1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus + Popups Help!!

Discussion in 'Windows - Virus and spyware problems' started by Nephylim, Feb 18, 2007.

  1. Nephylim

    Nephylim Guest

    Hello,

    I'm having computer problems again, after letting a friend use the computer, Avast was popping up with multiple problems, and tea timer is going insane. I don't know what to make of my hijack this log, so I'm posting it, hoping that someone more knowledgeable can help me. It's getting out of hand! Thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 5:05:37 PM, on 2/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\v6.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\WINDOWS\system32\svchosts.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Desktop Stuff\Stuff to DO\Scanners\HJT.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {387AFD2F-E149-4735-9FD5-DE1198401E7B} - C:\WINDOWS\system32\awtqp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {5D313105-A134-F00C-5F49-072037E5AF8C} - C:\WINDOWS\system32\xezjehm.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {777CAE13-CB40-4DEF-8B84-D85AA2E551AC} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8AAB9925-CC78-4BF5-B014-A089DD64D237} - C:\WINDOWS\system32\iifcddc.dll
    O2 - BHO: (no name) - {A11203C3-BB80-4F00-B7BA-3ADE46656801} - C:\WINDOWS\system32\awvts.dll (file missing)
    O2 - BHO: (no name) - {C7F47017-0A96-4600-8C65-FDDFAFE0E997} - C:\WINDOWS\system32\qomkkjk.dll
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\opglchyg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [yepgjae.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Dennis\Local Settings\Application Data\yepgjae.dll",xemwzhb
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\gitcnfvb.dll",setvm
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
    O4 - HKLM\..\Run: [{AC9B23C6-0689-1033-0508-021005010001}] "C:\Program Files\Common Files\{AC9B23C6-0689-1033-0508-021005010001}\Update.exe" mc-110-12-0000272
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: MyVitalAgent.lnk = C:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dennis\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120372390609
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22.com/view22/app/view22rte.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D601A894-4448-45D4-9DC0-A112A10010D3}: NameServer = 24.53.86.13,24.53.86.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: awtqp - C:\WINDOWS\system32\awtqp.dll
    O20 - Winlogon Notify: awvts - C:\WINDOWS\
    O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\
    O20 - Winlogon Notify: iifcddc - C:\WINDOWS\
    O20 - Winlogon Notify: qomkkjk - C:\WINDOWS\SYSTEM32\qomkkjk.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: winmxw32 - C:\WINDOWS\SYSTEM32\winmxw32.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
    O23 - Service: DirectX Service (Hijuw) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)
     
  2. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Heh... I can imagine Avast and TeaTimer are complaining lots. Along with Vundo and some other miscellaneous crappies.. you have a couple nasty backdoor bots present.

    Because of the nature of the bots and what they do as far as allowing access to your computer... your safest bet may be to format your hard drive and reinstall Windows.

    I can help you clean them up but I cannot guarantee I will be able to fix everything they have done.

    Let me know which way you want to go.
     
  3. Nephylim

    Nephylim Guest

    Hi, and thanks, yeah I know its nasty, and I'm gonna kill my friend for doing this (I still have no idea HOW she did this). If you don't mind such a nasty project, I'd love to get it fixed up. I've been working with a guy at tomcoyote but the problem is he only posts once a day at 3 a.m. my time so its taking me forever to get anywhere, by the time he responds the next day, everything he asked me to do has been undone or seemingly reinstalled. He recently had me disable tea timer and had me delete some entries in HJT and some other things with Killbox. My father suggested that I install McAfee which asked me to remove Avast. I'm currently removing McAfee due to the fact that my computer is almost unusable with it (at least 15 minutes before I can do anything with the computer after reboot, by the time it's loaded I already have requests from the viruses or whatever to "work offline"), and after allowing it 12 hours to scan it only scanned just under 12k files. I'll send a fresh HJT log and hope that you don't find the task too daunting. I'm running VundoFix yet again and will attach its results as well. Thanks again!!

    HJT Log
    Logfile of HijackThis v1.99.1
    Scan saved at 12:59:39 PM, on 2/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Desktop Stuff\Stuff to DO\Scanners\HJT.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {89F6D2C9-6528-4B36-8C77-74FBE7D8C8BF} - C:\WINDOWS\system32\awtqp.dll (file missing)
    O2 - BHO: (no name) - {8AAB9925-CC78-4BF5-B014-A089DD64D237} - C:\WINDOWS\system32\iifcddc.dll
    O2 - BHO: (no name) - {C7F47017-0A96-4600-8C65-FDDFAFE0E997} - C:\WINDOWS\system32\qomkkjk.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: MyVitalAgent.lnk = C:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dennis\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120372390609
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22.com/view22/app/view22rte.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D601A894-4448-45D4-9DC0-A112A10010D3}: NameServer = 24.53.86.13,24.53.86.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: qomkkjk - C:\WINDOWS\SYSTEM32\qomkkjk.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
    O23 - Service: DirectX Service (Hijuw) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)



    VundoFix


    VundoFix V6.3.6

    Checking Java version...

    Sun Java not detected
    Scan started at 9:33:44 AM 2/18/2007

    Listing files found while scanning....

    C:\Documents and settings\Dennis\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
    C:\Documents and settings\Dennis\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
    C:\WINDOWS\system32\awvts.dll
    C:\WINDOWS\system32\btmfgwpp.dll
    C:\WINDOWS\system32\bvfnctig.ini
    C:\WINDOWS\system32\gitcnfvb.dll
    C:\WINDOWS\system32\iifcddc.dll
    C:\WINDOWS\system32\stvwa.bak1
    C:\WINDOWS\system32\stvwa.ini
    C:\WINDOWS\system32\stvwa.ini2
    C:\WINDOWS\system32\stvwa.tmp

    Beginning removal...

    Attempting to delete C:\Documents and settings\Dennis\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
    C:\Documents and settings\Dennis\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

    Attempting to delete C:\Documents and settings\Dennis\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
    C:\Documents and settings\Dennis\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awvts.dll
    C:\WINDOWS\system32\awvts.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\btmfgwpp.dll
    C:\WINDOWS\system32\btmfgwpp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bvfnctig.ini
    C:\WINDOWS\system32\bvfnctig.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gitcnfvb.dll
    C:\WINDOWS\system32\gitcnfvb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iifcddc.dll
    C:\WINDOWS\system32\iifcddc.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\stvwa.bak1
    C:\WINDOWS\system32\stvwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\stvwa.ini
    C:\WINDOWS\system32\stvwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\stvwa.ini2
    C:\WINDOWS\system32\stvwa.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\stvwa.tmp
    C:\WINDOWS\system32\stvwa.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\iifcddc.dll
    C:\WINDOWS\system32\iifcddc.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.6

    Checking Java version...

    Sun Java not detected
    Scan started at 10:13:31 AM 2/18/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\btmfgwpp.dll
    C:\WINDOWS\system32\iifcddc.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\iifcddc.dll
    C:\WINDOWS\system32\iifcddc.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.6

    Checking Java version...

    Sun Java not detected
    Scan started at 11:49:20 AM 2/19/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqp.dll
    C:\WINDOWS\system32\btmfgwpp.dll
    C:\WINDOWS\system32\iifcddc.dll
    C:\WINDOWS\system32\pqtwa.bak1
    C:\WINDOWS\system32\pqtwa.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtqp.dll
    C:\WINDOWS\system32\awtqp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iifcddc.dll
    C:\WINDOWS\system32\iifcddc.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pqtwa.bak1
    C:\WINDOWS\system32\pqtwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pqtwa.ini
    C:\WINDOWS\system32\pqtwa.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\iifcddc.dll
    C:\WINDOWS\system32\iifcddc.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!
     
  4. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    OK... don't worry about Vundo for now as its the least of your worries... we'll get back to it. I would like to kill off those Bots first.

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :

    [*]Restart your computer
    [*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    [*]Instead of Windows loading as normal, the Advanced Options Menu should appear;
    [*]Select the first option, to run Windows in Safe Mode, then press Enter.
    [*]Choose your usual account.

    [*] Open the extracted SDFix folder and double click RunThis.bat to start the script.
    [*] Type Y to begin the cleanup process.
    [*] It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    [*] Press any Key and it will restart the PC.
    [*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    [*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    [*] Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  5. Nephylim

    Nephylim Guest

    Thanks very much! I'm still getting popups but things are finally moving in the right direction Logs follow


    SDFix: Version 1.66

    Run by Administrator - Tue 02/20/2007 @ 0:06:15.92

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    COM+ Messages

    Path:
    "C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272

    COM+ Messages Deleted

    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\WINDOWS\Temp\win7D.tmp.exe - Deleted
    C:\WINDOWS\Temp\win83.tmp.exe - Deleted
    C:\WINDOWS\Temp\win8B.tmp.exe - Deleted
    C:\WINDOWS\Temp\win8D.tmp.exe - Deleted
    C:\WINDOWS\Temp\win90.tmp.exe - Deleted
    C:\WINDOWS\system32\unsvchosts.lzma - Deleted
    C:\WINDOWS\Temp\removalfile.bat - Deleted
    C:\WINDOWS\Temp\win*.tmp - Deleted



    ADS Check:

    C:\WINDOWS\system32
    No streams found.


    Final Check:

    Remaining Services:
    ------------------


    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\Quake III Arena\\quake3.exe"="C:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\OGPlanet\\Albatross18\\update.exe"="C:\\Program Files\\OGPlanet\\Albatross18\\update.exe:*:Enabled:Albatross18"
    "C:\\Program Files\\ABS-CBN\\Tantra Philippines\\Update.exe"="C:\\Program Files\\ABS-CBN\\Tantra Philippines\\Update.exe:*:Enabled:Update.exe"
    "C:\\Program Files\\ABS-CBN\\Tantra Philippines\\Tantra.exe"="C:\\Program Files\\ABS-CBN\\Tantra Philippines\\Tantra.exe:*:Enabled:Tantra.exe"
    "C:\\Program Files\\ABS-CBN\\Tantra Philippines\\HTLauncher.exe"="C:\\Program Files\\ABS-CBN\\Tantra Philippines\\HTLauncher.exe:*:Enabled:HTLauncher.exe"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Disabled:AOL Loader"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
    "C:\\WINDOWS\\security\\explorer.exe"="C:\\WINDOWS\\security\\explorer.exe:*:Enabled:Explorer"
    "C:\\WINDOWS\\TEMP\\win1DF.tmp.exe"="C:\\WINDOWS\\TEMP\\win1DF.tmp.exe:*:Enabled:win1DF.tmp"
    "C:\\WINDOWS\\TEMP\\win7F.tmp.exe"="C:\\WINDOWS\\TEMP\\win7F.tmp.exe:*:Enabled:win7F.tmp"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\WINDOWS\\security\\explorer.exe"="C:\\WINDOWS\\security\\explorer.exe:*:Enabled:Explorer"


    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip


    Checking For Files with Hidden Attributes :

    C:\Documents and Settings\Dennis\Application Data\MSWWINEDRVM7.DLL
    C:\WINDOWS\system32\mllmn.dll
    C:\WINDOWS\system32\MSWWINEDRVM7.DLL
    C:\WINDOWS\system32\qomkkjk.dll
    C:\WINDOWS\system32\ssttu.dll
    C:\Documents and Settings\Dennis\My Documents\??stem32\?vchost.exe
    C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
    C:\WINDOWS\system32\?dobe\alg.exe

    Add/Remove Programs List:

    AC3Filter (remove only)
    Adobe Acrobat 4.0
    Adobe Acrobat 5.0
    Adobe Photoshop CS2
    Adobe Shockwave Player
    AIM 6.0
    Albatross18 (OGPlanet)
    ALShow
    ALSong
    burnatonce
    Chromatica
    Conexant SoftK56 Modem(M)
    ColorPic
    Comcast High-Speed Internet Install Wizard
    DivX Content Uploader
    eMule
    Finale 2007
    Garritan Ambiance Installer
    HijackThis 1.99.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Windows Internet Explorer 7
    InterActual Player
    Java 2 Runtime Environment Standard Edition v1.3.1
    Java 2 Runtime Environment Standard Edition v1.3.1_02
    Macro Express 3
    Microsoft .NET Framework 1.1
    Mozilla Firefox (2.0.0.1)
    Microsoft Compression Client Pack 1.0 for Windows XP
    MyVitalAgent
    Native Instruments Finale GPO 2.0
    EA AutoPatch
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 97, Professional Edition
    OneTouch Version 3.0
    Outerinfo
    ProSavageDDR and Utilities
    Panda ActiveScan
    PaperPort 7.0
    Puzzle Pirates
    Logitechr Camera Driver
    QuickTime 3.0
    Real Alternative 1.51
    S3Display
    S3Gamma2
    S3Info2
    S3Overlay
    Adobe Flash Player 9 ActiveX
    SmartMusic 9
    SmartSleep 3.571
    Spybot - Search & Destroy 1.4
    Super Yahoo Messenger Archive Decoder
    Winamp (remove only)
    Windows Live OneCare safety scanner
    Windows XP Service Pack 2
    winpcap-nmap 3.1
    WinRAR archiver
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    XviD MPEG-4 Video Codec
    Yahoo Message Archive Decoder 4.15
    Yahoo! Toolbar
    Yahoo! extras
    Yahoo! Internet Mail
    Yahoo! Messenger
    OIN
    Tantra
    LastChaos
    Adobe Photoshop CS2
    Google Earth
    SnagIt 7
    iTunes
    QuickTime
    Windows Live Messenger
    PowerDVD
    VSAdd-in for Internet Explorer
    Windows Backup Utility
    Adobe Stock Photos 1.0
    DivX Codec
    TuneUp Utilities 2006
    GPL MPEG-1/2 DirectShow Decoder Filter
    CDBurnerXP Pro 3
    DivX Player
    Adobe Common File Installer
    Adobe Reader 7.0.8
    DivX Converter
    Conquer 2.0
    DivX Web Player
    Adobe Bridge 1.0
    Logitech QuickCam Software
    Microsoft .NET Framework 1.1
    Adobe Help Center 1.0
    Linksys Wireless-G PCI Network Adapter with SpeedBooster
    Microsoft Works 6.0
    Avance AC'97 Audio
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard

    Finished


    Logfile of HijackThis v1.99.1
    Scan saved at 12:21:35 AM, on 2/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Desktop Stuff\Stuff to DO\Scanners\HJT.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {585C7BA5-5FC6-410B-A5F8-6D16CC04E852} - C:\WINDOWS\system32\ssqrs.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {89F6D2C9-6528-4B36-8C77-74FBE7D8C8BF} - C:\WINDOWS\system32\awtqp.dll (file missing)
    O2 - BHO: (no name) - {8AAB9925-CC78-4BF5-B014-A089DD64D237} - C:\WINDOWS\system32\iifcddc.dll
    O2 - BHO: (no name) - {C7F47017-0A96-4600-8C65-FDDFAFE0E997} - C:\WINDOWS\system32\qomkkjk.dll
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\thsdklav.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vqfuiefe.dll",setvm
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: MyVitalAgent.lnk = C:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dennis\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120372390609
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22.com/view22/app/view22rte.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D601A894-4448-45D4-9DC0-A112A10010D3}: NameServer = 24.53.86.13,24.53.86.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: qomkkjk - C:\WINDOWS\SYSTEM32\qomkkjk.dll
    O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: DirectX Service (Hijuw) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)

     
  6. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Starting to look a bit better.

