Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

system-defender.exe [RESOLVED]


  • This topic is locked This topic is locked

#1
peteVA

peteVA

    New Member

  • Member
  • Pip
  • 8 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:34, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Spyware Doctor\pctsAuxs.exe
F:\Program Files\Spyware Doctor\pctsSvc.exe
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
F:\Program Files\D-Link AirPlus G\AirPlus.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {874EA085-3B7B-412B-91AE-7291A94978D0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D01A8B68-D46E-42C1-B967-9043543B6E0D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Customize Menu - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: geBtTkiH - geBtTkiH.dll (file missing)
O21 - SSODL: fsrpknov - {DB12EC73-2A4F-471B-88E7-DC7C3B43D555} - F:\WINDOWS\fsrpknov.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///F:\WINDOWS\privacy_danger\index.htm

--
End of file - 6817 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
peteVA

peteVA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks!

I did get a white desktop background, BTW.

Here's the results:

SmitFraudFix v2.329

Scan done at 8:57:38.60, Thu 07/10/2008
Run from F:\Documents and Settings\Pete\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3251FBC5-BB4D-4FDE-96FC-80C75B1185A0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3251FBC5-BB4D-4FDE-96FC-80C75B1185A0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3251FBC5-BB4D-4FDE-96FC-80C75B1185A0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Deckard's System Scanner v20071014.68
Run by Pete on 2008-07-10 09:09:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
78: 2008-07-10 13:09:34 UTC - RP78 - Deckard's System Scanner Restore Point
77: 2008-07-09 16:49:56 UTC - RP77 - Last known good configuration
76: 2008-07-09 16:49:51 UTC - RP76 - Software Distribution Service 3.0
75: 2008-07-09 16:49:51 UTC - RP75 - System Checkpoint
74: 2008-07-09 16:49:51 UTC - RP74 - System Checkpoint


-- First Restore Point --
1: 2008-07-09 16:49:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Pete.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10:16, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Spyware Doctor\pctsAuxs.exe
F:\Program Files\Spyware Doctor\pctsSvc.exe
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
F:\Program Files\D-Link AirPlus G\AirPlus.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\Pete\Desktop\dss.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\Pete.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {874EA085-3B7B-412B-91AE-7291A94978D0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D01A8B68-D46E-42C1-B967-9043543B6E0D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Customize Menu - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: geBtTkiH - geBtTkiH.dll (file missing)
O21 - SSODL: fsrpknov - {DB12EC73-2A4F-471B-88E7-DC7C3B43D555} - F:\WINDOWS\fsrpknov.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///F:\WINDOWS\privacy_danger\index.htm

--
End of file - 6858 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 W8100PCI (D-Link AirPlus G Wireless Driver) - f:\windows\system32\drivers\mrv8k51.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>

S3 ATICDSDr - f:\docume~1\pete\locals~1\temp\{1735a~1\atiicdxx.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "f:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_D6008086&REV_10\4&FB75CB&0&10A4
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_D6008086&REV_10\4&FB75CB&0&10A4
Service: rtl8139


