32.dll
2008-04-10 20:59:56 37376 --a------ C:\WINDOWS\system32\iifcBuuU.dll
2008-04-10 20:59:51 55218 --a------ C:\WINDOWS\zeqbqwp.sys
2008-04-10 20:59:46 25088 --a------ C:\WINDOWS\gavurjjf.exe
2008-04-10 20:59:08 235397 --a------ C:\WINDOWS\system32\fasd487.exe
2008-04-10 20:57:55 360619 --ahs---- C:\WINDOWS\system32\OVDLRqss.ini2
2008-04-10 20:40:06 3648 --a------ C:\WINDOWS\system32\mgjctndo.dll
2008-04-09 20:21:53 25600 --a------ C:\WINDOWS\system32\fasd512.exe
2008-04-09 15:46:35 32512 --a------ C:\WINDOWS\cdsm32.dll
2008-04-09 15:46:33 14336 --a------ C:\WINDOWS\mssvr.exe
2008-04-09 15:46:33 9216 --a------ C:\WINDOWS\bjam.dll
2008-04-09 13:47:19 32000 --a------ C:\WINDOWS\voiceip.dll
2008-04-09 13:47:15 28416 --a------ C:\WINDOWS\180ax.exe
2008-04-09 13:47:14 10496 --a------ C:\WINDOWS\salm.exe
2008-04-09 12:55:34 3648 --a------ C:\WINDOWS\system32\mcndfomr.dll
2008-04-09 12:05:12 44544 --a------ C:\WINDOWS\system32\fasd513.exe
2008-04-07 20:43:27 0 d-------- C:\Program Files\stc
2008-04-07 20:43:25 31488 --a------ C:\WINDOWS\bokja.exe
2008-04-07 20:43:23 19968 --a------ C:\WINDOWS\mspphe.dll
2008-04-07 20:43:11 31744 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-04-07 20:42:55 9216 --a------ C:\WINDOWS\saiemod.dll
2008-04-07 20:42:54 23296 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-07 20:42:51 22016 --a------ C:\WINDOWS\msapasrc.dll
2008-04-07 20:42:50 20480 --a------ C:\WINDOWS\msa64chk.dll
2008-04-07 20:42:48 24320 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-07 20:42:46 24576 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-04-07 20:42:45 23040 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-07 20:42:43 15616 --a------ C:\WINDOWS\shdocpl.dll
2008-04-07 20:42:43 17920 --a------ C:\WINDOWS\ntnut.exe
2008-04-07 20:42:42 13056 --a------ C:\WINDOWS\shdocpe.dll
2008-04-07 20:42:40 30208 --a------ C:\WINDOWS\winsb.dll
2008-04-07 20:42:40 0 d-------- C:\Program Files\Sysmnt
2008-04-07 20:42:38 13568 --a------ C:\WINDOWS\browserad.dll
2008-04-07 20:42:37 14848 --a------ C:\

#2
terrykugh92

Posted 25 May 2008 - 10:49 AM

Member

Topic Starter
Member
20 posts

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 494.73 MiB / 112.27 MiB
Pagefile Memory (total/avail): 773.44 MiB / 408.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.68 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 101.73 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1200BB-00GUA0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: Symantec AntiVirus Corporate Edition v10.0.0.359 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\WINDOWS\\system32\\skcbgm.exe"="C:\\WINDOWS\\system32\\skcbgm.exe:*:Enabled:SK Communications Cyworld BGM Player"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_12\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COM1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\COM1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE15~1.0_1\bin;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_12\lib\ext\QTJava.zip
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=COM1
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee --> C:\PROGRA~1\ACD\ACDSee\UNWISE.EXE C:\PROGRA~1\ACD\ACDSee\INSTALL.LOG
Ad-aware 6 Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced Spyware Remover Free Edition --> "C:\Program Files\Advanced Spyware Remover\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HP Image Zone 4.0 --> C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
hp LaserJet 1160/1320 series --> MsiExec.exe /x {7F04B272-E0DD-47E7-8B55-D97483DB0EBD}
iPod for Windows 2005-06-26 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{654F0312-CB3D-4FE2-962C-6BB9752E9146} /l1033
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{47808F78-F178-49DC-B708-15FE538B16FF}
J2SE Runtime Environment 5.0 Update 12 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
ProSavageDDR and Utilities --> C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Symantec AntiVirus --> MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
WebVideo Support --> C:\WINDOWS\wxvgsdbq.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WINForms Desktop --> C:\PROGRA~1\WINFOR~1\UNWISE.EXE C:\PROGRA~1\WINFOR~1\INSTALL.LOG
WINForms® Desktop --> C:\PROGRA~1\WINFOR~1\UNWISE.EXE C:\PROGRA~1\WINFOR~1\INSTALL.LOG
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type6744 / Warning
Event Submitted/Written: 05/24/2008 07:58:19 PM
Event ID/Source: 6 / crypt32
Event Description:
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

Event Record #/Type6743 / Error
Event Submitted/Written: 05/24/2008 07:44:33 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: The data is invalid.

Event Record #/Type6740 / Error
Event Submitted/Written: 05/24/2008 07:44:32 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: The data is invalid.

Event Record #/Type6739 / Error
Event Submitted/Written: 05/24/2008 07:43:32 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type6738 / Error
Event Submitted/Written: 05/24/2008 07:43:16 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: The data is invalid.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type1843 / Error
Event Submitted/Written: 05/25/2008 09:13:56 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type1839 / Error
Event Submitted/Written: 05/25/2008 09:09:44 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep
eeCtrl
Fips
intelppm
SAVRT
SAVRTPEL

Event Record #/Type1838 / Error
Event Submitted/Written: 05/25/2008 09:09:18 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type1837 / Error
Event Submitted/Written: 05/25/2008 09:07:58 AM / 05/25/2008 09:08:28 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.

Event Record #/Type1836 / Error
Event Submitted/Written: 05/25/2008 09:07:58 AM / 05/25/2008 09:08:28 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.

-- End of Deckard's System Scanner: finished at 2008-05-25 09:37:27 ------------

#3
Tal

Posted 25 May 2008 - 10:53 AM

Trusted Helper

Retired Staff
2,138 posts

Hi terrykugh92,

I'm looking over this and will be back with additional instructions later.

Tal

#4
Tal

Posted 25 May 2008 - 04:07 PM

Trusted Helper

Retired Staff
2,138 posts

Hello terrykugh92,

Before we begin, I would like to emphasize that your computer is extremely infected. We can attempt cleaning it, but there is always a chance we'll not be able to, so please keep that in mind. Also, follow my instructions as close as possible.

Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!

You may also want to Track This Topic. This feature of the forum will send out an email to the email address you've signed up with as soon as I reply, so you can be notified of my reply. To do this, please locate the Options menu, located just under the New Topic and New Reply icons. Once you've found it, click it, and choose Track This Topic from the dropdown menu (the first option). In the page that appears after you have clicked Track This Topic, select Immediate Email Notification, then click Proceed.

IMPORTANT: Your DSS log got cut off. We will proceed with disinfecting your PC, but I need the information in the rest of the log (talking about main.txt). Please make sure that, in your next reply, ALL the log is showing. Split it to several posts if necessary.

You have a backdoor trojan on your PC. This means it could have logged your baking passwords, as well as logins to other websites that are important to you. From a secure computer (not this), change all your online banking passwords (if you use banking services). I also recommend you change passwords to websites you frequent.

For the following steps, perform the instructions in Safe Mode with Networking.

Step1 : HostsXpert

Download the HostsXpert 3.7 - Hosts File Manager.

Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
Click "Make Hosts Writable?" in the upper right corner (If available).
Click Restore Microsoft's Hosts file and then click OK.
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Step2 : Running ComboFix

You have rootkits on your system, that possibly prevent you booting to normal mode. We will try to correct that.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a DSS log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Step3 : Correcting entries with HijackThis

Please re-open HijackThis and click Scan. Put a check next to the following entries presented in the window: (Do NOT click Fix yet!)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\yayyvWQj.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {BCD5B47E-73DB-4FBD-A3C3-D77E83D5A515} - C:\WINDOWS\system32\khFwTKca.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe
O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [msvtt] C:\WINDOWS\system32\gavurjjf.exe
O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe
O4 - HKLM\..\Run: [seekmo] C:\WINDOWS\system32\head2.exe
O4 - HKLM\..\Run: [pinga64] C:\WINDOWS\pinga.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [a4f165dc] rundll32.exe "C:\WINDOWS\system32\vawpvkfq.dll",b
O4 - HKLM\..\Policies\Explorer\Run: [jWeeDUr0Kf] C:\Documents and Settings\All Users\Application Data\mdqbivaz\sdkjwnqj.exe
O4 - HKUS\S-1-5-18\..\Run: [xicwzfyr] C:\WINDOWS\system32\gjivmxqd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [xicwzfyr] C:\WINDOWS\system32\gjivmxqd.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1CDF7E2-2888-4685-A4E0-0DC513BCEDD4}: NameServer = 85.255.115.27,85.255.112.202
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.202
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.202
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.202
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - (no file)
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - (no file)
O23 - Service: DHCP Client Dhcpmnmsrvc (dhcpmnmsrvc) - Unknown owner - C:\WINDOWS\system32\3076qc.exe
O23 - Service: Fast User Switching Compatibility FastUserSwitchingCompatibilityRasAuto (fastuserswitchingcompatibilityrasauto) - Unknown owner - C:\WINDOWS\system32\3com_dmil.exe
O23 - Service: Routing and Remote Access RemoteAccessNetman (remoteaccessnetman) - Unknown owner - C:\WINDOWS\system32\2052r.exe
O23 - Service: Remote Procedure Call (RPC) Locator RpcLocatorWebClient (rpclocatorwebclient) - Unknown owner - C:\WINDOWS\system32\acleditc.exe
O23 - Service: Viewpoint Manager Service ViewpointHidServ (viewpointhidserv) - Unknown owner - C:\WINDOWS\system32\Adobev.exe
O23 - Service: WebClient WebClientLmHosts (webclientlmhosts) - Unknown owner - C:\WINDOWS\system32\fasd522.exe srv
O23 - Service: Security Center wscsvcNetman (wscsvcnetman) - Unknown owner - C:\WINDOWS\system32\3076q.exe
O23 - Service: Security Center wscsvcNetman wscsvcnetmanSavRoam (wscsvcnetmansavroam) - Unknown owner - C:\WINDOWS\system32\acelpdeck.exe

Now, close all other windows but HijackThis, including Explorer windows (folders) and this window, and click Fix. Note: It is vital you close all other windows, otherwise the fix will not succeed.