    Print these intructions out for reference during the fix.

    Click Start>Run type in appwiz.cpl and hit Enter. From the list uninstall:

    OuterInfo
    OIN


    Download KillBox from here:

    http://www.downloads.subratam.org/KillBox.zip

    Extract it to your Desktop. Don't run it yet.

    Run and scan with HijackThis and place checks beside the following:

    cO2 - BHO: (no name) - {585C7BA5-5FC6-410B-A5F8-6D16CC04E852} - C:\WINDOWS\system32\ssqrs.dll
    O2 - BHO: (no name) - {89F6D2C9-6528-4B36-8C77-74FBE7D8C8BF} - C:\WINDOWS\system32\awtqp.dll (file missing)
    O2 - BHO: (no name) - {8AAB9925-CC78-4BF5-B014-A089DD64D237} - C:\WINDOWS\system32\iifcddc.dll
    O2 - BHO: (no name) - {C7F47017-0A96-4600-8C65-FDDFAFE0E997} - C:\WINDOWS\system32\qomkkjk.dll
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\thsdklav.dll
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vqfuiefe.dll",setvm
    O20 - Winlogon Notify: qomkkjk - C:\WINDOWS\SYSTEM32\qomkkjk.dll
    O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
    O23 - Service: DirectX Service (Hijuw) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)


    Close all open browsers/windows and click the Fix button.

    Open Killbox.exe
    Check the following boxes:

    [*]Delete on Reboot
    [*]Unregister .dll before deleting(if not greyed out)

    [*]Highlight all the entries in the quote box below and the Copy them.

    [*]Then in Killbox, click File>>Paste from Clipboard
    At this point the "All Files" button should be enabled so you can click it.
    Click the "All Files" button.
    Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes.
    A second message will ask to Reboot now? You will need to click Yes to allow the reboot.

    Once back in Windows run VundoFix like you have done before.

    Post the contents of the VundoFix log along with a new HijackThis log please.

    Could I also get you to upload this file:

    C:\WINDOWS\system32\MSWWINEDRVM7.DLL

    Into VirusTotal's scanner and report back its results.

    Thanks.
     
    Last edited: Feb 20, 2007
  7. Nephylim

    Nephylim Guest

    Hello, and Thanks So Much! Still have popups but I did everything you asked, for the first time VundoFix didn't try and keep rebooting endlessly to delete something. Everything at VirusTotal said No Virus Found, until it got to Panda, IE froze after Panda the first time I scanned, and the second time it froze at F-Prot. I couldn't make it browse for the file using Firefox at all. Logs follow.

    HJT still wouldn't remove qomkkjk.dll

    Logfile of HijackThis v1.99.1
    Scan saved at 11:12:15 AM, on 2/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Desktop Stuff\Stuff to DO\Scanners\HJT.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {8ADD315E-DA3B-4B73-8628-1E86D808C085} - C:\WINDOWS\system32\ssqrs.dll (file missing)
    O2 - BHO: (no name) - {C7F47017-0A96-4600-8C65-FDDFAFE0E997} - C:\WINDOWS\system32\qomkkjk.dll
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\fjeiqcjw.dll
    O2 - BHO: (no name) - {FB25AE7D-F8B8-46B9-8881-0BB3BB05B6E9} - C:\WINDOWS\system32\mllmj.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\jodivoob.dll",setvm
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: MyVitalAgent.lnk = C:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dennis\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120372390609
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22.com/view22/app/view22rte.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D601A894-4448-45D4-9DC0-A112A10010D3}: NameServer = 24.53.86.13,24.53.86.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
    O20 - Winlogon Notify: qomkkjk - C:\WINDOWS\SYSTEM32\qomkkjk.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: DirectX Service (Hijuw) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)

    VundoFix (only the part dated today to shorten length)

    VundoFix V6.3.6

    Checking Java version...

    Sun Java not detected
    Scan started at 10:44:07 AM 2/20/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\btmfgwpp.dll
    C:\WINDOWS\system32\kithmaro.dll
    C:\WINDOWS\system32\oramhtik.ini
    C:\WINDOWS\system32\srqss.bak1
    C:\WINDOWS\system32\srqss.ini
    C:\WINDOWS\system32\srqss.ini2
    C:\WINDOWS\system32\srqss.tmp
    C:\WINDOWS\system32\ssqrs.dll
    C:\WINDOWS\system32\vqfuiefe.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\kithmaro.dll
    C:\WINDOWS\system32\kithmaro.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oramhtik.ini
    C:\WINDOWS\system32\oramhtik.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\srqss.bak1
    C:\WINDOWS\system32\srqss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\srqss.ini
    C:\WINDOWS\system32\srqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\srqss.ini2
    C:\WINDOWS\system32\srqss.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\srqss.tmp
    C:\WINDOWS\system32\srqss.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqrs.dll
    C:\WINDOWS\system32\ssqrs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vqfuiefe.dll
    C:\WINDOWS\system32\vqfuiefe.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
     
  8. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    OK... I want to take a bit of a deeper look into your system...

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

    [*]Close ALL OTHER PROGRAMS.
    [*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    [*]Now click the Run Scan button on the toolbar.
    [*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    [*]When the scan is complete Notepad will open with the report file loaded in it.
    [*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

    Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
     
  9. PWNed100

    PWNed100 Guest

    Try and use HJT delete at reboot feature
    *Make sure Hijackthis.exe is extracted to its own folder
    *Run HJT and in the lower right corner there should be a box that says "Other stuff"... in that box should be "config"... click on that
    *Then in the list of options there should be a box called "delete file at reboot" \
    *Seach for the file "C:\WINDOWS\SYSTEM32\qomkkjk.dll" and click open
     
  10. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    KillBox does the same thing... but is a bit more powerful than HJT which is why I had Nephylim use it instead of that feature in HJT.

    So using HJT to try the same thing isn't going to work. There is something else going on which is why I wanted a better look at his system and requested a WinPFind3 log from him. It should enumerate any other unseen files that may be reinstalling the infection.

    HJT is a good tool... but its getting to be a bit old. As malware has changed and found new ways and points of loading itself... you sometimes need a tool that scans more of those places to find out what is going on.
     
  11. Nephylim

    Nephylim Guest

    Okay I had problems with your scan. I let it run for over 14 hours, and it never passed the registry. So when I woke up this morning, I set registry to None, and left the other settings alone. Scan finished in under half an hour. I can try the registry again if necessary, however I don't think it will do it. Here's the scan with everything except the registry. I'll continue trying to get somewhere with it until I hear a response.

    WinPFind3 logfile created on: 2/21/2007 11:04:14 AM
    WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Documents and Settings\Dennis\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    490992 Kb Total Physical Memory | 221312 Kb Available Physical Memory | 45.07% Memory free
    1148648 Kb Paging File | 983848 Kb Available in Paging File | 85.65% Paging File free
    Paging file location(s): C:\pagefile.sys 720 1440;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 78180288 Kb Total Space | 27277076 Kb Free Space | 34.89% Space Free
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded


    [Processes - Non-Microsoft Only]
    fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 192512 bytes | Modified Date = 1/18/2005 4:08:36 PM | Attr = ]
    logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 1/18/2005 4:37:30 PM | Attr = ]
    lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 10/8/2004 10:52:32 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 2/12/2007 9:39:14 PM | Attr = ]
    wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]
    wmp54gsv1_1.exe -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe -> Linksys [Ver = 1.0.0.4 | Size = 5046784 bytes | Modified Date = 4/28/2005 10:20:26 PM | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 12/30/2006 4:25:18 PM | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
    (Hijuw) DirectX Service [Win32_Own | Auto | Stopped] -> %System32%\directx.exe -> File not found
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
    (WMP54GSSVC) WMP54GSSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]


    [Files - Created Within 30 days]
    expo00001.BMP -> %SystemDrive%\expo00001.BMP -> [Ver = | Size = 253494 bytes | Created Date = 1/24/2007 2:45:41 AM | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502845440 bytes | Created Date = 1/1/1601 7:00:00 AM | Attr = HS]
    sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Created Date = 1/26/2007 4:59:49 AM | Attr = H ]
    sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Created Date = 1/26/2007 4:59:49 AM | Attr = H ]
    d3d9caps.tmp -> %LocalAppData%\d3d9caps.tmp -> [Ver = | Size = 664 bytes | Created Date = 2/20/2007 12:09:56 PM | Attr = ]
    fusioncache.dat -> %LocalAppData%\fusioncache.dat -> [Ver = | Size = 129 bytes | Created Date = 2/16/2007 12:07:01 PM | Attr = ]
    macex.mex -> %UserDocuments%\macex.mex -> [Ver = | Size = 4640 bytes | Created Date = 2/7/2007 4:52:25 AM | Attr = ]
    registrybackupmssmgr.reg -> %UserDocuments%\registrybackupmssmgr.reg -> [Ver = | Size = 3110 bytes | Created Date = 2/14/2007 10:32:38 AM | Attr = ]
    sdsdsds.000 -> %UserDocuments%\sdsdsds.000 -> [Ver = | Size = 111816 bytes | Created Date = 2/7/2007 6:11:58 AM | Attr = ]
    sdsdsds.001 -> %UserDocuments%\sdsdsds.001 -> [Ver = | Size = 27849 bytes | Created Date = 2/13/2007 9:00:06 PM | Attr = ]
    sdsdsds.mex -> %UserDocuments%\sdsdsds.mex -> [Ver = | Size = 111816 bytes | Created Date = 2/7/2007 5:01:44 AM | Attr = ]
    CDBurnerXP Pro 3.lnk -> %AllUsersDesktop%\CDBurnerXP Pro 3.lnk -> [Ver = | Size = 2331 bytes | Created Date = 2/14/2007 8:38:16 PM | Attr = ]
    SnagIt 7.lnk -> %AllUsersDesktop%\SnagIt 7.lnk -> [Ver = | Size = 1742 bytes | Created Date = 2/1/2007 12:42:53 AM | Attr = ]
    cwshredder.exe -> %UserDesktop%\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Created Date = 2/16/2007 12:42:37 PM | Attr = ]
    DMSetup-Serial.exe -> %UserDesktop%\DMSetup-Serial.exe -> McAfee, Inc. [Ver = 1,3,100,0 | Size = 591400 bytes | Created Date = 2/18/2007 8:45:02 PM | Attr = ]
    Evanescence.asl -> %UserDesktop%\Evanescence.asl -> [Ver = | Size = 10635 bytes | Created Date = 2/9/2007 9:56:33 AM | Attr = ]
    Hank Williams - The Complete Hank Williams Boxset.rar -> %UserDesktop%\Hank Williams - The Complete Hank Williams Boxset.rar -> [Ver = | Size = 734763986 bytes | Created Date = 2/3/2007 6:29:55 PM | Attr = ]
    Icons.lnk -> %UserDesktop%\Icons.lnk -> [Ver = | Size = 480 bytes | Created Date = 2/14/2007 7:36:47 PM | Attr = ]
    Inuyasha.lnk -> %UserDesktop%\Inuyasha.lnk -> [Ver = | Size = 499 bytes | Created Date = 2/14/2007 7:35:35 PM | Attr = ]
    IPOD.lnk -> %UserDesktop%\IPOD.lnk -> [Ver = | Size = 475 bytes | Created Date = 2/14/2007 7:37:02 PM | Attr = ]
    KillBox.exe -> %UserDesktop%\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Created Date = 1/31/2007 7:22:01 AM | Attr = ]
    Music.lnk -> %UserDesktop%\Music.lnk -> [Ver = | Size = 480 bytes | Created Date = 2/16/2007 9:48:46 AM | Attr = ]
    my day.avi -> %UserDesktop%\my day.avi -> [Ver = | Size = 3357184 bytes | Created Date = 2/17/2007 10:40:22 PM | Attr = ]
    OCR.lnk -> %UserDesktop%\OCR.lnk -> [Ver = | Size = 468 bytes | Created Date = 2/14/2007 7:36:25 PM | Attr = ]
    Photoshop.lnk -> %UserDesktop%\Photoshop.lnk -> [Ver = | Size = 504 bytes | Created Date = 2/14/2007 7:37:16 PM | Attr = ]
    Pictures and Videos.lnk -> %UserDesktop%\Pictures and Videos.lnk -> [Ver = | Size = 767 bytes | Created Date = 2/3/2007 12:58:34 AM | Attr = ]
    Stuff to DO.lnk -> %UserDesktop%\Stuff to DO.lnk -> [Ver = | Size = 514 bytes | Created Date = 2/14/2007 7:38:46 PM | Attr = ]
    VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Created Date = 2/18/2007 9:33:38 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Created Date = 2/20/2007 9:08:49 PM | Attr = ]
    EReg072.dat -> %SystemRoot%\EReg072.dat -> [Ver = | Size = 292 bytes | Created Date = 2/10/2007 3:42:23 PM | Attr = ]
    MegaManager.INI -> %SystemRoot%\MegaManager.INI -> [Ver = | Size = 23 bytes | Created Date = 2/9/2007 4:05:43 PM | Attr = ]
    MSREGUSR.INI -> %SystemRoot%\MSREGUSR.INI -> [Ver = | Size = 106 bytes | Created Date = 1/31/2007 10:41:21 AM | Attr = ]
    UniFish3.exe -> %SystemRoot%\UniFish3.exe -> [Ver = | Size = 45568 bytes | Created Date = 2/10/2007 3:14:27 PM | Attr = ]
    unSpySweeper.exe -> %SystemRoot%\unSpySweeper.exe -> Webroot Software, Inc. [Ver = 2.1.0.34 | Size = 150528 bytes | Created Date = 2/19/2007 8:03:06 PM | Attr = ]
    VAMPIRE.INI -> %SystemRoot%\VAMPIRE.INI -> [Ver = | Size = 673 bytes | Created Date = 2/20/2007 1:14:29 AM | Attr = ]
    ac3filter.cpl -> %System32%\ac3filter.cpl -> [Ver = 1.01a | Size = 417792 bytes | Created Date = 1/27/2007 3:24:22 PM | Attr = ]
    bdeeg.bak2 -> %System32%\bdeeg.bak2 -> [Ver = | Size = 997165 bytes | Created Date = 2/21/2007 2:52:39 AM | Attr = HS]
    bdeeg.ini -> %System32%\bdeeg.ini -> [Ver = | Size = 353 bytes | Created Date = 2/21/2007 1:30:26 AM | Attr = HS]
    bdeeg.ini2 -> %System32%\bdeeg.ini2 -> [Ver = | Size = 997165 bytes | Created Date = 2/21/2007 1:01:21 AM | Attr = HS]
    bdeeg.tmp -> %System32%\bdeeg.tmp -> [Ver = | Size = 1000053 bytes | Created Date = 2/21/2007 12:58:42 AM | Attr = HS]
    boovidoj.ini -> %System32%\boovidoj.ini -> [Ver = | Size = 655 bytes | Created Date = 2/20/2007 11:10:03 AM | Attr = HS]
    DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 738906 bytes | Created Date = 1/25/2007 6:13:40 PM | Attr = ]
    divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.5.0.0 | Size = 622592 bytes | Created Date = 1/25/2007 6:13:33 PM | Attr = ]
    DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Created Date = 1/25/2007 6:13:32 PM | Attr = ]
    DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 5, 0, 0 | Size = 524288 bytes | Created Date = 1/25/2007 6:19:04 PM | Attr = ]
    divxsm.tlb -> %System32%\divxsm.tlb -> [Ver = | Size = 4816 bytes | Created Date = 1/25/2007 6:19:04 PM | Attr = ]
    divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Created Date = 1/25/2007 6:13:42 PM | Attr = ]
    divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Created Date = 1/25/2007 6:13:40 PM | Attr = ]
    divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 802816 bytes | Created Date = 1/25/2007 6:13:40 PM | Attr = ]
    dlbohlou.dll -> %System32%\dlbohlou.dll -> [Ver = | Size = 76412 bytes | Created Date = 2/16/2007 9:35:11 AM | Attr = ]
    dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Created Date = 1/25/2007 6:13:45 PM | Attr = ]
    dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 1/25/2007 6:13:45 PM | Attr = ]
    dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    drvlok.dll -> %System32%\drvlok.dll -> [Ver = | Size = 93696 bytes | Created Date = 2/18/2007 1:34:14 PM | Attr = ]
    drvmip.dll -> %System32%\drvmip.dll -> [Ver = | Size = 93696 bytes | Created Date = 2/14/2007 9:51:17 AM | Attr = ]
    dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Created Date = 1/25/2007 6:13:45 PM | Attr = ]
    eaexec.exe -> %System32%\eaexec.exe -> Electronic Arts [Ver = 1.2 | Size = 132096 bytes | Created Date = 2/10/2007 3:24:38 PM | Attr = ]
    ealtest.exe -> %System32%\ealtest.exe -> [Ver = | Size = 24576 bytes | Created Date = 2/10/2007 3:24:38 PM | Attr = ]
    fjeiqcjw.dll -> %System32%\fjeiqcjw.dll -> [Ver = | Size = 44177 bytes | Created Date = 2/20/2007 10:38:00 AM | Attr = ]
    flplswdk.ini -> %System32%\flplswdk.ini -> [Ver = | Size = 1072151 bytes | Created Date = 2/14/2007 7:34:21 PM | Attr = HS]
    geedb.dll -> %System32%\geedb.dll -> [Ver = | Size = 281652 bytes | Created Date = 2/20/2007 12:14:22 PM | Attr = ]
    iydaptee.dll -> %System32%\iydaptee.dll -> [Ver = | Size = 76412 bytes | Created Date = 2/14/2007 9:57:33 AM | Attr = ]
    jlkwrxd.dll -> %System32%\jlkwrxd.dll -> [Ver = | Size = 94208 bytes | Created Date = 2/18/2007 1:34:08 PM | Attr = ]
    jmllm.bak1 -> %System32%\jmllm.bak1 -> [Ver = | Size = 997165 bytes | Created Date = 2/20/2007 11:29:27 AM | Attr = HS]
    jmllm.ini -> %System32%\jmllm.ini -> [Ver = | Size = 997519 bytes | Created Date = 2/20/2007 11:09:38 AM | Attr = HS]
    jodivoob.dll -> %System32%\jodivoob.dll -> [Ver = | Size = 118804 bytes | Created Date = 2/20/2007 11:09:59 AM | Attr = ]
    kwfykwfk.dll -> %System32%\kwfykwfk.dll -> [Ver = | Size = 76412 bytes | Created Date = 2/14/2007 11:29:02 AM | Attr = ]
    libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 1/25/2007 6:18:54 PM | Attr = ]
    mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 2/19/2007 1:49:16 PM | Attr = ]
    mllmj.dll -> %System32%\mllmj.dll -> [Ver = | Size = 281652 bytes | Created Date = 2/20/2007 11:09:17 AM | Attr = ]
    mllmn.dll -> %System32%\mllmn.dll -> [Ver = | Size = 281652 bytes | Created Date = 2/19/2007 1:24:58 PM | Attr = ]
    MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 54342 bytes | Created Date = 2/14/2007 4:31:33 PM | Attr = ]
    MSForms.TWD -> %System32%\MSForms.TWD -> [Ver = | Size = 120872 bytes | Created Date = 1/31/2007 9:52:34 AM | Attr = ]
    nmllm.bak1 -> %System32%\nmllm.bak1 -> [Ver = | Size = 1013225 bytes | Created Date = 2/19/2007 1:25:29 PM | Attr = HS]
    nmllm.ini -> %System32%\nmllm.ini -> [Ver = | Size = 1016698 bytes | Created Date = 2/19/2007 1:25:16 PM | Attr = HS]
    NPSExec.exe -> %System32%\NPSExec.exe -> Electronic Arts [Ver = 1.0 | Size = 33792 bytes | Created Date = 2/10/2007 3:42:14 PM | Attr = ]
    NPSPatch.isu -> %System32%\NPSPatch.isu -> [Ver = | Size = 6450 bytes | Created Date = 2/10/2007 3:42:13 PM | Attr = ]
    omijlpph.dll -> %System32%\omijlpph.dll -> [Ver = | Size = 76412 bytes | Created Date = 2/17/2007 2:57:17 PM | Attr = ]
    pcftculh.dll -> %System32%\pcftculh.dll -> [Ver = | Size = 76412 bytes | Created Date = 2/14/2007 7:33:47 PM | Attr = ]
    pliuobjn.ini -> %System32%\pliuobjn.ini -> [Ver = | Size = 346 bytes | Created Date = 2/14/2007 8:36:19 PM | Attr = HS]
    pmkjg.dll -> %System32%\pmkjg.dll -> [Ver = | Size = 281652 bytes | Created Date = 2/20/2007 11:09:07 AM | Attr = ]
    pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 1/31/2007 7:34:00 AM | Attr = ]
    pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 1/31/2007 7:34:00 AM | Attr = ]
    pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 1/31/2007 7:34:01 AM | Attr = ]
    qomkkjk.dll -> %System32%\qomkkjk.dll -> [Ver = | Size = 26637 bytes | Created Date = 2/18/2007 1:34:06 PM | Attr = ]
    qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 1/25/2007 6:19:02 PM | Attr = ]
    rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Created Date = 1/31/2007 7:34:01 AM | Attr = ]
    ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 1/25/2007 6:18:54 PM | Attr = ]
    ssttu.dll -> %System32%\ssttu.dll -> [Ver = | Size = 281652 bytes | Created Date = 2/18/2007 10:26:24 AM | Attr = ]
    tbltgbni.dll -> %System32%\tbltgbni.dll -> [Ver = | Size = 76412 bytes | Created Date = 2/16/2007 9:48:32 AM | Attr = ]
    Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 8704 bytes | Created Date = 1/23/2007 1:38:39 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
    Tr_sttool.dat -> %System32%\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Created Date = 1/31/2007 7:11:42 AM | Attr = ]
    uttss.bak1 -> %System32%\uttss.bak1 -> [Ver = | Size = 1014623 bytes | Created Date = 2/18/2007 10:26:47 AM | Attr = HS]
    uttss.ini -> %System32%\uttss.ini -> [Ver = | Size = 1015328 bytes | Created Date = 2/18/2007 10:26:33 AM | Attr = HS]
    uxtuneup.dll -> %System32%\uxtuneup.dll -> TuneUp Software GmbH [Ver = 1.0.0.2 | Size = 24072 bytes | Created Date = 2/10/2007 2:39:18 PM | Attr = ]
    wnsapisv.exe -> %System32%\wnsapisv.exe -> [Ver = | Size = 2 bytes | Created Date = 2/14/2007 9:52:27 AM | Attr = ]
    Tsknf602.sys -> %System32%\drivers\Tsknf602.sys -> Igor Arsenin [Ver = 6.22 | Size = 11200 bytes | Created Date = 1/24/2007 8:14:05 AM | Attr = ]