-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 08:51:57 25600 --a------ F:\WINDOWS\system32\WS2Fix.exe
2008-07-10 08:51:57 289144 --a------ F:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-10 08:51:57 86528 --a------ F:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-10 08:51:57 288417 --a------ F:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-10 08:51:57 53248 --a------ F:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-10 08:51:57 82944 --a------ F:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-10 08:51:57 51200 --a------ F:\WINDOWS\system32\dumphive.exe
2008-07-10 08:51:57 81920 --a------ F:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-10 00:25:48 0 d-------- F:\WINDOWS\system32\FxsTmp
2008-07-09 19:52:11 0 d-------- F:\Program Files\Trend Micro
2008-07-09 17:13:48 0 dr-h----- F:\Documents and Settings\Pete\Recent
2008-07-09 12:50:29 112256 --a------ F:\WINDOWS\system32\ytqlnffy.dll
2008-07-09 12:49:31 1529 --ahs---- F:\WINDOWS\system32\DeffOXyb.ini2
2008-07-09 12:40:23 29568 --a------ F:\WINDOWS\system32\cbXNFxwX.dll
2008-07-09 12:39:57 0 d-------- F:\Documents and Settings\Pete\Application Data\TmpRecentIcons
2008-07-09 12:39:43 167936 --a------ F:\WINDOWS\gpefaowr.exe
2008-07-09 12:39:43 348160 --a------ F:\WINDOWS\fsrpknov.dll
2008-07-09 12:39:43 163840 --a------ F:\WINDOWS\enxw.exe
2008-07-08 20:38:38 0 d-------- F:\10Kone
2008-07-08 20:05:02 0 d-------- F:\Program Files\Affiliate ID Manager
2008-07-08 18:17:05 0 d-------- F:\Small Business Bookseller
2008-07-08 16:38:09 0 d-------- F:\AX Gold
2008-07-07 18:11:51 0 d-------- F:\Dropshipping
2008-07-05 19:09:36 0 d-------- F:\Documents and Settings\Pete\Application Data\gtk-2.0
2008-07-05 19:09:35 0 d-------- F:\Documents and Settings\Pete\.thumbnails
2008-07-05 19:05:04 0 d-------- F:\Documents and Settings\Pete\.gimp-2.4
2008-07-05 19:04:17 0 d-------- F:\Program Files\GIMP-2.0
2008-07-03 19:19:50 0 d-------- F:\5000 Images
2008-07-03 16:48:55 0 d-------- F:\Documents and Settings\LocalService\Application Data\Help
2008-07-02 22:41:52 0 d-------- F:\WINDOWS\pss
2008-07-02 13:04:43 0 d-------- F:\Ebay Stuff
2008-06-29 22:25:02 21648 --a------ F:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-06-29 22:24:06 0 d-------- F:\XFORMSCD
2008-06-29 22:23:58 20976 --a------ F:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-06-29 22:23:55 0 d-------- F:\Documents and Settings\Pete\WINDOWS
2008-06-29 20:27:16 1085 --a------ F:\WINDOWS\EReg011.dat
2008-06-29 20:21:59 0 d-------- F:\Documents and Settings\All Users\Application Data\SBT
2008-06-29 20:21:46 0 d-------- F:\Program Files\Snapshot Viewer
2008-06-29 10:58:01 0 d-------- F:\Documents and Settings\Pete\Application Data\FileMaker
2008-06-29 10:57:57 0 d-------- F:\Program Files\Webservice Detlev Reimer
2008-06-26 20:01:10 0 d-------- F:\Documents and Settings\Pete\Contacts
2008-06-26 20:00:18 0 d------c- F:\WINDOWS\system32\DRVSTORE
2008-06-26 19:59:44 0 d-------- F:\Program Files\MSN Messenger
2008-06-26 19:54:24 56 --ah----- F:\WINDOWS\system32\ezsidmv.dat
2008-06-26 19:54:23 0 d-------- F:\Documents and Settings\Pete\Application Data\skypePM
2008-06-26 19:53:00 0 d-------- F:\Documents and Settings\Pete\Application Data\Skype
2008-06-26 19:52:30 0 d-------- F:\Program Files\Skype
2008-06-26 19:52:29 0 d-------- F:\Program Files\Common Files\Skype
2008-06-26 19:52:21 0 d-------- F:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 21:30:51 1902 --a------ F:\WINDOWS\system32\tmp.reg
2008-06-25 10:01:14 0 d-------- F:\Program Files\HyperVRE
2008-06-25 09:47:01 0 d-------- F:\HyperVRE
2008-06-23 14:10:29 0 d-------- F:\Buzz
2008-06-22 22:26:46 0 d-------- F:\Forms
2008-06-22 10:47:47 0 d-------- F:\Online Payment Protector
2008-06-21 17:10:47 0 d-------- F:\WINDOWS\Sun
2008-06-21 16:28:51 0 d-------- F:\Cube Cart
2008-06-21 11:30:04 0 d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-21 11:23:24 0 d-------- F:\Program Files\Windows Media Connect 2
2008-06-21 11:22:29 0 d-------- F:\WINDOWS\system32\LogFiles
2008-06-21 11:22:29 0 d-------- F:\WINDOWS\system32\drivers\UMDF
2008-06-21 10:26:48 286720 --a------ F:\WINDOWS\system32\swb_uninst.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-06-21 08:25:17 0 d-------- F:\Templates
2008-06-21 07:55:04 0 d-------- F:\Surefire Wealth
2008-06-20 20:27:40 0 d-------- F:\Program Files\KeywordMaster
2008-06-19 15:52:00 0 d-------- F:\WINDOWS\system32\Lang
2008-06-19 14:47:44 40960 -r------- F:\WINDOWS\system32\ChCfg.exe
2008-06-19 14:47:25 0 d-------- F:\WINDOWS\system32\RTCOM
2008-06-19 14:46:38 0 d-------- F:\Program Files\Realtek
2008-06-19 14:46:29 487424 -r------- F:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-19 14:40:08 516096 -----n--- F:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-19 14:39:44 0 d-------- F:\WINDOWS\system32\ReinstallBackups
2008-06-19 14:25:33 0 d-------- F:\Program Files\MSXML 4.0
2008-06-19 14:25:15 0 d-------- F:\TempEI4
2008-06-17 10:00:04 0 d-------- F:\Jeremy Burns
2008-06-16 16:48:40 25 --a------ F:\WINDOWS\SW_Win2146X32.DLL
2008-06-16 16:47:20 0 d-------- F:\Documents and Settings\Pete\Application Data\Help
2008-06-16 16:34:18 0 d-------- F:\Internet Pie
2008-06-16 16:16:28 0 d-------- F:\Wholesale Sources Directory
2008-06-16 16:10:17 0 d-------- F:\Internet Marketing Worx
2008-06-16 12:37:04 0 d-------- F:\Documents and Settings\Pete\Application Data\OpenOffice.org2
2008-06-15 08:36:06 0 d-------- F:\ZZ Websites
2008-06-15 07:03:27 0 d-------- F:\Documents and Settings\Pete\Application Data\FileZilla
2008-06-15 06:37:04 0 d-------- F:\Program Files\Affiliate Manager
2008-06-15 06:10:00 0 d-------- F:\Graphics
2008-06-15 05:58:33 0 d-------- F:\PLR
2008-06-14 23:09:45 0 d-------- F:\Program Files\OpenOffice.org 2.4
2008-06-14 23:08:53 0 d-------- F:\Program Files\Java
2008-06-14 23:08:52 0 d-------- F:\Program Files\Common Files\Java
2008-06-14 23:08:43 0 d-------- F:\Documents and Settings\Pete\Application Data\Sun
2008-06-14 22:39:58 72704 --a------ F:\WINDOWS\system32\odbctl32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-06-14 22:38:56 368912 --a------ F:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-14 22:38:56 294912 --a------ F:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 166672 --a------ F:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 262144 --a------ F:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 250128 --a------ F:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 168720 --a------ F:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 1238288 --a------ F:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 1050896 --a------ F:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 252688 --a------ F:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 344064 --a------ F:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 44304 --a------ F:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 415504 --a------ F:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-06-14 22:38:55 24848 --a------ F:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 123664 --a------ F:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 39424 --a------ F:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2008-06-14 22:38:39 0 d-------- F:\Program Files\ProVenture
2008-06-14 22:38:38 0 d-------- F:\Program Files\Common Files\MySoftware
2008-06-14 22:37:43 0 d-------- F:\WINDOWS\system32\Temp
2008-06-14 17:01:41 0 d-------- F:\Program Files\FileZilla FTP Client
2008-06-14 16:05:33 0 d-------- F:\Documents and Settings\Pete\Application Data\WinRAR
2008-06-14 15:34:03 0 d-------- F:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-06-14 14:59:29 339968 --a------ F:\WINDOWS\system32\cdintf.dll <Not Verified; AMYUNI Consultants
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-14 14:56:23 0 d-------- F:\Program Files\Common Files\AnswerWorks 4.0
2008-06-14 14:55:30 0 d-------- F:\Program Files\Common Files\Intuit
2008-06-14 14:55:25 0 d-------- F:\Program Files\Intuit
2008-06-14 14:54:02 0 d-------- F:\Documents and Settings\All Users\Application Data\Intuit
2008-06-14 14:47:17 0 d-------- F:\DownLoads
2008-06-14 12:52:29 4096 --a------ F:\Documents and Settings\All Users\Application Data\ScheduledItems
2008-06-14 12:48:54 0 d-------- F:\WINDOWS\system32\Backup
2008-06-14 12:48:54 0 d-------- F:\Documents and Settings\Pete\Application Data\IsolatedStorage
2008-06-14 12:48:51 1890 --ahs---- F:\WINDOWS\system32\KGyGaAvL.sys
2008-06-14 12:48:51 56 -r-hs---- F:\WINDOWS\system32\240B7AE127.sys
2008-06-14 12:48:36 0 d-------- F:\WINDOWS\SQLHotfix
2008-06-14 12:47:12 0 d-------- F:\Documents and Settings\Pete\Application Data\ACT
2008-06-14 12:45:59 306688 --a------ F:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-14 12:44:39 0 d-------- F:\Program Files\Microsoft SQL Server
2008-06-14 12:34:13 0 d-------- F:\WINDOWS\system32\URTTemp
2008-06-14 11:44:18 0 d-------- F:\Wholesale Lists
2008-06-14 10:51:56 0 d-------- F:\Program Files\CCleaner
2008-06-14 09:47:23 0 d-------- F:\Documents and Settings\All Users\Application Data\RoboForm
2008-06-14 09:46:45 0 d-------- F:\Program Files\Siber Systems
2008-06-14 09:39:54 0 d-------- F:\Documents and Settings\All Users\Application Data\Adobe
2008-06-14 09:39:49 0 d-------- F:\Program Files\Common Files\Adobe
2008-06-14 09:38:58 0 d-------- F:\Program Files\Adobe Media Player
2008-06-14 09:38:48 0 d-------- F:\Documents and Settings\Pete\Application Data\Macromedia
2008-06-14 09:38:47 0 d-------- F:\Documents and Settings\Pete\Application Data\Adobe
2008-06-14 09:31:39 0 d-------- F:\Directories
2008-06-14 09:31:01 0 d-------- F:\Design Shrine
2008-06-14 09:30:46 0 d-------- F:\CashFlow Websites
2008-06-14 09:11:41 0 d-------- F:\VAULT
2008-06-14 08:20:35 0 d-------- F:\Program Files\EditPlus 3
2008-06-14 08:20:35 0 d-------- F:\Documents and Settings\Pete\Application Data\EditPlus 3
2008-06-13 22:41:09 0 d-------- F:\Program Files\Avira
2008-06-13 22:41:09 0 d-------- F:\Documents and Settings\All Users\Application Data\Avira
2008-06-13 22:34:25 0 d-------- F:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-13 22:33:44 0 d-------- F:\Program Files\Common Files\PC Tools
2008-06-13 22:32:12 0 d-------- F:\Documents and Settings\LocalService\Application Data\Google
2008-06-13 22:32:11 0 dr------- F:\Documents and Settings\LocalService\Favorites
2008-06-13 22:21:36 0 d-------- F:\Documents and Settings\Pete\Application Data\Google
2008-06-13 21:55:58 0 d-------- F:\WINDOWS\system32\PreInstall
2008-06-13 21:55:56 0 d--h----- F:\WINDOWS\$hf_mig$
2008-06-13 21:53:32 0 d-a------ F:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 21:53:21 0 d-------- F:\Program Files\Spyware Doctor
2008-06-13 21:53:21 0 d-------- F:\Documents and Settings\Pete\Application Data\PC Tools
2008-06-13 21:53:20 0 d-------- F:\Documents and Settings\All Users\Application Data\Google
2008-06-13 21:53:17 0 d-------- F:\Program Files\Google
2008-06-13 21:40:12 0 d-------- F:\WINDOWS\system32\SoftwareDistribution
2008-06-13 21:35:41 256896 -ra------ F:\WINDOWS\system32\drivers\MRV8K51.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>
2008-06-13 21:35:41 0 d-------- F:\Program Files\D-Link AirPlus G
2008-06-13 21:35:40 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-06-13 21:35:31 0 d-------- F:\Program Files\Common Files\InstallShield
2008-06-13 18:15:15 0 d-------- F:\WINDOWS\ShellNew
2008-06-13 18:14:09 0 d-------- F:\Documents and Settings\Pete\Application Data\Microsoft Web Folders
2008-06-13 18:06:20 0 d---s---- F:\Documents and Settings\Pete\UserData
2008-06-13 17:44:04 0 d-------- F:\Documents and Settings\Pete\Application Data\Identities
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\Templates
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\Start Menu
2008-06-13 17:43:52 0 dr-h----- F:\Documents and Settings\Pete\SendTo
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\PrintHood
2008-06-13 17:43:52 2883584 --ah----- F:\Documents and Settings\Pete\NTUSER.DAT
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\NetHood
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\My Documents
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\Local Settings
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\Favorites
2008-06-13 17:43:52 0 d-------- F:\Documents and Settings\Pete\Desktop
2008-06-13 17:43:52 0 d---s---- F:\Documents and Settings\Pete\Cookies
2008-06-13 17:43:52 0 dr-h----- F:\Documents and Settings\Pete\Application Data
2008-06-13 17:40:54 0 d-------- F:\WINDOWS\SoftwareDistribution
2008-06-13 17:40:53 0 d-------- F:\WINDOWS\Prefetch
2008-06-13 17:40:52 0 d---s---- F:\WINDOWS\system32\Microsoft
2008-06-13 17:40:52 0 d--h----- F:\Documents and Settings\LocalService\Local Settings
2008-06-13 17:40:52 0 d---s---- F:\Documents and Settings\LocalService\Cookies
2008-06-13 17:40:52 0 d-------- F:\Documents and Settings\LocalService\Application Data
2008-06-13 17:40:52 0 d---s---- F:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-13 17:40:51 262144 --ah----- F:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-13 17:40:04 225280 --ah----- F:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-13 17:40:04 0 d--h----- F:\Documents and Settings\NetworkService\Local Settings
2008-06-13 17:40:04 0 d---s---- F:\Documents and Settings\NetworkService\Cookies
2008-06-13 17:40:04 0 d-------- F:\Documents and Settings\NetworkService\Application Data
2008-06-13 17:40:04 0 d---s---- F:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-13 17:37:23 0 d-------- F:\WINDOWS\system32\xircom
2008-06-13 17:37:23 0 d-------- F:\Program Files\microsoft frontpage
2008-06-13 17:37:21 225280 --ah----- F:\Documents and Settings\Default User\NTUSER.DAT
2008-06-13 17:36:22 0 d--hs---- F:\Documents and Settings\All Users\DRM
2008-06-13 17:36:13 0 dr------- F:\WINDOWS\Offline Web Pages
2008-06-13 17:36:13 0 d---s---- F:\WINDOWS\Downloaded Program Files
2008-06-13 17:36:03 0 d--h----- F:\Program Files\WindowsUpdate
2008-06-13 17:35:42 0 d-------- F:\WINDOWS\system32\DirectX
2008-06-13 17:35:06 0 d---s---- F:\WINDOWS\Tasks
2008-06-13 17:35:05 0 d-------- F:\Program Files\Common Files\MSSoap
2008-06-13 17:35:00 0 d-------- F:\WINDOWS\srchasst
2008-06-13 17:34:59 0 d-------- F:\WINDOWS\system32\Macromed
2008-06-13 17:34:49 0 d-------- F:\Program Files\Movie Maker
2008-06-13 17:34:40 0 d-------- F:\WINDOWS\system32\Restore
2008-06-13 17:34:21 21640 --a------ F:\WINDOWS\system32\emptyregdb.dat
2008-06-13 17:34:06 0 d-------- F:\WINDOWS\Registration
2008-06-13 17:33:41 0 d-------- F:\Program Files\Online Services
2008-06-13 17:33:36 0 d-------- F:\Program Files\Messenger
2008-06-13 17:33:32 0 d-------- F:\Program Files\MSN Gaming Zone
2008-06-13 17:32:46 0 d-------- F:\Program Files\Windows NT
2008-06-13 17:32:43 0 d-------- F:\WINDOWS\system32\MsDtc
2008-06-13 17:32:41 0 d-------- F:\WINDOWS\system32\Com
2008-06-13 13:17:01 0 d--hs---- F:\WINDOWS\Installer
2008-06-13 13:17:00 0 d-------- F:\Program Files\Common Files\ODBC
2008-06-13 13:16:56 0 d-------- F:\Program Files\Common Files\SpeechEngines
2008-06-13 13:16:55 0 dr------- F:\Program Files
2008-06-13 13:16:55 0 d-------- F:\Program Files\Common Files
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\Templates
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\Default User\Start Menu
2008-06-13 13:16:29 0 dr-h----- F:\Documents and Settings\Default User\SendTo
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\Recent
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\PrintHood
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\NetHood
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\My Documents
2008-06-13 13:16:29 0 dr-h----- F:\Documents and Settings\Default User\Local Settings
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\Favorites
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\Desktop
2008-06-13 13:16:29 0 d---s---- F:\Documents and Settings\Default User\Cookies
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\All Users\Templates
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\All Users\Start Menu
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\All Users\Favorites
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\All Users\Documents
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\All Users\Desktop
2008-06-13 13:15:12 0 d-------- F:\WINDOWS\system32\CatRoot2
2008-06-13 13:15:12 0 d-------- F:\WINDOWS\system32\CatRoot
2008-06-13 13:15:07 0 dr-h----- F:\Documents and Settings\Default User\Application Data
2008-06-13 13:15:07 0 d---s---- F:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-13 13:15:06 0 dr-h----- F:\Documents and Settings\All Users\Application Data
2008-06-13 13:15:06 0 d---s---- F:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-13 13:14:40 0 d--hs---- F:\System Volume Information
2008-06-13 13:14:40 0 d-------- F:\Documents and Settings
2008-06-13 13:06:28 0 d-------- F:\WINDOWS
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\WinSxS
2008-06-13 13:06:28 0 dr------- F:\WINDOWS\Web
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\twain_32
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\wins
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\wbem
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\usmt
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\spool
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ShellExt
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\Setup
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ras
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\oobe
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\npp
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\mui
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\inetsrv
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\IME
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\icsxml
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ias
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\export
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers\etc
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers\disdn
2008-06-13 13:06:28 0 dr-hs--c- F:\WINDOWS\system32\dllcache
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\dhcp
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\config
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\3com_dmi
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\3076
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\2052
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1054
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1042
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1041
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1037
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1033
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1031
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1028
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1025
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\security
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Resources
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\repair
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Provisioning
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\PeerNet
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\pchealth
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\mui
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\msapps
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\msagent
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Media
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\java
2008-06-13 13:06:28 0 d--h----- F:\WINDOWS\inf
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\ime
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Help
2008-06-13 13:06:28 0 dr--s---- F:\WINDOWS\Fonts
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Driver Cache
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Debug
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Cursors
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Connection Wizard
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Config
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\AppPatch
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-06-13 13:16:29 62 --ahs---- F:\Documents and Settings\Pete\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{874EA085-3B7B-412B-91AE-7291A94978D0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D01A8B68-D46E-42C1-B967-9043543B6E0D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="F:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 15:14]
"avgnt"="F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06]
"RTHDCPL"="RTHDCPL.EXE" [10/14/2005 21:51 F:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 22:43 F:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="F:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 15:54]
"MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54]
"RoboForm"="F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [07/06/2008 16:48]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///F:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fsrpknov"= {DB12EC73-2A4F-471B-88E7-DC7C3B43D555} - F:\WINDOWS\fsrpknov.dll [07/09/2008 08:09 348160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtTkiH]
geBtTkiH.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 F:\WINDOWS\system32\byXOffeD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"F:\Program Files\Spyware Doctor\pctsTray.exe"




