[hijinx]

My Mcafee software is detecting a trojan named Generic Downloader.z. I can't get rid of it. Please help. Below is my HijackThhis scan. Thanks!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:42 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O20 - Winlogon Notify: __c00B6F64 - C:\WINDOWS\system32\__c00B6F64.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe

--
End of file - 7978 bytes

[Advertisements]

Hello hijinx !

Welcome to the site! My name's Egwene and I'll be helping clean up your computer. I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

[Egwene]

Hello hijinx !

Welcome to the site! My name's Egwene and I'll be helping clean up your computer. I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

[Egwene]

Hey hijinx,

1) Run Vundofix :

Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

2) Run OTviewIT :

Download OTViewIt to your desktop.

• Close all windows and open it
• Click Run Scan and let the program run uninterrupted
• It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
• You may need to use two posts to get it all on the forum

Regards,
Egwene.

[hijinx]

VundoFix V7.0.6

Scan started at 11:25:06 PM 7/14/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.6

Scan started at 12:20:42 AM 8/26/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.6

Scan started at 10:45:06 PM 8/26/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.6

Scan started at 11:45:23 PM 8/28/2008

Listing files found while scanning....


VundoFix V7.0.6

Scan started at 11:52:47 PM 8/28/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

[hijinx]

OTViewIt logfile created on: 8/29/2008 12:05:29 AM - Run 1
OTViewIt by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\Dvid\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 54.73 Gb Free Space | 37.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Dvid
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

===== Processes - Non-Microsoft Only =====

[10/07/2007 10:19 AM | 00,259,128 | ---- | M] (Cisco Systems, Inc.) - C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
[02/18/2008 11:16 AM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[08/26/2008 11:58 PM | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe
[08/06/2004 03:50 AM | 00,102,463 | ---- | M] (Network Associates, Inc.) - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
[09/22/2004 08:00 PM | 00,221,191 | ---- | M] (Network Associates, Inc.) - C:\Program Files\Network Associates\VirusScan\mcshield.exe
[08/06/2004 03:50 AM | 00,237,623 | ---- | M] (Network Associates, Inc.) - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
[09/22/2004 08:00 PM | 00,028,672 | ---- | M] (Network Associates, Inc.) - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
[08/26/2008 11:58 PM | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgrsx.exe
[11/01/2005 02:12 AM | 00,094,208 | ---- | M] () - C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[09/22/2004 08:00 PM | 00,094,208 | ---- | M] (Network Associates, Inc.) - C:\Program Files\Network Associates\VirusScan\shstat.exe
[08/06/2004 03:50 AM | 00,139,320 | ---- | M] (Network Associates, Inc.) - C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
[10/07/2003 09:48 AM | 00,147,514 | ---- | M] (Network Associates, Inc.) - C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
[08/26/2008 11:58 PM | 01,232,152 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgtray.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[02/18/2008 11:16 AM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(avg8wd) AVG Free8 WatchDog [Auto | Running]
[08/26/2008 11:58 PM | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe

(DSBrokerService) DSBrokerService [On_Demand | Stopped]
[03/07/2007 03:47 PM | 00,076,848 | ---- | M] () - C:\Program Files\DellSupport\brkrsvc.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[11/02/2007 08:30 AM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(McAfeeFramework) McAfee Framework Service [Auto | Running]
[08/06/2004 03:50 AM | 00,102,463 | ---- | M] (Network Associates, Inc.) - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

(McShield) Network Associates McShield [Auto | Paused]
[09/22/2004 08:00 PM | 00,221,191 | ---- | M] (Network Associates, Inc.) - C:\Program Files\Network Associates\VirusScan\mcshield.exe

(McTaskManager) Network Associates Task Manager [Auto | Running]
[09/22/2004 08:00 PM | 00,028,672 | ---- | M] (Network Associates, Inc.) - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

(STCAgent) Cisco Systems, Inc. STC Agent [Auto | Running]
[10/07/2007 10:19 AM | 00,259,128 | ---- | M] (Cisco Systems, Inc.) - C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe

===== Driver Services - Non-Microsoft Only =====

(AvgLdx86) AVG Free AVI Loader Driver x86 [System | Running]
[08/26/2008 11:58 PM | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgldx86.sys