    [Files - Modified Within 30 days]
    boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 389 bytes | Modified Date = 2/10/2007 8:21:40 AM | Attr = RHS]
    expo00001.BMP -> %SystemDrive%\expo00001.BMP -> [Ver = | Size = 253494 bytes | Modified Date = 1/24/2007 2:45:42 AM | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502845440 bytes | Modified Date = 2/21/2007 1:50:12 AM | Attr = HS]
    sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/26/2007 4:59:50 AM | Attr = H ]
    sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/26/2007 4:59:50 AM | Attr = H ]
    d3d9caps.tmp -> %LocalAppData%\d3d9caps.tmp -> [Ver = | Size = 664 bytes | Modified Date = 2/20/2007 12:09:58 PM | Attr = ]
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 20480 bytes | Modified Date = 2/20/2007 9:11:46 PM | Attr = ]
    fusioncache.dat -> %LocalAppData%\fusioncache.dat -> [Ver = | Size = 129 bytes | Modified Date = 2/16/2007 12:07:02 PM | Attr = ]
    GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 62312 bytes | Modified Date = 2/17/2007 10:37:48 PM | Attr = ]
    IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1397874 bytes | Modified Date = 2/12/2007 10:28:30 PM | Attr = H ]
    macex.mex -> %UserDocuments%\macex.mex -> [Ver = | Size = 4640 bytes | Modified Date = 2/7/2007 4:52:26 AM | Attr = ]
    My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 581 bytes | Modified Date = 2/21/2007 1:52:20 AM | Attr = ]
    registrybackupmssmgr.reg -> %UserDocuments%\registrybackupmssmgr.reg -> [Ver = | Size = 3110 bytes | Modified Date = 2/14/2007 10:32:40 AM | Attr = ]
    sdsdsds.000 -> %UserDocuments%\sdsdsds.000 -> [Ver = | Size = 111816 bytes | Modified Date = 2/13/2007 7:31:10 PM | Attr = ]
    sdsdsds.001 -> %UserDocuments%\sdsdsds.001 -> [Ver = | Size = 27849 bytes | Modified Date = 2/7/2007 5:10:52 AM | Attr = ]
    sdsdsds.mex -> %UserDocuments%\sdsdsds.mex -> [Ver = | Size = 111816 bytes | Modified Date = 2/13/2007 7:31:10 PM | Attr = ]
    CDBurnerXP Pro 3.lnk -> %AllUsersDesktop%\CDBurnerXP Pro 3.lnk -> [Ver = | Size = 2331 bytes | Modified Date = 2/19/2007 8:28:00 PM | Attr = ]
    SnagIt 7.lnk -> %AllUsersDesktop%\SnagIt 7.lnk -> [Ver = | Size = 1742 bytes | Modified Date = 2/1/2007 12:42:54 AM | Attr = ]
    cwshredder.exe -> %UserDesktop%\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 2/16/2007 12:43:12 PM | Attr = ]
    DMSetup-Serial.exe -> %UserDesktop%\DMSetup-Serial.exe -> McAfee, Inc. [Ver = 1,3,100,0 | Size = 591400 bytes | Modified Date = 2/18/2007 8:45:10 PM | Attr = ]
    Evanescence.asl -> %UserDesktop%\Evanescence.asl -> [Ver = | Size = 10635 bytes | Modified Date = 2/9/2007 9:56:34 AM | Attr = ]
    Hank Williams - The Complete Hank Williams Boxset.rar -> %UserDesktop%\Hank Williams - The Complete Hank Williams Boxset.rar -> [Ver = | Size = 734763986 bytes | Modified Date = 2/19/2007 9:58:02 PM | Attr = ]
    Icons.lnk -> %UserDesktop%\Icons.lnk -> [Ver = | Size = 480 bytes | Modified Date = 2/14/2007 7:36:48 PM | Attr = ]
    Inuyasha.lnk -> %UserDesktop%\Inuyasha.lnk -> [Ver = | Size = 499 bytes | Modified Date = 2/14/2007 7:35:36 PM | Attr = ]
    IPOD.lnk -> %UserDesktop%\IPOD.lnk -> [Ver = | Size = 475 bytes | Modified Date = 2/14/2007 7:37:04 PM | Attr = ]
    KillBox.exe -> %UserDesktop%\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Modified Date = 1/31/2007 7:22:02 AM | Attr = ]
    Music.lnk -> %UserDesktop%\Music.lnk -> [Ver = | Size = 480 bytes | Modified Date = 2/16/2007 9:48:48 AM | Attr = ]
    my day.avi -> %UserDesktop%\my day.avi -> [Ver = | Size = 3357184 bytes | Modified Date = 2/17/2007 10:39:22 PM | Attr = ]
    OCR.lnk -> %UserDesktop%\OCR.lnk -> [Ver = | Size = 468 bytes | Modified Date = 2/14/2007 7:36:26 PM | Attr = ]
    Photoshop.lnk -> %UserDesktop%\Photoshop.lnk -> [Ver = | Size = 504 bytes | Modified Date = 2/14/2007 7:37:18 PM | Attr = ]
    Pictures and Videos.lnk -> %UserDesktop%\Pictures and Videos.lnk -> [Ver = | Size = 767 bytes | Modified Date = 2/3/2007 12:58:36 AM | Attr = ]
    Stuff to DO.lnk -> %UserDesktop%\Stuff to DO.lnk -> [Ver = | Size = 514 bytes | Modified Date = 2/14/2007 7:38:48 PM | Attr = ]
    Tantra KIII.lnk -> %UserDesktop%\Tantra KIII.lnk -> [Ver = | Size = 2521 bytes | Modified Date = 2/15/2007 8:52:44 PM | Attr = ]
    Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 100352 bytes | Modified Date = 2/9/2007 6:37:40 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
    VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Modified Date = 2/18/2007 9:33:36 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Modified Date = 2/20/2007 9:08:40 PM | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/21/2007 1:50:16 AM | Attr = S]
    EReg072.dat -> %SystemRoot%\EReg072.dat -> [Ver = | Size = 292 bytes | Modified Date = 2/10/2007 3:42:24 PM | Attr = ]
    MegaManager.INI -> %SystemRoot%\MegaManager.INI -> [Ver = | Size = 23 bytes | Modified Date = 2/9/2007 4:05:44 PM | Attr = ]
    MSREGUSR.INI -> %SystemRoot%\MSREGUSR.INI -> [Ver = | Size = 106 bytes | Modified Date = 1/31/2007 10:41:22 AM | Attr = ]
    PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 617 bytes | Modified Date = 2/10/2007 3:15:02 PM | Attr = ]
    Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 3584 bytes | Modified Date = 1/23/2007 1:38:30 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
    VAMPIRE.INI -> %SystemRoot%\VAMPIRE.INI -> [Ver = | Size = 673 bytes | Modified Date = 2/20/2007 1:18:14 AM | Attr = ]
    bdeeg.bak2 -> %System32%\bdeeg.bak2 -> [Ver = | Size = 997165 bytes | Modified Date = 2/21/2007 2:52:46 AM | Attr = HS]
    bdeeg.ini -> %System32%\bdeeg.ini -> [Ver = | Size = 353 bytes | Modified Date = 2/21/2007 1:18:18 AM | Attr = HS]
    bdeeg.ini2 -> %System32%\bdeeg.ini2 -> [Ver = | Size = 997165 bytes | Modified Date = 2/21/2007 11:04:14 AM | Attr = HS]
    bdeeg.tmp -> %System32%\bdeeg.tmp -> [Ver = | Size = 1000053 bytes | Modified Date = 2/21/2007 1:01:18 AM | Attr = HS]
    boovidoj.ini -> %System32%\boovidoj.ini -> [Ver = | Size = 655 bytes | Modified Date = 2/21/2007 6:33:08 AM | Attr = HS]
    CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 2/18/2007 9:29:58 PM | Attr = ]
    d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 2/20/2007 12:09:58 PM | Attr = ]
    DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 738906 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.5.0.0 | Size = 622592 bytes | Modified Date = 1/25/2007 6:13:34 PM | Attr = ]
    DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Modified Date = 1/25/2007 6:13:34 PM | Attr = ]
    DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 5, 0, 0 | Size = 524288 bytes | Modified Date = 1/25/2007 6:19:06 PM | Attr = ]
    divxsm.tlb -> %System32%\divxsm.tlb -> [Ver = | Size = 4816 bytes | Modified Date = 1/25/2007 6:19:06 PM | Attr = ]
    divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Modified Date = 1/25/2007 6:13:44 PM | Attr = ]
    divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 802816 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    dlbohlou.dll -> %System32%\dlbohlou.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/16/2007 9:35:16 AM | Attr = ]
    dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    drvlok.dll -> %System32%\drvlok.dll -> [Ver = | Size = 93696 bytes | Modified Date = 2/18/2007 1:34:16 PM | Attr = ]
    drvmip.dll -> %System32%\drvmip.dll -> [Ver = | Size = 93696 bytes | Modified Date = 2/14/2007 9:51:18 AM | Attr = ]
    dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    fjeiqcjw.dll -> %System32%\fjeiqcjw.dll -> [Ver = | Size = 44177 bytes | Modified Date = 2/20/2007 10:38:02 AM | Attr = ]
    flplswdk.ini -> %System32%\flplswdk.ini -> [Ver = | Size = 1072151 bytes | Modified Date = 2/14/2007 7:35:06 PM | Attr = HS]
    FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 219248 bytes | Modified Date = 2/17/2007 2:51:36 PM | Attr = ]
    geedb.dll -> %System32%\geedb.dll -> [Ver = | Size = 281652 bytes | Modified Date = 2/20/2007 12:14:42 PM | Attr = ]
    Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2/16/2007 9:33:38 AM | Attr = ]
    iydaptee.dll -> %System32%\iydaptee.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/14/2007 9:57:36 AM | Attr = ]
    jlkwrxd.dll -> %System32%\jlkwrxd.dll -> [Ver = | Size = 94208 bytes | Modified Date = 2/18/2007 1:34:10 PM | Attr = ]
    jmllm.bak1 -> %System32%\jmllm.bak1 -> [Ver = | Size = 997165 bytes | Modified Date = 2/20/2007 11:29:28 AM | Attr = HS]
    jmllm.ini -> %System32%\jmllm.ini -> [Ver = | Size = 997519 bytes | Modified Date = 2/20/2007 11:43:40 AM | Attr = HS]
    jodivoob.dll -> %System32%\jodivoob.dll -> [Ver = | Size = 118804 bytes | Modified Date = 2/20/2007 11:10:02 AM | Attr = ]
    kwfykwfk.dll -> %System32%\kwfykwfk.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/14/2007 11:29:06 AM | Attr = ]
    libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 1/25/2007 6:18:56 PM | Attr = ]
    mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 2/19/2007 1:49:18 PM | Attr = ]
    mllmj.dll -> %System32%\mllmj.dll -> [Ver = | Size = 281652 bytes | Modified Date = 2/20/2007 11:09:32 AM | Attr = ]
    mllmn.dll -> %System32%\mllmn.dll -> [Ver = | Size = 281652 bytes | Modified Date = 2/19/2007 1:25:14 PM | Attr = ]
    MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 54342 bytes | Modified Date = 2/14/2007 4:31:34 PM | Attr = ]
    MSForms.TWD -> %System32%\MSForms.TWD -> [Ver = | Size = 120872 bytes | Modified Date = 1/31/2007 9:52:36 AM | Attr = ]
    nmllm.bak1 -> %System32%\nmllm.bak1 -> [Ver = | Size = 1013225 bytes | Modified Date = 2/19/2007 1:25:30 PM | Attr = HS]
    nmllm.ini -> %System32%\nmllm.ini -> [Ver = | Size = 1016698 bytes | Modified Date = 2/19/2007 1:48:42 PM | Attr = HS]
    NPSPatch.isu -> %System32%\NPSPatch.isu -> [Ver = | Size = 6450 bytes | Modified Date = 2/10/2007 3:42:16 PM | Attr = ]
    omijlpph.dll -> %System32%\omijlpph.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/17/2007 2:57:20 PM | Attr = ]
    pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2/16/2007 9:33:38 AM | Attr = ]
    pcftculh.dll -> %System32%\pcftculh.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/14/2007 7:33:54 PM | Attr = ]
    pliuobjn.ini -> %System32%\pliuobjn.ini -> [Ver = | Size = 346 bytes | Modified Date = 2/14/2007 8:36:20 PM | Attr = HS]
    pmkjg.dll -> %System32%\pmkjg.dll -> [Ver = | Size = 281652 bytes | Modified Date = 2/20/2007 11:09:22 AM | Attr = ]
    px.dll -> %System32%\px.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 527096 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 129784 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 64760 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 116472 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.02.01a | Size = 502520 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 72440 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 64760 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 118520 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxmas.dll -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 183032 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 1329912 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxwave.dll -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 379640 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    qomkkjk.dll -> %System32%\qomkkjk.dll -> [Ver = | Size = 26637 bytes | Modified Date = 2/18/2007 1:34:08 PM | Attr = ]
    qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Modified Date = 1/25/2007 6:19:04 PM | Attr = ]
    ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 1/25/2007 6:18:56 PM | Attr = ]
    ssttu.dll -> %System32%\ssttu.dll -> [Ver = | Size = 281652 bytes | Modified Date = 2/18/2007 10:26:32 AM | Attr = ]
    tbltgbni.dll -> %System32%\tbltgbni.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/16/2007 9:48:38 AM | Attr = ]
    Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 8704 bytes | Modified Date = 1/23/2007 1:38:40 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
    Tr_sttool.dat -> %System32%\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/31/2007 7:13:18 AM | Attr = ]
    Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2/16/2007 9:33:38 AM | Attr = ]
    uttss.bak1 -> %System32%\uttss.bak1 -> [Ver = | Size = 1014623 bytes | Modified Date = 2/18/2007 10:26:50 AM | Attr = HS]
    uttss.ini -> %System32%\uttss.ini -> [Ver = | Size = 1015328 bytes | Modified Date = 2/18/2007 10:30:42 AM | Attr = HS]
    vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.74a | Size = 39672 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    wnsapisv.exe -> %System32%\wnsapisv.exe -> [Ver = | Size = 2 bytes | Modified Date = 2/20/2007 10:34:16 AM | Attr = ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 2/17/2007 2:57:22 PM | Attr = ]
    PxHelp20.sys -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]