-- End of Deckard's System Scanner: finished at 2008-07-10 09:11:57 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 958.48 MiB / 507.13 MiB
Pagefile Memory (total/avail): 2314.33 MiB / 1784.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.16 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 5.99 GiB total, 4.23 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 149.04 GiB total, 133.07 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD1600AAJS-00WAA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - F:

\\.\PHYSICALDRIVE1 - WDC WD64AA - 6.01 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 6.01 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Spyware Doctor with AntiVirus v (PC Tools)
AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\MSN Messenger\\msnmsgr.exe"="F:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"F:\\Program Files\\MSN Messenger\\livecall.exe"="F:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\WINDOWS\\system32\\usmt\\migwiz.exe"="F:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"F:\\Program Files\\ACT\\ACT for Win 7\\Act7.exe"="F:\\Program Files\\ACT\\ACT for Win 7\\Act7.exe:*:Enabled:ACT! 7.x/2005"
"F:\\Program Files\\MSN Messenger\\msnmsgr.exe"="F:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"F:\\Program Files\\MSN Messenger\\livecall.exe"="F:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\\Program Files\\Skype\\Phone\\Skype.exe"="F:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Pete\Application Data
CLIENTNAME=Console
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=MAIN
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Pete
LOGONSERVER=\\MAIN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=F:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\Pete\LOCALS~1\Temp
TMP=F:\DOCUME~1\Pete\LOCALS~1\Temp
USERDOMAIN=MAIN
USERNAME=Pete
USERPROFILE=F:\Documents and Settings\Pete
windir=F:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Pete (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Affiliate ID Manager - Version No.1 --> "F:\Program Files\Affiliate Manager\unins000.exe"
AI RoboForm (All Users) --> "F:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
ATI Display Driver --> rundll32 F:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal – Free Antivirus --> F:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Business Legal Forms --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{0E4DBFE2-EEA4-11D3-96D0-00A0CC3F8931}\setup.exe"
CCleaner (remove only) --> "F:\Program Files\CCleaner\uninst.exe"
D-Link AirPlus G Wireless LAN Adapter --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B5749E57-AD4A-4B1B-ABC5-885FDBC286C9}\Setup.exe" -l0x9
EditPlus 3 --> F:\Program Files\EditPlus 3\remove.exe
FileZilla Client 3.0.11.1 --> F:\Program Files\FileZilla FTP Client\uninstall.exe
GIMP 2.4.6 --> "F:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "f:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> "F:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HyperVRE 1.8 --> "F:\Program Files\HyperVRE\unins000.exe"
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KeywordMaster --> "F:\Program Files\KeywordMaster\unins000.exe"
Mail List --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{8A42AEAD-D4E6-42A8-9815-8AB9FFBC96B0}\setup.exe" -l0x9
Meta Whiz 1.0 --> F:\WINDOWS\system32\swb_uninst.exe "C:\Program Files\Meta Whiz 1.0\uninst.log"
Microsoft Compression Client Pack 1.0 for Windows XP --> "F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
OpenOffice.org 2.4 --> MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
Promobuddy2 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{AE237488-91BB-476C-AD1C-514D8FDD278B}\Setup.exe" -l0x9
ProVenture Invoices --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3513E1A8-276E-46B6-8EDF-14730D167D97}\setup.exe" -l0x9
QuickBooks Customer Manager Version 2 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{DBCA9AEA-7E95-46B7-B809-F605FE21AD26}\setup.exe" -l0x9
QuickBooks Premier: Mfg and Whsle Edition 2005 --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="wholesale" QBFULLNAME="QuickBooks Premier: Mfg and Whsle Edition 2005" ADDREMOVE=1
Realtek High Definition Audio Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spyware Doctor 5.5 --> F:\Program Files\Spyware Doctor\unins000.exe /LOG
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> F:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1026 / Success
Event Submitted/Written: 07/10/2008 09:06:32 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1025 / Warning
Event Submitted/Written: 07/10/2008 09:06:23 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
BAT/Fake.PrivdangerF:\Documents and Settings\Pete\Local Settings\Temp\install-privacy-danger.bat

Event Record #/Type1024 / Warning
Event Submitted/Written: 07/10/2008 09:05:55 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1023 / Warning
Event Submitted/Written: 07/10/2008 09:05:55 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type1019 / Warning
Event Submitted/Written: 07/10/2008 08:51:44 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
DR/Tool.Reboot.F.108F:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Content.IE5\K1AZOLI7\SmitfraudFix[1].exe



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3594 / Error
Event Submitted/Written: 07/10/2008 09:04:52 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type3593 / Error
Event Submitted/Written: 07/10/2008 08:56:29 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
avgio
avipbb
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
pctfw2
RasAcd
Rdbss
ssmdrv
Tcpip
WS2IFSL

Event Record #/Type3592 / Error
Event Submitted/Written: 07/10/2008 08:56:29 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type3591 / Error
Event Submitted/Written: 07/10/2008 08:56:01 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type3590 / Error
Event Submitted/Written: 07/10/2008 08:56:01 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-07-10 09:11:57 ------------
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {874EA085-3B7B-412B-91AE-7291A94978D0} - (no file)
O2 - BHO: (no name) - {D01A8B68-D46E-42C1-B967-9043543B6E0D} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - Winlogon Notify: geBtTkiH - geBtTkiH.dll (file missing)
O21 - SSODL: fsrpknov - {DB12EC73-2A4F-471B-88E7-DC7C3B43D555} - F:\WINDOWS\fsrpknov.dll
O24 - Desktop Component 0: Privacy Protection - file:///F:\WINDOWS\privacy_danger\index.htm


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    F:\WINDOWS\system32\ytqlnffy.dll
    F:\WINDOWS\system32\DeffOXyb.ini2
    F:\WINDOWS\system32\cbXNFxwX.dll
    F:\WINDOWS\gpefaowr.exe
    F:\WINDOWS\fsrpknov.dll
    F:\WINDOWS\enxw.exe
    F:\WINDOWS\privacy_danger
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new DSS log
  • 0

#5
peteVA

peteVA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Well, at least my desktop is back! :)


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 10, 2008 18:44:44
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/07/2008
Kaspersky Anti-Virus database records: 935678
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 166025
Number of viruses found: 5
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 02:05:12

