[Sandra D]

We have been infrcted with this VBS Malware Gen for about a week or so. It has got to the point that I just don't know how to get rid of it. I need your guidance please. I am not so fast at the computer but I can follow instructions!

[Advertisements]

Hi there Sandra D

Welcome to G2Go.
=====================

If the scan does not fit you can upload it here and attach it.


Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• In the Drivers section click on Non-Microsoft.
• Under Additional Scans click the checkboxes in front of the following items to select them:
  • Reg - BotCheck
    File - Additional Folder Scans
    Rootkit Search -Yes
    Drivers -Non Microsoft
    
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

[kahdah]

Hi there Sandra D

Welcome to G2Go.
=====================

If the scan does not fit you can upload it here and attach it.


Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• In the Drivers section click on Non-Microsoft.
• Under Additional Scans click the checkboxes in front of the following items to select them:
  • Reg - BotCheck
    File - Additional Folder Scans
    Rootkit Search -Yes
    Drivers -Non Microsoft
    
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

[Sandra D]

[code=auto:0]OTScanIt logfile created on: 08/23/08 3:15:17 PM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

447.48 Mb Total Physical Memory | 105.75 Mb Available Physical Memory | 23.63% Memory free
1.03 Gb Paging File | 0.67 Gb Available in Paging File | 65.04% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.73 Gb Total Space | 50.87 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive D: | 4.79 Gb Total Space | 0.62 Gb Free Space | 12.95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MULEY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 234656 bytes | Modified Date = 09/06/03 7:20:50 AM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 255136 bytes | Modified Date = 09/06/03 7:20:46 AM | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 07/19/08 7:25:06 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 07/19/08 7:38:28 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 02/22/08 4:25:21 AM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 05/07/98 5:04:38 PM | Attr = ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/03 4:38:42 PM | Attr = ]
hphmon05.exe -> %SystemRoot%\system32\hphmon05.exe -> Hewlett-Packard [Ver = 5,1,7 | Size = 483328 bytes | Modified Date = 08/21/03 4:15:48 AM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 02/11/03 8:02:48 PM | Attr = ]
vttimer.exe -> %SystemRoot%\system32\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.100.2004.0115 | Size = 49152 bytes | Modified Date = 01/16/04 4:33:44 AM | Attr = ]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 06/29/04 9:06:38 AM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 07/19/08 7:38:34 AM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 04/01/04 2:01:06 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 70816 bytes | Modified Date = 09/06/03 7:20:44 AM | Attr = ]
motivesb.exe -> %ProgramFiles%\Verizon\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.22.asst_classic.smartbridge.20060421_153000 | Size = 438359 bytes | Modified Date = 06/23/06 12:33:02 PM | Attr = ]
moffice.exe -> %ProgramFiles%\Browser Mouse\MOffice.exe -> [Ver = 1, 0, 0, 1 | Size = 958464 bytes | Modified Date = 11/11/06 3:56:37 PM | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 03/09/07 11:09:58 AM | Attr = ]
mouse32a.exe -> %ProgramFiles%\Browser Mouse\mouse32a.exe -> [Ver = 4.0.0.0 | Size = 356352 bytes | Modified Date = 11/11/06 3:56:33 PM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 09/16/03 1:19:24 PM | Attr = ]
popsub.exe -> %ProgramFiles%\InterMute\PopSubtract\PopSub.exe -> interMute, Inc. [Ver = 1, 3, 8, 0 | Size = 233472 bytes | Modified Date = 02/03/04 11:05:18 AM | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 218272 bytes | Modified Date = 09/06/03 7:20:48 AM | Attr = ]
gearsec.exe -> %SystemRoot%\system32\gearsec.exe -> GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Modified Date = 11/03/03 8:47:08 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 01/04/07 2:38:08 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 10/24/06 5:10:18 PM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 07/19/08 7:38:04 AM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 07/23/08 7:25:45 AM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 42 | Size = 111816 bytes | Modified Date = 11/10/04 9:15:31 PM | Attr = ]
jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 329104 bytes | Modified Date = 02/22/08 4:25:20 AM | Attr = ]
hptskmgr.exe -> %ProgramFiles%\HP\hpcoretech\comp\hptskmgr.exe -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 135168 bytes | Modified Date = 12/22/03 4:38:40 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.1622 | Size = 151597 bytes | Modified Date = 04/01/04 1:41:13 AM | Attr = ]