    [File String Scan - Non-Microsoft Only]
    @Alternate Data Stream - 346 bytes -> %AllUsersAppData%\TEMP:05EE1EEF ->
    PEC2 , -> %AllUsersDocuments%\vitalagent.zip -> [Ver = | Size = 1402762 bytes | Modified Date = 2/22/2002 8:01:22 AM | Attr = ]
    qoologic , urllogic , urllogic , -> %UserDesktop%\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 2/16/2007 12:43:12 PM | Attr = ]
    File scan skipped for file %UserDesktop%\Hank Williams - The Complete Hank Williams Boxset.rar -> File size too big (734763986 bytes) ->
    UPX! , UPX0 , -> %UserDesktop%\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Modified Date = 1/31/2007 7:22:02 AM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
    PEC2 , PECompact2 , -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Modified Date = 2/18/2007 9:33:36 AM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\AIM.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\emachines_32.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\encarta.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Netscape.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
    UPX! , UPX0 , -> %SystemRoot%\unSpySweeper.exe -> Webroot Software, Inc. [Ver = 2.1.0.34 | Size = 150528 bytes | Modified Date = 10/15/2003 11:42:16 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Winamp1.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    UPX! , UPX0 , -> %System32%\devil.dll -> Abysmal Software [Ver = 1.6.5 | Size = 269312 bytes | Modified Date = 3/10/2005 9:48:10 AM | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 738906 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    UPX! , UPX0 , -> %System32%\dlbohlou.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/16/2007 9:35:16 AM | Attr = ]
    PEC2 , PECompact2 , -> %System32%\drvlok.dll -> [Ver = | Size = 93696 bytes | Modified Date = 2/18/2007 1:34:16 PM | Attr = ]
    PEC2 , PECompact2 , -> %System32%\drvmip.dll -> [Ver = | Size = 93696 bytes | Modified Date = 2/14/2007 9:51:18 AM | Attr = ]
    UPX! , UPX0 , -> %System32%\fjeiqcjw.dll -> [Ver = | Size = 44177 bytes | Modified Date = 2/20/2007 10:38:02 AM | Attr = ]
    UPX! , UPX0 , -> %System32%\iydaptee.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/14/2007 9:57:36 AM | Attr = ]
    UPX! , UPX0 , -> %System32%\jlkwrxd.dll -> [Ver = | Size = 94208 bytes | Modified Date = 2/18/2007 1:34:10 PM | Attr = ]
    UPX! , UPX0 , -> %System32%\jodivoob.dll -> [Ver = | Size = 118804 bytes | Modified Date = 2/20/2007 11:10:02 AM | Attr = ]
    UPX! , UPX0 , -> %System32%\kwfykwfk.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/14/2007 11:29:06 AM | Attr = ]
    UPX! , UPX0 , -> %System32%\mllmj.dll -> [Ver = | Size = 281652 bytes | Modified Date = 2/20/2007 11:09:32 AM | Attr = ]
    UPX! , UPX0 , -> %System32%\mllmn.dll -> [Ver = | Size = 281652 bytes | Modified Date = 2/19/2007 1:25:14 PM | Attr = ]
    PEC2 , -> %System32%\ODBCJET.HLP -> [Ver = | Size = 163384 bytes | Modified Date = 11/17/1996 | Attr = ]
    PEC2 , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 2/28/2002 12:42:54 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %System32%\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 2972 bytes -> %System32%\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc ->
    @Alternate Data Stream - 0 bytes -> %System32%\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    UPX! , UPX0 , -> %System32%\omijlpph.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/17/2007 2:57:20 PM | Attr = ]
    UPX! , UPX0 , -> %System32%\pcftculh.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/14/2007 7:33:54 PM | Attr = ]
    UPX! , UPX0 , -> %System32%\pmkjg.dll -> [Ver = | Size = 281652 bytes | Modified Date = 2/20/2007 11:09:22 AM | Attr = ]
    Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/7/2006 5:18:32 AM | Attr = ]
    aspack , -> %System32%\sfarkxt.dll -> [Ver = | Size = 131072 bytes | Modified Date = 5/29/2000 6:33:46 PM | Attr = ]
    Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 3:04:34 PM | Attr = ]
    UPX! , UPX0 , -> %System32%\ssttu.dll -> [Ver = | Size = 281652 bytes | Modified Date = 2/18/2007 10:26:32 AM | Attr = ]
    UPX! , UPX0 , -> %System32%\tbltgbni.dll -> [Ver = | Size = 76412 bytes | Modified Date = 2/16/2007 9:48:38 AM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
    PEC2 , -> %System32%\VBAR2132.DLL -> [Ver = | Size = 1371436 bytes | Modified Date = 7/19/1995 5:00:00 PM | Attr = R ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr = ]
    PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

    < End of report >
     
  12. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    If the tool is hanging during the registry scan... don't worry about it for now.

    The log you have provided should be enough to do what we need to do.

    It is going to take me a bit of time to go through it and write up a fix... but I will get back to you as soon as I can.

    If possible... try not to reboot the system until I get back to you with the fix. Don't want to chance the infection mutating names or creating more files.

    Thanks :)
     
    Last edited: Feb 21, 2007
  13. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Hi Nephylim. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

    Next, Please follow the steps below in order:

    Step #1

    Download CCleaner and install it but do not run it yet.

    Step #2

    Download AVG anti-spyware from HERE and save that file to your desktop.

    [*]Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    [*]Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
    [*]On the main screen select the icon "Update" then select the "Update now" link.
    [*]Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    [*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    [*]Once in the Settings screen, under "How to act" select "Quarantine".
    [*]Under "Reports"
    [*]Select "Automatically generate report after every scan"
    [*]Un-Select "Only if threats were found"

    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

    Step #3

    Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

    The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

    Reboot into Safe Mode by doing the following:

    [*]As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    [*]Use the arrow keys to select the Safe Mode menu item.
    [*]Press the Enter key.

    Step #4

    Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

    Step #5

    Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

    IMPORTANT:Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

    [*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    [*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    [*]IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    [*]At the bottom of the window click on the "Apply all actions" button

    Note: Don't save the report before you hit the Apply action button.

    [*]Next select the "Reports" icon at the top.
    [*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    [*]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


    Step #6

    Post the following back here:

    [*] a new WinPFind3U report
    [*] the AVG Anti-Spyware report
    [*] the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)
    [*] a new HijackThis log

    I will review the information when it comes back in.

    Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
     
  14. Nephylim

    Nephylim Guest

    Hello again, you've been so helpful. No popups yet :)
    No problems except that when the thing asked me to reboot after fixing, it decided to log in to the admin account in safemode, which didn't allow me access to anything. So I booted normal, ran the fix again, and then manually rebooted into safemode into the correct account. After doing what you asked I got a warning telling me it was missing a DLL, which makes me think there's still something there requesting it...
    Logs Follow