Infected Object Name / Virus Name / Last Action
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
F:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\Pete\Application Data\Microsoft\Outlook\outcmd.dat Object is locked skipped
F:\Documents and Settings\Pete\Application Data\Skype\pete.sonon\contactgroup256.dbb Object is locked skipped
F:\Documents and Settings\Pete\Application Data\Skype\pete.sonon\dyncontent\bundle.dat Object is locked skipped
F:\Documents and Settings\Pete\Application Data\Skype\pete.sonon\index2.dat Object is locked skipped
F:\Documents and Settings\Pete\Application Data\Skype\pete.sonon\profile256.dbb Object is locked skipped
F:\Documents and Settings\Pete\Application Data\Skype\pete.sonon\user1024.dbb Object is locked skipped
F:\Documents and Settings\Pete\Application Data\Skype\pete.sonon\user16384.dbb Object is locked skipped
F:\Documents and Settings\Pete\Application Data\Skype\pete.sonon\user256.dbb Object is locked skipped
F:\Documents and Settings\Pete\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\Pete\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
F:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_50F4_CE56_F4CE_3DCA\dfsr.db Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_50F4_CE56_F4CE_3DCA\fsr.log Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_50F4_CE56_F4CE_3DCA\fsrtmp.log Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_50F4_CE56_F4CE_3DCA\tmp.edb Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\History\History.IE5\MSHist012008071020080711\index.dat Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Temp\~DF4BC8.tmp Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Temp\~DF4C25.tmp Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Temp\~DFABB1.tmp Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Temp\~DFAD37.tmp Object is locked skipped
F:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\Pete\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\Pete\ntuser.dat.LOG Object is locked skipped
F:\Program Files\Spyware Doctor\NetworkLayer\InterfaceDLL.txt Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{60E03A84-EB17-4192-A70B-1A1648C9BAE3}\RP58\A0010829.dll Infected: Trojan.Win32.Vapsup.hdk skipped
F:\System Volume Information\_restore{60E03A84-EB17-4192-A70B-1A1648C9BAE3}\RP58\A0010837.dll Infected: Trojan.Win32.Vapsup.hdk skipped
F:\System Volume Information\_restore{60E03A84-EB17-4192-A70B-1A1648C9BAE3}\RP58\A0010838.dll Infected: Trojan.Win32.Vapsup.hcw skipped
F:\System Volume Information\_restore{60E03A84-EB17-4192-A70B-1A1648C9BAE3}\RP77\A0016178.exe Infected: Trojan-Downloader.Win32.Zlob.qzm skipped
F:\System Volume Information\_restore{60E03A84-EB17-4192-A70B-1A1648C9BAE3}\RP78\A0017336.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
F:\System Volume Information\_restore{60E03A84-EB17-4192-A70B-1A1648C9BAE3}\RP78\change.log Object is locked skipped
F:\Wholesale Lists\consolesuppliers\resell_wholesale contact_gameconsole.exe Infected: not-a-virus:AdWare.Win32.UBar.f skipped
F:\Wholesale Lists\consolesuppliers.zip/resell_wholesale contact_gameconsole.exe Infected: not-a-virus:AdWare.Win32.UBar.f skipped
F:\Wholesale Lists\consolesuppliers.zip ZIP: infected - 1 skipped
F:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
F:\WINDOWS\SchedLgU.Txt Object is locked skipped
F:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
F:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
F:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
F:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\default Object is locked skipped
F:\WINDOWS\system32\config\default.LOG Object is locked skipped
F:\WINDOWS\system32\config\SAM Object is locked skipped
F:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
F:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\SECURITY Object is locked skipped
F:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
F:\WINDOWS\system32\config\software Object is locked skipped
F:\WINDOWS\system32\config\software.LOG Object is locked skipped
F:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\system Object is locked skipped
F:\WINDOWS\system32\config\system.LOG Object is locked skipped
F:\WINDOWS\system32\h323log.txt Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
F:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Deckard's System Scanner v20071014.68
Run by Pete on 2008-07-10 18:50:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Pete.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:13, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Spyware Doctor\pctsAuxs.exe
F:\Program Files\Spyware Doctor\pctsSvc.exe
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
F:\Program Files\D-Link AirPlus G\AirPlus.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Program Files\EditPlus 3\editplus.exe
F:\Documents and Settings\Pete\Desktop\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\Pete.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Customize Menu - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: fsrpknov - {9460337E-64C8-4C29-A2AB-00CE703DA80F} - F:\WINDOWS\fsrpknov.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6747 bytes