rnathchk.exe -> %CommonProgramFiles%\Real\Update_OB\rnathchk.exe -> RealNetworks, Inc. [Ver = 7.0.0.1176 | Size = 57389 bytes | Modified Date = 04/01/04 1:41:12 AM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 07/12/08 9:29:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 07/19/08 7:25:06 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 07/19/08 7:38:28 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 07/19/08 7:38:04 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 07/23/08 7:25:45 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 255136 bytes | Modified Date = 09/06/03 7:20:46 AM | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 218272 bytes | Modified Date = 09/06/03 7:20:48 AM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 87200 bytes | Modified Date = 09/06/03 7:20:48 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 234656 bytes | Modified Date = 09/06/03 7:20:50 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 08/04/04 12:56:48 AM | Attr = ]
(GEARSecurity) Gear Security Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\gearsec.exe -> GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Modified Date = 11/03/03 8:47:08 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/04 4:24:18 AM | Attr = ]
(iPodService) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.2.0.74 | Size = 417792 bytes | Modified Date = 01/16/04 8:16:06 PM | Attr = ]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.2.0.108 | Size = 197896 bytes | Modified Date = 08/31/03 9:27:40 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 01/04/07 2:38:08 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 26944 bytes | Modified Date = 07/19/08 7:32:15 AM | Attr = ]
(AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Modified Date = 10/07/04 6:16:04 PM | Attr = ]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:07:15 | Size = 1268204 bytes | Modified Date = 06/29/04 9:07:18 AM | Attr = ]
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ALCXSENS.SYS -> Sensaura Ltd [Ver = 5.10.00.3511D | Size = 391424 bytes | Modified Date = 12/12/03 7:54:14 AM | Attr = ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5730 built by: WinDDK | Size = 2279424 bytes | Modified Date = 10/01/04 10:24:02 AM | Attr = ]
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Modified Date = 07/19/08 7:37:42 AM | Attr = ]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 94416 bytes | Modified Date = 07/19/08 7:37:21 AM | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 23152 bytes | Modified Date = 07/19/08 7:33:42 AM | Attr = ]
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Modified Date = 07/19/08 7:35:18 AM | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 42912 bytes | Modified Date = 07/19/08 7:32:36 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 08/03/04 11:07:17 PM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 08/03/04 11:07:16 PM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 08/29/02 5:00:00 AM | Attr = ]
(fasttx2k) fasttx2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Fasttx2k.sys -> Promise Technology, Inc. [Ver = 1.00.0030.11 | Size = 142336 bytes | Modified Date = 12/02/03 7:23:20 PM | Attr = ]
(FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.41.00.0426 | Size = 42496 bytes | Modified Date = 12/16/04 1:36:30 PM | Attr = ]
(FETNDISB) VIA Rhine Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5b.sys -> VIA Technologies, Inc. [Ver = 3.27.00.0412 | Size = 41984 bytes | Modified Date = 11/12/03 2:41:00 AM | Attr = ]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software [Ver = 1.028 | Size = 9760 bytes | Modified Date = 11/03/03 8:47:08 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3762 | Size = 681469 bytes | Modified Date = 02/10/04 7:17:06 PM | Attr = ]
(Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iviaspi.sys -> InterVideo, Inc. [Ver = 1, 0, 0, 0 | Size = 21060 bytes | Modified Date = 09/10/03 11:36:54 PM | Attr = ]
(moufiltr) Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\moufiltr.sys -> Chic Tech. [Ver = 1.00 | Size = 62592 bytes | Modified Date = 11/11/06 3:56:29 PM | Attr = ]
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 11/22/04 3:36:39 PM | Attr = ]
(Pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 09/19/03 1:47:00 AM | Attr = ]
(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 14112 bytes | Modified Date = 06/04/01 2:00:00 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 08/29/02 5:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.11B | Size = 46080 bytes | Modified Date = 11/03/05 4:00:00 AM | Attr = ]
(rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\R8139n51.sys -> Realtek Semiconductor Corporation [Ver = 5.505.1004.2002 built by: WinDDK | Size = 46976 bytes | Modified Date = 10/04/02 6:04:10 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/07 3:25:53 AM | Attr = ]
(SiS315) SiS315 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sisgrp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3560 | Size = 432000 bytes | Modified Date = 01/02/04 8:20:40 PM | Attr = ]
(SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGPX.SYS -> Silicon Integrated Systems Corporation [Ver = 7.2.0.1170 built by: WinDDK | Size = 36992 bytes | Modified Date = 07/18/03 5:58:20 PM | Attr = ]