    .Log
    [Win32 Services - Non-Microsoft Only]
    Service Hijuw stopped successfully.
    Service Hijuw deleted successfully.
    File C:\WINDOWS\SYSTEM32\directx.exe not found.
    [Files - Created Within 30 days]
    File C:\WINDOWS\SYSTEM32\bdeeg.bak2 not found!
    File C:\WINDOWS\SYSTEM32\bdeeg.ini not found!
    C:\WINDOWS\SYSTEM32\bdeeg.ini2 moved successfully.
    C:\WINDOWS\SYSTEM32\bdeeg.tmp moved successfully.
    C:\WINDOWS\SYSTEM32\boovidoj.ini moved successfully.
    C:\WINDOWS\SYSTEM32\fjeiqcjw.dll moved successfully.
    C:\WINDOWS\SYSTEM32\flplswdk.ini moved successfully.
    File move failed. C:\WINDOWS\SYSTEM32\geedb.dll scheduled to be moved on reboot.
    C:\WINDOWS\SYSTEM32\iydaptee.dll moved successfully.
    C:\WINDOWS\SYSTEM32\jlkwrxd.dll moved successfully.
    C:\WINDOWS\SYSTEM32\jmllm.bak1 moved successfully.
    C:\WINDOWS\SYSTEM32\jmllm.ini moved successfully.
    C:\WINDOWS\SYSTEM32\jodivoob.dll moved successfully.
    C:\WINDOWS\SYSTEM32\kwfykwfk.dll moved successfully.
    C:\WINDOWS\SYSTEM32\mllmj.dll moved successfully.
    C:\WINDOWS\SYSTEM32\mllmn.dll moved successfully.
    C:\WINDOWS\SYSTEM32\nmllm.bak1 moved successfully.
    C:\WINDOWS\SYSTEM32\nmllm.ini moved successfully.
    C:\WINDOWS\SYSTEM32\omijlpph.dll moved successfully.
    C:\WINDOWS\SYSTEM32\pcftculh.dll moved successfully.
    C:\WINDOWS\SYSTEM32\pliuobjn.ini moved successfully.
    C:\WINDOWS\SYSTEM32\pmkjg.dll moved successfully.
    C:\WINDOWS\SYSTEM32\ssttu.dll moved successfully.
    C:\WINDOWS\SYSTEM32\tbltgbni.dll moved successfully.
    C:\WINDOWS\SYSTEM32\uttss.bak1 moved successfully.
    C:\WINDOWS\SYSTEM32\uttss.ini moved successfully.
    [Files - Modified Within 30 days]
    File C:\WINDOWS\SYSTEM32\bdeeg.bak2 not found!
    File C:\WINDOWS\SYSTEM32\bdeeg.ini not found!
    File C:\WINDOWS\SYSTEM32\bdeeg.ini2 not found!
    File C:\WINDOWS\SYSTEM32\bdeeg.tmp not found!
    File C:\WINDOWS\SYSTEM32\boovidoj.ini not found!
    C:\WINDOWS\SYSTEM32\dlbohlou.dll moved successfully.
    File C:\WINDOWS\SYSTEM32\fjeiqcjw.dll not found!
    File C:\WINDOWS\SYSTEM32\flplswdk.ini not found!
    File move failed. C:\WINDOWS\SYSTEM32\geedb.dll scheduled to be moved on reboot.
    File C:\WINDOWS\SYSTEM32\iydaptee.dll not found!
    File C:\WINDOWS\SYSTEM32\jlkwrxd.dll not found!
    File C:\WINDOWS\SYSTEM32\jmllm.bak1 not found!
    File C:\WINDOWS\SYSTEM32\jmllm.ini not found!
    File C:\WINDOWS\SYSTEM32\jodivoob.dll not found!
    File C:\WINDOWS\SYSTEM32\kwfykwfk.dll not found!
    File C:\WINDOWS\SYSTEM32\mllmj.dll not found!
    File C:\WINDOWS\SYSTEM32\mllmn.dll not found!
    File C:\WINDOWS\SYSTEM32\nmllm.bak1 not found!
    File C:\WINDOWS\SYSTEM32\nmllm.ini not found!
    File C:\WINDOWS\SYSTEM32\omijlpph.dll not found!
    File C:\WINDOWS\SYSTEM32\pcftculh.dll not found!
    File C:\WINDOWS\SYSTEM32\pliuobjn.ini not found!
    File C:\WINDOWS\SYSTEM32\pmkjg.dll not found!
    File move failed. C:\WINDOWS\SYSTEM32\qomkkjk.dll scheduled to be moved on reboot.
    File C:\WINDOWS\SYSTEM32\ssttu.dll not found!
    File C:\WINDOWS\SYSTEM32\tbltgbni.dll not found!
    File C:\WINDOWS\SYSTEM32\uttss.bak1 not found!
    File C:\WINDOWS\SYSTEM32\uttss.ini not found!
    [File String Scan - Non-Microsoft Only]
    File C:\WINDOWS\SYSTEM32\dlbohlou.dll not found!
    File C:\WINDOWS\SYSTEM32\fjeiqcjw.dll not found!
    File C:\WINDOWS\SYSTEM32\iydaptee.dll not found!
    File C:\WINDOWS\SYSTEM32\jlkwrxd.dll not found!
    File C:\WINDOWS\SYSTEM32\jodivoob.dll not found!
    File C:\WINDOWS\SYSTEM32\kwfykwfk.dll not found!
    File C:\WINDOWS\SYSTEM32\mllmj.dll not found!
    File C:\WINDOWS\SYSTEM32\mllmn.dll not found!
    File C:\WINDOWS\SYSTEM32\omijlpph.dll not found!
    File C:\WINDOWS\SYSTEM32\pcftculh.dll not found!
    File C:\WINDOWS\SYSTEM32\pmkjg.dll not found!
    C:\WINDOWS\SYSTEM32\sfarkxt.dll moved successfully.
    File C:\WINDOWS\SYSTEM32\ssttu.dll not found!
    File C:\WINDOWS\SYSTEM32\tbltgbni.dll not found!
    C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll moved successfully.
    < End of log >
    Created on 02/21/2007 15:45:11

    .Txt

    WinPFind3 logfile created on: 2/21/2007 6:26:56 PM
    WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Documents and Settings\Dennis\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    490992 Kb Total Physical Memory | 221872 Kb Available Physical Memory | 45.19% Memory free
    1148648 Kb Paging File | 922208 Kb Available in Paging File | 80.29% Paging File free
    Paging file location(s): C:\pagefile.sys 720 1440;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 78180288 Kb Total Space | 33365720 Kb Free Space | 42.68% Space Free
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded


    [Processes - Non-Microsoft Only]
    avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
    fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 192512 bytes | Modified Date = 1/18/2005 4:08:36 PM | Attr = ]
    guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
    logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 1/18/2005 4:37:30 PM | Attr = ]
    lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 10/8/2004 10:52:32 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 2/12/2007 9:39:14 PM | Attr = ]
    wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]
    wmp54gsv1_1.exe -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe -> Linksys [Ver = 1.0.0.4 | Size = 5046784 bytes | Modified Date = 4/28/2005 10:20:26 PM | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 12/30/2006 4:25:18 PM | Attr = ]
    (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
    (WMP54GSSVC) WMP54GSSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]


    [Files - Created Within 30 days]
    expo00001.BMP -> %SystemDrive%\expo00001.BMP -> [Ver = | Size = 253494 bytes | Created Date = 1/24/2007 2:45:41 AM | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502845440 bytes | Created Date = 1/1/1601 7:00:00 AM | Attr = HS]
    sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Created Date = 1/26/2007 4:59:49 AM | Attr = H ]
    sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Created Date = 1/26/2007 4:59:49 AM | Attr = H ]
    d3d9caps.tmp -> %LocalAppData%\d3d9caps.tmp -> [Ver = | Size = 664 bytes | Created Date = 2/20/2007 12:09:56 PM | Attr = ]
    fusioncache.dat -> %LocalAppData%\fusioncache.dat -> [Ver = | Size = 129 bytes | Created Date = 2/16/2007 12:07:01 PM | Attr = ]
    macex.mex -> %UserDocuments%\macex.mex -> [Ver = | Size = 4640 bytes | Created Date = 2/7/2007 4:52:25 AM | Attr = ]
    registrybackupmssmgr.reg -> %UserDocuments%\registrybackupmssmgr.reg -> [Ver = | Size = 3110 bytes | Created Date = 2/14/2007 10:32:38 AM | Attr = ]
    sdsdsds.000 -> %UserDocuments%\sdsdsds.000 -> [Ver = | Size = 111816 bytes | Created Date = 2/7/2007 6:11:58 AM | Attr = ]
    sdsdsds.001 -> %UserDocuments%\sdsdsds.001 -> [Ver = | Size = 27849 bytes | Created Date = 2/13/2007 9:00:06 PM | Attr = ]
    sdsdsds.mex -> %UserDocuments%\sdsdsds.mex -> [Ver = | Size = 111816 bytes | Created Date = 2/7/2007 5:01:44 AM | Attr = ]
    AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 2/21/2007 3:35:25 PM | Attr = ]
    CDBurnerXP Pro 3.lnk -> %AllUsersDesktop%\CDBurnerXP Pro 3.lnk -> [Ver = | Size = 2331 bytes | Created Date = 2/14/2007 8:38:16 PM | Attr = ]
    SnagIt 7.lnk -> %AllUsersDesktop%\SnagIt 7.lnk -> [Ver = | Size = 1742 bytes | Created Date = 2/1/2007 12:42:53 AM | Attr = ]
    ccsetup137.exe -> %UserDesktop%\ccsetup137.exe -> Piriform Ltd [Ver = 1.37.0.456 | Size = 2683984 bytes | Created Date = 2/21/2007 3:30:08 PM | Attr = ]
    cwshredder.exe -> %UserDesktop%\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Created Date = 2/16/2007 12:42:37 PM | Attr = ]
    DMSetup-Serial.exe -> %UserDesktop%\DMSetup-Serial.exe -> McAfee, Inc. [Ver = 1,3,100,0 | Size = 591400 bytes | Created Date = 2/18/2007 8:45:02 PM | Attr = ]
    Evanescence.asl -> %UserDesktop%\Evanescence.asl -> [Ver = | Size = 10635 bytes | Created Date = 2/9/2007 9:56:33 AM | Attr = ]
    Hank Williams - The Complete Hank Williams Boxset.rar -> %UserDesktop%\Hank Williams - The Complete Hank Williams Boxset.rar -> [Ver = | Size = 734763986 bytes | Created Date = 2/3/2007 6:29:55 PM | Attr = ]
    Icons.lnk -> %UserDesktop%\Icons.lnk -> [Ver = | Size = 480 bytes | Created Date = 2/14/2007 7:36:47 PM | Attr = ]
    Inuyasha - 63.rmvb -> %UserDesktop%\Inuyasha - 63.rmvb -> [Ver = | Size = 59496626 bytes | Created Date = 2/19/2007 9:40:42 PM | Attr = ]
    Inuyasha - 65.rmvb -> %UserDesktop%\Inuyasha - 65.rmvb -> [Ver = | Size = 55297809 bytes | Created Date = 2/19/2007 10:05:43 PM | Attr = ]
    Inuyasha.lnk -> %UserDesktop%\Inuyasha.lnk -> [Ver = | Size = 499 bytes | Created Date = 2/14/2007 7:35:35 PM | Attr = ]
    inuyasha064.rmvb -> %UserDesktop%\inuyasha064.rmvb -> [Ver = | Size = 77337327 bytes | Created Date = 2/19/2007 9:43:19 PM | Attr = ]
    IPOD.lnk -> %UserDesktop%\IPOD.lnk -> [Ver = | Size = 475 bytes | Created Date = 2/14/2007 7:37:02 PM | Attr = ]
    KillBox.exe -> %UserDesktop%\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Created Date = 1/31/2007 7:22:01 AM | Attr = ]
    Music.lnk -> %UserDesktop%\Music.lnk -> [Ver = | Size = 480 bytes | Created Date = 2/16/2007 9:48:46 AM | Attr = ]
    my day.avi -> %UserDesktop%\my day.avi -> [Ver = | Size = 3357184 bytes | Created Date = 2/17/2007 10:40:22 PM | Attr = ]
    OCR.lnk -> %UserDesktop%\OCR.lnk -> [Ver = | Size = 468 bytes | Created Date = 2/14/2007 7:36:25 PM | Attr = ]
    Photoshop.lnk -> %UserDesktop%\Photoshop.lnk -> [Ver = | Size = 504 bytes | Created Date = 2/14/2007 7:37:16 PM | Attr = ]
    Pictures and Videos.lnk -> %UserDesktop%\Pictures and Videos.lnk -> [Ver = | Size = 767 bytes | Created Date = 2/3/2007 12:58:34 AM | Attr = ]
    regscanner_setup.exe -> %UserDesktop%\regscanner_setup.exe -> NirSoft [Ver = 1.21 | Size = 89091 bytes | Created Date = 2/21/2007 11:46:21 AM | Attr = ]
    Stuff to DO.lnk -> %UserDesktop%\Stuff to DO.lnk -> [Ver = | Size = 514 bytes | Created Date = 2/14/2007 7:38:46 PM | Attr = ]
    VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Created Date = 2/18/2007 9:33:38 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Created Date = 2/20/2007 9:08:49 PM | Attr = ]
    EReg072.dat -> %SystemRoot%\EReg072.dat -> [Ver = | Size = 292 bytes | Created Date = 2/10/2007 3:42:23 PM | Attr = ]
    MegaManager.INI -> %SystemRoot%\MegaManager.INI -> [Ver = | Size = 23 bytes | Created Date = 2/9/2007 4:05:43 PM | Attr = ]
    MSREGUSR.INI -> %SystemRoot%\MSREGUSR.INI -> [Ver = | Size = 106 bytes | Created Date = 1/31/2007 10:41:21 AM | Attr = ]
    UniFish3.exe -> %SystemRoot%\UniFish3.exe -> [Ver = | Size = 45568 bytes | Created Date = 2/10/2007 3:14:27 PM | Attr = ]
    unSpySweeper.exe -> %SystemRoot%\unSpySweeper.exe -> Webroot Software, Inc. [Ver = 2.1.0.34 | Size = 150528 bytes | Created Date = 2/19/2007 8:03:06 PM | Attr = ]
    VAMPIRE.INI -> %SystemRoot%\VAMPIRE.INI -> [Ver = | Size = 673 bytes | Created Date = 2/20/2007 1:14:29 AM | Attr = ]
    zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Created Date = 2/21/2007 11:46:38 AM | Attr = ]
    ac3filter.cpl -> %System32%\ac3filter.cpl -> [Ver = 1.01a | Size = 417792 bytes | Created Date = 1/27/2007 3:24:22 PM | Attr = ]
    bdeeg.bak1 -> %System32%\bdeeg.bak1 -> [Ver = | Size = 997165 bytes | Created Date = 2/21/2007 12:38:56 PM | Attr = HS]
    DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 738906 bytes | Created Date = 1/25/2007 6:13:40 PM | Attr = ]
    divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.5.0.0 | Size = 622592 bytes | Created Date = 1/25/2007 6:13:33 PM | Attr = ]
    DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Created Date = 1/25/2007 6:13:32 PM | Attr = ]
    DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 5, 0, 0 | Size = 524288 bytes | Created Date = 1/25/2007 6:19:04 PM | Attr = ]
    divxsm.tlb -> %System32%\divxsm.tlb -> [Ver = | Size = 4816 bytes | Created Date = 1/25/2007 6:19:04 PM | Attr = ]
    divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Created Date = 1/25/2007 6:13:42 PM | Attr = ]
    divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Created Date = 1/25/2007 6:13:40 PM | Attr = ]
    divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 802816 bytes | Created Date = 1/25/2007 6:13:40 PM | Attr = ]
    dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Created Date = 1/25/2007 6:13:45 PM | Attr = ]
    dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 1/25/2007 6:13:45 PM | Attr = ]
    dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Created Date = 1/25/2007 6:13:45 PM | Attr = ]
    eaexec.exe -> %System32%\eaexec.exe -> Electronic Arts [Ver = 1.2 | Size = 132096 bytes | Created Date = 2/10/2007 3:24:38 PM | Attr = ]
    ealtest.exe -> %System32%\ealtest.exe -> [Ver = | Size = 24576 bytes | Created Date = 2/10/2007 3:24:38 PM | Attr = ]
    libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 1/25/2007 6:18:54 PM | Attr = ]
    mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 2/19/2007 1:49:16 PM | Attr = ]
    MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 54342 bytes | Created Date = 2/14/2007 4:31:33 PM | Attr = ]
    MSForms.TWD -> %System32%\MSForms.TWD -> [Ver = | Size = 120872 bytes | Created Date = 1/31/2007 9:52:34 AM | Attr = ]
    NPSExec.exe -> %System32%\NPSExec.exe -> Electronic Arts [Ver = 1.0 | Size = 33792 bytes | Created Date = 2/10/2007 3:42:14 PM | Attr = ]
    NPSPatch.isu -> %System32%\NPSPatch.isu -> [Ver = | Size = 6450 bytes | Created Date = 2/10/2007 3:42:13 PM | Attr = ]
    pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 1/31/2007 7:34:00 AM | Attr = ]
    pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 1/31/2007 7:34:00 AM | Attr = ]
    pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 1/31/2007 7:34:01 AM | Attr = ]
    qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 1/25/2007 6:19:02 PM | Attr = ]
    rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Created Date = 1/31/2007 7:34:01 AM | Attr = ]
    ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 1/25/2007 6:18:54 PM | Attr = ]
    Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 8704 bytes | Created Date = 1/23/2007 1:38:39 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
    Tr_sttool.dat -> %System32%\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Created Date = 1/31/2007 7:11:42 AM | Attr = ]
    uxtuneup.dll -> %System32%\uxtuneup.dll -> TuneUp Software GmbH [Ver = 1.0.0.2 | Size = 24072 bytes | Created Date = 2/10/2007 2:39:18 PM | Attr = ]
    vanviuva.dll -> %System32%\vanviuva.dll -> [Ver = | Size = 44177 bytes | Created Date = 2/21/2007 12:30:22 PM | Attr = ]
    AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2/21/2007 3:35:13 PM | Attr = ]
    Tsknf602.sys -> %System32%\drivers\Tsknf602.sys -> Igor Arsenin [Ver = 6.22 | Size = 11200 bytes | Created Date = 1/24/2007 8:14:05 AM | Attr = ]