(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [System | Running]
[08/26/2008 11:58 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgmfx86.sys

(catchme) catchme [On_Demand | Stopped]
File not found - C:\DOCUME~1\Dvid\LOCALS~1\Temp\catchme.sys

(cdrbsvsd) cdrbsvsd [System | Running]
[04/29/2003 05:38 AM | 00,010,940 | ---- | M] (B.H.A Corporation) - C:\WINDOWS\System32\drivers\cdrbsvsd.sys

(CSVirtA) Cisco Systems SSL VPN Adapter [On_Demand | Stopped]
[10/07/2007 10:19 AM | 00,022,136 | ---- | M] (Cisco Systems, Inc.) - C:\WINDOWS\system32\drivers\CSVirtA.sys

(E100B) Intel® PRO Network Connection Driver [On_Demand | Running]
[10/14/2004 08:30 PM | 00,155,648 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(FilterService) UVC Filter Service [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys

(fixustor) fixustor [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\drivers\fixustor.sys

(lvpopflt) Logitech POP Suppression Filter [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\lvpopflt.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\drivers\LVUSBSta.sys

(LVUVC) QuickCam Communicate Deluxe(UVC) [On_Demand | Stopped]
[06/15/2008 06:59 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\drivers\lvuvc.hs

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 12:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(NaiAvFilter1) NaiAvFilter1 [On_Demand | Running]
[09/22/2004 08:00 PM | 00,108,256 | ---- | M] (Network Associates, Inc.) - C:\WINDOWS\system32\drivers\naiavf5x.sys

(NaiAvTdi1) NaiAvTdi1 [System | Running]
[10/15/2004 08:00 PM | 00,058,464 | ---- | M] (Network Associates, Inc.) - C:\WINDOWS\system32\drivers\mvstdi5x.sys

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 01:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(wanatw) WAN Miniport (ATW) [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\wanatw4.sys

(EntDrv51) EntDrv51 [On_Demand | Running]
[10/18/2004 08:00 PM | 00,008,320 | ---- | M] (Network Associates, Inc) - C:\WINDOWS\system32\drivers\entdrv51.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 08:05 PM | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"AVG8_TRAY" = C:\PROGRA~1\AVG\AVG8\avgtray.exe [08/26/2008 11:58 PM | 01,232,152 | ---- | M] (AVG Technologies CZ, s.r.o.)
"DLA" = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [09/08/2005 04:20 AM | 00,122,940 | ---- | M] (Sonic Solutions)
"DMXLauncher" = C:\Program Files\Dell\Media Experience\DMXLauncher.exe [11/01/2005 02:12 AM | 00,094,208 | ---- | M] ()
"dscactivate" = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM | 00,016,384 | ---- | M] ( )
"ISUSPM" = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler [03/20/2006 06:34 PM | 00,213,936 | ---- | M] (Macrovision Corporation)
"ISUSPM Startup" = "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [03/20/2006 06:34 PM | 00,213,936 | ---- | M] (Macrovision Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [03/20/2006 06:34 PM | 00,086,960 | ---- | M] (Macrovision Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.)
"McAfeeUpdaterUI" = "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey [08/06/2004 03:50 AM | 00,139,320 | ---- | M] (Network Associates, Inc.)
"MSKDetectorExe" = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
"Network Associates Error Reporting Service" = "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [10/07/2003 09:48 AM | 00,147,514 | ---- | M] (Network Associates, Inc.)
"OrderReminder" = C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [01/30/2006 11:00 AM | 00,098,304 | R--- | M] (Hewlett-Packard)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)
"ShStatEXE" = "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE [09/22/2004 08:00 PM | 00,094,208 | ---- | M] (Network Associates, Inc.)
"SigmatelSysTrayApp" = stsystra.exe [03/22/2005 10:20 PM | 00,339,968 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"UserFaultCheck" = %systemroot%\system32\dumprep 0 -u File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport" = "C:\Program Files\DellSupport\DSAgnt.exe" /startup [03/15/2007 11:09 AM | 00,460,784 | ---- | M] (Gteko Ltd.)
"updateMgr" = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 [03/30/2006 04:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[11/04/1999 04:06 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[10/29/2003 01:06 AM | 00,024,576 | R--- | M] (BVRP Software) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