(SiSkp) SiSkp [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srvkp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3560 | Size = 11520 bytes | Modified Date = 01/02/04 9:05:48 PM | Attr = ]
(sscdbus) SAMSUNG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdbus.sys -> MCCI Corporation [Ver = V4.40 | Size = 80552 bytes | Modified Date = 07/03/07 4:54:24 PM | Attr = ]
(sscdmdfl) SAMSUNG Mobile Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdmdfl.sys -> MCCI Corporation [Ver = V4.40 | Size = 11944 bytes | Modified Date = 07/03/07 4:57:24 PM | Attr = ]
(sscdmdm) SAMSUNG Mobile Modem Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdmdm.sys -> MCCI Corporation [Ver = V4.40 | Size = 106792 bytes | Modified Date = 07/03/07 4:58:20 PM | Attr = ]
(SYMDNS) SYMDNS [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 10728 bytes | Modified Date = 08/31/03 9:27:16 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.3.0.17 | Size = 82136 bytes | Modified Date = 08/16/03 7:22:12 AM | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 164552 bytes | Modified Date = 08/31/03 9:27:18 PM | Attr = ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 46376 bytes | Modified Date = 08/31/03 9:27:20 PM | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SymIDSCo.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 123240 bytes | Modified Date = 08/31/03 9:27:22 PM | Attr = ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 51560 bytes | Modified Date = 08/31/03 9:27:18 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 16328 bytes | Modified Date = 08/31/03 9:27:22 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 263240 bytes | Modified Date = 08/31/03 9:27:24 PM | Attr = ]
(viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.1.0.3442 built by: VIA | Size = 27904 bytes | Modified Date = 07/02/03 12:42:00 PM | Attr = ]
(viagfx) viagfx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vtmini.sys -> Copyright (C) VIA/S3 Graphics Co, Ltd. [Ver = 6.14.10.0194-16.94.42.03 | Size = 172672 bytes | Modified Date = 12/07/04 8:08:58 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 03/09/07 11:09:58 AM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 01/11/08 11:16:38 PM | Attr = ]
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 06/29/04 9:06:38 AM | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 07/19/08 7:38:34 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["c:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 2.0.2.806 | Size = 70816 bytes | Modified Date = 09/06/03 7:20:44 AM | Attr = ]
FLMOFFICE4DMOUSE -> %ProgramFiles%\Browser Mouse\MOffice.exe [C:\Program Files\Browser Mouse\MOffice.exe] -> [Ver = 1, 0, 0, 1 | Size = 958464 bytes | Modified Date = 11/11/06 3:56:37 PM | Attr = ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/03 4:38:42 PM | Attr = ]
HPHmon05 -> %SystemRoot%\system32\hphmon05.exe [C:\WINDOWS\System32\hphmon05.exe] -> Hewlett-Packard [Ver = 5,1,7 | Size = 483328 bytes | Modified Date = 08/21/03 4:15:48 AM | Attr = ]
HPHUPD05 -> %ProgramFiles%\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe] -> Hewlett-Packard [Ver = 5,1,7 | Size = 49152 bytes | Modified Date = 08/21/03 4:23:08 AM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe [c:\windows\system\hpsysdrv.exe] -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 05/07/98 5:04:38 PM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe [C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe] -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 02/17/06 9:59:46 AM | Attr = ]
IS CfgWiz -> %CommonProgramFiles%\Symantec Shared\CfgWiz.exe [c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"] -> Symantec Corporation [Ver = 4.0.0.92 | Size = 124096 bytes | Modified Date = 08/20/03 8:55:28 PM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe [C:\HP\KBD\KBD.EXE] -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 02/11/03 8:02:48 PM | Attr = ]
Motive SmartBridge -> %ProgramFiles%\Verizon\SmartBridge\MotiveSB.exe [C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe] -> Motive Communications, Inc. [Ver = 5.8.22.asst_classic.smartbridge.20060421_153000 | Size = 438359 bytes | Modified Date = 06/23/06 12:33:02 PM | Attr = ]
PS2 -> %SystemRoot%\system32\ps2.EXE [C:\WINDOWS\system32\ps2.exe] -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 10/16/02 4:57:10 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 04/01/04 2:01:06 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 04/14/04 1:43:46 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 02/22/08 4:25:21 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.1622 | Size = 151597 bytes | Modified Date = 04/01/04 1:41:13 AM | Attr = ]
VTTimer -> %SystemRoot%\system32\VTTimer.exe [VTTimer.exe] -> S3 Graphics, Inc. [Ver = 1.100.2004.0115 | Size = 49152 bytes | Modified Date = 01/16/04 4:33:44 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> [] -> File not found