Step4 : CFScript with ComboFix

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\yayyvWQj.dll
C:\WINDOWS\system32\khFwTKca.dll
C:\WINDOWS\svx.exe
C:\WINDOWS\svw.exe
C:\WINDOWS\svc.exe
C:\WINDOWS\system32\gavurjjf.exe
C:\WINDOWS\wdmon.exe
C:\WINDOWS\system32\head2.exe
C:\WINDOWS\pinga.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\vawpvkfq.dll
C:\Documents and Settings\All Users\Application Data\mdqbivaz\sdkjwnqj.exe
C:\WINDOWS\system32\gjivmxqd.exe
C:\WINDOWS\system32\gjivmxqd.exe
C:\WINDOWS\system32\3076qc.exe
C:\WINDOWS\system32\3com_dmil.exe
C:\WINDOWS\system32\2052r.exe
C:\WINDOWS\system32\acleditc.exe
C:\WINDOWS\system32\Adobev.exe
C:\WINDOWS\system32\fasd522.exe srv
C:\WINDOWS\system32\3076q.exe
C:\WINDOWS\system32\acelpdeck.exe
c:\windows\system32\itcoe.sys
c:\windows\nqaplwj.sys
c:\windows\ydhqzop.sys
c:\windows\zeqbqwp.sys
c:\windows\system32\drivers\bxn61.sys
Driver::
afu01
bix33
Bkc28
Bld42
Cac57
cha82
chh66
crr15
cuk43
dgq44
din53
dlb44
Dxi88
ebt55
ecj34
ecy56
Eej34
Eer81
ert64
Ery52
eyl10
fad71
fif11
Fsf74
gak23
gqq84
hco45
hrp56
Hrr45
Ikn83
iku51
ini60
ivv36
Ixl33
jnl16
jqg33
Kap44
kfi45
koy11
lgg14
lls71
lov36
Lsl82
lve82
map13
mcm75
mka67
mmh67
moe76
mrc66
Nix36
nnd65
nsl36
nxp03
Oer20
Oot10
paa58
pfa22
phk38
pkw66
prk85
qis34
rrp34
Rry82
sap13
sgi68
sik21
snb04
tmc36
toe18
Ttq24
Ttw67
twh44
urr25
uxx88
vds85
veg17
vel85
vin55
vly25
vnn58
Vot33
vyv27
wac47
waw84
wcf18
Wfr75
wkv74
Wmr74
wwh06
wwo72
wyr22
Xds11
Xis31
xnq33
xxq30
Yel55
yev58
You41
yyj86
itcoe
nqaplwj
ydhqzop
zeqbqwp
grande48
apf47
Arf25
Blv44
Bxn61
byj66
Chu74
Eyh44
Ffw41
Hcp13
Jog17
liq00
lsv86
npa41
Uac22
Vsb40
Xau46

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. Additonally, ComboFix will generate the following files on your desktop

A zipped file on your desktop called Submit [Date Time].zip
And another file named - CF-Submit.htm

6. ComboFix may need to reboot to finish its work. Let it.

IMPORTANT: Your computer will reboot into normal mode. This should work. If it doesn't, DON'T proceed with the steps below. Boot into Safe Mode with Networking, rescan with DSS and include the first ComboFix log (not the CFScript log).

7. When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

8. If CF-Submit.htm is detected, ComboFix will generate this message box:

Posted Image

Clicking OK will cause the machine's browser to load CF-Submit.htm

Posted Image

9. Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.

Click on the file to Select it.
Submit the file by clicking "OK"

10. Once the file has been submitted, please DELETE both files on your desktop.

Reminder:Only proceed with the below steps if you managed to boot into Normal Mode. If you haven't, please stop, boot into Safe Mode with Networking, rescan with DSS and provide the first ComboFix log (not the CFScript).

Step5 : FixWareout

Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new DSS log.

If you have managed to boot into normal mode after the ComboFix steps, include the following in your next reply:

First ComboFix log.
Second ComboFix log (the one that popped up when you booted to normal mode).
FixWareout log.
New DSS log - It will only produce main.txt this time. Make sure it fits in your post and split them if necessary.
These logs will not fit in one reply. Please split them to several replies.

If you have NOT managed to boot into normal mode after the ComboFix steps, include the following in your next reply:

First ComboFix log (the scan log).
New DSS log from Safe Mode with Networking - It will only produce main.txt this time. Make sure it fits in your post and split them if necessary.

Tal

#5
terrykugh92

Posted 25 May 2008 - 06:13 PM

Member

Topic Starter
Member
20 posts

sorry about the cutoff on the main.