    [Files - Modified Within 30 days]
    boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 389 bytes | Modified Date = 2/10/2007 8:21:40 AM | Attr = RHS]
    expo00001.BMP -> %SystemDrive%\expo00001.BMP -> [Ver = | Size = 253494 bytes | Modified Date = 1/24/2007 2:45:42 AM | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502845440 bytes | Modified Date = 2/21/2007 6:15:08 PM | Attr = HS]
    sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/26/2007 4:59:50 AM | Attr = H ]
    sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/26/2007 4:59:50 AM | Attr = H ]
    d3d9caps.tmp -> %LocalAppData%\d3d9caps.tmp -> [Ver = | Size = 664 bytes | Modified Date = 2/20/2007 12:09:58 PM | Attr = ]
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 20480 bytes | Modified Date = 2/20/2007 9:11:46 PM | Attr = ]
    fusioncache.dat -> %LocalAppData%\fusioncache.dat -> [Ver = | Size = 129 bytes | Modified Date = 2/16/2007 12:07:02 PM | Attr = ]
    GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 62312 bytes | Modified Date = 2/17/2007 10:37:48 PM | Attr = ]
    IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1397874 bytes | Modified Date = 2/12/2007 10:28:30 PM | Attr = H ]
    macex.mex -> %UserDocuments%\macex.mex -> [Ver = | Size = 4640 bytes | Modified Date = 2/7/2007 4:52:26 AM | Attr = ]
    My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 581 bytes | Modified Date = 2/21/2007 6:19:26 PM | Attr = ]
    registrybackupmssmgr.reg -> %UserDocuments%\registrybackupmssmgr.reg -> [Ver = | Size = 3110 bytes | Modified Date = 2/14/2007 10:32:40 AM | Attr = ]
    sdsdsds.000 -> %UserDocuments%\sdsdsds.000 -> [Ver = | Size = 111816 bytes | Modified Date = 2/13/2007 7:31:10 PM | Attr = ]
    sdsdsds.001 -> %UserDocuments%\sdsdsds.001 -> [Ver = | Size = 27849 bytes | Modified Date = 2/7/2007 5:10:52 AM | Attr = ]
    sdsdsds.mex -> %UserDocuments%\sdsdsds.mex -> [Ver = | Size = 111816 bytes | Modified Date = 2/13/2007 7:31:10 PM | Attr = ]
    AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2/21/2007 3:35:26 PM | Attr = ]
    CDBurnerXP Pro 3.lnk -> %AllUsersDesktop%\CDBurnerXP Pro 3.lnk -> [Ver = | Size = 2331 bytes | Modified Date = 2/19/2007 8:28:00 PM | Attr = ]
    SnagIt 7.lnk -> %AllUsersDesktop%\SnagIt 7.lnk -> [Ver = | Size = 1742 bytes | Modified Date = 2/1/2007 12:42:54 AM | Attr = ]
    ccsetup137.exe -> %UserDesktop%\ccsetup137.exe -> Piriform Ltd [Ver = 1.37.0.456 | Size = 2683984 bytes | Modified Date = 2/21/2007 3:30:48 PM | Attr = ]
    cwshredder.exe -> %UserDesktop%\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 2/16/2007 12:43:12 PM | Attr = ]
    DMSetup-Serial.exe -> %UserDesktop%\DMSetup-Serial.exe -> McAfee, Inc. [Ver = 1,3,100,0 | Size = 591400 bytes | Modified Date = 2/18/2007 8:45:10 PM | Attr = ]
    Evanescence.asl -> %UserDesktop%\Evanescence.asl -> [Ver = | Size = 10635 bytes | Modified Date = 2/9/2007 9:56:34 AM | Attr = ]
    Hank Williams - The Complete Hank Williams Boxset.rar -> %UserDesktop%\Hank Williams - The Complete Hank Williams Boxset.rar -> [Ver = | Size = 734763986 bytes | Modified Date = 2/19/2007 9:58:02 PM | Attr = ]
    Icons.lnk -> %UserDesktop%\Icons.lnk -> [Ver = | Size = 480 bytes | Modified Date = 2/14/2007 7:36:48 PM | Attr = ]
    Inuyasha - 63.rmvb -> %UserDesktop%\Inuyasha - 63.rmvb -> [Ver = | Size = 59496626 bytes | Modified Date = 2/19/2007 9:53:20 PM | Attr = ]
    Inuyasha - 65.rmvb -> %UserDesktop%\Inuyasha - 65.rmvb -> [Ver = | Size = 55297809 bytes | Modified Date = 2/19/2007 10:23:48 PM | Attr = ]
    Inuyasha.lnk -> %UserDesktop%\Inuyasha.lnk -> [Ver = | Size = 499 bytes | Modified Date = 2/14/2007 7:35:36 PM | Attr = ]
    inuyasha064.rmvb -> %UserDesktop%\inuyasha064.rmvb -> [Ver = | Size = 77337327 bytes | Modified Date = 2/19/2007 10:15:18 PM | Attr = ]
    IPOD.lnk -> %UserDesktop%\IPOD.lnk -> [Ver = | Size = 475 bytes | Modified Date = 2/14/2007 7:37:04 PM | Attr = ]
    KillBox.exe -> %UserDesktop%\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Modified Date = 1/31/2007 7:22:02 AM | Attr = ]
    Music.lnk -> %UserDesktop%\Music.lnk -> [Ver = | Size = 480 bytes | Modified Date = 2/16/2007 9:48:48 AM | Attr = ]
    my day.avi -> %UserDesktop%\my day.avi -> [Ver = | Size = 3357184 bytes | Modified Date = 2/17/2007 10:39:22 PM | Attr = ]
    OCR.lnk -> %UserDesktop%\OCR.lnk -> [Ver = | Size = 468 bytes | Modified Date = 2/14/2007 7:36:26 PM | Attr = ]
    Photoshop.lnk -> %UserDesktop%\Photoshop.lnk -> [Ver = | Size = 504 bytes | Modified Date = 2/14/2007 7:37:18 PM | Attr = ]
    Pictures and Videos.lnk -> %UserDesktop%\Pictures and Videos.lnk -> [Ver = | Size = 767 bytes | Modified Date = 2/3/2007 12:58:36 AM | Attr = ]
    regscanner_setup.exe -> %UserDesktop%\regscanner_setup.exe -> NirSoft [Ver = 1.21 | Size = 89091 bytes | Modified Date = 2/21/2007 11:46:22 AM | Attr = ]
    Stuff to DO.lnk -> %UserDesktop%\Stuff to DO.lnk -> [Ver = | Size = 514 bytes | Modified Date = 2/14/2007 7:38:48 PM | Attr = ]
    Tantra KIII.lnk -> %UserDesktop%\Tantra KIII.lnk -> [Ver = | Size = 2521 bytes | Modified Date = 2/15/2007 8:52:44 PM | Attr = ]
    Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 100352 bytes | Modified Date = 2/9/2007 6:37:40 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
    VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Modified Date = 2/18/2007 9:33:36 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Modified Date = 2/20/2007 9:08:40 PM | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/21/2007 6:15:10 PM | Attr = S]
    EReg072.dat -> %SystemRoot%\EReg072.dat -> [Ver = | Size = 292 bytes | Modified Date = 2/10/2007 3:42:24 PM | Attr = ]
    MegaManager.INI -> %SystemRoot%\MegaManager.INI -> [Ver = | Size = 23 bytes | Modified Date = 2/9/2007 4:05:44 PM | Attr = ]
    MSREGUSR.INI -> %SystemRoot%\MSREGUSR.INI -> [Ver = | Size = 106 bytes | Modified Date = 1/31/2007 10:41:22 AM | Attr = ]
    PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 617 bytes | Modified Date = 2/10/2007 3:15:02 PM | Attr = ]
    Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 3584 bytes | Modified Date = 1/23/2007 1:38:30 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
    VAMPIRE.INI -> %SystemRoot%\VAMPIRE.INI -> [Ver = | Size = 673 bytes | Modified Date = 2/20/2007 1:18:14 AM | Attr = ]
    zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2/21/2007 11:46:40 AM | Attr = ]
    bdeeg.bak1 -> %System32%\bdeeg.bak1 -> [Ver = | Size = 997165 bytes | Modified Date = 2/21/2007 12:38:58 PM | Attr = HS]
    CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 2/18/2007 9:29:58 PM | Attr = ]
    d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 2/20/2007 12:09:58 PM | Attr = ]
    DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 738906 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.5.0.0 | Size = 622592 bytes | Modified Date = 1/25/2007 6:13:34 PM | Attr = ]
    DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Modified Date = 1/25/2007 6:13:34 PM | Attr = ]
    DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 5, 0, 0 | Size = 524288 bytes | Modified Date = 1/25/2007 6:19:06 PM | Attr = ]
    divxsm.tlb -> %System32%\divxsm.tlb -> [Ver = | Size = 4816 bytes | Modified Date = 1/25/2007 6:19:06 PM | Attr = ]
    divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Modified Date = 1/25/2007 6:13:44 PM | Attr = ]
    divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 802816 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 219248 bytes | Modified Date = 2/17/2007 2:51:36 PM | Attr = ]
    Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2/16/2007 9:33:38 AM | Attr = ]
    libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 1/25/2007 6:18:56 PM | Attr = ]
    mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 2/19/2007 1:49:18 PM | Attr = ]
    MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 54342 bytes | Modified Date = 2/14/2007 4:31:34 PM | Attr = ]
    MSForms.TWD -> %System32%\MSForms.TWD -> [Ver = | Size = 120872 bytes | Modified Date = 1/31/2007 9:52:36 AM | Attr = ]
    NPSPatch.isu -> %System32%\NPSPatch.isu -> [Ver = | Size = 6450 bytes | Modified Date = 2/10/2007 3:42:16 PM | Attr = ]
    px.dll -> %System32%\px.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 527096 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 129784 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 64760 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 116472 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.02.01a | Size = 502520 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 72440 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 64760 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 118520 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxmas.dll -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 183032 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 1329912 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxwave.dll -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 379640 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Modified Date = 1/25/2007 6:19:04 PM | Attr = ]
    ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 1/25/2007 6:18:56 PM | Attr = ]
    Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 8704 bytes | Modified Date = 1/23/2007 1:38:40 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
    Tr_sttool.dat -> %System32%\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/31/2007 7:13:18 AM | Attr = ]
    Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2/16/2007 9:33:38 AM | Attr = ]
    vanviuva.dll -> %System32%\vanviuva.dll -> [Ver = | Size = 44177 bytes | Modified Date = 2/21/2007 12:30:26 PM | Attr = ]
    vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.74a | Size = 39672 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 2/17/2007 2:57:22 PM | Attr = ]
    PxHelp20.sys -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]

    [File String Scan - Non-Microsoft Only]
    @Alternate Data Stream - 346 bytes -> %AllUsersAppData%\TEMP:05EE1EEF ->
    PEC2 , -> %AllUsersDocuments%\vitalagent.zip -> [Ver = | Size = 1402762 bytes | Modified Date = 2/22/2002 8:01:22 AM | Attr = ]
    Thawte Consulting , -> %UserDesktop%\ccsetup137.exe -> Piriform Ltd [Ver = 1.37.0.456 | Size = 2683984 bytes | Modified Date = 2/21/2007 3:30:48 PM | Attr = ]
    qoologic , urllogic , urllogic , -> %UserDesktop%\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 2/16/2007 12:43:12 PM | Attr = ]
    File scan skipped for file %UserDesktop%\Hank Williams - The Complete Hank Williams Boxset.rar -> File size too big (734763986 bytes) ->
    WSUD , -> %UserDesktop%\Inuyasha - 63.rmvb -> [Ver = | Size = 59496626 bytes | Modified Date = 2/19/2007 9:53:20 PM | Attr = ]
    UPX! , PEC2 , -> %UserDesktop%\Inuyasha - 65.rmvb -> [Ver = | Size = 55297809 bytes | Modified Date = 2/19/2007 10:23:48 PM | Attr = ]
    UPX! , UPX0 , -> %UserDesktop%\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Modified Date = 1/31/2007 7:22:02 AM | Attr = ]
    UPX! , UPX0 , -> %UserDesktop%\regscanner_setup.exe -> NirSoft [Ver = 1.21 | Size = 89091 bytes | Modified Date = 2/21/2007 11:46:22 AM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
    PEC2 , PECompact2 , -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Modified Date = 2/18/2007 9:33:36 AM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\AIM.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\emachines_32.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\encarta.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Netscape.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
    UPX! , UPX0 , -> %SystemRoot%\unSpySweeper.exe -> Webroot Software, Inc. [Ver = 2.1.0.34 | Size = 150528 bytes | Modified Date = 10/15/2003 11:42:16 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Winamp1.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    UPX! , UPX0 , -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2/21/2007 11:46:40 AM | Attr = ]
    UPX! , UPX0 , -> %System32%\devil.dll -> Abysmal Software [Ver = 1.6.5 | Size = 269312 bytes | Modified Date = 3/10/2005 9:48:10 AM | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 738906 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    PEC2 , -> %System32%\ODBCJET.HLP -> [Ver = | Size = 163384 bytes | Modified Date = 11/17/1996 | Attr = ]
    PEC2 , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 2/28/2002 12:42:54 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %System32%\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 2972 bytes -> %System32%\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc ->
    @Alternate Data Stream - 0 bytes -> %System32%\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/7/2006 5:18:32 AM | Attr = ]
    Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 3:04:34 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
    UPX! , UPX0 , -> %System32%\vanviuva.dll -> [Ver = | Size = 44177 bytes | Modified Date = 2/21/2007 12:30:26 PM | Attr = ]
    PEC2 , -> %System32%\VBAR2132.DLL -> [Ver = | Size = 1371436 bytes | Modified Date = 7/19/1995 5:00:00 PM | Attr = R ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr = ]
    PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

    < End of report >

    AVG
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 6:12:28 PM 2/21/2007

    + Scan result:



    C:\Program Files\Outerinfo\OiUninstaller.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP185\A0097423.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP188\A0101837.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\{AC9B23C6-0689-1033-0508-021005010001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\{AC9B23C6-068A-1033-0508-021005010001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP187\A0101350.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP185\A0097225.exe -> Adware.ValueAd : Cleaned with backup (quarantined).
    C:\!KillBox\iifcddc.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\!KillBox\iifcddc.dll( 1) -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\!KillBox\qomkkjk.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\!KillBox\qomkkjk.dll( 5) -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\Desktop Stuff\Stuff to DO\Scanners\backups\backup-20070220-103737-115.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\Desktop Stuff\Stuff to DO\Scanners\backups\backup-20070220-103737-415.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\Desktop Stuff\Stuff to DO\Scanners\backups\backup-20070220-103756-528.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\Documents and Settings\Dennis\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\qomkkjk.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP188\A0101843.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\iifcddc.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP187\A0101346.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
    C:\SDFix\backups\backups.zip/backups/win8D.tmp.exe -> Downloader.Agent.bdr : Cleaned with backup (quarantined).
    C:\SDFix\backups\backups.zip/backups/win83.tmp.exe -> Downloader.Agent.bgn : Cleaned with backup (quarantined).
    C:\SDFix\backups\backups.zip/backups/win90.tmp.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP187\A0101349.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP188\A0101836.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
    C:\SDFix\backups\backups.zip/backups/win7D.tmp.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP187\A0101348.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
    C:\SDFix\backups\backups.zip/backups/win8B.tmp.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP187\A0101434.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\drvlok.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\drvmip.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP187\A0100275.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F2940F40-14AD-4FC1-8140-DBAFE0E1C96D}\RP188\A0101838.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\wnsapisv.exe -> Trojan.Small : Cleaned with backup (quarantined).