BackupNotify -> %ProgramFiles%\HP\Digital Imaging\bin\BackupNotify.exe [c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe] -> Hewlett-Packard Company [Ver = 2004.01.08.0 | Size = 32768 bytes | Modified Date = 01/09/04 2:34:10 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,195 | Size = 4662776 bytes | Modified Date = 10/24/06 5:10:18 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 09/16/03 1:19:24 PM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\PopSubtract.lnk -> %ProgramFiles%\InterMute\PopSubtract\PopSub.exe -> interMute, Inc. [Ver = 1, 3, 8, 0 | Size = 233472 bytes | Modified Date = 02/03/04 11:05:18 AM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 07/30/03 5:49:48 AM | Attr = ]
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Secure Desktop Notification-ELF Desktop Beauty Advisor.lnk -> %ProgramFiles%\Secure Desktop Notification\ELF Desktop Beauty Advisor\sdn.exe -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 06/13/07 3:23:07 AM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 08/04/04 12:56:57 AM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 08/04/04 12:56:50 AM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/07 8:36:51 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 08/04/04 12:56:57 AM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3762 | Size = 339968 bytes | Modified Date = 02/10/04 6:51:10 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallpaper -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 2 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 2 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 2 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 08/03/04 10:59:52 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSAMSUNG_CDRW/DVD_SM-352F________________T903____\5&22ac9df0&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 03/31/04 11:00:15 PM | Attr = ]
AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 07/28/01 6:07:38 AM | Attr = HS]
Autorun.inf [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [Ver = | Size = 45 bytes | Modified Date = 09/11/02 3:02:32 AM | Attr = HS]
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOLTBSearch Class] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOLTBSearch Class] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> localhost ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1962 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 41 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/06 12:08:42 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 02/22/08 4:25:19 AM | Attr = ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 7.0.0.177 | Size = 126976 bytes | Modified Date = 09/06/03 11:31:28 PM | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value does not exist or could not be read.] -> File not found
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> Symantec Corporation [Ver = 7.0.0.177 | Size = 126976 bytes | Modified Date = 09/06/03 11:31:28 PM | Attr = ]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\hpdtlk02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.6 | Size = 98304 bytes | Modified Date = 09/03/03 6:42:14 PM | Attr = ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ]
SITEguard [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\hpdtlk02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.6 | Size = 98304 bytes | Modified Date = 09/03/03 6:42:14 PM | Attr = ]
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> Symantec Corporation [Ver = 7.0.0.177 | Size = 126976 bytes | Modified Date = 09/06/03 11:31:28 PM | Attr = ]
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\hpdtlk02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.6 | Size = 98304 bytes | Modified Date = 09/03/03 6:42:14 PM | Attr = ]
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 02/22/08 4:25:19 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 02/22/08 4:25:19 AM | Attr = ]
{3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,195 | Size = 4662776 bytes | Modified Date = 10/24/06 5:10:18 PM | Attr = ]
{F4430FE8-2638-42e5-B849-800749B94EED}:Exec -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [PartyPoker.net] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ]
CmdMapping\\{5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,1,0,195 | Size = 4662776 bytes | Modified Date = 10/24/06 5:10:18 PM | Attr = ]
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [PartyPoker.net] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AOL Toolbar Search -> %ProgramFiles%\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 09/07/06 1:59:50 PM | Attr = ]
Add To HP Organize... -> %ProgramFiles%\Hewlett-Packard\HP Organize\bin\core.hp.main\SendTo.html -> [Ver = | Size = 5438 bytes | Modified Date = 03/06/04 7:50:20 PM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{15B417F8-7750-4613-8CC9-7F099B6E7303} -> 85.255.115.44,85.255.112.187 (VIA Rhine II Fast Ethernet Adapter) ->
{6908DE68-6E19-49AA-BFBB-4AC665A07F60} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/03 4:38:40 PM | Attr = ]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{11260943-421B-11D0-8EAC-0000C07D88CF}[HKEY_LOCAL_MACHINE] -> http://www.ipix.com/download/ipixx.cab[iPIX ActiveX Control] ->
{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www2.snapfish.com/SnapfishActivia.cab[Snapfish Activia] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://by136