-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 10:30:28 0 d-------- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-10 10:30:26 0 d-------- F:\WINDOWS\system32\Kaspersky Lab
2008-07-10 10:30:25 0 d-------- F:\WINDOWS\LastGood
2008-07-10 08:51:57 25600 --a------ F:\WINDOWS\system32\WS2Fix.exe
2008-07-10 08:51:57 289144 --a------ F:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-10 08:51:57 86528 --a------ F:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-10 08:51:57 288417 --a------ F:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-10 08:51:57 53248 --a------ F:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-10 08:51:57 82944 --a------ F:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-10 08:51:57 51200 --a------ F:\WINDOWS\system32\dumphive.exe
2008-07-10 08:51:57 81920 --a------ F:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-10 00:25:48 0 d-------- F:\WINDOWS\system32\FxsTmp
2008-07-09 19:52:11 0 d-------- F:\Program Files\Trend Micro
2008-07-09 17:13:48 0 dr-h----- F:\Documents and Settings\Pete\Recent
2008-07-09 12:39:57 0 d-------- F:\Documents and Settings\Pete\Application Data\TmpRecentIcons
2008-07-08 20:38:38 0 d-------- F:\10Kone
2008-07-08 20:05:02 0 d-------- F:\Program Files\Affiliate ID Manager
2008-07-08 18:17:05 0 d-------- F:\Small Business Bookseller
2008-07-08 16:38:09 0 d-------- F:\AX Gold
2008-07-07 18:11:51 0 d-------- F:\Dropshipping
2008-07-05 19:09:36 0 d-------- F:\Documents and Settings\Pete\Application Data\gtk-2.0
2008-07-05 19:09:35 0 d-------- F:\Documents and Settings\Pete\.thumbnails
2008-07-05 19:05:04 0 d-------- F:\Documents and Settings\Pete\.gimp-2.4
2008-07-05 19:04:17 0 d-------- F:\Program Files\GIMP-2.0
2008-07-03 19:19:50 0 d-------- F:\5000 Images
2008-07-03 16:48:55 0 d-------- F:\Documents and Settings\LocalService\Application Data\Help
2008-07-02 22:41:52 0 d-------- F:\WINDOWS\pss
2008-07-02 13:04:43 0 d-------- F:\Ebay Stuff
2008-06-29 22:25:02 21648 --a------ F:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-06-29 22:24:06 0 d-------- F:\XFORMSCD
2008-06-29 22:23:58 20976 --a------ F:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-06-29 22:23:55 0 d-------- F:\Documents and Settings\Pete\WINDOWS
2008-06-29 20:27:16 1085 --a------ F:\WINDOWS\EReg011.dat
2008-06-29 20:21:59 0 d-------- F:\Documents and Settings\All Users\Application Data\SBT
2008-06-29 20:21:46 0 d-------- F:\Program Files\Snapshot Viewer
2008-06-29 10:58:01 0 d-------- F:\Documents and Settings\Pete\Application Data\FileMaker
2008-06-29 10:57:57 0 d-------- F:\Program Files\Webservice Detlev Reimer
2008-06-26 20:01:10 0 d-------- F:\Documents and Settings\Pete\Contacts
2008-06-26 20:00:18 0 d------c- F:\WINDOWS\system32\DRVSTORE
2008-06-26 19:59:44 0 d-------- F:\Program Files\MSN Messenger
2008-06-26 19:54:24 56 --ah----- F:\WINDOWS\system32\ezsidmv.dat
2008-06-26 19:54:23 0 d-------- F:\Documents and Settings\Pete\Application Data\skypePM
2008-06-26 19:53:00 0 d-------- F:\Documents and Settings\Pete\Application Data\Skype
2008-06-26 19:52:30 0 d-------- F:\Program Files\Skype
2008-06-26 19:52:29 0 d-------- F:\Program Files\Common Files\Skype
2008-06-26 19:52:21 0 d-------- F:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 21:30:51 1902 --a------ F:\WINDOWS\system32\tmp.reg
2008-06-25 10:01:14 0 d-------- F:\Program Files\HyperVRE
2008-06-25 09:47:01 0 d-------- F:\HyperVRE
2008-06-23 14:10:29 0 d-------- F:\Buzz
2008-06-22 22:26:46 0 d-------- F:\Forms
2008-06-22 10:47:47 0 d-------- F:\Online Payment Protector
2008-06-21 17:10:47 0 d-------- F:\WINDOWS\Sun
2008-06-21 16:28:51 0 d-------- F:\Cube Cart
2008-06-21 11:30:04 0 d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-21 11:23:24 0 d-------- F:\Program Files\Windows Media Connect 2
2008-06-21 11:22:29 0 d-------- F:\WINDOWS\system32\LogFiles
2008-06-21 11:22:29 0 d-------- F:\WINDOWS\system32\drivers\UMDF
2008-06-21 10:26:48 286720 --a------ F:\WINDOWS\system32\swb_uninst.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-06-21 08:25:17 0 d-------- F:\Templates
2008-06-21 07:55:04 0 d-------- F:\Surefire Wealth
2008-06-20 20:27:40 0 d-------- F:\Program Files\KeywordMaster
2008-06-19 15:52:00 0 d-------- F:\WINDOWS\system32\Lang
2008-06-19 14:47:44 40960 -r------- F:\WINDOWS\system32\ChCfg.exe
2008-06-19 14:47:25 0 d-------- F:\WINDOWS\system32\RTCOM
2008-06-19 14:46:38 0 d-------- F:\Program Files\Realtek
2008-06-19 14:46:29 487424 -r------- F:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-19 14:40:08 516096 -----n--- F:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-19 14:39:44 0 d-------- F:\WINDOWS\system32\ReinstallBackups
2008-06-19 14:25:33 0 d-------- F:\Program Files\MSXML 4.0
2008-06-19 14:25:15 0 d-------- F:\TempEI4
2008-06-17 10:00:04 0 d-------- F:\Jeremy Burns
2008-06-16 16:48:40 25 --a------ F:\WINDOWS\SW_Win2146X32.DLL
2008-06-16 16:47:20 0 d-------- F:\Documents and Settings\Pete\Application Data\Help
2008-06-16 16:34:18 0 d-------- F:\Internet Pie
2008-06-16 16:16:28 0 d-------- F:\Wholesale Sources Directory
2008-06-16 16:10:17 0 d-------- F:\Internet Marketing Worx
2008-06-16 12:37:04 0 d-------- F:\Documents and Settings\Pete\Application Data\OpenOffice.org2
2008-06-15 08:36:06 0 d-------- F:\ZZ Websites
2008-06-15 07:03:27 0 d-------- F:\Documents and Settings\Pete\Application Data\FileZilla
2008-06-15 06:37:04 0 d-------- F:\Program Files\Affiliate Manager
2008-06-15 06:10:00 0 d-------- F:\Graphics
2008-06-15 05:58:33 0 d-------- F:\PLR
2008-06-14 23:09:45 0 d-------- F:\Program Files\OpenOffice.org 2.4
2008-06-14 23:08:53 0 d-------- F:\Program Files\Java
2008-06-14 23:08:52 0 d-------- F:\Program Files\Common Files\Java
2008-06-14 23:08:43 0 d-------- F:\Documents and Settings\Pete\Application Data\Sun
2008-06-14 22:39:58 72704 --a------ F:\WINDOWS\system32\odbctl32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-06-14 22:38:56 368912 --a------ F:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-14 22:38:56 294912 --a------ F:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 166672 --a------ F:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 262144 --a------ F:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 250128 --a------ F:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 168720 --a------ F:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 1238288 --a------ F:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 1050896 --a------ F:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 252688 --a------ F:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 344064 --a------ F:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 44304 --a------ F:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 415504 --a------ F:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-06-14 22:38:55 24848 --a------ F:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 123664 --a------ F:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 39424 --a------ F:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2008-06-14 22:38:39 0 d-------- F:\Program Files\ProVenture
2008-06-14 22:38:38 0 d-------- F:\Program Files\Common Files\MySoftware
2008-06-14 22:37:43 0 d-------- F:\WINDOWS\system32\Temp
2008-06-14 17:01:41 0 d-------- F:\Program Files\FileZilla FTP Client
2008-06-14 16:05:33 0 d-------- F:\Documents and Settings\Pete\Application Data\WinRAR
2008-06-14 15:34:03 0 d-------- F:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-06-14 14:59:29 339968 --a------ F:\WINDOWS\system32\cdintf.dll <Not Verified; AMYUNI Consultants
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-14 14:56:23 0 d-------- F:\Program Files\Common Files\AnswerWorks 4.0
2008-06-14 14:55:30 0 d-------- F:\Program Files\Common Files\Intuit
2008-06-14 14:55:25 0 d-------- F:\Program Files\Intuit
2008-06-14 14:54:02 0 d-------- F:\Documents and Settings\All Users\Application Data\Intuit
2008-06-14 14:47:17 0 d-------- F:\DownLoads
2008-06-14 12:52:29 4096 --a------ F:\Documents and Settings\All Users\Application Data\ScheduledItems
2008-06-14 12:48:54 0 d-------- F:\WINDOWS\system32\Backup
2008-06-14 12:48:54 0 d-------- F:\Documents and Settings\Pete\Application Data\IsolatedStorage
2008-06-14 12:48:51 1890 --ahs---- F:\WINDOWS\system32\KGyGaAvL.sys
2008-06-14 12:48:51 56 -r-hs---- F:\WINDOWS\system32\240B7AE127.sys
2008-06-14 12:48:36 0 d-------- F:\WINDOWS\SQLHotfix
2008-06-14 12:47:12 0 d-------- F:\Documents and Settings\Pete\Application Data\ACT
2008-06-14 12:45:59 306688 --a------ F:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-14 12:44:39 0 d-------- F:\Program Files\Microsoft SQL Server
2008-06-14 12:34:13 0 d-------- F:\WINDOWS\system32\URTTemp
2008-06-14 11:44:18 0 d-------- F:\Wholesale Lists
2008-06-14 10:51:56 0 d-------- F:\Program Files\CCleaner
2008-06-14 09:47:23 0 d-------- F:\Documents and Settings\All Users\Application Data\RoboForm
2008-06-14 09:46:45 0 d-------- F:\Program Files\Siber Systems
2008-06-14 09:39:54 0 d-------- F:\Documents and Settings\All Users\Application Data\Adobe
2008-06-14 09:39:49 0 d-------- F:\Program Files\Common Files\Adobe
2008-06-14 09:38:58 0 d-------- F:\Program Files\Adobe Media Player
2008-06-14 09:38:48 0 d-------- F:\Documents and Settings\Pete\Application Data\Macromedia
2008-06-14 09:38:47 0 d-------- F:\Documents and Settings\Pete\Application Data\Adobe
2008-06-14 09:31:39 0 d-------- F:\Directories
2008-06-14 09:31:01 0 d-------- F:\Design Shrine
2008-06-14 09:30:46 0 d-------- F:\CashFlow Websites
2008-06-14 09:11:41 0 d-------- F:\VAULT
2008-06-14 08:20:35 0 d-------- F:\Program Files\EditPlus 3
2008-06-14 08:20:35 0 d-------- F:\Documents and Settings\Pete\Application Data\EditPlus 3
2008-06-13 22:41:09 0 d-------- F:\Program Files\Avira
2008-06-13 22:41:09 0 d-------- F:\Documents and Settings\All Users\Application Data\Avira
2008-06-13 22:34:25 0 d-------- F:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-13 22:33:44 0 d-------- F:\Program Files\Common Files\PC Tools
2008-06-13 22:32:12 0 d-------- F:\Documents and Settings\LocalService\Application Data\Google
2008-06-13 22:32:11 0 dr------- F:\Documents and Settings\LocalService\Favorites
2008-06-13 22:21:36 0 d-------- F:\Documents and Settings\Pete\Application Data\Google
2008-06-13 21:55:58 0 d-------- F:\WINDOWS\system32\PreInstall
2008-06-13 21:55:56 0 d--h----- F:\WINDOWS\$hf_mig$
2008-06-13 21:53:32 0 d-a------ F:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 21:53:21 0 d-------- F:\Program Files\Spyware Doctor
2008-06-13 21:53:21 0 d-------- F:\Documents and Settings\Pete\Application Data\PC Tools
2008-06-13 21:53:20 0 d-------- F:\Documents and Settings\All Users\Application Data\Google
2008-06-13 21:53:17 0 d-------- F:\Program Files\Google
2008-06-13 21:40:12 0 d-------- F:\WINDOWS\system32\SoftwareDistribution
2008-06-13 21:35:41 256896 -ra------ F:\WINDOWS\system32\drivers\MRV8K51.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>
2008-06-13 21:35:41 0 d-------- F:\Program Files\D-Link AirPlus G
2008-06-13 21:35:31 0 d-------- F:\Program Files\Common Files\InstallShield
2008-06-13 18:15:15 0 d-------- F:\WINDOWS\ShellNew
2008-06-13 18:14:09 0 d-------- F:\Documents and Settings\Pete\Application Data\Microsoft Web Folders
2008-06-13 18:06:20 0 d---s---- F:\Documents and Settings\Pete\UserData
2008-06-13 17:44:04 0 d-------- F:\Documents and Settings\Pete\Application Data\Identities
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\Templates
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\Start Menu
2008-06-13 17:43:52 0 dr-h----- F:\Documents and Settings\Pete\SendTo
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\PrintHood
2008-06-13 17:43:52 2883584 --ah----- F:\Documents and Settings\Pete\NTUSER.DAT
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\NetHood
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\My Documents
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\Local Settings
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\Favorites
2008-06-13 17:43:52 0 d-------- F:\Documents and Settings\Pete\Desktop
2008-06-13 17:43:52 0 d---s---- F:\Documents and Settings\Pete\Cookies
2008-06-13 17:43:52 0 dr-h----- F:\Documents and Settings\Pete\Application Data
2008-06-13 17:40:54 0 d-------- F:\WINDOWS\SoftwareDistribution
2008-06-13 17:40:53 0 d-------- F:\WINDOWS\Prefetch
2008-06-13 17:40:52 0 d---s---- F:\WINDOWS\system32\Microsoft
2008-06-13 17:40:52 0 d--h----- F:\Documents and Settings\LocalService\Local Settings
2008-06-13 17:40:52 0 d---s---- F:\Documents and Settings\LocalService\Cookies
2008-06-13 17:40:52 0 d-------- F:\Documents and Settings\LocalService\Application Data
2008-06-13 17:40:52 0 d---s---- F:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-13 17:40:51 262144 --ah----- F:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-13 17:40:04 225280 --ah----- F:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-13 17:40:04 0 d--h----- F:\Documents and Settings\NetworkService\Local Settings
2008-06-13 17:40:04 0 d---s---- F:\Documents and Settings\NetworkService\Cookies
2008-06-13 17:40:04 0 d-------- F:\Documents and Settings\NetworkService\Application Data
2008-06-13 17:40:04 0 d---s---- F:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-13 17:37:23 0 d-------- F:\WINDOWS\system32\xircom
2008-06-13 17:37:23 0 d-------- F:\Program Files\microsoft frontpage
2008-06-13 17:37:21 225280 --ah----- F:\Documents and Settings\Default User\NTUSER.DAT
2008-06-13 17:36:22 0 d--hs---- F:\Documents and Settings\All Users\DRM
2008-06-13 17:36:13 0 dr------- F:\WINDOWS\Offline Web Pages
2008-06-13 17:36:13 0 d---s---- F:\WINDOWS\Downloaded Program Files
2008-06-13 17:36:03 0 d--h----- F:\Program Files\WindowsUpdate
2008-06-13 17:35:42 0 d-------- F:\WINDOWS\system32\DirectX
2008-06-13 17:35:06 0 d---s---- F:\WINDOWS\Tasks
2008-06-13 17:35:05 0 d-------- F:\Program Files\Common Files\MSSoap
2008-06-13 17:35:00 0 d-------- F:\WINDOWS\srchasst
2008-06-13 17:34:59 0 d-------- F:\WINDOWS\system32\Macromed
2008-06-13 17:34:49 0 d-------- F:\Program Files\Movie Maker
2008-06-13 17:34:40 0 d-------- F:\WINDOWS\system32\Restore
2008-06-13 17:34:21 21640 --a------ F:\WINDOWS\system32\emptyregdb.dat
2008-06-13 17:34:06 0 d-------- F:\WINDOWS\Registration
2008-06-13 17:33:41 0 d-------- F:\Program Files\Online Services
2008-06-13 17:33:36 0 d-------- F:\Program Files\Messenger
2008-06-13 17:33:32 0 d-------- F:\Program Files\MSN Gaming Zone
2008-06-13 17:32:46 0 d-------- F:\Program Files\Windows NT
2008-06-13 17:32:43 0 d-------- F:\WINDOWS\system32\MsDtc
2008-06-13 17:32:41 0 d-------- F:\WINDOWS\system32\Com
2008-06-13 13:17:01 0 d--hs---- F:\WINDOWS\Installer
2008-06-13 13:17:00 0 d-------- F:\Program Files\Common Files\ODBC
2008-06-13 13:16:56 0 d-------- F:\Program Files\Common Files\SpeechEngines
2008-06-13 13:16:55 0 dr------- F:\Program Files
2008-06-13 13:16:55 0 d-------- F:\Program Files\Common Files
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\Templates
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\Default User\Start Menu
2008-06-13 13:16:29 0 dr-h----- F:\Documents and Settings\Default User\SendTo
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\Recent
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\PrintHood
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\NetHood
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\My Documents
2008-06-13 13:16:29 0 dr-h----- F:\Documents and Settings\Default User\Local Settings
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\Favorites
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\Desktop
2008-06-13 13:16:29 0 d---s---- F:\Documents and Settings\Default User\Cookies
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\All Users\Templates
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\All Users\Start Menu
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\All Users\Favorites
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\All Users\Documents
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\All Users\Desktop
2008-06-13 13:15:12 0 d-------- F:\WINDOWS\system32\CatRoot2
2008-06-13 13:15:12 0 d-------- F:\WINDOWS\system32\CatRoot
2008-06-13 13:15:07 0 dr-h----- F:\Documents and Settings\Default User\Application Data
2008-06-13 13:15:07 0 d---s---- F:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-13 13:15:06 0 dr-h----- F:\Documents and Settings\All Users\Application Data
2008-06-13 13:15:06 0 d---s---- F:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-13 13:14:40 0 d--hs---- F:\System Volume Information
2008-06-13 13:14:40 0 d-------- F:\Documents and Settings
2008-06-13 13:06:28 0 d-------- F:\WINDOWS
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\WinSxS
2008-06-13 13:06:28 0 dr------- F:\WINDOWS\Web
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\twain_32
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\wins
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\wbem
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\usmt
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\spool
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ShellExt
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\Setup
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ras
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\oobe
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\npp
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\mui
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\inetsrv
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\IME
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\icsxml
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ias
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\export
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers\etc
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers\disdn
2008-06-13 13:06:28 0 dr-hs--c- F:\WINDOWS\system32\dllcache
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\dhcp
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\config
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\3com_dmi
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\3076
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\2052
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1054
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1042
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1041
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1037
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1033
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1031
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1028
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1025
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\security
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Resources
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\repair
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Provisioning
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\PeerNet
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\pchealth
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\mui
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\msapps
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\msagent
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Media
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\java
2008-06-13 13:06:28 0 d--h----- F:\WINDOWS\inf
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\ime
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Help
2008-06-13 13:06:28 0 dr--s---- F:\WINDOWS\Fonts
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Driver Cache
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Debug
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Cursors
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Connection Wizard
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Config
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\AppPatch
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-06-13 13:16:29 62 --ahs---- F:\Documents and Settings\Pete\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="F:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 15:14]
"avgnt"="F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06]
"RTHDCPL"="RTHDCPL.EXE" [10/14/2005 21:51 F:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="F:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 15:54]
"MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54]
"RoboForm"="F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [07/06/2008 16:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fsrpknov"= {9460337E-64C8-4C29-A2AB-00CE703DA80F} - F:\WINDOWS\fsrpknov.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 F:\WINDOWS\system32\byXOffeD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"F:\Program Files\Spyware Doctor\pctsTray.exe"