    ::Report end

    HJT

    Logfile of HijackThis v1.99.1
    Scan saved at 6:37:54 PM, on 2/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Desktop Stuff\Stuff to DO\Scanners\HJT.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {7FCBB1BF-EB3C-4EBE-815F-2CF3FFEAA1EA} - C:\WINDOWS\system32\geedb.dll (file missing)
    O2 - BHO: (no name) - {C7F47017-0A96-4600-8C65-FDDFAFE0E997} - C:\WINDOWS\system32\qomkkjk.dll (file missing)
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vanviuva.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\jodivoob.dll",setvm
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: MyVitalAgent.lnk = C:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120372390609
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22.com/view22/app/view22rte.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D601A894-4448-45D4-9DC0-A112A10010D3}: NameServer = 24.53.86.13,24.53.86.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
    O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
    O20 - Winlogon Notify: qomkkjk - qomkkjk.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)
     
  15. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Looking much better!

    The warning you are getting is the infection complaining because you're killing it ;)

    Just a few more files to get rid of and you should be good to go.

    So like before...

    Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

    The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

    No need to boot into Safe Mode again... you can let the computer reboot normally.

    Post the following back here:

    [*] a new WinPFind3U report
    [*] the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)
    [*] a new HijackThis log

    Thanks!
     
  16. Nephylim

    Nephylim Guest

    Hi! We're getting there! Thank you!!!
    It didn't make me reboot but here are the logs you asked for.

    .log

    [Files - Created Within 30 days]
    C:\WINDOWS\SYSTEM32\bdeeg.bak1 moved successfully.
    C:\WINDOWS\SYSTEM32\vanviuva.dll moved successfully.
    [Files - Modified Within 30 days]
    File C:\WINDOWS\SYSTEM32\bdeeg.bak1 not found!
    File C:\WINDOWS\SYSTEM32\vanviuva.dll not found!
    [File String Scan - Non-Microsoft Only]
    File C:\WINDOWS\SYSTEM32\vanviuva.dll not found!
    < End of log >
    Created on 02/21/2007 20:35:59

    .txt

    WinPFind3 logfile created on: 2/21/2007 8:39:02 PM
    WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Documents and Settings\Dennis\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    490992 Kb Total Physical Memory | 216540 Kb Available Physical Memory | 44.10% Memory free
    1148648 Kb Paging File | 932744 Kb Available in Paging File | 81.20% Paging File free
    Paging file location(s): C:\pagefile.sys 720 1440;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 78180288 Kb Total Space | 33389792 Kb Free Space | 42.71% Space Free
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded


    [Processes - Non-Microsoft Only]
    avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
    fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 192512 bytes | Modified Date = 1/18/2005 4:08:36 PM | Attr = ]
    guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
    logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 1/18/2005 4:37:30 PM | Attr = ]
    lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 10/8/2004 10:52:32 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 2/12/2007 9:39:14 PM | Attr = ]
    wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]
    wmp54gsv1_1.exe -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe -> Linksys [Ver = 1.0.0.4 | Size = 5046784 bytes | Modified Date = 4/28/2005 10:20:26 PM | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 12/30/2006 4:25:18 PM | Attr = ]
    (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
    (WMP54GSSVC) WMP54GSSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]


    [Files - Created Within 30 days]
    expo00001.BMP -> %SystemDrive%\expo00001.BMP -> [Ver = | Size = 253494 bytes | Created Date = 1/24/2007 2:45:41 AM | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502845440 bytes | Created Date = 1/1/1601 7:00:00 AM | Attr = HS]
    sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Created Date = 1/26/2007 4:59:49 AM | Attr = H ]
    sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Created Date = 1/26/2007 4:59:49 AM | Attr = H ]
    d3d9caps.tmp -> %LocalAppData%\d3d9caps.tmp -> [Ver = | Size = 664 bytes | Created Date = 2/20/2007 12:09:56 PM | Attr = ]
    fusioncache.dat -> %LocalAppData%\fusioncache.dat -> [Ver = | Size = 129 bytes | Created Date = 2/16/2007 12:07:01 PM | Attr = ]
    macex.mex -> %UserDocuments%\macex.mex -> [Ver = | Size = 4640 bytes | Created Date = 2/7/2007 4:52:25 AM | Attr = ]
    registrybackupmssmgr.reg -> %UserDocuments%\registrybackupmssmgr.reg -> [Ver = | Size = 3110 bytes | Created Date = 2/14/2007 10:32:38 AM | Attr = ]
    sdsdsds.000 -> %UserDocuments%\sdsdsds.000 -> [Ver = | Size = 111816 bytes | Created Date = 2/7/2007 6:11:58 AM | Attr = ]
    sdsdsds.001 -> %UserDocuments%\sdsdsds.001 -> [Ver = | Size = 27849 bytes | Created Date = 2/13/2007 9:00:06 PM | Attr = ]
    sdsdsds.mex -> %UserDocuments%\sdsdsds.mex -> [Ver = | Size = 111816 bytes | Created Date = 2/7/2007 5:01:44 AM | Attr = ]
    AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 2/21/2007 3:35:25 PM | Attr = ]
    CDBurnerXP Pro 3.lnk -> %AllUsersDesktop%\CDBurnerXP Pro 3.lnk -> [Ver = | Size = 2331 bytes | Created Date = 2/14/2007 8:38:16 PM | Attr = ]
    SnagIt 7.lnk -> %AllUsersDesktop%\SnagIt 7.lnk -> [Ver = | Size = 1742 bytes | Created Date = 2/1/2007 12:42:53 AM | Attr = ]
    ccsetup137.exe -> %UserDesktop%\ccsetup137.exe -> Piriform Ltd [Ver = 1.37.0.456 | Size = 2683984 bytes | Created Date = 2/21/2007 3:30:08 PM | Attr = ]
    cwshredder.exe -> %UserDesktop%\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Created Date = 2/16/2007 12:42:37 PM | Attr = ]
    DMSetup-Serial.exe -> %UserDesktop%\DMSetup-Serial.exe -> McAfee, Inc. [Ver = 1,3,100,0 | Size = 591400 bytes | Created Date = 2/18/2007 8:45:02 PM | Attr = ]
    Evanescence.asl -> %UserDesktop%\Evanescence.asl -> [Ver = | Size = 10635 bytes | Created Date = 2/9/2007 9:56:33 AM | Attr = ]
    Hank Williams - The Complete Hank Williams Boxset.rar -> %UserDesktop%\Hank Williams - The Complete Hank Williams Boxset.rar -> [Ver = | Size = 734763986 bytes | Created Date = 2/3/2007 6:29:55 PM | Attr = ]
    Icons.lnk -> %UserDesktop%\Icons.lnk -> [Ver = | Size = 480 bytes | Created Date = 2/14/2007 7:36:47 PM | Attr = ]
    Inuyasha.lnk -> %UserDesktop%\Inuyasha.lnk -> [Ver = | Size = 499 bytes | Created Date = 2/14/2007 7:35:35 PM | Attr = ]
    IPOD.lnk -> %UserDesktop%\IPOD.lnk -> [Ver = | Size = 475 bytes | Created Date = 2/14/2007 7:37:02 PM | Attr = ]
    KillBox.exe -> %UserDesktop%\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Created Date = 1/31/2007 7:22:01 AM | Attr = ]
    Music.lnk -> %UserDesktop%\Music.lnk -> [Ver = | Size = 480 bytes | Created Date = 2/16/2007 9:48:46 AM | Attr = ]
    my day.avi -> %UserDesktop%\my day.avi -> [Ver = | Size = 3357184 bytes | Created Date = 2/17/2007 10:40:22 PM | Attr = ]
    OCR.lnk -> %UserDesktop%\OCR.lnk -> [Ver = | Size = 468 bytes | Created Date = 2/14/2007 7:36:25 PM | Attr = ]
    Photoshop.lnk -> %UserDesktop%\Photoshop.lnk -> [Ver = | Size = 504 bytes | Created Date = 2/14/2007 7:37:16 PM | Attr = ]
    Pictures and Videos.lnk -> %UserDesktop%\Pictures and Videos.lnk -> [Ver = | Size = 767 bytes | Created Date = 2/3/2007 12:58:34 AM | Attr = ]
    regscanner_setup.exe -> %UserDesktop%\regscanner_setup.exe -> NirSoft [Ver = 1.21 | Size = 89091 bytes | Created Date = 2/21/2007 11:46:21 AM | Attr = ]
    Stuff to DO.lnk -> %UserDesktop%\Stuff to DO.lnk -> [Ver = | Size = 514 bytes | Created Date = 2/14/2007 7:38:46 PM | Attr = ]
    VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Created Date = 2/18/2007 9:33:38 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Created Date = 2/20/2007 9:08:49 PM | Attr = ]
    EReg072.dat -> %SystemRoot%\EReg072.dat -> [Ver = | Size = 292 bytes | Created Date = 2/10/2007 3:42:23 PM | Attr = ]
    MegaManager.INI -> %SystemRoot%\MegaManager.INI -> [Ver = | Size = 23 bytes | Created Date = 2/9/2007 4:05:43 PM | Attr = ]
    MSREGUSR.INI -> %SystemRoot%\MSREGUSR.INI -> [Ver = | Size = 106 bytes | Created Date = 1/31/2007 10:41:21 AM | Attr = ]
    UniFish3.exe -> %SystemRoot%\UniFish3.exe -> [Ver = | Size = 45568 bytes | Created Date = 2/10/2007 3:14:27 PM | Attr = ]
    unSpySweeper.exe -> %SystemRoot%\unSpySweeper.exe -> Webroot Software, Inc. [Ver = 2.1.0.34 | Size = 150528 bytes | Created Date = 2/19/2007 8:03:06 PM | Attr = ]
    VAMPIRE.INI -> %SystemRoot%\VAMPIRE.INI -> [Ver = | Size = 673 bytes | Created Date = 2/20/2007 1:14:29 AM | Attr = ]
    zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Created Date = 2/21/2007 11:46:38 AM | Attr = ]
    ac3filter.cpl -> %System32%\ac3filter.cpl -> [Ver = 1.01a | Size = 417792 bytes | Created Date = 1/27/2007 3:24:22 PM | Attr = ]
    DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 738906 bytes | Created Date = 1/25/2007 6:13:40 PM | Attr = ]
    divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.5.0.0 | Size = 622592 bytes | Created Date = 1/25/2007 6:13:33 PM | Attr = ]
    DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Created Date = 1/25/2007 6:13:32 PM | Attr = ]
    DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 5, 0, 0 | Size = 524288 bytes | Created Date = 1/25/2007 6:19:04 PM | Attr = ]
    divxsm.tlb -> %System32%\divxsm.tlb -> [Ver = | Size = 4816 bytes | Created Date = 1/25/2007 6:19:04 PM | Attr = ]
    divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Created Date = 1/25/2007 6:13:42 PM | Attr = ]
    divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Created Date = 1/25/2007 6:13:40 PM | Attr = ]
    divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 802816 bytes | Created Date = 1/25/2007 6:13:40 PM | Attr = ]
    dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Created Date = 1/25/2007 6:13:45 PM | Attr = ]
    dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 1/25/2007 6:13:45 PM | Attr = ]
    dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 1/25/2007 6:13:44 PM | Attr = ]
    dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Created Date = 1/25/2007 6:13:45 PM | Attr = ]
    eaexec.exe -> %System32%\eaexec.exe -> Electronic Arts [Ver = 1.2 | Size = 132096 bytes | Created Date = 2/10/2007 3:24:38 PM | Attr = ]
    ealtest.exe -> %System32%\ealtest.exe -> [Ver = | Size = 24576 bytes | Created Date = 2/10/2007 3:24:38 PM | Attr = ]
    libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 1/25/2007 6:18:54 PM | Attr = ]
    mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 2/19/2007 1:49:16 PM | Attr = ]
    MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 54342 bytes | Created Date = 2/14/2007 4:31:33 PM | Attr = ]
    MSForms.TWD -> %System32%\MSForms.TWD -> [Ver = | Size = 120872 bytes | Created Date = 1/31/2007 9:52:34 AM | Attr = ]
    NPSExec.exe -> %System32%\NPSExec.exe -> Electronic Arts [Ver = 1.0 | Size = 33792 bytes | Created Date = 2/10/2007 3:42:14 PM | Attr = ]
    NPSPatch.isu -> %System32%\NPSPatch.isu -> [Ver = | Size = 6450 bytes | Created Date = 2/10/2007 3:42:13 PM | Attr = ]
    pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 1/31/2007 7:34:00 AM | Attr = ]
    pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 1/31/2007 7:34:00 AM | Attr = ]
    pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 1/31/2007 7:34:01 AM | Attr = ]
    qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 1/25/2007 6:19:02 PM | Attr = ]
    rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Created Date = 1/31/2007 7:34:01 AM | Attr = ]
    ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 1/25/2007 6:18:54 PM | Attr = ]
    Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 8704 bytes | Created Date = 1/23/2007 1:38:39 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
    Tr_sttool.dat -> %System32%\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Created Date = 1/31/2007 7:11:42 AM | Attr = ]
    uxtuneup.dll -> %System32%\uxtuneup.dll -> TuneUp Software GmbH [Ver = 1.0.0.2 | Size = 24072 bytes | Created Date = 2/10/2007 2:39:18 PM | Attr = ]
    AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2/21/2007 3:35:13 PM | Attr = ]
    Tsknf602.sys -> %System32%\drivers\Tsknf602.sys -> Igor Arsenin [Ver = 6.22 | Size = 11200 bytes | Created Date = 1/24/2007 8:14:05 AM | Attr = ]