[Sandra D]

i don't think it all came through. I will try to find how to split it in two or if you can help I would appreciate it.

[kahdah]

Post it from this line down:
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

[Sandra D]

Here is the attachment

Attached Files

•  OTScanIt.Txt   264.97KB   245 downloads

[Sandra D]

Hope I did it right

[kahdah]

When attaching it, it messes up the coding try to e-mail it to me here kahdah at aol.com replace at with @
send it as an attachment please.

[Sandra D]

Done

[kahdah]

Hi you appear to be running two antivirus programs Norton and AVast.
PLease uninstall whatever one is out of date.
I recommend getting rid of Norton.

AFter that Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===============================================================
Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt)
================================
AFter that Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========================
Then post all of those logs and then let me know how things are running?

[Sandra D]

Need your help again! The only Norton item I can find in the add/remove programs is the norton firewall. Is that what I need to remove?

[kahdah]

No as long as the Norton antivirus is not installed then you can proceed on with the next steps.

[Sandra D]

Username "Owner" - 08/23/08 16:20:42 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.44 85.255.112.187" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{15B417F8-7750-4613-8CC9-7F099B6E7303}
"nameserver"="85.255.115.44,85.255.112.187" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{15B417F8-7750-4613-8CC9-7F099B6E7303}
"DhcpNameServer"="85.255.115.51,85.255.112.21" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "lvesc" Value deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "jcysc" Value deleted
HKCR\CLSID\{4ACD7D3C-76AA-4547-8F5A-712475EC65BF}\_h\4 Deleted.
HKCR\CLSID\{CD28D708-DB10-424F-9259-96CA02E8DA9C}\_h\4 Deleted.
....
~~~~~ Misc files.
C:\WINDOWS\system32\{0080FA1F-60D5-48A8-9CF2-BFD1BCF52A39}.exe Deleted
C:\WINDOWS\system32\{03689C0C-C567-4B60-AE54-962C0E1F1981}.exe Deleted
C:\WINDOWS\system32\{041C9745-F98D-4221-9EC0-4B4175E67EE2}.exe Deleted
C:\WINDOWS\system32\{060DC413-050A-43AC-A752-F9B1992537A0}.exe Deleted
C:\WINDOWS\system32\{07E4EE92-096E-439D-B95E-326F0DB66D86}.exe Deleted
C:\WINDOWS\system32\{09CCA4E0-4897-4172-A24E-C516A1422331}.exe Deleted
C:\WINDOWS\system32\{0C0133F1-E2C6-49A1-84FF-48940E12E494}.exe Deleted
C:\WINDOWS\system32\{0CF55E74-62E8-44E9-A12A-8F43AC7A2BE0}.exe Deleted
C:\WINDOWS\system32\{0DF653A0-0F28-4B5E-86F7-EBFE0F804495}.exe Deleted
C:\WINDOWS\system32\{0E325371-964F-4982-BA8A-9707ED2F2558}.exe Deleted
C:\WINDOWS\system32\{0EF64BC6-968B-4E4F-AF2C-914EA618F337}.exe Deleted
C:\WINDOWS\system32\{0F10DF1F-2DD4-4D2E-B1E1-B7AE685AAC44}.exe Deleted
C:\WINDOWS\system32\{1003007D-8AC3-43FA-990F-B8E2D9DAA7F4}.exe Deleted
C:\WINDOWS\system32\{11BD2523-241C-4987-ADFF-06C920C62ABE}.exe Deleted
C:\WINDOWS\system32\{12FC7B10-095C-4E89-986B-8A2375B8999E}.exe Deleted
C:\WINDOWS\system32\{13AD8EA2-0817-4832-8268-F4FEA3C100FF}.exe Deleted
C:\WINDOWS\system32\{153CCE69-8E37-4BC0-A9D9-453840365FA5}.exe Deleted
C:\WINDOWS\system32\{177F3B1B-8633-46F8-BFD6-31EBBF2823FC}.exe Deleted
C:\WINDOWS\system32\{17C05721-26F4-4173-A34B-B3BB1FBA409F}.exe Deleted
C:\WINDOWS\system32\{1C6E144F-1CEA-42F8-AA73-00426BA431D9}.exe Deleted
C:\WINDOWS\system32\{1D59CCD3-946E-42B1-B7F2-7FC935F29D1C}.exe Deleted
C:\WINDOWS\system32\{1E0A8D7F-B543-4BAE-83B1-BD6A682179E8}.exe Deleted
C:\WINDOWS\system32\{1EC73E44-68C7-49E0-896F-904267F170C1}.exe Deleted
C:\WINDOWS\system32\{1ED08016-9C8E-4EF1-943D-8FCE26BB029F}.exe Deleted
C:\WINDOWS\system32\{1F538205-3930-464D-922B-3C1E868DEC68}.exe Deleted
C:\WINDOWS\system32\{22DA5C32-E2D5-4E3E-8058-FE567C745D7E}.exe Deleted
C:\WINDOWS\system32\{23169662-6B68-40AA-BF8F-90FA81DC1A42}.exe Deleted