[Dvid Startup Folder - C:\Documents and Settings\Dvid\Start Menu\Programs\Startup]

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
HKLM CLSID: (AVG Safe Search) - [08/26/2008 11:58 PM | 00,455,960 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgssie.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: () - [05/31/2005 01:04 AM | 00,853,672 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [09/08/2005 04:20 AM | 00,110,652 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
HKLM CLSID: (CBrowserHelperObject Object) - [02/22/2006 06:00 PM | 00,094,208 | ---- | M] (Dell Inc.) c:\Program Files\BAE\BAE.dll

========== Toolbars ==========

========== AppInit_Dlls ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"avgrsstx.dll" - [08/26/2008 11:58 PM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgrsstx.dll

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 05:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 04:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 04:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 04:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00B6F64]
"DllName" = C:\WINDOWS\system32\__c00B6F64.dat [08/28/2008 11:37 PM | 00,025,088 | ---- | M] ()

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 04:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 07:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe File not found
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe [08/28/2008 12:55 PM | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.)

========== Desktop Components ==========

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========
Unable to open key or key not present!


========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[08/11/2004 04:15 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55b93b9b-2591-11db-ab0d-001372d74ada}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55b93b9b-2591-11db-ab0d-001372d74ada}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55b93b9b-2591-11db-ab0d-001372d74ada}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0b9114-2822-11db-ab18-001372d74ada}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0b9114-2822-11db-ab18-001372d74ada}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0b9114-2822-11db-ab18-001372d74ada}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7fc7034-5d0c-11dd-aef8-001372d74ada}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7fc7034-5d0c-11dd-aef8-001372d74ada}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7fc7034-5d0c-11dd-aef8-001372d74ada}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffc0cca6-c4e8-11db-ac39-001372d74ada}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffc0cca6-c4e8-11db-ac39-001372d74ada}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffc0cca6-c4e8-11db-ac39-001372d74ada}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{1A145E62-D403-44C5-AE10-1F8C2AA58CE7}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{67EB938B-5FD9-417B-B238-EF9D67E37B5E}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8FF1CE27-F806-4D11-9B01-329D077D305F}]
Servers: | Description: Intel® PRO/100 VE Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{DF51AE47-1999-4124-95BE-AAD174553B57}]
Servers: | Description: 1394 Net Adapter

========== Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



========== Files/Folders - Created Within 30 days ==========

[08/25/2008 11:23 PM | ---D | C] - C:\SDFix
[08/27/2008 12:04 AM | -H-D | C] - C:\$AVG8.VAULT$
[08/26/2008 11:58 PM | 00,075,236 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\microavi.avg
[08/26/2008 11:58 PM | 00,211,986 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[08/26/2008 11:58 PM | 06,061,540 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\avi7.avg
[08/26/2008 11:58 PM | 26,642,915 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\incavi.avm
[08/26/2008 11:58 PM | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgmfx86.sys
[08/26/2008 11:58 PM | 00,096,520 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgldx86.sys
[08/26/2008 11:58 PM | ---D | C] - C:\WINDOWS\System32\drivers\Avg
[08/20/2008 07:15 PM | 00,025,088 | ---- | C] () - C:\WINDOWS\System32\__c00B6F64.dat
[08/26/2008 11:30 PM | 00,004,344 | ---- | C] () - C:\WINDOWS\System32\tmp.reg
[08/26/2008 11:30 PM | 00,025,600 | ---- | C] () - C:\WINDOWS\System32\WS2Fix.exe
[08/26/2008 11:30 PM | 00,040,960 | ---- | C] () - C:\WINDOWS\System32\swsc.exe
[08/26/2008 11:30 PM | 00,051,200 | ---- | C] () - C:\WINDOWS\System32\dumphive.exe
[08/26/2008 11:30 PM | 00,053,248 | ---- | C] (http://www.beyondlogic.org) - C:\WINDOWS\System32\Process.exe
[08/26/2008 11:30 PM | 00,079,360 | ---- | C] (SteelWerX) - C:\WINDOWS\System32\swxcacls.exe
[08/26/2008 11:30 PM | 00,082,432 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\404Fix.exe
[08/26/2008 11:30 PM | 00,082,432 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\IEDFix.C.exe
[08/26/2008 11:30 PM | 00,086,528 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\VACFix.exe
[08/26/2008 11:30 PM | 00,088,576 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\AntiXPVSTFix.exe
[08/26/2008 11:30 PM | 00,135,168 | ---- | C] (SteelWerX) - C:\WINDOWS\System32\swreg.exe
[08/26/2008 11:30 PM | 00,288,417 | ---- | C] (S!Ri) - C:\WINDOWS\System32\SrchSTS.exe
[08/26/2008 11:30 PM | 00,289,144 | ---- | C] (S!Ri) - C:\WINDOWS\System32\VCCLSID.exe
[08/26/2008 11:58 PM | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\avgrsstx.dll
[08/25/2008 11:28 PM | ---D | C] - C:\WINDOWS\ERUNT
[08/26/2008 11:58 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\avg8
[08/01/2008 12:29 AM | ---D | C] - C:\Documents and Settings\Dvid\Local Settings\Application Data\Wildtangent
[08/26/2008 11:58 PM | 00,001,507 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[08/26/2008 11:43 PM | 48,367,896 | ---- | C] (AVG Technologies) - C:\Documents and Settings\Dvid\Desktop\avg_free_stf_en_8_138a1332.exe
[08/27/2008 10:05 PM | 00,027,136 | ---- | C] () - C:\Documents and Settings\Dvid\Desktop\For Exhibit 8.doc
[08/27/2008 10:32 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Dvid\Desktop\HijackThis.lnk
[08/26/2008 11:58 PM | ---D | C] - C:\Program Files\AVG
[08/27/2008 10:32 PM | ---D | C] - C:\Program Files\Trend Micro

========== Files/Folders - Modified Within 30 days ==========

[08/26/2008 11:58 PM | 06,061,540 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\avi7.avg
[08/27/2008 07:27 PM | 00,075,236 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\microavi.avg
[08/27/2008 07:27 PM | 26,642,915 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\incavi.avm
[08/27/2008 12:00 AM | 00,211,986 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[08/26/2008 11:35 PM | 00,000,686 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[08/26/2008 11:58 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgmfx86.sys
[08/26/2008 11:58 PM | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgldx86.sys
[4 C:\WINDOWS\System32\*.tmp files]
[08/14/2008 09:52 PM | 00,082,432 | ---- | M] (S!Ri.URZ) - C:\WINDOWS\System32\IEDFix.C.exe
[08/18/2008 12:19 PM | 00,082,432 | ---- | M] (S!Ri.URZ) - C:\WINDOWS\System32\404Fix.exe
[08/23/2008 08:34 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/26/2008 08:19 PM | 00,088,576 | ---- | M] (S!Ri.URZ) - C:\WINDOWS\System32\AntiXPVSTFix.exe
[08/26/2008 11:35 PM | 00,004,344 | ---- | M] () - C:\WINDOWS\System32\tmp.reg
[08/26/2008 11:58 PM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\avgrsstx.dll
[08/28/2008 11:37 PM | 00,025,088 | ---- | M] () - C:\WINDOWS\System32\__c00B6F64.dat
[08/14/2008 12:52 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/28/2008 10:07 PM | 00,000,512 | ---- | M] () - C:\WINDOWS\randseed.rnd
[08/28/2008 11:47 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/28/2008 11:48 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/11/2008 06:12 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/28/2008 11:47 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/27/2008 11:14 PM | 00,196,096 | ---- | M] () - C:\Documents and Settings\Dvid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/28/2008 11:46 PM | 04,240,656 | -H-- | M] () - C:\Documents and Settings\Dvid\Local Settings\Application Data\IconCache.db
[08/21/2008 09:09 PM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/26/2008 11:58 PM | 00,001,507 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[08/26/2008 11:47 PM | 48,367,896 | ---- | M] (AVG Technologies) - C:\Documents and Settings\Dvid\Desktop\avg_free_stf_en_8_138a1332.exe
[08/27/2008 10:05 PM | 00,027,136 | ---- | M] () - C:\Documents and Settings\Dvid\Desktop\For Exhibit 8.doc
[08/27/2008 10:32 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Dvid\Desktop\HijackThis.lnk