-- End of Deckard's System Scanner: finished at 2008-07-10 18:52:13 ------------


The second DSS report never showed. I had to run it several time to ge this.
  • 0

#6
peteVA

peteVA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Just a quick note. I have Spyware Doctor and Avira AntiVir running all the time. Neither of which caught this, BTW.

I just did a complete scan with the AVira and it still finds BAT/Fake.Privdanger

Quick scan with SD shows nothing.
.
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    F:\Wholesale Lists
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O21 - SSODL: fsrpknov - {9460337E-64C8-4C29-A2AB-00CE703DA80F} - F:\WINDOWS\fsrpknov.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00


Then double click on the fix.reg file, when it prompts to merge click "Yes".





Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Reboot and post a new DSS log
  • 0

#8
peteVA

peteVA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Somehow this morning I got a white overlay on the desktop with a big notice that the Active Desktop had been removed, did I want to restore it?

I did restore it and it seems fine. Been computing since CP/M days and never seen anything like that.

Here's the latest results -


Deckard's System Scanner v20071014.68
Run by Pete on 2008-07-11 10:12:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Pete.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:39, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Spyware Doctor\pctsAuxs.exe
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\Program Files\Spyware Doctor\pctsSvc.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
F:\Program Files\D-Link AirPlus G\AirPlus.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Documents and Settings\Pete\Desktop\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\Pete.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: ERUNT AutoBackup.lnk = F:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Customize Menu - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6674 bytes