2008-04-07 20:42:37 14848 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-07 20:42:37 16640 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-07 20:42:36 19968 --a------ C:\WINDOWS\avifile32.dll
2008-04-07 20:42:35 13312 --a------ C:\WINDOWS\autodisc32.dll
2008-04-07 20:42:35 21248 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-07 20:42:33 24320 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-07 20:42:32 22784 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-07 20:42:30 10240 --a------ C:\WINDOWS\athprxy32.dll
2008-04-07 20:42:30 28672 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-07 20:42:29 17152 --a------ C:\WINDOWS\asferror32.dll
2008-04-07 20:42:28 25600 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-07 20:42:28 14848 --a------ C:\WINDOWS\apphelp32.dll
2008-04-07 20:26:34 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-04-07 20:26:30 91563 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-07 20:26:30 91563 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-04-07 19:26:25 20992 -----n--- C:\WINDOWS\winself.exe
2008-04-07 19:26:13 33021 --a------ C:\WINDOWS\system32\fasd507.exe
2008-04-07 11:19:18 0 d-------- C:\Program Files\iSecurity
2008-04-06 15:47:13 101180 --a------ C:\WINDOWS\system32\fasd504.exe
2008-04-06 01:27:32 307786 --a------ C:\WINDOWS\system32\winivstr.exe
2008-04-05 22:32:39 0 d-------- C:\Program Files\Starcraft
2008-04-05 10:38:23 139264 --a------ C:\WINDOWS\aromis.exe
2008-04-05 10:36:09 11264 --a------ C:\WINDOWS\system32\fasd486.exe
2008-04-05 10:35:30 15363 --a------ C:\WINDOWS\system32\fasd500.exe
2008-04-04 18:21:10 11776 --a------ C:\WINDOWS\system32\fasd502.exe
2008-04-04 18:20:26 55956 --a------ C:\WINDOWS\nqaplwj.sys
2008-04-04 18:20:24 233984 --a------ C:\WINDOWS\system32\fasd497.exe
2008-04-04 18:20:24 59392 --a------ C:\fuiqenxq.exe
2008-04-01 21:02:22 16060 --a------ C:\WINDOWS\system32\fasd485.exe
2008-04-01 15:27:13 49152 --a------ C:\WINDOWS\system32\fasd480.exe
2008-03-30 17:59:46 0 d-------- C:\Program Files\Windows Defender
2008-03-30 17:53:56 62976 --a------ C:\WINDOWS\system32\fasd484.exe
2008-03-30 17:53:56 62976 -----n--- C:\WINDOWS\system32\CbEvtSvc.exe
2008-03-30 13:12:07 236071 --a------ C:\WINDOWS\system32\fasd483.exe
2008-03-30 06:02:13 190464 --a------ C:\WINDOWS\system32\actvtalk.dll
2008-03-27 22:11:57 17920 --a------ C:\WINDOWS\system32\braviax.exe
2008-03-27 20:31:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-03-27 18:02:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-27 18:01:58 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-27 18:01:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-03-27 15:43:24 10240 --a------ C:\WINDOWS\system32\wicstd32.dll
2008-03-27 15:43:23 15872 --a------ C:\WINDOWS\system32\fasd232.exe <Not Verified; Microsoft Corporation; Microsoft>
2008-03-27 08:09:19 48146 --a------ C:\WINDOWS\system32\fasd479.exe <Not Verified; 1337; stub>
2008-03-27 08:09:07 11264 --a------ C:\WINDOWS\system32\fasd475.exe
2008-03-27 00:54:01 179200 --a------ C:\WINDOWS\wdmon.exe
2008-03-27 00:54:01 179200 --a------ C:\WINDOWS\vlc.exe
2008-03-27 00:54:01 179200 --a------ C:\WINDOWS\svx.exe
2008-03-27 00:54:01 179200 --a------ C:\WINDOWS\svw.exe
2008-03-27 00:54:01 179200 --a------ C:\WINDOWS\svc.exe
2008-03-27 00:54:01 168448 --a------ C:\WINDOWS\pinga.exe
2008-03-26 23:17:38 12800 --a------ C:\WINDOWS\system32\fasd468.exe
2008-03-26 22:16:09 0 d-------- C:\Program Files\HP
2008-03-26 22:16:09 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-26 21:29:57 0 d-------- C:\Program Files\Symantec AntiVirus
2008-03-26 20:53:45 0 d-------- C:\Program Files\CCleaner
2008-03-26 19:05:49 10000 --a------ C:\WINDOWS\system32\Kf9467g.dll
2008-03-26 18:46:47 3072 --a------ C:\WINDOWS\system32\kbdsdf.dll
2008-03-26 18:46:26 9728 --a------ C:\WINDOWS\system32\dhcpserv.dll
2008-03-26 18:46:03 8192 --a------ C:\WINDOWS\system32\regapi32.dll
2008-03-26 18:45:42 5632 --a------ C:\WINDOWS\system32\ftpsystem.dll
2008-03-26 18:45:21 8192 --a------ C:\WINDOWS\system32\dcphnet.dll
2008-03-26 18:45:00 8192 --a------ C:\WINDOWS\system32\cbrowse.dll
2008-03-26 18:44:40 3072 --a------ C:\WINDOWS\system32\pxcrt.dll
2008-03-26 18:44:18 7680 --a------ C:\WINDOWS\system32\gdid32.dll
2008-03-26 18:43:36 8704 --a------ C:\WINDOWS\system32\rcdll.dll
2008-03-26 18:42:13 7168 --a------ C:\WINDOWS\system32\protect.dll
2008-03-26 18:40:48 8192 --a------ C:\WINDOWS\system32\iphelp.dll
2008-03-26 18:40:37 5120 --a------ C:\WINDOWS\system32\rsh.dll
2008-03-26 18:29:45 86 --a------ C:\WINDOWS\system32\delself.bat
2008-03-26 18:29:04 7168 --a------ C:\WINDOWS\system32\fasd470.exe
2008-03-26 18:28:17 11264 --a------ C:\WINDOWS\system32\winload.dll
2008-03-26 18:25:38 16336 --a------ C:\WINDOWS\system32\fasd476.exe
2008-03-26 18:25:29 233984 --a------ C:\WINDOWS\system32\fasd474.exe
2008-03-26 18:25:11 14336 --a------ C:\WINDOWS\system32\fasd451.exe
2008-03-26 18:24:39 3221 -----n--- C:\WINDOWS\system32\wnslogan.exe
2008-03-26 18:24:38 3221 --a------ C:\WINDOWS\system32\~.exe
2008-03-26 18:17:57 0 d-------- C:\Program Files\Common Files\AOL
2008-03-26 00:12:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nexon
2008-03-26 00:11:35 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-12 19:36:47 94454 --a------ C:\WINDOWS\HPHins03.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
04/16/2008 12:06 PM 37376 --a------ C:\WINDOWS\system32\yayyvWQj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCD5B47E-73DB-4FBD-A3C3-D77E83D5A515}]
04/27/2008 06:50 PM 281600 --------- C:\WINDOWS\system32\khFwTKca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iSecurity applet"="iSecurity.cpl" [04/07/2008 11:19 AM C:\WINDOWS\system32\iSecurity.cpl]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"windows defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM]
"wdmon"="C:\WINDOWS\wdmon.exe" [03/27/2008 12:54 AM]
"vlc"="C:\WINDOWS\vlc.exe" [03/27/2008 12:54 AM]
"tomcatstartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [05/20/2004 09:40 AM]
"sunjavaupdatesched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [05/02/2007 05:15 AM]
"statusclient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [02/27/2004 10:29 AM]
"soundman"="SOUNDMAN.EXE" [02/26/2004 04:53 PM C:\WINDOWS\SOUNDMAN.EXE]
"seekmo"="C:\WINDOWS\system32\head2.exe" [04/24/2008 02:48 PM]
"pinga64"="C:\WINDOWS\pinga.exe" [03/27/2008 12:54 AM]
"phime2002async"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 09:39 PM]
"phime2002a"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 09:39 PM]
"netx"="C:\WINDOWS\svx.exe" [03/27/2008 12:54 AM]
"netw"="C:\WINDOWS\svw.exe" [03/27/2008 12:54 AM]
"netc"="C:\WINDOWS\svc.exe" [03/27/2008 12:54 AM]
"msvtt"="C:\WINDOWS\system32\gavurjjf.exe" [04/22/2008 07:08 PM]
"mspy2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/28/2002 09:39 PM]
"imjpmig8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:31 PM]
"hphupd06"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/06/2004 09:53 PM]
"hphmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/06/2004 09:42 PM]
"hpdj taskbar utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [04/06/2004 03:28 AM]
"hp component manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 04:18 PM]
"ccapp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/08/2005 03:52 PM]
"braviax"="C:\WINDOWS\system32\braviax.exe" [03/27/2008 10:11 PM]
"a4f165dc"="C:\WINDOWS\system32\vawpvkfq.dll" [04/27/2008 06:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/24/2005 04:16 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB8780"=command /c del "C:\WINDOWS\system32\wind32.exe"
"SpybotDeletingD3959"=cmd /c del "C:\WINDOWS\system32\wind32.exe"
"SpybotDeletingB4557"=command /c del "C:\WINDOWS\system32\cimothqx.dll_old"
"SpybotDeletingD6875"=cmd /c del "C:\WINDOWS\system32\cimothqx.dll_old"
"SpybotDeletingB1740"=command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
"SpybotDeletingD4526"=cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll"
"SpybotDeletingB8737"=command /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
"SpybotDeletingD5055"=cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll"
"SpybotDeletingB1227"=command /c del "C:\WINDOWS\system32\cimothqx.dll_old"
"SpybotDeletingD9728"=cmd /c del "C:\WINDOWS\system32\cimothqx.dll_old"
"SpybotDeletingB9045"=command /c del "C:\WINDOWS\system32\frrycmjm.dll_old"
"SpybotDeletingD4047"=cmd /c del "C:\WINDOWS\system32\frrycmjm.dll_old"
"SpybotDeletingB6912"=command /c del "C:\WINDOWS\system32\qkgeygvo.dll_old"
"SpybotDeletingD2679"=cmd /c del "C:\WINDOWS\system32\qkgeygvo.dll_old"
"SpybotDeletingB4946"=command /c del "C:\WINDOWS\system32\ssqRLDVO.dll_old"
"SpybotDeletingD3684"=cmd /c del "C:\WINDOWS\system32\ssqRLDVO.dll_old"
"SpybotDeletingB8858"=command /c del "C:\Program Files\Helper\1207886533.dll"
"SpybotDeletingD6439"=cmd /c del "C:\Program Files\Helper\1207886533.dll"
"SpybotDeletingB9086"=command /c del "C:\WINDOWS\system32\efcBtutr.dll_old"
"SpybotDeletingD1138"=cmd /c del "C:\WINDOWS\system32\efcBtutr.dll_old"
"SpybotDeletingB3593"=command /c del "C:\WINDOWS\system32\bumpeohj.dll_old"
"SpybotDeletingD6012"=cmd /c del "C:\WINDOWS\system32\bumpeohj.dll_old"
"SpybotDeletingB2114"=command /c del "C:\WINDOWS\system32\efcBtutr.dll_old"
"SpybotDeletingD3927"=cmd /c del "C:\WINDOWS\system32\efcBtutr.dll_old"
"SpybotDeletingB3664"=command /c del "C:\WINDOWS\system32\yaYPJyAr.dll_old"
"SpybotDeletingD6423"=cmd /c del "C:\WINDOWS\system32\yaYPJyAr.dll_old"
"SpybotDeletingB5274"=command /c del "C:\WINDOWS\system32\geBRLDvS.dll_old"
"SpybotDeletingD604"=cmd /c del "C:\WINDOWS\system32\geBRLDvS.dll_old"
"SpybotDeletingB9050"=command /c del "C:\WINDOWS\system32\hexcrjcq.dll_old"
"SpybotDeletingD4073"=cmd /c del "C:\WINDOWS\system32\hexcrjcq.dll_old"
"SpybotDeletingB2223"=command /c del "C:\WINDOWS\system32\ixuliuim.dll_old"
"SpybotDeletingD6384"=cmd /c del "C:\WINDOWS\system32\ixuliuim.dll_old"
"SpybotDeletingB1570"=command /c del "C:\WINDOWS\system32\geBRLDvS.dll_old"
"SpybotDeletingD7231"=cmd /c del "C:\WINDOWS\system32\geBRLDvS.dll_old"
"SpybotDeletingB1021"=command /c del "C:\WINDOWS\system32\hexcrjcq.dll_old"
"SpybotDeletingD9529"=cmd /c del "C:\WINDOWS\system32\hexcrjcq.dll_old"
"SpybotDeletingB6004"=command /c del "C:\WINDOWS\system32\ixuliuim.dll_old"
"SpybotDeletingD2422"=cmd /c del "C:\WINDOWS\system32\ixuliuim.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"KB926239"=rundll32.exe apphelp.dll,ShimFlushCache
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
"SpybotDeletingA4538"=command /c del "C:\WINDOWS\system32\inugljji.dll_old"
"SpybotDeletingC4583"=cmd /c del "C:\WINDOWS\system32\inugljji.dll_old"
"SpybotDeletingA824"=command /c del "C:\WINDOWS\system32\jgaavxfe.dll_old"
"SpybotDeletingC2619"=cmd /c del "C:\WINDOWS\system32\jgaavxfe.dll_old"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"xicwzfyr"=C:\WINDOWS\system32\gjivmxqd.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe [5/28/2004 11:31:38 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqthb08.exe [5/29/2004 12:06:36 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"jWeeDUr0Kf"=C:\Documents and Settings\All Users\Application Data\mdqbivaz\sdkjwnqj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3C49DDAC-3DA4-4743-AF6C-5974FEAF875C}"= C:\WINDOWS\system32\winload.dll [03/26/2008 06:28 PM 11264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\yayyvWQj.dll [04/16/2008 12:06 PM 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdxmc.exe"
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ÿ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=iSecurity.cpl

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khFwTKca

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afu01.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahf81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\apf47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Arf25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bix33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bkc28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bld42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Blv44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bxn61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\byj66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cac57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cha82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\chh66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Chu74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crr15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cuk43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cwc03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dfn41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dgq44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\din53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dlb44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dxi88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ebt55.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ecj34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ecy56.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eej34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eer81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ejt03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ert64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ery52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ewj17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eyh44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eyl10.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eyy14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fad71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fcu40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ffw41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fif11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fsf74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fwr27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gak23.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gqq84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gqv44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gyq83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hco45.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hcp13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hff37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hfr00.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hrp56.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hrr45.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hum83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ihf88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ikn83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iks03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iku51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ilv54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ini60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\inx34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ivv36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ixl33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jnl16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jog17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqg33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jyt03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kap44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kfi45.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\koy11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ksk82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kxu88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbq85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lgg14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\liq00.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lls71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lov36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lqb82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lqs36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lsl82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsv86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lve82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\map13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcm75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcp11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mff72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mka67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mmh67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\moe76.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mrc66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mwr35.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\myy73.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nfi31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ngn11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nix36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nkp16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nnd65.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\npa41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nsl36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nto08.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nvb12.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nvs20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nxp03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oer20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ooo57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oot10.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\oow28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ort11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovs33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\paa58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\paa66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pfa22.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\phk38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\piu28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pkw66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ppa62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prk85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qis34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rak23.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rrp34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rry82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sap13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sgi68.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Sgq40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sik21.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\snb04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\system reserved]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tmc36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\toe18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ttq24.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ttw67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\twh44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uac22.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\urr25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uuh47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uwh77.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uwk26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uxx88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\veg17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vel85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vin55.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vly25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vnn58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vot33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqd38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vsb40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyv27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wac47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\waw84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wcf18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wfr75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wht80.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Whu24.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wkv74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wmr74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wom07.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wwh06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wwo72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wyr22.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xau40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xau46.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xds11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xis31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xlq44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xnq33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xnq52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xpa42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xxq30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yel55.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yev58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\You41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yto41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ywr30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yyj86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yyw63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Bin\assetup.exe