C:\WINDOWS\system32\{24151159-9F31-47A3-A635-C4FFD155CA21}.exe Deleted
C:\WINDOWS\system32\{25A46BD8-5BDE-42FB-ADF5-5AF2D201FA11}.exe Deleted
C:\WINDOWS\system32\{2C58C81C-1375-4E56-930D-EC411C37F533}.exe Deleted
C:\WINDOWS\system32\{2D667622-309D-425E-B08B-EB751424167C}.exe Deleted
C:\WINDOWS\system32\{2FBE92B3-0048-4CB0-85B7-A8024E011BE6}.exe Deleted
C:\WINDOWS\system32\{307C6237-49F3-4FDE-8319-ECA90100A687}.exe Deleted
C:\WINDOWS\system32\{3C37BBB8-2765-4188-9DCF-643E58913FD7}.exe Deleted
C:\WINDOWS\system32\{3F269098-B695-4169-A6AE-80A13ED0B751}.exe Deleted
C:\WINDOWS\system32\{4040B327-4D46-4DEF-A9E8-24327F9BA7AE}.exe Deleted
C:\WINDOWS\system32\{42425969-7C9F-497C-BAE8-AC45ED98E0A9}.exe Deleted
C:\WINDOWS\system32\{43D54D6C-76F8-4BEA-B01B-C3E45B526FB4}.exe Deleted
C:\WINDOWS\system32\{44CE13EB-FC83-42C7-8A32-C49A718CA1CE}.exe Deleted
C:\WINDOWS\system32\{45A768A9-3323-465E-BAB5-E273C92C7174}.exe Deleted
C:\WINDOWS\system32\{45CBF1C2-328F-4649-B72B-E453C4CD7405}.exe Deleted
C:\WINDOWS\system32\{4F4F1F9F-5F8B-49FE-8798-057F1A7D932E}.exe Deleted
C:\WINDOWS\system32\{54889432-945D-4559-8837-663126ADACAC}.exe Deleted
C:\WINDOWS\system32\{54961E98-621F-43C4-817A-0EA1758E754F}.exe Deleted
C:\WINDOWS\system32\{557F4982-7914-45DF-9566-96B999FF9277}.exe Deleted
C:\WINDOWS\system32\{56D7EF5B-2942-4A53-8558-A8E20218E6B5}.exe Deleted
C:\WINDOWS\system32\{59B5220F-E04C-4180-9070-CFAA04F136CB}.exe Deleted
C:\WINDOWS\system32\{5C04253B-7212-4096-B1B7-ADA27C95CABD}.exe Deleted
C:\WINDOWS\system32\{5C23C78C-B8A2-4A7D-9BA7-6FECDC7E6053}.exe Deleted
C:\WINDOWS\system32\{5C606353-17D2-48EE-8AF6-9C9B7699E013}.exe Deleted
C:\WINDOWS\system32\{5D72CA93-8C57-4295-87D2-7795AB3510D9}.exe Deleted
C:\WINDOWS\system32\{64DFEAA1-5945-410A-B936-7CC56D81219B}.exe Deleted
C:\WINDOWS\system32\{6503740A-474C-4AD6-8ECD-C20A0ED4E17F}.exe Deleted
C:\WINDOWS\system32\{65272404-FC68-444E-BB83-4F0539CFD23A}.exe Deleted
C:\WINDOWS\system32\{669C8B54-18E4-4AB2-ADF2-F44F8EED9577}.exe Deleted
C:\WINDOWS\system32\{674BB916-39FD-4990-937E-4C947425A212}.exe Deleted
C:\WINDOWS\system32\{6991550E-F444-4713-B0B8-D6653BEAB647}.exe Deleted
C:\WINDOWS\system32\{6A6FAF55-C4F1-46EF-AB3E-FEF441B8B6A8}.exe Deleted
C:\WINDOWS\system32\{6A73D5CA-2D5A-4445-A02D-80401C9C0189}.exe Deleted
C:\WINDOWS\system32\{6BCDC77E-7F62-43C1-BD08-413565390BD5}.exe Deleted
C:\WINDOWS\system32\{6C44FC4B-45C9-4FC1-BC4F-F6E3C3656560}.exe Deleted
C:\WINDOWS\system32\{71384D46-B6BF-431A-8009-25D6365C2960}.exe Deleted
C:\WINDOWS\system32\{71441D3A-2993-4A63-B916-8CEB9A504CE7}.exe Deleted
C:\WINDOWS\system32\{71882530-6E4F-4A82-A5CD-7D1E27988321}.exe Deleted
C:\WINDOWS\system32\{71A7AD3F-03F1-4DC9-B81C-4FB43FF5F772}.exe Deleted
C:\WINDOWS\system32\{721627A2-24F6-438B-BF76-1B49A83D9FFA}.exe Deleted
C:\WINDOWS\system32\{72FE7EDA-9209-4730-985D-3F1B68D5D016}.exe Deleted
C:\WINDOWS\system32\{757567C0-C010-4FC4-BDA0-8A11B80A38B9}.exe Deleted
C:\WINDOWS\system32\{7654D7D0-BF56-45A9-98C5-86F58134151E}.exe Deleted
C:\WINDOWS\system32\{78508909-2B6D-4495-86FB-B4F2DCC8A034}.exe Deleted
C:\WINDOWS\system32\{798AEE96-69E1-4A6E-B088-73AE2DA848FC}.exe Deleted
C:\WINDOWS\system32\{7B75228A-23CB-418B-8C2B-87C94F257663}.exe Deleted
C:\WINDOWS\system32\{7B82418D-7C78-4A9E-BEF4-FEAC0A0EB21F}.exe Deleted
C:\WINDOWS\system32\{7F71CEDF-C1AB-4C04-90F6-F1C47E2CD918}.exe Deleted
C:\WINDOWS\system32\{8059C497-5052-42FB-850D-F8B223A366BF}.exe Deleted
C:\WINDOWS\system32\{8152D651-2C4A-4802-B9F2-F3C22395041B}.exe Deleted
C:\WINDOWS\system32\{8157C2A5-41EB-4656-8ACD-2A982629D49A}.exe Deleted
C:\WINDOWS\system32\{816F7732-711A-4CC0-B87A-D6900B5FDE67}.exe Deleted
C:\WINDOWS\system32\{84D6EAF5-431E-437F-93FF-95812101ADC9}.exe Deleted
C:\WINDOWS\system32\{84D7740F-26C0-4170-B902-4B525176F9BF}.exe Deleted
C:\WINDOWS\system32\{85272209-4A7B-4451-A7C9-35FEAE1D1A3B}.exe Deleted
C:\WINDOWS\system32\{8658DC64-BAB8-4165-B540-12CED7C17139}.exe Deleted
C:\WINDOWS\system32\{86FB26DC-28B7-46CB-8C0D-A8A571AFAD6C}.exe Deleted