< End of report >

[hijinx]

OTViewIt Extras logfile created on: 8/29/2008 12:05:29 AM - Run 1
OTViewIt by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\Dvid\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 54.73 Gb Free Space | 37.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [08/25/2008 11:53 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

========== Winsock2 Catalogs ==========

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


========== HKEY_CURRENT_USER Protocol Defaults ==========


========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM - XPLPPFilter Class]
[08/26/2008 11:58 PM | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll
msdaipp: [HKLM - No CLSID value]

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}" = MSXML 6.0 Parser (KB933579)
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4677AAF8-8D7A-4EE2-BCE4-0068BB052353}" = ArcSoft Camera Suite
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = File Viewer Utility 1.2.2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver
"{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = RemoteCapture 2.7.2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.0
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Cisco Systems SSL VPN Client" = Cisco SSL VPN Client
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CSCLIB" = Canon Camera Support Core Library
"Dell Game Console" = Dell Game Console
"DivX Content Uploader" = DivX Content Uploader
"EOS Utility" = Canon Utilities EOS Utility
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = Canon Utilities File Viewer Utility 1.2
"InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA Driver
"InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = Canon Utilities RemoteCapture 2.7
"KB835221WXP" = High Definition Audio Driver Package - KB835221
"KB873339" = Windows XP Hotfix - KB873339
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888302" = Windows XP Hotfix - KB888302
"KB889673" = Windows XP Hotfix - KB889673
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896256" = Hotfix for Windows XP (KB896256)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB898458" = Security Update for Step By Step Interactive Training (KB898458)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899588" = Security Update for Windows XP (KB899588)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB906569" = Hotfix for Windows XP (KB906569)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Update for Windows XP (KB908531)
"KB908673" = Hotfix for Windows XP (KB908673)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB912945" = Update for Windows XP (KB912945)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922760" = Security Update for Windows XP (KB922760)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923723" = Security Update for Step By Step Interactive Training (KB923723)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925454" = Security Update for Windows XP (KB925454)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936357" = Update for Windows XP (KB936357)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB937894" = Security Update for Windows XP (KB937894)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher BookMaker" = MyPublisher BookMaker
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PhotoRecord" = Canon PhotoRecord
"PhotoStitch" = Canon Utilities PhotoStitch
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PROSet" = Intel® PRO Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Event Log Warnings and Errors ==========

[ Application Events ]

Application - Error - 8/23/2008 7:34:30 PM - Computer Name = DESKTOP - User Name = (blank) - Source = STCAgent
Description = Termination reason code 10 FASTUSERSWITCH

Application - Error - 8/23/2008 7:45:00 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:45:07 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:45:15 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:45:22 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:45:29 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:45:37 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:45:44 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:45:51 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:45:59 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:46:06 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:46:14 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:46:21 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:46:29 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:46:36 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:46:44 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:46:51 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:46:59 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:47:06 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:47:14 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:47:21 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:47:29 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:47:36 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:47:44 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:47:51 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:47:59 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:48:06 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:48:14 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:48:21 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:48:28 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:48:36 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:48:40 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Delete failed denied access and continued (OAS)
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:48:43 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:48:51 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:48:58 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:49:06 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:49:13 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:49:20 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:49:28 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:49:35 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:49:42 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:49:49 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:49:56 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:50:03 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:50:10 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:50:17 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:50:25 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:50:32 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:50:39 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:50:46 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:50:53 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:51:00 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:51:07 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:51:14 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:51:21 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:51:28 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:51:35 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:51:42 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:51:49 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:51:56 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:52:03 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:52:10 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:52:17 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:52:23 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:52:30 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:52:37 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:52:45 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:52:51 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:52:58 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:53:05 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:53:12 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:53:19 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:53:26 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:53:33 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:53:40 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:53:47 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:53:54 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:54:01 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:54:08 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:54:15 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:54:22 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:54:29 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:54:37 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:54:44 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:54:51 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:54:58 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:55:05 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:55:12 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Application - Error - 8/23/2008 7:55:19 PM - Computer Name = DESKTOP - User Name = (blank) - Source = Alert Manager Event Interface
Description = VirusScan Enterprise The file CWINDOWSsystem32c00B6F64dat is infected
with the Generic Downloaderz Trojan Undetermined clean error quarantine failed
Detected using Scan engine version 5200 DAT version 5368(from DESKTOP IP 192168169
user DESKTOP running VirusScan Enter 80 OAS)

Applicat

[Egwene]

Hey hijinx,

1) Warning about too many security softwares on the same computer :

You need have only a antivirus software, a firewall software and a anti-spyware software otherwise if you have too many security softwares, your PC can run slower and crashes can occur. In fact, you can have many anti-spyware, but only an anti-spyware with real-time protection.
So please uninstall those who don't want keep

2) Uninstall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):

* Java™ 6 Update 2
* Java™ 6 Update 3
* Java™ 6 Update 5
* Adobe Reader 7.1.0

And update Adobe :

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

3) Fix with HijackThis :

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below :

O20 - Winlogon Notify: __c00B6F64 - C:\WINDOWS\system32\__c00B6F64.dat

Now close all windows other than HiJackThis, then click Fix Checked.

4) Run OTmoveIT2 :

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  C:\WINDOWS\System32\__c00B6F64.dat
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55b93b9b-2591-11db-ab0d-001372d74ada}
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0b9114-2822-11db-ab18-001372d74ada}
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7fc7034-5d0c-11dd-aef8-001372d74ada}
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffc0cca6-c4e8-11db-ac39-001372d74ada}
  purity
  emptytemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

5) Run Kaspersky Online :

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

And please post a fresh HijackThis log.

Regards,
Egwene.

[hijinx]

Explorer killed successfully
File move failed. C:\WINDOWS\System32\__c00B6F64.dat scheduled to be moved on reboot.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55b93b9b-2591-11db-ab0d-001372d74ada} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55b93b9b-2591-11db-ab0d-001372d74ada}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0b9114-2822-11db-ab18-001372d74ada} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0b9114-2822-11db-ab18-001372d74ada}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7fc7034-5d0c-11dd-aef8-001372d74ada} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7fc7034-5d0c-11dd-aef8-001372d74ada}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffc0cca6-c4e8-11db-ac39-001372d74ada} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffc0cca6-c4e8-11db-ac39-001372d74ada}\\ deleted successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Dvid\LOCALS~1\Temp\etilqs_ji1BE5Nz0TTdAgRBJcxf scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Dvid\LOCALS~1\Temp\~DF50F1.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08292008_182918

[hijinx]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 31, 2008 00:43:04
Records in database: 1171390
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - File:


Scan statistics:
Files scanned: 42378
Threat name: 2
Infected objects: 24
Suspicious objects: 0
Duration of the scan: 00:34:46


File name / Threat name / Threats count
winlogon.exe\__c00B6F64.dat/winlogon.exe\__c00B6F64.dat Infected: Trojan-Downloader.Win32.Agent.abtf 1
C:\WINDOWS\system32\__c00B6F64.dat/C:\WINDOWS\system32\__c00B6F64.dat Infected: Trojan.Win32.Multis.eq 14
explorer.exe\__c00B6F64.dat/explorer.exe\__c00B6F64.dat Infected: Trojan-Downloader.Win32.Agent.abtf 1
DMXLauncher.exe\__c00B6F64.dat/DMXLauncher.exe\__c00B6F64.dat Infected: Trojan-Downloader.Win32.Agent.abtf 1
shstat.exe\__c00B6F64.dat/shstat.exe\__c00B6F64.dat Infected: Trojan-Downloader.Win32.Agent.abtf 1
UpdaterUI.exe\__c00B6F64.dat/UpdaterUI.exe\__c00B6F64.dat Infected: Trojan-Downloader.Win32.Agent.abtf 1
tbmon.exe\__c00B6F64.dat/tbmon.exe\__c00B6F64.dat Infected: Trojan-Downloader.Win32.Agent.abtf 1
ISUSPM.exe\__c00B6F64.dat/ISUSPM.exe\__c00B6F64.dat Infected: Trojan-Downloader.Win32.Agent.abtf 1
QTTask.exe\__c00B6F64.dat/QTTask.exe\__c00B6F64.dat Infected: Trojan-Downloader.Win32.Agent.abtf 1
ctfmon.exe\__c00B6F64.dat/ctfmon.exe\__c00B6F64.dat Infected: Trojan-Downloader.Win32.Agent.abtf 1
C:\WINDOWS\system32\__c00B6F64.dat Infected: Trojan.Win32.Multis.eq 1

The selected area was scanned.

[hijinx]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:00, on 8/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O20 - Winlogon Notify: __c00B6F64 - C:\WINDOWS\system32\__c00B6F64.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe

--
End of file - 7489 bytes

[Egwene]

Hey hijinx,

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Regards,
Egwene.

[hijinx]

As you can see, its still there. I'm eagerly waiting for your next instructions.


ComboFix 08-08-30.03 - Dvid 2008-08-31 10:02:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2305 [GMT -5:00]
Running from: C:\Documents and Settings\Dvid\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dvid\Application Data\macromedia\Flash Player\#SharedObjects\PQRZLL25\bin.clearspring.com
C:\Documents and Settings\Dvid\Application Data\macromedia\Flash Player\#SharedObjects\PQRZLL25\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Dvid\Application Data\macromedia\Flash Player\#SharedObjects\PQRZLL25\interclick.com
C:\Documents and Settings\Dvid\Application Data\macromedia\Flash Player\#SharedObjects\PQRZLL25\interclick.com\ud.sol
C:\Documents and Settings\Dvid\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Dvid\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Dvid\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Dvid\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Margo\Application Data\macromedia\Flash Player\#SharedObjects\M4AVYKYZ\bin.clearspring.com
C:\Documents and Settings\Margo\Application Data\macromedia\Flash Player\#SharedObjects\M4AVYKYZ\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Margo\Application Data\macromedia\Flash Player\#SharedObjects\M4AVYKYZ\interclick.com
C:\Documents and Settings\Margo\Application Data\macromedia\Flash Player\#SharedObjects\M4AVYKYZ\interclick.com\ud.sol
C:\Documents and Settings\Margo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Margo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Margo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Margo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\dqfhfuog.ini
C:\WINDOWS\system32\duawwkth.ini
C:\WINDOWS\system32\gnjjxdrj.ini
C:\WINDOWS\system32\hbqwaltp.ini
C:\WINDOWS\system32\kdqhvocr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\rhcwaoln.ini
C:\WINDOWS\system32\riayypjx.ini
C:\WINDOWS\system32\__c00B6F64.dat . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN


((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.

2008-08-29 18:29 . 2008-08-29 18:29 <DIR> d-------- C:\_OTMoveIt
2008-08-29 18:01 . 2008-08-29 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-27 22:32 . 2008-08-27 22:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-26 23:30 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-26 23:30 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-26 23:30 . 2008-08-26 20:19 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-26 23:30 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-26 23:30 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-26 23:30 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-26 23:30 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-26 23:30 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-26 23:30 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-26 23:30 . 2008-08-26 23:35 4,344 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-25 23:28 . 2008-08-25 23:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-25 23:23 . 2008-08-25 23:42 <DIR> d-------- C:\SDFix
2008-08-20 19:15 . 2008-08-30 20:36 25,088 --------- C:\WINDOWS\system32\__c00B6F64.dat
2008-08-13 14:44 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-07-26 21:58 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-26 21:58 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-17 23:31 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008-07-17 23:31 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\dllcache\usbohci.sys
2008-07-14 23:25 . 2008-07-14 23:25 <DIR> d-------- C:\VundoFix Backups
2008-07-07 15:32 . 2008-07-07 15:32 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 03:55 --------- d-----w C:\Documents and Settings\Dvid\Application Data\ZoomBrowser EX
2008-08-31 03:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-29 23:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 23:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-29 22:57 --------- d-----w C:\Program Files\Java
2008-08-24 14:59 --------- d-----w C:\Documents and Settings\Margo\Application Data\ZoomBrowser EX
2008-08-14 03:43 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-14 03:43 --------- d-----w C:\Program Files\WildTangent
2008-08-14 03:40 --------- d-----w C:\Program Files\iPod
2008-02-05 21:02 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-01 07:51 2,918,014,888 -c--a-w C:\Program Files\PRE4_WWEFGJ.7z
2007-11-01 03:54 1,085,512 ----a-w C:\Program Files\PRE4_WWEFGJ.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 02:12 94208]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 18:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 18:05 1117184]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 11:00 98304]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 18:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 339968 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-05 19:36:51 113664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-27 15:15:30 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00B6F64]
2008-08-30 20:36 25088 C:\WINDOWS\system32\__c00B6F64.dat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S3 CSVirtA;Cisco Systems SSL VPN Adapter;C:\WINDOWS\system32\DRIVERS\CSVirtA.sys [2007-10-07 10:19]
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Dvid\Application Data\Mozilla\Firefox\Profiles\yqwotk4s.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 10:09:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\__c00B6F64.dat
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-31 10:15:21 - machine was rebooted [Dvid]
ComboFix-quarantined-files.txt 2008-08-31 15:15:18

Pre-Run: 59,655,524,352 bytes free
Post-Run: 59,749,527,552 bytes free

171 --- E O F --- 2008-08-14 05:52:37

[hijinx]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:38, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O20 - Winlogon Notify: __c00B6F64 - C:\WINDOWS\system32\__c00B6F64.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe

--
End of file - 7459 bytes

[Egwene]

Hey hijinx,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Sysrst::

File::
C:\WINDOWS\system32\__c00B6F64.dat

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00B6F64]

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,
Egwene.

[hijinx]

ComboFix 08-08-30.03 - Dvid 2008-08-31 22:43:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2600 [GMT -5:00]
Running from: C:\Documents and Settings\Dvid\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dvid\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\__c00B6F64.dat

.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-08-29 18:29 . 2008-08-29 18:29 <DIR> d-------- C:\_OTMoveIt
2008-08-29 18:01 . 2008-08-29 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-27 22:32 . 2008-08-27 22:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-26 23:30 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-26 23:30 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-26 23:30 . 2008-08-26 20:19 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-26 23:30 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-26 23:30 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-26 23:30 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-26 23:30 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-26 23:30 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-26 23:30 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-26 23:30 . 2008-08-26 23:35 4,344 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-25 23:28 . 2008-08-25 23:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-25 23:23 . 2008-08-25 23:42 <DIR> d-------- C:\SDFix
2008-08-13 14:44 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 03:55 --------- d-----w C:\Documents and Settings\Dvid\Application Data\ZoomBrowser EX
2008-08-31 03:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-29 23:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 23:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-29 22:57 --------- d-----w C:\Program Files\Java
2008-08-24 14:59 --------- d-----w C:\Documents and Settings\Margo\Application Data\ZoomBrowser EX
2008-08-14 03:43 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-14 03:43 --------- d-----w C:\Program Files\WildTangent
2008-08-14 03:40 --------- d-----w C:\Program Files\iPod
2008-02-05 21:02 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-01 07:51 2,918,014,888 -c--a-w C:\Program Files\PRE4_WWEFGJ.7z
2007-11-01 03:54 1,085,512 ----a-w C:\Program Files\PRE4_WWEFGJ.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 02:12 94208]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 18:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 18:05 1117184]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 11:00 98304]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 18:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 339968 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-05 19:36:51 113664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-27 15:15:30 24576]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S3 CSVirtA;Cisco Systems SSL VPN Adapter;C:\WINDOWS\system32\DRIVERS\CSVirtA.sys [2007-10-07 10:19]
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 22:48:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-31 22:54:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-01 03:54:05
ComboFix2.txt 2008-08-31 15:15:22

Pre-Run: 63,464,456,192 bytes free
Post-Run: 63,410,114,560 bytes free

116 --- E O F --- 2008-08-14 05:52:37