*Newly Created Service* - ASUSHWIO

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186f05-bbbb-4a39-864f-72d84615c679}]
rundll32 sockins32.dll,InitModule

-- Hosts -----------------------------------------------------------------------

124.217.251.147 google.dk
124.217.251.147 google.se
124.217.251.147 google.co.nz
124.217.251.147 google.cn
124.217.251.147 google.com.pr
124.217.251.147 google.com.ca
124.217.251.147 google.com.ch
124.217.251.147 google.fi
124.217.251.147 google.co.in
124.217.251.147 google.co.uk

36 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-05-25 09:37:27 ------------

#6
terrykugh92

Posted 25 May 2008 - 09:25 PM

Member

Topic Starter
Member
20 posts

my combofix log

ComboFix 08-05-25.3 - Administrator 2008-05-25 19:55:37.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.242 [GMT -7:00]Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\cftmon.exe
C:\Documents and Settings\LocalService\Desktopblackbird.jpg
C:\Documents and Settings\LocalService\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\LocalService\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\LocalService\Desktopfilemanagerclient.exe
C:\Documents and Settings\LocalService\Desktopfkwp1.5.exe
C:\Documents and Settings\LocalService\Desktopfkwp2.0.exe
C:\Documents and Settings\LocalService\Desktopfwebd.exe
C:\Documents and Settings\LocalService\DesktopFWebdEditor.exe
C:\Documents and Settings\LocalService\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
C:\WINDOWS\qnmargolqgp.dll
C:\WINDOWS\system32\~.exe
.
---- Previous Run -------
.
C:\4.tmp
C:\autoex.dll
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\config.ini
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\LocalService\Desktopvirii
C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\Helper
C:\Program Files\iSecurity
C:\Program Files\iSecurity\v5\iSecurity.cpl
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\smp.bat
C:\WINDOWS\123messenger.per
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\a.bat
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\aromis.config
C:\WINDOWS\aromis.exe
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\bjam.dll
C:\WINDOWS\BMa7c25640.xml
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\conf.inf
C:\WINDOWS\cookies.ini
C:\WINDOWS\ctfmon.exe
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\Installer\id53.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\kavir.exe
C:\WINDOWS\ky.sxc
C:\WINDOWS\lfn.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\mgsvflkw.dll
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mscon.sio
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssecu.exe
C:\WINDOWS\mssvr.exe
C:\WINDOWS\nivavir.config
C:\WINDOWS\nqaplwj.sys
C:\WINDOWS\ntnut.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\qdnkewfa.dll
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\svc.exe
C:\WINDOWS\svw.exe
C:\WINDOWS\svx.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system\hnqtse32.dll
C:\WINDOWS\system32\624855
C:\WINDOWS\system32\892267
C:\WINDOWS\system32\acKTwFhk.ini
C:\WINDOWS\system32\acKTwFhk.ini2
C:\WINDOWS\system32\actvtalk.dll
C:\WINDOWS\system32\bcbKQXyb.ini
C:\WINDOWS\system32\bcbKQXyb.ini2
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\CbEvtSvc.exe
C:\WINDOWS\system32\DelSelf.bat
C:\WINDOWS\system32\divxrs.dll
C:\WINDOWS\system32\dMlVyyay.ini
C:\WINDOWS\system32\dMlVyyay.ini2
C:\WINDOWS\system32\drivers\pxjv70.sys
C:\WINDOWS\system32\dtqxtrka.ini
C:\WINDOWS\system32\dvrcbfdb.ini
C:\WINDOWS\system32\eeutkcem.ini
C:\WINDOWS\system32\epcxvgcl.dll
C:\WINDOWS\system32\ffdcbfddafbabcdba.dll
C:\WINDOWS\system32\head2.exe
C:\WINDOWS\system32\hQpqrXyb.ini
C:\WINDOWS\system32\hQpqrXyb.ini2
C:\WINDOWS\system32\husnvmvp.dll
C:\WINDOWS\system32\iifcBuuU.dll
C:\WINDOWS\system32\ISECUR~1.CPL
C:\WINDOWS\system32\iSecurity.cpl
C:\WINDOWS\system32\k86.bin
C:\WINDOWS\system32\kdxmc.exe
C:\WINDOWS\system32\Kf9467g.dll
C:\WINDOWS\system32\khFwTKca.dll
C:\WINDOWS\system32\kwpm.dll
C:\WINDOWS\system32\mcndfomr.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgjctndo.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\mt_32.dll
C:\WINDOWS\system32\mwqidrpt.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\system32\nvrsma.dll
C:\WINDOWS\system32\oPijhHaY.dll
C:\WINDOWS\system32\OVDLRqss.ini
C:\WINDOWS\system32\OVDLRqss.ini2
C:\WINDOWS\system32\oykoedtj.dll
C:\WINDOWS\system32\pdrlhjrp.dll
C:\WINDOWS\system32\pmnMccCv.dll
C:\WINDOWS\system32\prjhlrdp.ini
C:\WINDOWS\system32\qcjrcxeh.ini
C:\WINDOWS\system32\qfkvpwav.ini
C:\WINDOWS\system32\qoMdeBrp.dll
C:\WINDOWS\system32\qoMeEWmL.dll
C:\WINDOWS\system32\rAyJPYay.ini
C:\WINDOWS\system32\rAyJPYay.ini2
C:\WINDOWS\system32\rthlmbon.dll
C:\WINDOWS\system32\rtutBcfe.ini
C:\WINDOWS\system32\rtutBcfe.ini2
C:\WINDOWS\system32\rwnyslqt.dll
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\svchost.t__
C:\WINDOWS\system32\SvDLRBeg.ini
C:\WINDOWS\system32\SvDLRBeg.ini2
C:\WINDOWS\system32\tprdiqwm.ini
C:\WINDOWS\system32\vawpvkfq.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\wicstd32.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\winivstr.exe
C:\WINDOWS\system32\winload.dll
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\system32\wnslogan.exe
C:\WINDOWS\system32\xvnjlrww.ini
C:\WINDOWS\system32\yayyvWQj.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\telefonos.txt
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\textos.txt
C:\WINDOWS\updatetc.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\vlc.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\wdmon.exe
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsb.dll
C:\WINDOWS\winself.exe
C:\WINDOWS\winsystem.exe
C:\WINDOWS\wintst32.tmp
C:\WINDOWS\zeqbqwp.sys
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
C:\wxebxbo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CBEVTSVC
-------\Legacy_cxevtsvc
-------\Legacy_GOOGLES_ONLINES_SEARCH_SERVICES
-------\Legacy_GRANDE48
-------\Legacy_lptrdcsrv
-------\Legacy_mssysinterv
-------\Legacy_pxjv70
-------\Service_cxevtsvc
-------\Service_grande48
-------\Service_lptrdcsrv
-------\Service_nqaplwj
-------\Service_pxjv70
-------\Service_zeqbqwp
-------\Service_pxjv70