C:\WINDOWS\system32\{880FD5A2-49BE-4A76-AB39-745A8A1A17E9}.exe Deleted
C:\WINDOWS\system32\{8A13ECF0-21EB-4CDA-909E-55BBA5BCEC12}.exe Deleted
C:\WINDOWS\system32\{8B1A9AE1-900F-484B-869D-7CBC61C9E3DD}.exe Deleted
C:\WINDOWS\system32\{8DAD70E7-E691-4E93-94D4-826DF88F15B6}.exe Deleted
C:\WINDOWS\system32\{907891C8-6E0F-4222-BA25-B2B374DF4CB6}.exe Deleted
C:\WINDOWS\system32\{90B1C6CA-2CA7-4E8A-8534-46597E83CD63}.exe Deleted
C:\WINDOWS\system32\{915C245A-3FFD-4C46-8D2C-842FFF4B075B}.exe Deleted
C:\WINDOWS\system32\{94FA1A87-B429-443D-A08F-1CF8E00A539E}.exe Deleted
C:\WINDOWS\system32\{951B384D-7BC6-4BAA-95A0-A035327A1A4F}.exe Deleted
C:\WINDOWS\system32\{96A9B350-8DB3-4EC4-874F-C071B04F6ADD}.exe Deleted
C:\WINDOWS\system32\{99841FBC-4AA3-4E93-BC1C-8FB5EE3FC2D0}.exe Deleted
C:\WINDOWS\system32\{9C58AC81-4F55-4711-A06E-7F079C4D6C33}.exe Deleted
C:\WINDOWS\system32\{9D1A3046-B887-4395-9010-F335E6D4C6F0}.exe Deleted
C:\WINDOWS\system32\{9E5E0B0B-7D5F-4CBD-903A-C20A6BA4F21E}.exe Deleted
C:\WINDOWS\system32\{A05D5BED-7D11-42FB-9EA6-C2AD134D5401}.exe Deleted
C:\WINDOWS\system32\{A348CEBF-F45C-47AE-BBCD-376426F7CC10}.exe Deleted
C:\WINDOWS\system32\{A34A9A3C-F0B5-430B-8FB8-D53868E6A08C}.exe Deleted
C:\WINDOWS\system32\{A61AA8C6-DBED-4FFC-8556-3FD3292F35C5}.exe Deleted
C:\WINDOWS\system32\{A650C89E-DA7D-41AE-956F-746C63D33498}.exe Deleted
C:\WINDOWS\system32\{A7034D7E-DBF8-4FC5-B36A-D159DFB9FF26}.exe Deleted
C:\WINDOWS\system32\{A7B6D36C-2C5F-4438-B1D5-467A581E303F}.exe Deleted
C:\WINDOWS\system32\{A7FFAD89-FFD3-4178-B9AC-78E745836325}.exe Deleted
C:\WINDOWS\system32\{A8CDF490-8D81-4F09-B5EC-4CCC9F5E0A49}.exe Deleted
C:\WINDOWS\system32\{AD5849B0-C0D2-4B09-B93B-FD5EA2545DDF}.exe Deleted
C:\WINDOWS\system32\{AD9C5ABD-B894-4A24-A8CE-B26B6030D39D}.exe Deleted
C:\WINDOWS\system32\{AFB04292-A17D-456F-A9A8-DAE25A0046DC}.exe Deleted
C:\WINDOWS\system32\{B598E5AD-DA8A-4F4C-A91C-F5E0FDCAE5C8}.exe Deleted
C:\WINDOWS\system32\{B771D20A-6383-4719-B26B-83BC6A602856}.exe Deleted
C:\WINDOWS\system32\{B8DFB821-0853-479A-B57E-8652B1039B94}.exe Deleted
C:\WINDOWS\system32\{B9787FB4-A5D7-4D21-A575-0408B919E93D}.exe Deleted
C:\WINDOWS\system32\{B9A7BBC3-D517-4953-85EF-25F2499E3035}.exe Deleted
C:\WINDOWS\system32\{BB345125-62E8-4FAB-B902-6BEECEA4E93B}.exe Deleted
C:\WINDOWS\system32\{BDCC3CC8-BEEF-4F6D-AB26-07E601561A13}.exe Deleted
C:\WINDOWS\system32\{BDEFC18D-858B-4382-9A87-AE3882DAC0E7}.exe Deleted
C:\WINDOWS\system32\{BFA55E82-9164-481D-9F91-34056EF87058}.exe Deleted
C:\WINDOWS\system32\{C0B927ED-08A2-4633-B504-4E322D4B6A32}.exe Deleted
C:\WINDOWS\system32\{C0E5A738-4691-468E-A15B-87E43AD09E00}.exe Deleted
C:\WINDOWS\system32\{C1945CB9-6353-4DF8-8C52-86A2AE7249A7}.exe Deleted
C:\WINDOWS\system32\{C1A829ED-7CB1-412B-80E3-AA0278AB4BBA}.exe Deleted
C:\WINDOWS\system32\{C5B06988-2005-48DF-92E9-DCAA0427F9B2}.exe Deleted
C:\WINDOWS\system32\{C680972D-8B43-4551-B62F-2A1D923DA37B}.exe Deleted
C:\WINDOWS\system32\{C7347135-CF54-447A-8B61-241B036DFF48}.exe Deleted
C:\WINDOWS\system32\{CC245027-6F0F-4E71-92DD-B0DC441ED7E8}.exe Deleted
C:\WINDOWS\system32\{CDEC1641-87E5-4CE0-946A-C58E822FA508}.exe Deleted
C:\WINDOWS\system32\{CF9628BC-985D-4732-BD5E-3C7E4500290D}.exe Deleted
C:\WINDOWS\system32\{D05BE6E3-85C7-465D-A2B5-560B13BFBA10}.exe Deleted
C:\WINDOWS\system32\{D261C913-5E6E-4B00-97D8-95B433C55D21}.exe Deleted
C:\WINDOWS\system32\{D2B9AD0F-6664-47F9-8313-C4DB2C91C05F}.exe Deleted
C:\WINDOWS\system32\{D2F7CD02-71A5-43EB-B507-DA8D439855DF}.exe Deleted
C:\WINDOWS\system32\{D72E664A-9333-4C9C-9F68-E692802EC9E5}.exe Deleted
C:\WINDOWS\system32\{D72FCBCA-F6B2-41C5-BF9D-D8A2F0E911BF}.exe Deleted
C:\WINDOWS\system32\{DCDB8555-79EA-4825-B26A-D3D34A620E8B}.exe Deleted
C:\WINDOWS\system32\{DD520858-B06A-4024-9C41-810EEB6E8BB3}.exe Deleted
C:\WINDOWS\system32\{DE06D1F2-7910-4B8D-A5E8-D100FEF9B565}.exe Deleted
C:\WINDOWS\system32\{E0C6664D-B208-48D9-8708-E60BF7D635BE}.exe Deleted