-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 09:38:42 0 d-------- F:\Documents and Settings\Pete\Application Data\Malwarebytes
2008-07-11 09:38:36 0 d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 09:38:34 0 d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-07-10 19:09:37 1277440 -----n--- F:\WINDOWS\system32\rgt007.dll <Not Verified; GST Technology Ltd; GST Kernel>
2008-07-10 19:09:32 77312 -----n--- F:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>
2008-07-10 19:09:32 87328 -----n--- F:\WINDOWS\system32\TWAIN.DLL <Not Verified; Twain Working Group; Twain Source Manager>
2008-07-10 19:09:31 33792 -----n--- F:\WINDOWS\system32\LTTWN80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:31 3824 -----n--- F:\WINDOWS\system32\LTTHK80W.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Windows>
2008-07-10 19:09:31 423936 -----n--- F:\WINDOWS\system32\LTKRN80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:31 39424 -----n--- F:\WINDOWS\system32\LFGIF80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:30 94208 -----n--- F:\WINDOWS\system32\LTIMG80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:30 64512 -----n--- F:\WINDOWS\system32\LTFIL80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:30 27648 -----n--- F:\WINDOWS\system32\LFWPG80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:30 28160 -----n--- F:\WINDOWS\system32\LFWMF80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:30 25600 -----n--- F:\WINDOWS\system32\LFWFX80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:29 114176 -----n--- F:\WINDOWS\system32\LFTIF80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:29 27648 -----n--- F:\WINDOWS\system32\LFTGA80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:29 26112 -----n--- F:\WINDOWS\system32\LFRAS80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:29 28672 -----n--- F:\WINDOWS\system32\LFPSD80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:29 134144 -----n--- F:\WINDOWS\system32\LFPNG80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:28 30720 -----n--- F:\WINDOWS\system32\LFPCX80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:28 30720 -----n--- F:\WINDOWS\system32\LFPCT80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:28 26624 -----n--- F:\WINDOWS\system32\LFPCD80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:28 26112 -----n--- F:\WINDOWS\system32\LFMSP80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:27 31232 -----n--- F:\WINDOWS\system32\LFLMB80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:27 35840 -----n--- F:\WINDOWS\system32\LFLMA80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:27 24576 -----n--- F:\WINDOWS\system32\LFAVI80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:26 118784 -----n--- F:\WINDOWS\system32\LFKODAK.DLL <Not Verified; ; Reference Implementation>
2008-07-10 19:09:26 27136 -----n--- F:\WINDOWS\system32\LFIMG80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:26 46080 -----n--- F:\WINDOWS\system32\LFICA80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:25 52224 -----n--- F:\WINDOWS\system32\LFFPX80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:25 338944 -----n--- F:\WINDOWS\system32\LFFPX7.DLL <Not Verified; ; Reference Implementation>
2008-07-10 19:09:25 64512 -----n--- F:\WINDOWS\system32\LFFAX80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:25 30208 -----n--- F:\WINDOWS\system32\LFEPS80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:24 235008 -----n--- F:\WINDOWS\system32\LFDIC80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:24 232960 -----n--- F:\WINDOWS\system32\LFCMP80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:24 26624 -----n--- F:\WINDOWS\system32\LFCAL80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:23 33280 -----n--- F:\WINDOWS\system32\LFBMP80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:23 28672 -----n--- F:\WINDOWS\system32\LFAWD80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:22 25600 -----n--- F:\WINDOWS\system32\LFMAC80N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-07-10 19:09:22 251392 -----n--- F:\WINDOWS\system32\Iepicimp.dll <Not Verified; GST Technology Ltd.; IEPICIMP Dynamic Link Library>
2008-07-10 10:30:28 0 d-------- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-10 10:30:26 0 d-------- F:\WINDOWS\system32\Kaspersky Lab
2008-07-10 08:51:57 25600 --a------ F:\WINDOWS\system32\WS2Fix.exe
2008-07-10 08:51:57 289144 --a------ F:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-10 08:51:57 86528 --a------ F:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-10 08:51:57 288417 --a------ F:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-10 08:51:57 53248 --a------ F:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-10 08:51:57 82944 --a------ F:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-10 08:51:57 51200 --a------ F:\WINDOWS\system32\dumphive.exe
2008-07-10 08:51:57 81920 --a------ F:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-10 00:25:48 0 d-------- F:\WINDOWS\system32\FxsTmp
2008-07-09 19:52:11 0 d-------- F:\Program Files\Trend Micro
2008-07-09 17:13:48 0 dr-h----- F:\Documents and Settings\Pete\Recent
2008-07-09 12:39:57 0 d-------- F:\Documents and Settings\Pete\Application Data\TmpRecentIcons
2008-07-08 20:38:38 0 d-------- F:\10Kone
2008-07-08 20:05:02 0 d-------- F:\Program Files\Affiliate ID Manager
2008-07-08 18:17:05 0 d-------- F:\Small Business Bookseller
2008-07-08 16:38:09 0 d-------- F:\AX Gold
2008-07-07 18:11:51 0 d-------- F:\Dropshipping
2008-07-05 19:09:36 0 d-------- F:\Documents and Settings\Pete\Application Data\gtk-2.0
2008-07-05 19:09:35 0 d-------- F:\Documents and Settings\Pete\.thumbnails
2008-07-05 19:05:04 0 d-------- F:\Documents and Settings\Pete\.gimp-2.4
2008-07-05 19:04:17 0 d-------- F:\Program Files\GIMP-2.0
2008-07-03 19:19:50 0 d-------- F:\5000 Images
2008-07-03 16:48:55 0 d-------- F:\Documents and Settings\LocalService\Application Data\Help
2008-07-02 22:41:52 0 d-------- F:\WINDOWS\pss
2008-07-02 13:04:43 0 d-------- F:\Ebay Stuff
2008-06-29 22:25:02 21648 --a------ F:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-06-29 22:24:06 0 d-------- F:\XFORMSCD
2008-06-29 22:23:58 20976 --a------ F:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-06-29 22:23:55 0 d-------- F:\Documents and Settings\Pete\WINDOWS
2008-06-29 20:27:16 1085 --a------ F:\WINDOWS\EReg011.dat
2008-06-29 20:21:59 0 d-------- F:\Documents and Settings\All Users\Application Data\SBT
2008-06-29 20:21:46 0 d-------- F:\Program Files\Snapshot Viewer
2008-06-29 10:58:01 0 d-------- F:\Documents and Settings\Pete\Application Data\FileMaker
2008-06-29 10:57:57 0 d-------- F:\Program Files\Webservice Detlev Reimer
2008-06-26 20:01:10 0 d-------- F:\Documents and Settings\Pete\Contacts
2008-06-26 20:00:18 0 d------c- F:\WINDOWS\system32\DRVSTORE
2008-06-26 19:59:44 0 d-------- F:\Program Files\MSN Messenger
2008-06-26 19:54:24 56 --ah----- F:\WINDOWS\system32\ezsidmv.dat
2008-06-26 19:54:23 0 d-------- F:\Documents and Settings\Pete\Application Data\skypePM
2008-06-26 19:53:00 0 d-------- F:\Documents and Settings\Pete\Application Data\Skype
2008-06-26 19:52:30 0 d-------- F:\Program Files\Skype
2008-06-26 19:52:29 0 d-------- F:\Program Files\Common Files\Skype
2008-06-26 19:52:21 0 d-------- F:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 21:30:51 1902 --a------ F:\WINDOWS\system32\tmp.reg
2008-06-25 10:01:14 0 d-------- F:\Program Files\HyperVRE
2008-06-25 09:47:01 0 d-------- F:\HyperVRE
2008-06-23 14:10:29 0 d-------- F:\Buzz
2008-06-22 22:26:46 0 d-------- F:\Forms
2008-06-22 10:47:47 0 d-------- F:\Online Payment Protector
2008-06-21 17:10:47 0 d-------- F:\WINDOWS\Sun
2008-06-21 16:28:51 0 d-------- F:\Cube Cart
2008-06-21 11:30:04 0 d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-21 11:23:24 0 d-------- F:\Program Files\Windows Media Connect 2
2008-06-21 11:22:29 0 d-------- F:\WINDOWS\system32\LogFiles
2008-06-21 11:22:29 0 d-------- F:\WINDOWS\system32\drivers\UMDF
2008-06-21 10:26:48 286720 --a------ F:\WINDOWS\system32\swb_uninst.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-06-21 08:25:17 0 d-------- F:\Templates
2008-06-21 07:55:04 0 d-------- F:\Surefire Wealth
2008-06-20 20:27:40 0 d-------- F:\Program Files\KeywordMaster
2008-06-19 15:52:00 0 d-------- F:\WINDOWS\system32\Lang
2008-06-19 14:47:44 40960 -r------- F:\WINDOWS\system32\ChCfg.exe
2008-06-19 14:47:25 0 d-------- F:\WINDOWS\system32\RTCOM
2008-06-19 14:46:38 0 d-------- F:\Program Files\Realtek
2008-06-19 14:46:29 487424 -r------- F:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-19 14:40:08 516096 -----n--- F:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-19 14:39:44 0 d-------- F:\WINDOWS\system32\ReinstallBackups
2008-06-19 14:25:33 0 d-------- F:\Program Files\MSXML 4.0
2008-06-19 14:25:15 0 d-------- F:\TempEI4
2008-06-17 10:00:04 0 d-------- F:\Jeremy Burns
2008-06-16 16:48:40 25 --a------ F:\WINDOWS\SW_Win2146X32.DLL
2008-06-16 16:47:20 0 d-------- F:\Documents and Settings\Pete\Application Data\Help
2008-06-16 16:34:18 0 d-------- F:\Internet Pie
2008-06-16 16:16:28 0 d-------- F:\Wholesale Sources Directory
2008-06-16 16:10:17 0 d-------- F:\Internet Marketing Worx
2008-06-16 12:37:04 0 d-------- F:\Documents and Settings\Pete\Application Data\OpenOffice.org2
2008-06-15 08:36:06 0 d-------- F:\ZZ Websites
2008-06-15 07:03:27 0 d-------- F:\Documents and Settings\Pete\Application Data\FileZilla
2008-06-15 06:37:04 0 d-------- F:\Program Files\Affiliate Manager
2008-06-15 06:10:00 0 d-------- F:\Graphics
2008-06-15 05:58:33 0 d-------- F:\PLR
2008-06-14 23:09:45 0 d-------- F:\Program Files\OpenOffice.org 2.4
2008-06-14 23:08:53 0 d-------- F:\Program Files\Java
2008-06-14 23:08:52 0 d-------- F:\Program Files\Common Files\Java
2008-06-14 23:08:43 0 d-------- F:\Documents and Settings\Pete\Application Data\Sun
2008-06-14 22:39:58 72704 --a------ F:\WINDOWS\system32\odbctl32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-06-14 22:38:56 368912 --a------ F:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-14 22:38:56 294912 --a------ F:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 166672 --a------ F:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 262144 --a------ F:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 250128 --a------ F:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 168720 --a------ F:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 1238288 --a------ F:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 1050896 --a------ F:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 252688 --a------ F:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 344064 --a------ F:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 44304 --a------ F:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 415504 --a------ F:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-06-14 22:38:55 24848 --a------ F:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 123664 --a------ F:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 39424 --a------ F:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2008-06-14 22:38:39 0 d-------- F:\Program Files\ProVenture
2008-06-14 22:38:38 0 d-------- F:\Program Files\Common Files\MySoftware
2008-06-14 22:37:43 0 d-------- F:\WINDOWS\system32\Temp
2008-06-14 17:01:41 0 d-------- F:\Program Files\FileZilla FTP Client
2008-06-14 16:05:33 0 d-------- F:\Documents and Settings\Pete\Application Data\WinRAR
2008-06-14 15:34:03 0 d-------- F:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-06-14 14:59:29 339968 --a------ F:\WINDOWS\system32\cdintf.dll <Not Verified; AMYUNI Consultants
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-14 14:56:23 0 d-------- F:\Program Files\Common Files\AnswerWorks 4.0
2008-06-14 14:55:30 0 d-------- F:\Program Files\Common Files\Intuit
2008-06-14 14:55:25 0 d-------- F:\Program Files\Intuit
2008-06-14 14:54:02 0 d-------- F:\Documents and Settings\All Users\Application Data\Intuit
2008-06-14 14:47:17 0 d-------- F:\DownLoads
2008-06-14 12:52:29 4096 --a------ F:\Documents and Settings\All Users\Application Data\ScheduledItems
2008-06-14 12:48:54 0 d-------- F:\WINDOWS\system32\Backup
2008-06-14 12:48:54 0 d-------- F:\Documents and Settings\Pete\Application Data\IsolatedStorage
2008-06-14 12:48:51 1890 --ahs---- F:\WINDOWS\system32\KGyGaAvL.sys
2008-06-14 12:48:51 56 -r-hs---- F:\WINDOWS\system32\240B7AE127.sys
2008-06-14 12:48:36 0 d-------- F:\WINDOWS\SQLHotfix
2008-06-14 12:47:12 0 d-------- F:\Documents and Settings\Pete\Application Data\ACT
2008-06-14 12:45:59 306688 --a------ F:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-14 12:44:39 0 d-------- F:\Program Files\Microsoft SQL Server
2008-06-14 12:34:13 0 d-------- F:\WINDOWS\system32\URTTemp
2008-06-14 10:51:56 0 d-------- F:\Program Files\CCleaner
2008-06-14 09:47:23 0 d-------- F:\Documents and Settings\All Users\Application Data\RoboForm
2008-06-14 09:46:45 0 d-------- F:\Program Files\Siber Systems
2008-06-14 09:39:54 0 d-------- F:\Documents and Settings\All Users\Application Data\Adobe
2008-06-14 09:39:49 0 d-------- F:\Program Files\Common Files\Adobe
2008-06-14 09:38:58 0 d-------- F:\Program Files\Adobe Media Player
2008-06-14 09:38:48 0 d-------- F:\Documents and Settings\Pete\Application Data\Macromedia
2008-06-14 09:38:47 0 d-------- F:\Documents and Settings\Pete\Application Data\Adobe
2008-06-14 09:31:39 0 d-------- F:\Directories
2008-06-14 09:31:01 0 d-------- F:\Design Shrine
2008-06-14 09:30:46 0 d-------- F:\CashFlow Websites
2008-06-14 09:11:41 0 d-------- F:\VAULT
2008-06-14 08:20:35 0 d-------- F:\Program Files\EditPlus 3
2008-06-14 08:20:35 0 d-------- F:\Documents and Settings\Pete\Application Data\EditPlus 3
2008-06-13 22:41:09 0 d-------- F:\Program Files\Avira
2008-06-13 22:41:09 0 d-------- F:\Documents and Settings\All Users\Application Data\Avira
2008-06-13 22:34:25 0 d-------- F:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-13 22:33:44 0 d-------- F:\Program Files\Common Files\PC Tools
2008-06-13 22:32:12 0 d-------- F:\Documents and Settings\LocalService\Application Data\Google
2008-06-13 22:32:11 0 dr------- F:\Documents and Settings\LocalService\Favorites
2008-06-13 22:21:36 0 d-------- F:\Documents and Settings\Pete\Application Data\Google
2008-06-13 21:55:58 0 d-------- F:\WINDOWS\system32\PreInstall
2008-06-13 21:55:56 0 d--h----- F:\WINDOWS\$hf_mig$
2008-06-13 21:53:32 0 d-a------ F:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 21:53:21 0 d-------- F:\Program Files\Spyware Doctor
2008-06-13 21:53:21 0 d-------- F:\Documents and Settings\Pete\Application Data\PC Tools
2008-06-13 21:53:20 0 d-------- F:\Documents and Settings\All Users\Application Data\Google
2008-06-13 21:53:17 0 d-------- F:\Program Files\Google
2008-06-13 21:40:12 0 d-------- F:\WINDOWS\system32\SoftwareDistribution
2008-06-13 21:35:41 256896 -ra------ F:\WINDOWS\system32\drivers\MRV8K51.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>
2008-06-13 21:35:41 0 d-------- F:\Program Files\D-Link AirPlus G
2008-06-13 21:35:31 0 d-------- F:\Program Files\Common Files\InstallShield
2008-06-13 18:15:15 0 d-------- F:\WINDOWS\ShellNew
2008-06-13 18:14:09 0 d-------- F:\Documents and Settings\Pete\Application Data\Microsoft Web Folders
2008-06-13 18:06:20 0 d---s---- F:\Documents and Settings\Pete\UserData
2008-06-13 17:44:04 0 d-------- F:\Documents and Settings\Pete\Application Data\Identities
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\Templates
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\Start Menu
2008-06-13 17:43:52 0 dr-h----- F:\Documents and Settings\Pete\SendTo
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\PrintHood
2008-06-13 17:43:52 2883584 --ah----- F:\Documents and Settings\Pete\NTUSER.DAT
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\NetHood
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\My Documents
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\Local Settings
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\Favorites
2008-06-13 17:43:52 0 d-------- F:\Documents and Settings\Pete\Desktop
2008-06-13 17:43:52 0 d---s---- F:\Documents and Settings\Pete\Cookies
2008-06-13 17:43:52 0 dr-h----- F:\Documents and Settings\Pete\Application Data
2008-06-13 17:40:54 0 d-------- F:\WINDOWS\SoftwareDistribution
2008-06-13 17:40:53 0 d-------- F:\WINDOWS\Prefetch
2008-06-13 17:40:52 0 d---s---- F:\WINDOWS\system32\Microsoft
2008-06-13 17:40:52 0 d--h----- F:\Documents and Settings\LocalService\Local Settings
2008-06-13 17:40:52 0 d---s---- F:\Documents and Settings\LocalService\Cookies
2008-06-13 17:40:52 0 d-------- F:\Documents and Settings\LocalService\Application Data
2008-06-13 17:40:52 0 d---s---- F:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-13 17:40:51 262144 --ah----- F:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-13 17:40:04 225280 --ah----- F:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-13 17:40:04 0 d--h----- F:\Documents and Settings\NetworkService\Local Settings
2008-06-13 17:40:04 0 d---s---- F:\Documents and Settings\NetworkService\Cookies
2008-06-13 17:40:04 0 d-------- F:\Documents and Settings\NetworkService\Application Data
2008-06-13 17:40:04 0 d---s---- F:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-13 17:37:23 0 d-------- F:\WINDOWS\system32\xircom
2008-06-13 17:37:23 0 d-------- F:\Program Files\microsoft frontpage
2008-06-13 17:37:21 225280 --ah----- F:\Documents and Settings\Default User\NTUSER.DAT
2008-06-13 17:36:22 0 d--hs---- F:\Documents and Settings\All Users\DRM
2008-06-13 17:36:13 0 dr------- F:\WINDOWS\Offline Web Pages
2008-06-13 17:36:13 0 d---s---- F:\WINDOWS\Downloaded Program Files
2008-06-13 17:36:03 0 d--h----- F:\Program Files\WindowsUpdate
2008-06-13 17:35:42 0 d-------- F:\WINDOWS\system32\DirectX
2008-06-13 17:35:06 0 d---s---- F:\WINDOWS\Tasks
2008-06-13 17:35:05 0 d-------- F:\Program Files\Common Files\MSSoap
2008-06-13 17:35:00 0 d-------- F:\WINDOWS\srchasst
2008-06-13 17:34:59 0 d-------- F:\WINDOWS\system32\Macromed
2008-06-13 17:34:49 0 d-------- F:\Program Files\Movie Maker
2008-06-13 17:34:40 0 d-------- F:\WINDOWS\system32\Restore
2008-06-13 17:34:21 21640 --a------ F:\WINDOWS\system32\emptyregdb.dat
2008-06-13 17:34:06 0 d-------- F:\WINDOWS\Registration
2008-06-13 17:33:41 0 d-------- F:\Program Files\Online Services
2008-06-13 17:33:36 0 d-------- F:\Program Files\Messenger
2008-06-13 17:33:32 0 d-------- F:\Program Files\MSN Gaming Zone
2008-06-13 17:32:46 0 d-------- F:\Program Files\Windows NT
2008-06-13 17:32:43 0 d-------- F:\WINDOWS\system32\MsDtc
2008-06-13 17:32:41 0 d-------- F:\WINDOWS\system32\Com
2008-06-13 13:17:01 0 d--hs---- F:\WINDOWS\Installer
2008-06-13 13:17:00 0 d-------- F:\Program Files\Common Files\ODBC
2008-06-13 13:16:56 0 d-------- F:\Program Files\Common Files\SpeechEngines
2008-06-13 13:16:55 0 dr------- F:\Program Files
2008-06-13 13:16:55 0 d-------- F:\Program Files\Common Files
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\Templates
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\Default User\Start Menu
2008-06-13 13:16:29 0 dr-h----- F:\Documents and Settings\Default User\SendTo
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\Recent
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\PrintHood
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\NetHood
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\My Documents
2008-06-13 13:16:29 0 dr-h----- F:\Documents and Settings\Default User\Local Settings
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\Favorites
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\Desktop
2008-06-13 13:16:29 0 d---s---- F:\Documents and Settings\Default User\Cookies
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\All Users\Templates
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\All Users\Start Menu
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\All Users\Favorites
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\All Users\Documents
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\All Users\Desktop
2008-06-13 13:15:12 0 d-------- F:\WINDOWS\system32\CatRoot2
2008-06-13 13:15:12 0 d-------- F:\WINDOWS\system32\CatRoot
2008-06-13 13:15:07 0 dr-h----- F:\Documents and Settings\Default User\Application Data
2008-06-13 13:15:07 0 d---s---- F:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-13 13:15:06 0 dr-h----- F:\Documents and Settings\All Users\Application Data
2008-06-13 13:15:06 0 d---s---- F:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-13 13:14:40 0 d--hs---- F:\System Volume Information
2008-06-13 13:14:40 0 d-------- F:\Documents and Settings
2008-06-13 13:06:28 0 d-------- F:\WINDOWS
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\WinSxS
2008-06-13 13:06:28 0 dr------- F:\WINDOWS\Web
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\twain_32
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\wins
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\wbem
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\usmt
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\spool
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ShellExt
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\Setup
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ras
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\oobe
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\npp
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\mui
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\inetsrv
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\IME
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\icsxml
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ias
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\export
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers\etc
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers\disdn
2008-06-13 13:06:28 0 dr-hs--c- F:\WINDOWS\system32\dllcache
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\dhcp
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\config
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\3com_dmi
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\3076
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\2052
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1054
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1042
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1041
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1037
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1033
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1031
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1028
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1025
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\security
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Resources
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\repair
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Provisioning
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\PeerNet
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\pchealth
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\mui
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\msapps
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\msagent
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Media
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\java
2008-06-13 13:06:28 0 d--h----- F:\WINDOWS\inf
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\ime
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Help
2008-06-13 13:06:28 0 dr--s---- F:\WINDOWS\Fonts
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Driver Cache
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Debug
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Cursors
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Connection Wizard
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Config
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\AppPatch
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-06-13 13:16:29 62 --ahs---- F:\Documents and Settings\Pete\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="F:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 15:14]
"avgnt"="F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06]
"RTHDCPL"="RTHDCPL.EXE" [10/14/2005 21:51 F:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="F:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 15:54]
"MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54]
"RoboForm"="F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [07/06/2008 16:48]