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2008-05-25 17:44 . 2008-05-25 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-25 09:27 . 2008-05-25 09:27 <DIR> d-------- C:\Deckard
2008-05-24 21:38 . 2008-05-24 21:38 272 --a------ C:\WINDOWS\_delis32.ini
2008-05-24 21:36 . 2000-03-29 07:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-24 08:07 . 2008-05-25 20:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-24 08:06 . 2008-05-24 08:10 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-24 08:06 . 2008-05-24 08:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-05-24 08:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-24 08:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-24 08:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-24 08:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-22 21:03 . 2008-05-22 21:03 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-22 21:03 . 2008-05-22 21:03 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-22 21:02 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-22 20:39 . 2008-05-22 20:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-22 20:39 . 2008-05-22 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-17 18:50 . 2008-05-17 18:50 <DIR> d-------- C:\Program Files\iTunes
2008-05-17 18:28 . 2008-05-17 18:28 <DIR> d-------- C:\Program Files\Bonjour
2008-05-17 18:00 . 2008-05-17 18:01 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-17 17:58 . 2008-05-17 17:58 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-17 17:51 . 2008-05-17 17:51 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-17 17:51 . 2008-05-17 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-12 15:09 . 2008-05-12 15:08 41,984 -r-hs---- C:\WINDOWS\system32\acelpdeck.exe
2008-05-10 12:20 . 2008-05-25 10:03 <DIR> d-------- C:\Program Files\Advanced Spyware Remover
2008-05-10 06:31 . 2008-05-11 00:09 3,499,695 --ahs---- C:\WINDOWS\system32\a3det.sys
2008-05-06 18:06 . 2008-05-06 18:05 41,984 -r-hs---- C:\WINDOWS\system32\3076qc.exe
2008-05-05 16:40 . 2008-05-06 17:50 <DIR> d-------- C:\Program Files\Error Expert
2008-05-03 12:25 . 2008-05-03 12:24 37,888 -r-hs---- C:\WINDOWS\system32\2052r.exe
2008-04-29 16:53 . 2008-04-29 16:53 450 --a------ C:\WINDOWS\system32\mng86.bin
2008-04-29 15:08 . 2008-04-29 15:07 37,888 -r-hs---- C:\WINDOWS\system32\Adobev.exe
2008-04-27 19:23 . 2008-04-27 19:23 7 --a------ C:\WINDOWS\system32\ngxt.bin
2008-04-27 19:15 . 2008-04-27 19:15 <DIR> d-------- C:\6fc469863b6d6b9e6bfdcbc7b1d854f1
2008-04-27 19:01 . 2008-04-27 19:22 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-27 19:01 . 2008-04-27 19:02 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-27 19:01 . 2008-04-27 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-27 19:01 . 2008-04-27 19:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-04-27 18:52 . 2008-05-22 20:52 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-27 15:35 . 2008-04-27 15:35 335 --a------ C:\WINDOWS\mozregistry.dat
2008-04-27 14:47 . 2008-04-27 19:17 5,120 --a------ C:\WINDOWS\system32\fasd575.exe
2008-04-27 14:46 . 2008-04-27 19:16 233,984 --a------ C:\WINDOWS\system32\fasd573.exe
2008-04-27 14:46 . 2008-04-27 19:16 29,136 --a------ C:\WINDOWS\system32\fasd576.exe
2008-04-27 14:46 . 2008-04-27 19:17 7,680 --a------ C:\WINDOWS\system32\fasd574.exe
2008-04-26 07:17 . 2008-04-26 07:17 8,816 --a------ C:\WINDOWS\system32\drivers\Ahf81.sys
2008-04-26 07:17 . 2008-04-26 07:17 8,816 --a------ C:\WINDOWS\system32\dprot.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 17:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-25 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-25 17:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-25 04:40 229,376 ----a-w C:\WINDOWS\IsUninst.exe
2008-05-23 04:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-18 21:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-05-18 01:48 --------- d-----w C:\Program Files\iPod
2008-05-18 01:17 --------- d-----w C:\Program Files\QuickTime
2008-05-16 17:53 --------- d-----w C:\Program Files\WINForms Desktop
2008-05-11 16:20 --------- d-----w C:\Program Files\Alwil Software
2008-05-11 07:16 5,120 ----a-w C:\Documents and Settings\Administrator\ftp33.dll
2008-05-11 07:06 5,120 ----a-w C:\Documents and Settings\LocalService\ftp33.dll
2008-05-10 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-10 19:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 01:55 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\1062545177.exe
2008-04-28 01:55 132,096 ----a-w C:\Documents and Settings\LocalService\Application Data\974590499.exe
2008-04-28 01:55 109,568 ----a-w C:\Documents and Settings\LocalService\Application Data\988157278.exe
2008-04-24 00:45 87,040 ----a-w C:\ktgmhs.exe
2008-04-24 00:45 61,874 ----a-w C:\WINDOWS\ydhqzop.sys
2008-04-24 00:44 13,824 ----a-w C:\rwhucv.exe
2008-04-23 02:08 71,168 ----a-w C:\lilsesn.exe
2008-04-23 02:08 67,506 ----a-w C:\WINDOWS\fkjdfje.sys
2008-04-23 02:08 61,952 ----a-w C:\gavurjjf.exe
2008-04-23 02:08 13,824 ----a-w C:\gjtxc.exe
2008-04-22 10:06 98,304 ----a-w C:\WINDOWS\olgdqarf.exe
2008-04-22 10:06 90,112 ----a-w C:\WINDOWS\wxvgsdbq.exe
2008-04-21 21:53 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\1003952419.exe
2008-04-21 21:53 132,096 ----a-w C:\Documents and Settings\LocalService\Application Data\994383577.exe
2008-04-21 21:53 109,568 ----a-w C:\Documents and Settings\LocalService\Application Data\1167409177.exe
2008-04-21 14:21 47,104 ----a-w C:\Documents and Settings\LocalService\Application Data\1421573299.exe
2008-04-21 05:50 32,768 ----a-w C:\pagefile.dll
2008-04-20 23:08 --------- d-----w C:\Program Files\FBrowserAdvisor
2008-04-20 00:27 154,332 ----a-w C:\Documents and Settings\LocalService\Application Data\920847699.exe
2008-04-20 00:27 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\985601219.exe
2008-04-20 00:27 109,568 ----a-w C:\Documents and Settings\LocalService\Application Data\1162165977.exe
2008-04-19 02:51 176,128 ----a-w C:\Documents and Settings\LocalService\Application Data\989861316.exe
2008-04-17 14:04 109,568 ----a-w C:\Documents and Settings\LocalService\Application Data\1140668857.exe
2008-04-17 03:34 157,252 ----a-w C:\Documents and Settings\LocalService\Application Data\893113583.exe
2008-04-17 03:34 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\1012603699.exe
2008-04-16 19:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback
2008-04-16 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\mdqbivaz
2008-04-16 19:05 55,218 ----a-w C:\WINDOWS\qaszpurn.sys
2008-04-11 19:18 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\989205918.exe
2008-04-11 19:18 113,453 ----a-w C:\Documents and Settings\LocalService\Application Data\912982899.exe
2008-04-11 15:37 212,992 ----a-w C:\WINDOWS\temlxopqgdk.dll
2008-04-11 03:59 9,294 ----a-w C:\Documents and Settings\LocalService\mpr2.dat
2008-04-11 03:59 9,294 ----a-w C:\Documents and Settings\LocalService\mpr.dat
2008-04-11 03:59 25,088 ----a-w C:\WINDOWS\gavurjjf.exe
2008-04-08 02:35 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\1082600419.exe
2008-04-06 08:35 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\1035280537.exe
2008-04-06 05:32 --------- d-----w C:\Program Files\Starcraft
2008-04-05 17:31 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\1031217059.exe
2008-04-05 01:38 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\992417379.exe
2008-04-05 01:20 59,392 ----a-w C:\fuiqenxq.exe
2008-04-02 00:36 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\979702617.exe
2008-04-02 00:31 0 ----a-w C:\WINDOWS\system32\drivers\Bxn61.sys
2008-04-01 00:35 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\1000675417.exe
2008-03-31 03:19 143,360 ----a-w C:\Documents and Settings\LocalService\Application Data\989795779.exe
2008-03-31 00:59 --------- d-----w C:\Program Files\Windows Defender
2008-03-28 05:12 152 ----a-w C:\Documents and Settings\Administrator\delself.bat
2008-03-28 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-28 01:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-27 07:54 168,448 ----a-w C:\WINDOWS\pinga.exe
2008-03-27 05:16 --------- d-----w C:\Program Files\HP
2008-03-27 05:16 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-27 04:29 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-27 03:53 --------- d-----w C:\Program Files\CCleaner
2008-03-27 01:17 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-27 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-27 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-26 07:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nexon
2008-03-26 07:11 --------- d-----w C:\Program Files\Common Files\INCA Shared
2007-07-26 00:20 38,552 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.
C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
577,024 2005-03-02 18:09:30 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
561,152 2005-03-02 18:20:03 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
560,128 2002-08-29 10:41:18 C:\WINDOWS\$NtServicePackUninstall$\user32.dll.000
577,024 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
560,128 2002-08-29 10:41:18 C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
577,024 2004-08-04 07:56:46 C:\WINDOWS\ServicePackFiles\i386\user32.dll
577,024 2008-04-24 00:45:07 C:\WINDOWS\system32\user32.dll
577,024 2008-04-24 00:45:07 C:\WINDOWS\system32\dllcache\user32.dll

------- Sigcheck -------

2005-03-02 11:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 11:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2005-03-02 11:20 561152 74202eb1bd67e8be9509e38c8d2234b0 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2002-08-29 03:41 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-23 17:45 577024 1731e8c71f97f913f178af0652cd633d C:\WINDOWS\system32\user32.dll
2008-04-23 17:45 577024 1731e8c71f97f913f178af0652cd633d C:\WINDOWS\system32\dllcache\user32.dll

2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$hf_mig$\KB913446\SP2GDR\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2006-01-12 18:13 340480 8c101c9c566e2384af28ef7c1de4a36e C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtUninstallKB913446_0$\tcpip.sys
2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 04:51 359808 021415ad071ef3944c27dc9597ed2214 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 04:51 359808 021415ad071ef3944c27dc9597ed2214 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8780"="command /c del C:\WINDOWS\system32\wind32.exe" [ ]
"SpybotDeletingD3959"="cmd /c del C:\WINDOWS\system32\wind32.exe" [ ]
"SpybotDeletingB4557"="command /c del C:\WINDOWS\system32\cimothqx.dll_old" [ ]
"SpybotDeletingD6875"="cmd /c del C:\WINDOWS\system32\cimothqx.dll_old" [ ]
"SpybotDeletingB1740"="command /c del C:\WINDOWS\system32\wsnpoem\audio.dll" [ ]
"SpybotDeletingD4526"="cmd /c del C:\WINDOWS\system32\wsnpoem\audio.dll" [ ]
"SpybotDeletingB8737"="command /c del C:\WINDOWS\system32\wsnpoem\video.dll" [ ]
"SpybotDeletingD5055"="cmd /c del C:\WINDOWS\system32\wsnpoem\video.dll" [ ]
"SpybotDeletingB1227"="command /c del C:\WINDOWS\system32\cimothqx.dll_old" [ ]
"SpybotDeletingD9728"="cmd /c del C:\WINDOWS\system32\cimothqx.dll_old" [ ]
"SpybotDeletingB9045"="command /c del C:\WINDOWS\system32\frrycmjm.dll_old" [ ]
"SpybotDeletingD4047"="cmd /c del C:\WINDOWS\system32\frrycmjm.dll_old" [ ]
"SpybotDeletingB6912"="command /c del C:\WINDOWS\system32\qkgeygvo.dll_old" [ ]
"SpybotDeletingD2679"="cmd /c del C:\WINDOWS\system32\qkgeygvo.dll_old" [ ]
"SpybotDeletingB4946"="command /c del C:\WINDOWS\system32\ssqRLDVO.dll_old" [ ]
"SpybotDeletingD3684"="cmd /c del C:\WINDOWS\system32\ssqRLDVO.dll_old" [ ]
"SpybotDeletingB8858"="command /c del C:\Program Files\Helper\1207886533.dll" [ ]
"SpybotDeletingD6439"="cmd /c del C:\Program Files\Helper\1207886533.dll" [ ]
"SpybotDeletingB9086"="command /c del C:\WINDOWS\system32\efcBtutr.dll_old" [ ]
"SpybotDeletingD1138"="cmd /c del C:\WINDOWS\system32\efcBtutr.dll_old" [ ]
"SpybotDeletingB3593"="command /c del C:\WINDOWS\system32\bumpeohj.dll_old" [ ]
"SpybotDeletingD6012"="cmd /c del C:\WINDOWS\system32\bumpeohj.dll_old" [ ]
"SpybotDeletingB2114"="command /c del C:\WINDOWS\system32\efcBtutr.dll_old" [ ]
"SpybotDeletingD3927"="cmd /c del C:\WINDOWS\system32\efcBtutr.dll_old" [ ]
"SpybotDeletingB3664"="command /c del C:\WINDOWS\system32\yaYPJyAr.dll_old" [ ]
"SpybotDeletingD6423"="cmd /c del C:\WINDOWS\system32\yaYPJyAr.dll_old" [ ]
"SpybotDeletingB5274"="command /c del C:\WINDOWS\system32\geBRLDvS.dll_old" [ ]
"SpybotDeletingD604"="cmd /c del C:\WINDOWS\system32\geBRLDvS.dll_old" [ ]
"SpybotDeletingB9050"="command /c del C:\WINDOWS\system32\hexcrjcq.dll_old" [ ]
"SpybotDeletingD4073"="cmd /c del C:\WINDOWS\system32\hexcrjcq.dll_old" [ ]
"SpybotDeletingB2223"="command /c del C:\WINDOWS\system32\ixuliuim.dll_old" [ ]
"SpybotDeletingD6384"="cmd /c del C:\WINDOWS\system32\ixuliuim.dll_old" [ ]
"SpybotDeletingB1570"="command /c del C:\WINDOWS\system32\geBRLDvS.dll_old" [ ]
"SpybotDeletingD7231"="cmd /c del C:\WINDOWS\system32\geBRLDvS.dll_old" [ ]
"SpybotDeletingB1021"="command /c del C:\WINDOWS\system32\hexcrjcq.dll_old" [ ]
"SpybotDeletingD9529"="cmd /c del C:\WINDOWS\system32\hexcrjcq.dll_old" [ ]
"SpybotDeletingB6004"="command /c del C:\WINDOWS\system32\ixuliuim.dll_old" [ ]
"SpybotDeletingD2422"="cmd /c del C:\WINDOWS\system32\ixuliuim.dll_old" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tomcatstartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 09:40 188416]
"sunjavaupdatesched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 05:15 75520]
"statusclient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 10:29 61440]
"soundman"="SOUNDMAN.EXE" [2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"pinga64"="C:\WINDOWS\pinga.exe" [2008-03-27 00:54 168448]
"phime2002async"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"phime2002a"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"msvtt"="C:\WINDOWS\system32\gavurjjf.exe" [2008-04-22 19:08 61952]
"mspy2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39 59392]
"imjpmig8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:31 208952]
"hphupd06"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 21:53 49152]
"hphmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-06 21:42 659456]
"hpdj taskbar utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 03:28 172032]
"hp component manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"ccapp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 16:16 278528]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"xicwzfyr"="C:\WINDOWS\system32\gjivmxqd.exe" [2008-04-16 12:08 94208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"jWeeDUr0Kf"= C:\Documents and Settings\All Users\Application Data\mdqbivaz\sdkjwnqj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnooeew]
nnnoOeEw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afu01.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahf81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\apf47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Arf25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bix33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bkc28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bld42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Blv44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bxn61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\byj66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cac57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cha82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\chh66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Chu74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crr15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cuk43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cwc03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dfn41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dgq44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\din53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dlb44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dxi88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ebt55.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ecj34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ecy56.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eej34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eer81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ejt03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ert64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ery52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ewj17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eyh44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eyl10.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eyy14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fad71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fcu40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ffw41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fif11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fsf74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fwr27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gak23.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gqq84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gqv44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gyq83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hco45.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hcp13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hff37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hfr00.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hrp56.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hrr45.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hum83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ihf88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ikn83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iks03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iku51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ilv54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ini60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\inx34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ivv36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ixl33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jnl16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jog17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqg33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jyt03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kap44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kfi45.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\koy11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ksk82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kxu88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbq85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lgg14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\liq00.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lls71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lov36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lqb82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lqs36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lsl82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsv86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lve82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\map13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcm75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcp11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mff72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mka67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mmh67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\moe76.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mrc66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mwr35.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\myy73.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nfi31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ngn11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nix36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nkp16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nnd65.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\npa41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nsl36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nto08.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nvb12.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nvs20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nxp03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oer20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ooo57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oot10.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\oow28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ort11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovs33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\paa58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\paa66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pfa22.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\phk38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\piu28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pkw66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ppa62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prk85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qis34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rak23.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rrp34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rry82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sap13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sgi68.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Sgq40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sik21.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\snb04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tmc36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\toe18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ttq24.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ttw67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\twh44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uac22.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\urr25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uuh47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uwh77.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uwk26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uxx88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\veg17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vel85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vin55.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vly25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vnn58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vot33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqd38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vsb40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyv27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wac47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\waw84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wcf18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wfr75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wht80.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Whu24.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wkv74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wmr74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wom07.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wwh06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wwo72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wyr22.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xau40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xau46.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xds11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xis31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xlq44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xnq33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xnq52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xpa42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xxq30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yel55.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yev58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\You41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yto41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ywr30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yyj86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yyw63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\skcbgm.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

S0 afu01;afu01;C:\WINDOWS\system32\Drivers\Afu01.sys []
S0 bix33;bix33;C:\WINDOWS\system32\Drivers\Bix33.sys []
S0 Bkc28;Bkc28;C:\WINDOWS\system32\Drivers\Bkc28.sys []
S0 Bld42;Bld42;C:\WINDOWS\system32\Drivers\Bld42.sys []
S0 Cac57;Cac57;C:\WINDOWS\system32\Drivers\Cac57.sys []
S0 cha82;cha82;C:\WINDOWS\system32\Drivers\Cha82.sys []
S0 chh66;chh66;C:\WINDOWS\system32\Drivers\Chh66.sys []
S0 crr15;crr15;C:\WINDOWS\system32\Drivers\Crr15.sys []
S0 cuk43;cuk43;C:\WINDOWS\system32\Drivers\Cuk43.sys []
S0 dgq44;dgq44;C

#7
Tal

Posted 27 May 2008 - 06:45 AM

Trusted Helper

Retired Staff
2,138 posts

Hi,

We'll need to start over as I've missed the Safe Mode startup services. Please, in Safe Mode with Networking, re-scan with DSS and save the log. Attach the log in your next reply (Add Reply > Browse > Find the log > OK > UPLOAD).

Regards,

Tal.

#8
terrykugh92

Posted 28 May 2008 - 07:06 AM

Member

Topic Starter
Member
20 posts

heres the new log:) thx for the help man

Attached Files

main.txt 38.86KB 179 downloads

#9
Tal

Posted 28 May 2008 - 11:16 AM

Trusted Helper

Retired Staff
2,138 posts

Hi,

I have an exam tomorrow, I'll try writing a fix for you today. If not, I'll reply tomorrow.

Tal

#10
Tal

Posted 29 May 2008 - 06:18 AM

Trusted Helper

Retired Staff
2,138 posts

Hi,

Actually, you're looking much better. Let's try fixing it all again. First, we'll make sure that your PC boots to Safe Mode with Networking fine, without any rootkit drivers in the background.

This fix will be preformed entirely in Safe Mode with Networking.

Step1 : Correcting entries with HijackThis

Please re-open HijackThis and click Scan. Put a check next to the following entries presented in the window: (Do NOT click Fix yet!)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockots64.dll (file missing)
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.202
O17 - HKLM\System\CS3\Services\Tcpip\..\{1EA17F39-9B6E-4F61-8D99-939726164331}: NameServer = 85.255.115.27,85.255.112.202
O20 - Winlogon Notify: nnnooeew - nnnoOeEw.dll (file missing)
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockots64.dll (file missing)
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - (no file)
O23 - Service: Performance Logs and Alerts SysmonLog AntiVirus (sysmonlog antivirus) - Unknown owner - C:\WINDOWS\system32\adsnwu.exe
O23 - Service: WebClient WebClientLmHosts (webclientlmhosts) - Unknown owner - C:\WINDOWS\system32\fasd522.exe (file missing)

Now, close all other windows but HijackThis, including Explorer windows (folders) and this window, and click Fix. Note: It is vital you close all other windows, otherwise the fix will not succeed.

Step2 : Deleting file with The Avenger

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\4263911498.dat
C:\WINDOWS\system32\494392728.dat
C:\WINDOWS\system32\a15k.sys
C:\WINDOWS\system32\fasd449.exe
C:\WINDOWS\system32\fasd575.exe
C:\WINDOWS\system32\fasd574.exe
C:\WINDOWS\system32\fasd563.exe
C:\WINDOWS\system32\fasd576.exe
C:\WINDOWS\system32\fasd573.exe
C:\WINDOWS\system32\adsnwu.exe
C:\WINDOWS\system32\fasd532.exe
C:\WINDOWS\mozregistry.dat
C:\WINDOWS\system32\dprot.sys
C:\WINDOWS\system32\fasd570.exe
C:\WINDOWS\system32\fasd564.exe
C:\WINDOWS\system32\3076qy.dll
C:\WINDOWS\system32\6to4svcr.dll
C:\WINDOWS\system32\activedsio.dll
C:\WINDOWS\system32\fasd556.exe
C:\WINDOWS\system32\fasd541.exe
C:\WINDOWS\system32\fasd559.exe
C:\WINDOWS\system32\ntpl.bin
C:\ktgmhs.exe
C:\rwhucv.exe
C:\WINDOWS\system32\fasd558.exe
C:\WINDOWS\system32\fasd469.exe
C:\WINDOWS\fkjdfje.sys
C:\gavurjjf.exe
C:\lilsesn.exe
C:\gjtxc.exe
C:\pagefile.dll
C:\WINDOWS\system32\fasd545.exe
C:\WINDOWS\system32\CxEvtSvc.exe
C:\WINDOWS\system32\fasd544.exe
C:\WINDOWS\system32\adsldpw.dll
C:\WINDOWS\system32\adsnwu.exe
C:\WINDOWS\system32\CaEvtSvc.exe
C:\WINDOWS\system32\fasd540.exe
C:\WINDOWS\system32\fasd534.exe
C:\WINDOWS\system32\fasd529.exe
C:\WINDOWS\system32\efcywuu.dll
C:\WINDOWS\qaszpurn.sys
C:\WINDOWS\system32\fasd527.exe
C:\WINDOWS\system32\fasd531.exe
C:\WINDOWS\system32\fasd491.exe
C:\WINDOWS\system32\fasd525.exe
C:\WINDOWS\system32\djki397g.dll
C:\WINDOWS\system32\hdxjd4g.dll
C:\WINDOWS\system32\a3de.dll
C:\WINDOWS\system32\fasd436.exe
C:\WINDOWS\system32\sysmgr.exe
C:\WINDOWS\system32\msvcrt2.dll
C:\WINDOWS\system32\aaaamons.dll
C:\WINDOWS\system32\fasd517.exe
C:\WINDOWS\system32\fasd521.exe
C:\WINDOWS\system32\fasd518.exe
C:\WINDOWS\system32\fasd523.exe
C:\WINDOWS\temlxopqgdk.dll
C:\WINDOWS\gavurjjf.exe
C:\WINDOWS\system32\fasd487.exe
C:\WINDOWS\system32\fasd512.exe
C:\WINDOWS\system32\fasd513.exe
C:\WINDOWS\system32\fasd507.exe
C:\WINDOWS\system32\fasd504.exe
C:\WINDOWS\system32\fasd486.exe
C:\WINDOWS\system32\fasd500.exe
C:\WINDOWS\system32\fasd502.exe
C:\WINDOWS\system32\fasd497.exe
C:\fuiqenxq.exe
C:\WINDOWS\system32\fasd485.exe
C:\WINDOWS\system32\fasd480.exe
C:\WINDOWS\system32\fasd484.exe
C:\WINDOWS\system32\fasd483.exe
C:\WINDOWS\nsreg.dat
C:\WINDOWS\system32\fasd232.exe 
C:\WINDOWS\system32\fasd479.exe 
C:\WINDOWS\system32\fasd475.exe
C:\WINDOWS\system32\fasd468.exe
C:\WINDOWS\system32\kbdsdf.dll
C:\WINDOWS\system32\dhcpserv.dll
C:\WINDOWS\system32\regapi32.dll
C:\WINDOWS\system32\ftpsystem.dll
C:\WINDOWS\system32\dcphnet.dll
C:\WINDOWS\system32\cbrowse.dll
C:\WINDOWS\system32\pxcrt.dll
C:\WINDOWS\system32\gdid32.dll
C:\WINDOWS\system32\rcdll.dll
C:\WINDOWS\system32\protect.dll
C:\WINDOWS\system32\iphelp.dll
C:\WINDOWS\system32\rsh.dll
C:\WINDOWS\system32\fasd470.exe
C:\WINDOWS\system32\fasd476.exe
C:\WINDOWS\system32\fasd474.exe
C:\WINDOWS\system32\fasd451.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:

It will Restart your computer.
Important: When the computer boots up, do not let it enter Normal Mode, but enter Safe Mode with Networking right away.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .

Step3 : Cleaning SafeBoot Key

Before we start the registry fix, we need to backup the registry in case anything goes wrong. This is a very simple and quick process

Please go to Start > Run
Paste in the following line: regedit /e c:\registrybackup.reg
Click OK. It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass.

Please open a new Notepad document (Note: Other text editors will not work) and paste the following code into it, starting from REGEDIT4:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

Now, click File > Save As... > Change the File Type to All Files > Name the file RegFix1.reg > Save it on your desktop.

Once you've saved it, please double click it. A window should pop up - Click Yes to merge the information with the registry.

Step4 : Online Scan with Kaspersky

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Summary

In your next reply, please include the following:

Avenger log;
Kaspersky log;
Fresh DSS log (from Safe Mode with Networking).
Please post each log in a separate reply, as they may be very long. If the Kaspersky log doesn't fit in one post, please split it. Ensure that the complete scan results are posted.

Regards,

Tal

#11
terrykugh92

Posted 07 June 2008 - 09:11 AM

Member

Topic Starter
Member
20 posts

sorry bout the week delay i had many errands for my family, but i cant find the avenger download, thanks for help

#12
terrykugh92

Posted 07 June 2008 - 09:19 AM

Member

Topic Starter
Member
20 posts

i think i have a virus because it keeps downloading stuff, and on the bottom right it says virus alert! do you want me to send a new dss log?

#13
terrykugh92

Posted 07 June 2008 - 11:06 AM

Member

Topic Starter
Member
20 posts

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "Yhx38" found!
Start Type: 0 (Boot)

Rootkit scan completed.

File "C:\WINDOWS\system32\4263911498.dat" deleted successfully.
File "C:\WINDOWS\system32\494392728.dat" deleted successfully.
File "C:\WINDOWS\system32\a15k.sys" deleted successfully.
File "C:\WINDOWS\system32\fasd449.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd575.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd574.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd563.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd576.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd573.exe" deleted successfully.
File "C:\WINDOWS\system32\adsnwu.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd532.exe" deleted successfully.
File "C:\WINDOWS\mozregistry.dat" deleted successfully.
File "C:\WINDOWS\system32\dprot.sys" deleted successfully.
File "C:\WINDOWS\system32\fasd570.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd564.exe" deleted successfully.
File "C:\WINDOWS\system32\3076qy.dll" deleted successfully.
File "C:\WINDOWS\system32\6to4svcr.dll" deleted successfully.
File "C:\WINDOWS\system32\activedsio.dll" deleted successfully.
File "C:\WINDOWS\system32\fasd556.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd541.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd559.exe" deleted successfully.
File "C:\WINDOWS\system32\ntpl.bin" deleted successfully.
File "C:\ktgmhs.exe" deleted successfully.
File "C:\rwhucv.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd558.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd469.exe" deleted successfully.
File "C:\WINDOWS\fkjdfje.sys" deleted successfully.
File "C:\gavurjjf.exe" deleted successfully.
File "C:\lilsesn.exe" deleted successfully.
File "C:\gjtxc.exe" deleted successfully.
File "C:\pagefile.dll" deleted successfully.
File "C:\WINDOWS\system32\fasd545.exe" deleted successfully.
File "C:\WINDOWS\system32\CxEvtSvc.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd544.exe" deleted successfully.
File "C:\WINDOWS\system32\adsldpw.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\adsnwu.exe" not found!
Deletion of file "C:\WINDOWS\system32\adsnwu.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\CaEvtSvc.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd540.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd534.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd529.exe" deleted successfully.
File "C:\WINDOWS\system32\efcywuu.dll" deleted successfully.
File "C:\WINDOWS\qaszpurn.sys" deleted successfully.
File "C:\WINDOWS\system32\fasd527.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd531.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd491.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd525.exe" deleted successfully.
File "C:\WINDOWS\system32\djki397g.dll" deleted successfully.
File "C:\WINDOWS\system32\hdxjd4g.dll" deleted successfully.
File "C:\WINDOWS\system32\a3de.dll" deleted successfully.
File "C:\WINDOWS\system32\fasd436.exe" deleted successfully.
File "C:\WINDOWS\system32\sysmgr.exe" deleted successfully.
File "C:\WINDOWS\system32\msvcrt2.dll" deleted successfully.
File "C:\WINDOWS\system32\aaaamons.dll" deleted successfully.
File "C:\WINDOWS\system32\fasd517.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd521.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd518.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd523.exe" deleted successfully.

Error: file "C:\WINDOWS\temlxopqgdk.dll" not found!
Deletion of file "C:\WINDOWS\temlxopqgdk.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\gavurjjf.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd487.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd512.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd513.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd507.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd504.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd486.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd500.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd502.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd497.exe" deleted successfully.
File "C:\fuiqenxq.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd485.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd480.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd484.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd483.exe" deleted successfully.
File "C:\WINDOWS\nsreg.dat" deleted successfully.
File "C:\WINDOWS\system32\fasd232.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd479.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd475.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd468.exe" deleted successfully.
File "C:\WINDOWS\system32\kbdsdf.dll" deleted successfully.
File "C:\WINDOWS\system32\dhcpserv.dll" deleted successfully.
File "C:\WINDOWS\system32\regapi32.dll" deleted successfully.
File "C:\WINDOWS\system32\ftpsystem.dll" deleted successfully.
File "C:\WINDOWS\system32\dcphnet.dll" deleted successfully.
File "C:\WINDOWS\system32\cbrowse.dll" deleted successfully.
File "C:\WINDOWS\system32\pxcrt.dll" deleted successfully.
File "C:\WINDOWS\system32\gdid32.dll" deleted successfully.
File "C:\WINDOWS\system32\rcdll.dll" deleted successfully.
File "C:\WINDOWS\system32\protect.dll" deleted successfully.
File "C:\WINDOWS\system32\iphelp.dll" deleted successfully.
File "C:\WINDOWS\system32\rsh.dll" deleted successfully.
File "C:\WINDOWS\system32\fasd470.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd476.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd474.exe" deleted successfully.
File "C:\WINDOWS\system32\fasd451.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#14
terrykugh92

Posted 07 June 2008 - 11:53 AM

Member

Topic Starter
Member
20 posts

i couldnt download the kaspersky scan because it said "attention you must be online to activate kaspersky online scanner,since the latest anti-virus bases version must be downloaded prior to the scan, otherwise we cannot detect the viruses [21]

#15
terrykugh92

Posted 07 June 2008 - 11:55 AM

Member

Topic Starter
Member
20 posts

heres my dss
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-07 10:51:01
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

Total Physical Memory: 495 MiB (512 MiB recommended).

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51: VIRUS ALERT!, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\New Folder\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: &Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: QXK Olive - {80C0F2F5-68A6-428A-8625-8A22E0CDD699} - C:\WINDOWS\nogxfvblqld.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockots64.dll (file missing)
O3 - Toolbar: nmwegbsf - {8BCDB708-77A2-4C1C-B35C-C81FDCC045EF} - C:\WINDOWS\nmwegbsf.dll
O4 - HKLM\..\Run: [tomcatstartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [statusclient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE
O4 - HKLM\..\Run: [phime2002async] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [phime2002a] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [mspy2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [imjpmig8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hphupd06] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [hphmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [hpdj taskbar utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [hp component manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccapp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InstallProgram] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\stdlan.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O11 - Options group: [international] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.202
O17 - HKLM\System\CS3\Services\Tcpip\..\{1EA17F39-9B6E-4F61-8D99-939726164331}: NameServer = 85.255.115.27,85.255.112.202
O20 - Winlogon Notify: nnnooeew - nnnoOeEw.dll (file missing)
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockots64.dll (file missing)
O21 - SSODL: erpobmsw - {63B75419-58EC-4F0A-A67E-DA518D4D67FE} - C:\WINDOWS\erpobmsw.dll
O21 - SSODL: adgpfoxs - {0B007C78-FCDE-475E-B682-F6D1E23737D1} - C:\WINDOWS\adgpfoxs.dll
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - (no file)
O23 - Service: Apple Mobile Device (apple mobile device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaEvtSvc (caevtsvc) - Unknown owner - C:\WINDOWS\System32\CaEvtSvc.exe (file missing)
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: iPod Service (ipodservice) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Performance Logs and Alerts SysmonLog AntiVirus (sysmonlog antivirus) - Unknown owner - C:\WINDOWS\system32\adsnwu.exe (file missing)
O23 - Service: WebClient WebClientLmHosts (webclientlmhosts) - Unknown owner - C:\WINDOWS\system32\fasd522.exe (file missing)

--
End of file - 7413 bytes

-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-07 10:25:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-07 10:25:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-07 10:09:03 0 d-------- C:\WINDOWS\LastGood
2008-06-07 10:01:30 75422982 --a------ C:\registrybackup.reg
2008-06-07 09:56:35 135168 --a------ C:\zip.exe
2008-06-07 09:56:35 19286 --a------ C:\cleanup.exe
2008-06-07 09:56:35 574 --a------ C:\cleanup.bat
2008-06-07 09:49:09 127488 --a------ C:\WINDOWS\system32\CcEvtSvc.exe
2008-06-07 07:37:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-06-07 00:18:18 188416 --a------ C:\WINDOWS\nmwegbsf.dll
2008-06-07 00:18:17 155648 --a------ C:\WINDOWS\xbqmfsed.exe
2008-06-07 00:18:17 282624 --a------ C:\WINDOWS\nogxfvblqld.dll
2008-06-07 00:18:17 163840 --a------ C:\WINDOWS\eslm.exe
2008-06-07 00:18:17 311296 --a------ C:\WINDOWS\erpobmsw.dll
2008-06-07 00:18:17 258048 --a------ C:\WINDOWS\adgpfoxs.dll
2008-06-06 16:12:31 127488 --a------ C:\Documents and Settings\LocalService\Application Data\903872836.exe
2008-06-06 16:12:16 172032 --a------ C:\Documents and Settings\LocalService\Application Data\1017191497.exe
2008-06-05 14:58:53 129536 --a------ C:\WINDOWS\system32\drivers\Soy52.sys
2008-06-01 08:04:19 172032 --a------ C:\Documents and Settings\LocalService\Application Data\1002051758.exe
2008-06-01 08:04:05 115200 --a------ C:\Documents and Settings\LocalService\Application Data\903676217.exe
2008-05-31 00:26:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-05-30 06:35:25 115200 --a------ C:\Documents and Settings\LocalService\Application Data\971313497.exe
2008-05-30 06:35:11 172032 --a------ C:\Documents and Settings\LocalService\Application Data\1000151097.exe
2008-05-27 22:23:32 967 --a------ C:\WINDOWS\ScUnin.pif
2008-05-27 22:23:32 35382 --a------ C:\WINDOWS\scunin.dat
2008-05-27 22:23:31 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-05-26 15:51:32 172032 --a------ C:\Documents and Settings\LocalService\Application Data\1012341539.exe
2008-05-26 15:50:36 127488 --a------ C:\Documents and Settings\LocalService\Application Data\908132937.exe
2008-05-26 06:52:37 129536 --a------ C:\WINDOWS\system32\drivers\Tjig36.sys
2008-05-25 21:15:46 129536 --a------ C:\WINDOWS\system32\drivers\Qgxd48.sys
2008-05-25 21:14:38 115200 --a------ C:\Documents and Settings\LocalService\Application Data\917701779.exe
2008-05-25 21:14:30 172032 --a------ C:\Documents and Settings\LocalService\Application Data\1003231476.exe
2008-05-25 20:14:36 0 d-------- C:\Program Files\Trend Micro
2008-05-25 17:44:01 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-24 21:36:24 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-24 08:07:44 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-24 08:06:08 0 d-------- C:\Program Files\Spyware Doctor
2008-05-24 08:06:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-05-24 07:54:49 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-17 18:50:06 0 d-------- C:\Program Files\iTunes
2008-05-17 18:00:27 0 d-------- C:\Program Files\Apple Software Update
2008-05-17 17:58:49 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-17 17:51:41 0 d-------- C:\Program Files\Common Files\Apple
2008-05-17 17:51:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-10 12:20:19 0 d-------- C:\Program Files\Advanced Spyware Remover
2008-05-10 06:31:29 3499695 --ahs---- C:\WINDOWS\system32\a3det.sys

-- Find3M Report ---------------------------------------------------------------

2008-06-06 22:05:37 0 d-------- C:\Program Files\Starcraft
2008-06-02 20:56:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-06-02 07:09:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-05-25 10:07:56 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-24 21:40:21 229376 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-17 18:48:07 0 d-------- C:\Program Files\iPod
2008-05-17 18:17:21 0 d-------- C:\Program Files\QuickTime
2008-05-17 17:51:41 0 d-------- C:\Program Files\Common Files
2008-05-16 11:04:18 2024 --a------ C:\WINDOWS\mozver.dat
2008-05-16 10:53:48 0 d-------- C:\Program Files\WINForms Desktop
2008-05-11 09:20:49 0 d-------- C:\Program Files\Alwil Software
2008-05-11 00:13:51 5120 --a------ C:\WINDOWS\system32\ftp33.dll
2008-05-10 12:37:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-10 06:31:00 563 --a-s---- C:\WINDOWS\system32\3127182004.dat
2008-05-06 17:50:21 0 d-------- C:\Program Files\Error Expert
2008-04-29 16:53:57 450 --a------ C:\WINDOWS\system32\mng86.bin
2008-04-27 19:23:47 7 --a------ C:\WINDOWS\system32\ngxt.bin
2008-04-27 19:02:09 0 d-------- C:\Program Files\Yahoo!
2008-04-27 19:01:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-04-23 17:45:25 2 --a------ C:\-1527683725
2008-04-23 17:45:07 577024 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-22 19:08:11 24576 --a------ C:\WINDOWS\system32\userinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-22 19:08:03 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-22 19:07:55 268660 --a------ C:\WINDOWS\system32\fasd550.exe
2008-04-22 14:54:53 37888 --a------ C:\WINDOWS\system32\fasd555.exe
2008-04-22 03:06:48 90112 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-22 03:06:42 98304 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-21 15:06:21 48585 --a------ C:\WINDOWS\system32\activedsi.sys
2008-04-21 15:06:18 23040 --ahs---- C:\WINDOWS\system32\adsmsexti.dll
2008-04-21 14:53:42 11776 --a------ C:\WINDOWS\system32\fasd251.exe
2008-04-21 14:53:34 257180 --a------ C:\WINDOWS\system32\fasd549.exe
2008-04-20 16:08:55 0 d-------- C:\Program Files\FBrowserAdvisor
2008-03-12 19:36:47 94454 --a------ C:\WINDOWS\HPHins03.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80C0F2F5-68A6-428A-8625-8A22E0CDD699}]
06/06/2008 11:49: VIRUS ALERT! 282624 --a------ C:\WINDOWS\nogxfvblqld.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tomcatstartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [05/20/2004 09:40: VIRUS ALERT!]
"sunjavaupdatesched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [05/02/2007 05:15: VIRUS ALERT!]
"statusclient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [02/27/2004 10:29: VIRUS ALERT!]
"soundman"="SOUNDMAN.EXE" [02/26/2004 16:53: VIRUS ALERT! C:\WINDOWS\SOUNDMAN.EXE]
"phime2002async"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 21:39: VIRUS ALERT!]
"phime2002a"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 21:39: VIRUS ALERT!]
"mspy2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/28/2002 21:39: VIRUS ALERT!]
"imjpmig8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 22:31: VIRUS ALERT!]
"hphupd06"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/06/2004 21:53: VIRUS ALERT!]
"hphmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/06/2004 21:42: VIRUS ALERT!]
"hpdj taskbar utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [04/06/2004 03:28: VIRUS ALERT!]
"hp component manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 16:18: VIRUS ALERT!]
"ccapp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/08/2005 15:52: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/24/2005 16:16: VIRUS ALERT!]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 15:14: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56: VIRUS ALERT!]
"InstallProgram"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\stdlan.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43: VIRUS ALERT!]
"WinSpywareProtect"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Cleanup"=C:\cleanup.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe [5/28/2004 11:31:38 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqthb08.exe [5/29/2004 12:06:36 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockots64.dll [ ]
"erpobmsw"= {63B75419-58EC-4F0A-A67E-DA518D4D67FE} - C:\WINDOWS\erpobmsw.dll [06/06/2008 11:49: VIRUS ALERT! 311296]
"adgpfoxs"= {0B007C78-FCDE-475E-B682-F6D1E23737D1} - C:\WINDOWS\adgpfoxs.dll [06/06/2008 11:49: VIRUS ALERT! 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnooeew]
nnnoOeEw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afu01.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahf81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\apf47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Arf25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bix33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bkc28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bld42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Blv44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bxn61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\byj66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cac57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cha82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\chh66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Chu74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crr15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cuk43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cwc03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dfn41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dgq44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\din53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dlb44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dxi88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ebt55.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ecj34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ecy56.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eej34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eer81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ejt03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ert64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ery52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ewj17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eyh44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eyl10.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eyy14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fad71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fcu40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ffw41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fif11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fsf74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fwr27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gak23.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gqq84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gqv44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gyq83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hco45.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hcp13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hff37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hfr00.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hrp56.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hrr45.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hum83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ihf88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ikn83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iks03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iku51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ilv54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ini60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\inx34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ivv36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ixl33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jnl16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jog17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqg33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jyt03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kap44.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kfi45.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\koy11.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ksk82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kxu88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbq85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lgg14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\liq00.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lls71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lov36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lqb82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lqs36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lsl82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsv86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lve82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\map13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcm75.sys]
@="Driver"