C:\WINDOWS\system32\{E1C6BDA7-249F-4FD3-903C-598A8372AD81}.exe Deleted
C:\WINDOWS\system32\{E4521395-7BFD-43C5-9EFD-8465B4A3AC27}.exe Deleted
C:\WINDOWS\system32\{E55F4A80-2412-4F2B-B603-12B36F9857F2}.exe Deleted
C:\WINDOWS\system32\{E8A64A13-3F7E-4E28-8468-4EB54875E11E}.exe Deleted
C:\WINDOWS\system32\{EC667E70-1B1E-4EB1-AB16-EA26185E21EB}.exe Deleted
C:\WINDOWS\system32\{ED6E6FF3-32D5-4855-8F78-39F97D6A813F}.exe Deleted
C:\WINDOWS\system32\{EDD17EE4-8486-4B2E-BC79-FDB58B0D4360}.exe Deleted
C:\WINDOWS\system32\{EFED1E8F-6D0C-441D-A365-6F1B3AC00C66}.exe Deleted
C:\WINDOWS\system32\{F4511112-1156-483B-A6C6-6A4D63923F33}.exe Deleted
C:\WINDOWS\system32\{F81611B4-F5EF-47CF-B1A9-E983822C93A8}.exe Deleted
C:\WINDOWS\system32\{F9AC7E75-4656-48F4-9C9D-438D7A9261FF}.exe Deleted
C:\WINDOWS\system32\{FC06DC14-040D-4A64-80D1-B8B86E6CD688}.exe Deleted
C:\WINDOWS\system32\{FC612844-FF16-4015-81F6-A7581F7DF659}.exe Deleted
C:\WINDOWS\system32\{FCBDDD94-1796-4913-B0E0-659F954E76AA}.exe Deleted
C:\WINDOWS\system32\{FCDF86E5-C767-4A9B-A9C3-A696D903E944}.exe Deleted
C:\WINDOWS\system32\{FE8F9691-3212-4B10-9313-054B5161DE2C}.exe Deleted
C:\WINDOWS\system32\{FF4AE68D-5506-45B1-82C2-64F0F704B3C7}.exe Deleted
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"IS CfgWiz"="c:\\Program Files\\Common Files\\Symantec Shared\\cfgwiz.exe /GUID NIS /CMDLINE \"REBOOT\""
"Motive SmartBridge"="C:\\PROGRA~1\\Verizon\\SMARTB~1\\MotiveSB.exe"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser Mouse\\MOffice.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=""
"BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

[kahdah]

Getting there please go ahead and run Malware Bytes anti malware and post it's log.

[Sandra D]

Malwarebytes' Anti-Malware 1.25
Database version: 1078
Windows 5.1.2600 Service Pack 2

4:39:08 PM 08/23/08
mbam-log-08-23-2008 (16-39-08).txt

Scan type: Quick Scan
Objects scanned: 50332
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 10
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\msliksurcredo.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msliksurdns.dll (Rootkit.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\msliksur (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msliksurserv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\spyshredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.44 85.255.112.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.44 85.255.112.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15b417f8-7750-4613-8cc9-7f099b6e7303}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.44,85.255.112.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15b417f8-7750-4613-8cc9-7f099b6e7303}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.44,85.255.112.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.44 85.255.112.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.44 85.255.112.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{15b417f8-7750-4613-8cc9-7f099b6e7303}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.44,85.255.112.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{15b417f8-7750-4613-8cc9-7f099b6e7303}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.44,85.255.112.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.44 85.255.112.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{15b417f8-7750-4613-8cc9-7f099b6e7303}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.44,85.255.112.187 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\tmp410.tmp (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder.lic (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder0.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder1.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msliksurcredo.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msliksurdns.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msliksurserv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
I will now reboot