    [Files - Modified Within 30 days]
    boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 389 bytes | Modified Date = 2/10/2007 8:21:40 AM | Attr = RHS]
    expo00001.BMP -> %SystemDrive%\expo00001.BMP -> [Ver = | Size = 253494 bytes | Modified Date = 1/24/2007 2:45:42 AM | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502845440 bytes | Modified Date = 2/21/2007 6:15:08 PM | Attr = HS]
    sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/26/2007 4:59:50 AM | Attr = H ]
    sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/26/2007 4:59:50 AM | Attr = H ]
    d3d9caps.tmp -> %LocalAppData%\d3d9caps.tmp -> [Ver = | Size = 664 bytes | Modified Date = 2/20/2007 12:09:58 PM | Attr = ]
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 20480 bytes | Modified Date = 2/20/2007 9:11:46 PM | Attr = ]
    fusioncache.dat -> %LocalAppData%\fusioncache.dat -> [Ver = | Size = 129 bytes | Modified Date = 2/16/2007 12:07:02 PM | Attr = ]
    GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 62312 bytes | Modified Date = 2/17/2007 10:37:48 PM | Attr = ]
    IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1397874 bytes | Modified Date = 2/12/2007 10:28:30 PM | Attr = H ]
    macex.mex -> %UserDocuments%\macex.mex -> [Ver = | Size = 4640 bytes | Modified Date = 2/7/2007 4:52:26 AM | Attr = ]
    My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 581 bytes | Modified Date = 2/21/2007 6:38:08 PM | Attr = ]
    registrybackupmssmgr.reg -> %UserDocuments%\registrybackupmssmgr.reg -> [Ver = | Size = 3110 bytes | Modified Date = 2/14/2007 10:32:40 AM | Attr = ]
    sdsdsds.000 -> %UserDocuments%\sdsdsds.000 -> [Ver = | Size = 111816 bytes | Modified Date = 2/13/2007 7:31:10 PM | Attr = ]
    sdsdsds.001 -> %UserDocuments%\sdsdsds.001 -> [Ver = | Size = 27849 bytes | Modified Date = 2/7/2007 5:10:52 AM | Attr = ]
    sdsdsds.mex -> %UserDocuments%\sdsdsds.mex -> [Ver = | Size = 111816 bytes | Modified Date = 2/13/2007 7:31:10 PM | Attr = ]
    AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2/21/2007 3:35:26 PM | Attr = ]
    CDBurnerXP Pro 3.lnk -> %AllUsersDesktop%\CDBurnerXP Pro 3.lnk -> [Ver = | Size = 2331 bytes | Modified Date = 2/19/2007 8:28:00 PM | Attr = ]
    SnagIt 7.lnk -> %AllUsersDesktop%\SnagIt 7.lnk -> [Ver = | Size = 1742 bytes | Modified Date = 2/1/2007 12:42:54 AM | Attr = ]
    ccsetup137.exe -> %UserDesktop%\ccsetup137.exe -> Piriform Ltd [Ver = 1.37.0.456 | Size = 2683984 bytes | Modified Date = 2/21/2007 3:30:48 PM | Attr = ]
    cwshredder.exe -> %UserDesktop%\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 2/16/2007 12:43:12 PM | Attr = ]
    DMSetup-Serial.exe -> %UserDesktop%\DMSetup-Serial.exe -> McAfee, Inc. [Ver = 1,3,100,0 | Size = 591400 bytes | Modified Date = 2/18/2007 8:45:10 PM | Attr = ]
    Evanescence.asl -> %UserDesktop%\Evanescence.asl -> [Ver = | Size = 10635 bytes | Modified Date = 2/9/2007 9:56:34 AM | Attr = ]
    Hank Williams - The Complete Hank Williams Boxset.rar -> %UserDesktop%\Hank Williams - The Complete Hank Williams Boxset.rar -> [Ver = | Size = 734763986 bytes | Modified Date = 2/19/2007 9:58:02 PM | Attr = ]
    Icons.lnk -> %UserDesktop%\Icons.lnk -> [Ver = | Size = 480 bytes | Modified Date = 2/14/2007 7:36:48 PM | Attr = ]
    Inuyasha.lnk -> %UserDesktop%\Inuyasha.lnk -> [Ver = | Size = 499 bytes | Modified Date = 2/14/2007 7:35:36 PM | Attr = ]
    IPOD.lnk -> %UserDesktop%\IPOD.lnk -> [Ver = | Size = 475 bytes | Modified Date = 2/14/2007 7:37:04 PM | Attr = ]
    KillBox.exe -> %UserDesktop%\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Modified Date = 1/31/2007 7:22:02 AM | Attr = ]
    Music.lnk -> %UserDesktop%\Music.lnk -> [Ver = | Size = 480 bytes | Modified Date = 2/16/2007 9:48:48 AM | Attr = ]
    my day.avi -> %UserDesktop%\my day.avi -> [Ver = | Size = 3357184 bytes | Modified Date = 2/17/2007 10:39:22 PM | Attr = ]
    OCR.lnk -> %UserDesktop%\OCR.lnk -> [Ver = | Size = 468 bytes | Modified Date = 2/14/2007 7:36:26 PM | Attr = ]
    Photoshop.lnk -> %UserDesktop%\Photoshop.lnk -> [Ver = | Size = 504 bytes | Modified Date = 2/14/2007 7:37:18 PM | Attr = ]
    Pictures and Videos.lnk -> %UserDesktop%\Pictures and Videos.lnk -> [Ver = | Size = 767 bytes | Modified Date = 2/3/2007 12:58:36 AM | Attr = ]
    regscanner_setup.exe -> %UserDesktop%\regscanner_setup.exe -> NirSoft [Ver = 1.21 | Size = 89091 bytes | Modified Date = 2/21/2007 11:46:22 AM | Attr = ]
    Stuff to DO.lnk -> %UserDesktop%\Stuff to DO.lnk -> [Ver = | Size = 514 bytes | Modified Date = 2/14/2007 7:38:48 PM | Attr = ]
    Tantra KIII.lnk -> %UserDesktop%\Tantra KIII.lnk -> [Ver = | Size = 2521 bytes | Modified Date = 2/15/2007 8:52:44 PM | Attr = ]
    Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 100352 bytes | Modified Date = 2/9/2007 6:37:40 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
    VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Modified Date = 2/18/2007 9:33:36 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Modified Date = 2/20/2007 9:08:40 PM | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/21/2007 6:15:10 PM | Attr = S]
    EReg072.dat -> %SystemRoot%\EReg072.dat -> [Ver = | Size = 292 bytes | Modified Date = 2/10/2007 3:42:24 PM | Attr = ]
    MegaManager.INI -> %SystemRoot%\MegaManager.INI -> [Ver = | Size = 23 bytes | Modified Date = 2/9/2007 4:05:44 PM | Attr = ]
    MSREGUSR.INI -> %SystemRoot%\MSREGUSR.INI -> [Ver = | Size = 106 bytes | Modified Date = 1/31/2007 10:41:22 AM | Attr = ]
    PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 617 bytes | Modified Date = 2/10/2007 3:15:02 PM | Attr = ]
    Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 3584 bytes | Modified Date = 1/23/2007 1:38:30 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
    VAMPIRE.INI -> %SystemRoot%\VAMPIRE.INI -> [Ver = | Size = 673 bytes | Modified Date = 2/20/2007 1:18:14 AM | Attr = ]
    zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2/21/2007 11:46:40 AM | Attr = ]
    CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 2/18/2007 9:29:58 PM | Attr = ]
    d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 2/20/2007 12:09:58 PM | Attr = ]
    DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 738906 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.5.0.0 | Size = 622592 bytes | Modified Date = 1/25/2007 6:13:34 PM | Attr = ]
    DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Modified Date = 1/25/2007 6:13:34 PM | Attr = ]
    DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 5, 0, 0 | Size = 524288 bytes | Modified Date = 1/25/2007 6:19:06 PM | Attr = ]
    divxsm.tlb -> %System32%\divxsm.tlb -> [Ver = | Size = 4816 bytes | Modified Date = 1/25/2007 6:19:06 PM | Attr = ]
    divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Modified Date = 1/25/2007 6:13:44 PM | Attr = ]
    divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 823296 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 802816 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Modified Date = 1/25/2007 6:13:46 PM | Attr = ]
    FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 219248 bytes | Modified Date = 2/17/2007 2:51:36 PM | Attr = ]
    Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2/16/2007 9:33:38 AM | Attr = ]
    libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 1/25/2007 6:18:56 PM | Attr = ]
    mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 2/19/2007 1:49:18 PM | Attr = ]
    MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 54342 bytes | Modified Date = 2/14/2007 4:31:34 PM | Attr = ]
    MSForms.TWD -> %System32%\MSForms.TWD -> [Ver = | Size = 120872 bytes | Modified Date = 1/31/2007 9:52:36 AM | Attr = ]
    NPSPatch.isu -> %System32%\NPSPatch.isu -> [Ver = | Size = 6450 bytes | Modified Date = 2/10/2007 3:42:16 PM | Attr = ]
    px.dll -> %System32%\px.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 527096 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 129784 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 64760 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 116472 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.02.01a | Size = 502520 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 72440 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 64760 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 118520 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxmas.dll -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 183032 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 1329912 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    pxwave.dll -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 379640 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Modified Date = 1/25/2007 6:19:04 PM | Attr = ]
    ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 1/25/2007 6:18:56 PM | Attr = ]
    Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 8704 bytes | Modified Date = 1/23/2007 1:38:40 AM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
    Tr_sttool.dat -> %System32%\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/31/2007 7:13:18 AM | Attr = ]
    Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2/16/2007 9:33:38 AM | Attr = ]
    vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.74a | Size = 39672 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 2/17/2007 2:57:22 PM | Attr = ]
    PxHelp20.sys -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 1/25/2007 6:19:02 PM | Attr = ]

    [File String Scan - Non-Microsoft Only]
    @Alternate Data Stream - 346 bytes -> %AllUsersAppData%\TEMP:05EE1EEF ->
    PEC2 , -> %AllUsersDocuments%\vitalagent.zip -> [Ver = | Size = 1402762 bytes | Modified Date = 2/22/2002 8:01:22 AM | Attr = ]
    Thawte Consulting , -> %UserDesktop%\ccsetup137.exe -> Piriform Ltd [Ver = 1.37.0.456 | Size = 2683984 bytes | Modified Date = 2/21/2007 3:30:48 PM | Attr = ]
    qoologic , urllogic , urllogic , -> %UserDesktop%\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 2/16/2007 12:43:12 PM | Attr = ]
    File scan skipped for file %UserDesktop%\Hank Williams - The Complete Hank Williams Boxset.rar -> File size too big (734763986 bytes) ->
    UPX! , UPX0 , -> %UserDesktop%\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0881 | Size = 92672 bytes | Modified Date = 1/31/2007 7:22:02 AM | Attr = ]
    UPX! , PEC2 , PECompact2 , qoologic , PTech , urllogic , urllogic , winsync , WSUD , UPX0 , Thawte Consulting , -> %UserDesktop%\Munny.txt -> [Ver = | Size = 38340 bytes | Modified Date = 2/21/2007 6:35:44 PM | Attr = ]
    UPX! , UPX0 , -> %UserDesktop%\regscanner_setup.exe -> NirSoft [Ver = 1.21 | Size = 89091 bytes | Modified Date = 2/21/2007 11:46:22 AM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
    PEC2 , PECompact2 , -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Modified Date = 2/18/2007 9:33:36 AM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\AIM.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\emachines_32.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\encarta.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Netscape.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
    UPX! , UPX0 , -> %SystemRoot%\unSpySweeper.exe -> Webroot Software, Inc. [Ver = 2.1.0.34 | Size = 150528 bytes | Modified Date = 10/15/2003 11:42:16 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Winamp1.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    UPX! , UPX0 , -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2/21/2007 11:46:40 AM | Attr = ]
    UPX! , UPX0 , -> %System32%\devil.dll -> Abysmal Software [Ver = 1.6.5 | Size = 269312 bytes | Modified Date = 3/10/2005 9:48:10 AM | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.44 | Size = 738906 bytes | Modified Date = 1/25/2007 6:13:42 PM | Attr = ]
    PEC2 , -> %System32%\ODBCJET.HLP -> [Ver = | Size = 163384 bytes | Modified Date = 11/17/1996 | Attr = ]
    PEC2 , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 2/28/2002 12:42:54 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %System32%\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    @Alternate Data Stream - 2972 bytes -> %System32%\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc ->
    @Alternate Data Stream - 0 bytes -> %System32%\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
    Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/7/2006 5:18:32 AM | Attr = ]
    Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 3:04:34 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
    PEC2 , -> %System32%\VBAR2132.DLL -> [Ver = | Size = 1371436 bytes | Modified Date = 7/19/1995 5:00:00 PM | Attr = R ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr = ]
    PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

    < End of report >

    HJT

    Logfile of HijackThis v1.99.1
    Scan saved at 8:47:54 PM, on 2/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Explorer.EXE
    C:\Desktop Stuff\Stuff to DO\Scanners\HJT.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {7FCBB1BF-EB3C-4EBE-815F-2CF3FFEAA1EA} - C:\WINDOWS\system32\geedb.dll (file missing)
    O2 - BHO: (no name) - {C7F47017-0A96-4600-8C65-FDDFAFE0E997} - C:\WINDOWS\system32\qomkkjk.dll (file missing)
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vanviuva.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\jodivoob.dll",setvm
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: MyVitalAgent.lnk = C:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120372390609
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22.com/view22/app/view22rte.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D601A894-4448-45D4-9DC0-A112A10010D3}: NameServer = 24.53.86.13,24.53.86.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
    O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
    O20 - Winlogon Notify: qomkkjk - qomkkjk.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)

     
  17. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Looks good!

    Run and scan with HijackThis and place checks beside the following:

    O2 - BHO: (no name) - {7FCBB1BF-EB3C-4EBE-815F-2CF3FFEAA1EA} - C:\WINDOWS\system32\geedb.dll (file missing)
    O2 - BHO: (no name) - {C7F47017-0A96-4600-8C65-FDDFAFE0E997} - C:\WINDOWS\system32\qomkkjk.dll (file missing)
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vanviuva.dll (file missing)
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\jodivoob.dll",setvm
    O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
    O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
    O20 - Winlogon Notify: qomkkjk - qomkkjk.dll (file missing)


    Close all open browsers/windows and click the Fix button.

    Reboot and post a new HijackThis log for me please.
     
  18. Nephylim

    Nephylim Guest

    Here's my log after rebooting!!

    Logfile of HijackThis v1.99.1
    Scan saved at 10:12:10 PM, on 2/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Desktop Stuff\Stuff to DO\Scanners\HJT.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: MyVitalAgent.lnk = C:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120372390609
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22.com/view22/app/view22rte.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D601A894-4448-45D4-9DC0-A112A10010D3}: NameServer = 24.53.86.13,24.53.86.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)

     
  19. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Thats a clean log! Good job :)

    How is your PC behaving?
     
  20. Nephylim

    Nephylim Guest

    Its behaving as if it were reformatted :) thank you so much for your help and for the time you spent gathering the info for me. I did want to ask what kind of things it may have done to my computer that you were afraid you wouldn't be able to fix.

    I'm so glad you helped be, because reformatting isn't an option, when I tried, it told me it couldn't find something on a drive I don't even have "T2080.Ghd" and "Ghosterr.txt" Then it told me to contact sympatico, kicked out my disk and rebooted.

    Thanks again!!
     

Share This Page