F:\Documents and Settings\Pete\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - F:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"F:\Program Files\Spyware Doctor\pctsTray.exe"




-- End of Deckard's System Scanner: finished at 2008-07-11 10:13:51 ------------



Malwarebytes' Anti-Malware 1.20
Database version: 938
Windows 5.1.2600 Service Pack 2

9:51:53 AM 7/11/2008
mbam-log-7-11-2008 (09-51-53).txt

Scan type: Quick Scan
Objects scanned: 38662
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{1a75e5df-d009-40d8-8663-fb8e97cd179e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6def6aa1-5511-4f1e-ac3b-caeb61c47fef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4a662651-4d1a-4fbb-8a9e-f63d45790c5e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Explorer killed successfully
F:\Wholesale Lists\Wholesale Wedding Favors and Party Favors by Kate Aspen_files moved successfully.
F:\Wholesale Lists\Wholesale Suppliers - Directory of wholesale products_files moved successfully.
F:\Wholesale Lists\Wholesale Lots Wholesale Products & Suppliers China Manufacturers Ebay & Auction Resources_files moved successfully.
F:\Wholesale Lists\Wholesale Handbags - Wholesale Designer Handbags - Wholesale Purses_files moved successfully.
F:\Wholesale Lists\Wholesale Directory - Wholesale Merchandise Suppliers, Distributors, Products_files moved successfully.
F:\Wholesale Lists\Listing of Manufacturers and Wholesalers of Gifts_files\bannerview_files moved successfully.
F:\Wholesale Lists\Listing of Manufacturers and Wholesalers of Gifts_files moved successfully.
F:\Wholesale Lists\KCP Wholesale Distributors - Wholesale_files moved successfully.
F:\Wholesale Lists\Electronics Nation - Refurbished LCD and Plasma HDTVs and Home Theatre Systems_files moved successfully.
F:\Wholesale Lists\consolesuppliers moved successfully.
F:\Wholesale Lists\Apparel Search Directory for Clothing and Fashion Industry_files\apparelsearch_files moved successfully.
F:\Wholesale Lists\Apparel Search Directory for Clothing and Fashion Industry_files moved successfully.
F:\Wholesale Lists\Apparel Search Clothing and Fashion B2B Directory_files\home_page_header_files moved successfully.
F:\Wholesale Lists\Apparel Search Clothing and Fashion B2B Directory_files\apparel_search_fashion_portal_files moved successfully.
F:\Wholesale Lists\Apparel Search Clothing and Fashion B2B Directory_files moved successfully.
F:\Wholesale Lists\2007_laptop_wholesale_list_(2)\How_I_sell_thousands_of_products_from_home moved successfully.
F:\Wholesale Lists\2007_laptop_wholesale_list_(2) moved successfully.
F:\Wholesale Lists moved successfully.
< purity >
< EmptyTemp >
File delete failed. F:\DOCUME~1\Pete\LOCALS~1\Temp\~DF1B5D.tmp scheduled to be deleted on reboot.
File delete failed. F:\DOCUME~1\Pete\LOCALS~1\Temp\~DF1B75.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
File/Folder not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07112008_092434

Files moved on Reboot...
File F:\DOCUME~1\Pete\LOCALS~1\Temp\~DF1B5D.tmp not found!
File F:\DOCUME~1\Pete\LOCALS~1\Temp\~DF1B75.tmp not found!
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#10
peteVA

peteVA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
You are thanking me for my patience? I should be thanking you for your efforts in my behalf.

One further question -

I have been running Spyware Doctor ana Avira AntiVirus all along.

I have also just now downloaded and installed your suggestions above.

What sort of conflicts am I going to run into with all of this going on?

Should I disable the Spyware Doctor and just use Spayware Guard?

Will the Avira interact with the others?

I will use your paypal button to the tune of $ 20. It's been going on 3 days of bother for me, I wish I could afford more.

Thanks!
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
If Spyware Doctor offers real-time protection then it may conflict with SpywareGuard. Just don't have more than one anti-virus or firewall running and you will be fine. Personally I would recommend removing SpywareDoctor, it isn't any good.

If SpywareDoctor has an anti-virus then that will conflict with Avira. I find Avira to be very good myself.

Honestly a simple thank you makes all this worth while, and you said that a few times :)

Let me know if you have any more questions
  • 0

#12
peteVA

peteVA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
"Honestly a simple thank you makes all this worth while, and you said that a few times smile.gif"

I know that. I spend hours a day help others on forums.

But some dedicated help like you gave sure got me out of a jam and it's worth it to me.

And it is nice to know you are appreciated. :)

I'll turn off SD. Just re-upped for a year, too. Oh well!
.
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP