Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » my computer is sick :(

[Pending] HJT Logs - my computer is sick :( posted in the Security & Safety forums; i'm not sure if it's a virus, spyware, malware, worm etc. i just know that my computer is so messed up beyond recognition and i've tried everything to save him ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 06-06-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 9
PC Experience: Some Experience
jennibean - See this Members User comments on their Profile page
Exclamation my computer is sick :(
i'm not sure if it's a virus, spyware, malware, worm etc. i just know that my computer is so messed up beyond recognition and i've tried everything to save him but i dont know what else to do.
I've ran several virus programs and spyware programs, cleaned my registry and everything.

how it's been acting...
very very slow (right now i'm on safe mode and still... very slow)
my desktop disappears frequently
command logs that was win32 or something pop up apon startup
some spools.exe keeps popping up too

halp!
  #2  
Old 06-06-2008
madmatt2006's Avatar
PC Dinosaur
  
Join Date: Dec 2006
Location: Shepparton
Posts: 2,599
PC Experience: Elite PC Guru
madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page
Default Re: my computer is sick :(
HI welcome to PCHF please folow the steps here http://www.pchelpforum.com/new-hijac...a-prework.html and post you logs for our security staff to look at. See ya around the forum
  #3  
Old 06-06-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 9
PC Experience: Some Experience
jennibean - See this Members User comments on their Profile page
Default Re: my computer is sick :(
Deckard's System Scanner v20071014.68
Run by Jennifer Peterson on 2008-06-05 22:54:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-06 05:54:55 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Jennifer Peterson.exe) -----------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-05 23:03:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Documents and Settings\Jennifer Peterson\cftmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\SYSTEM32\dlbtcoms.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\VSO\mcvsrte.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\Pavfires.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavsrv51.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavproxy.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL\AIM Toolbar 5.0\AolTbServer.exe
C:\Documents and Settings\Jennifer Peterson\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Jennifer Peterson.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Avengine.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: (no name) - {00C5F89E-F65E-4EE3-8D6D-CF9323FDBFC6} - (no file)
O2 - BHO: (no name) - {0671B932-80FC-4564-BFC2-4062EA867EF7} - C:\WINDOWS\SYSTEM32\nnnmmlkh.dll
O2 - BHO: (no name) - {3BFC3780-B486-4472-821D-635071630304} - C:\WINDOWS\system32\ljJAPGVO.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: {e38c8b48-e7ec-e708-fc94-6045d123eef7} - {7fee321d-5406-49cf-807e-ce7e84b8c83e} - C:\WINDOWS\SYSTEM32\kjjkdahv.dll
O2 - BHO: (no name) - {A3D90879-4AFC-4618-BD21-3F295C2B3C22} - (no file)
O2 - BHO: (no name) - {C83F6149-4782-4DAB-A478-96F195A376A2} - C:\WINDOWS\SYSTEM32\mlJBRLBU.dll
O2 - BHO: (no name) - {E046F543-D8E6-4084-B201-75D19AF91CEF} - C:\WINDOWS\system32\nnnnOggg.dll (file missing)
O2 - BHO: Microsoft copyright - {ffffffff-bbbb-4146-86fd-a722e8ab3489} - sockins32.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdzxu.exe] C:\WINDOWS\system32\kdzxu.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [run] regsvr32.exe /s "C:\Documents and Settings\Jennifer Peterson\Application Data\sp1\qtfinal.dll"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - Global Startup: HOTSYNCSHORTCUTNAME
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O15 - Trusted Zone: fubar: the first online bar and happy hour (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} () - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.78 85.255.112.36
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: iSecurity.cpl
O20 - Winlogon Notify: mlJBRLBU - C:\WINDOWS\system32\mlJBRLBU.dll
O20 - Winlogon Notify: winctrl32 - C:\WINDOWS\system32\WinCtrl32.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - C:\WINDOWS\SYSTEM32\sockins32.dll
O21 - SSODL: DrvKbd - {35135365-f8fa-4d05-b8bf-2f7fe7ec77fb} - C:\WINDOWS\Resources\DrvKbd.dll
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: dlbt_device - Unknown owner - C:\WINDOWS\SYSTEM32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - C:\Program Files\McAfee.com\VSO\mcvsrte.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - C:\WINDOWS\SYSTEM32\mssrv32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\Pavfires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavsrv51.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


--
End of file - 11995 bytes

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*
.js - JSFile - shell\open\command - C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.vbs - VBSFile - shell\open\command - C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 PAVDRV (Panda anti-virus driver) - c:\windows\system32\drivers\pavdrv51.sys <Not Verified; Panda Software; Panda® Antivirus>
R2 wg3n (SyGate for NT, wg3n) - c:\windows\system32\drivers\wg3n.sys <Not Verified; Sygate Technologies, Inc.; SyberGen WGXN>
R3 ComFiltr (Panda Anti-Dialer) - c:\windows\system32\drivers\comfiltr.sys (file missing)
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
R3 NaiFiltr - c:\windows\system32\drivers\naifiltr.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 djO38 - c:\windows\system32\drivers\djo38.sys
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 ekP84 - c:\windows\system32\drivers\ekp84.sys
S3 jpU40 - c:\windows\system32\drivers\jpu40.sys
S3 lrW38 - c:\windows\system32\drivers\lrw38.sys
S3 ntY51 - c:\windows\system32\drivers\nty51.sys
S3 RT73 (Belkin USB Network Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Belkin Wireless USB Network Adapter Service (Belkin Wireless USB Network Adapter) - c:\program files\belkin\belkin wireless network utility\wlservice.exe
R2 PAVFIRES (Panda Firewall Service) - c:\program files\panda software\panda antivirus platinum\firewall\pavfires.exe <Not Verified; Panda Software; Platinum 7 Pavfires>
R2 PAVSRV (Panda anti-virus service) - c:\program files\panda software\panda antivirus platinum\pavsrv51.exe <Not Verified; Panda Software; Panda Antivirus>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 msupdate (Microsoft security update service) - c:\windows\system32\mssrv32.exe
S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 12:00:00 434 --a------ C:\WINDOWS\Tasks\Auto-scheduled task of Free Registry Fix.job
2008-05-30 18:30:00 374 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DJFQ5R61-Jennifer Peterson).job
2008-05-30 17:15:00 414 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-05-29 22:45:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-05 22:31:03 7680 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-06-05 22:25:55 82944 --a------ C:\WINDOWS\system32\uyaymbve.dll
2008-06-05 22:25:54 2560 --a------ C:\WINDOWS\system32\aendqcno.exe
2008-06-05 22:24:26 0 d-------- C:\Program Files\iSecurity
2008-06-05 22:23:43 95744 --a------ C:\WINDOWS\system32\kjjkdahv.dll
2008-06-05 22:23:35 91136 --a------ C:\WINDOWS\system32\rnykbjfm.dll
2008-06-05 22:22:53 735134 --ahs---- C:\WINDOWS\system32\hklmmnnn.ini2
2008-06-05 22:22:50 281088 --a------ C:\WINDOWS\system32\nnnmmlkh.dll
2008-06-05 22:18:08 7680 --a------ C:\Documents and Settings\Administrator\cftmon.exe
2008-06-05 21:40:30 95744 --a------ C:\WINDOWS\system32\ijbbchju.dll
2008-06-05 21:40:05 82944 --a------ C:\WINDOWS\system32\dkxrwwat.dll
2008-06-05 21:38:12 2560 --a------ C:\WINDOWS\system32\eupfstuw.exe
2008-06-05 21:38:03 91136 --a------ C:\WINDOWS\system32\lydbjrim.dll
2008-06-05 21:37:04 743872 --ahs---- C:\WINDOWS\system32\OVGPAJjl.ini2
2008-06-05 18:03:25 7680 --a------ C:\Documents and Settings\Jennifer Peterson\cftmon.exe
2008-06-05 17:03:12 0 d-------- C:\Documents and Settings\Jennifer Peterson\Application Data\.clamwin
2008-06-05 16:38:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-06-04 15:05:38 82432 --a------ C:\WINDOWS\system32\xcotphat.dll
2008-06-04 15:02:38 95232 --a------ C:\WINDOWS\system32\aafnastk.dll
2008-06-04 14:59:38 2560 --a------ C:\WINDOWS\system32\wjufgxun.exe
2008-06-04 14:56:40 91136 --a------ C:\WINDOWS\system32\dskopian.dll
2008-06-04 14:39:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\.clamwin
2008-06-04 14:38:52 0 d-------- C:\Program Files\ClamWin
2008-06-04 14:38:52 0 d-------- C:\Documents and Settings\All Users\.clamwin
2008-06-04 14:36:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-03 18:36:16 2560 --a------ C:\WINDOWS\system32\hvmdcmbh.exe
2008-06-03 15:00:49 82432 --a------ C:\WINDOWS\system32\nnvapmua.dll
2008-06-03 14:57:53 92160 --a------ C:\WINDOWS\system32\dsqxyxds.dll
2008-06-03 14:55:15 90624 --a------ C:\WINDOWS\system32\wxggelkk.dll
2008-06-03 14:53:48 90624 --a------ C:\WINDOWS\system32\suvolcmb.dll
2008-06-03 14:52:33 749350 --ahs---- C:\WINDOWS\system32\gggOnnnn.ini2
2008-06-03 13:19:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 13:14:56 0 d-------- C:\Program Files\Comodo
2008-06-03 12:51:09 1635 --a------ C:\WINDOWS\system32\vypwjbpm.exe
2008-06-03 12:51:09 1635 --a------ C:\WINDOWS\system32\fxcrdfi.exe
2008-06-03 12:51:09 1635 --a------ C:\WINDOWS\system32\burduy.exe
2008-06-03 00:05:14 1635 --a------ C:\WINDOWS\system32\quvkoo.exe
2008-06-03 00:05:14 1635 --a------ C:\WINDOWS\system32\mjzncgue.exe
2008-06-03 00:05:14 1635 --a------ C:\WINDOWS\system32\kvsjt.exe
2008-06-02 23:22:48 1635 --a------ C:\WINDOWS\system32\jjqxee.exe
2008-06-02 23:22:48 1635 --a------ C:\WINDOWS\system32\daywnf.exe
2008-06-02 23:22:48 1635 --a------ C:\WINDOWS\system32\cccnd.exe
2008-06-02 22:56:13 1635 --a------ C:\WINDOWS\system32\ylntmc.exe
2008-06-02 22:56:13 1635 --a------ C:\WINDOWS\system32\ihzn.exe
2008-06-02 22:56:13 1635 --a------ C:\WINDOWS\system32\evdgg.exe
2008-06-02 19:06:52 1635 --a------ C:\WINDOWS\system32\lzoc.exe
2008-06-02 19:06:52 1635 --a------ C:\WINDOWS\system32\lqcoeujl.exe
2008-06-02 19:06:52 1635 --a------ C:\WINDOWS\system32\jlcb.exe
2008-06-02 19:01:58 8023 --a------ C:\WINDOWS\system32\drivers\wg3n.sys <Not Verified; Sygate Technologies, Inc.; SyberGen WGXN>
2008-06-02 19:01:51 85456 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2008-06-02 19:01:47 15360 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2008-06-02 19:01:00 58752 --a------ C:\WINDOWS\system32\drivers\Pavdrv51.sys <Not Verified; Panda Software; Panda® Antivirus>
2008-06-02 19:00:57 0 d-------- C:\WINDOWS\system32\PAV
2008-06-02 19:00:37 0 d-------- C:\Program Files\Panda Software
2008-06-02 18:50:55 1635 --a------ C:\WINDOWS\system32\uqcwi.exe
2008-06-02 18:50:55 1635 --a------ C:\WINDOWS\system32\rlyi.exe
2008-06-02 18:50:54 1635 --a------ C:\WINDOWS\system32\oxtxrfaa.exe
2008-06-02 18:42:29 1635 --a------ C:\WINDOWS\system32\vsvqtyz.exe
2008-06-02 18:42:29 1635 --a------ C:\WINDOWS\system32\repwe.exe
2008-06-02 18:42:29 1635 --a------ C:\WINDOWS\system32\akwnpgc.exe
2008-06-02 18:04:22 1635 --a------ C:\WINDOWS\system32\qqlz.exe
2008-06-02 18:04:22 1635 --a------ C:\WINDOWS\system32\qjsr.exe
2008-06-02 18:04:22 1635 --a------ C:\WINDOWS\system32\afazeju.exe
2008-06-02 16:11:26 1635 --a------ C:\WINDOWS\system32\pbdv.exe
2008-06-02 16:11:26 1635 --a------ C:\WINDOWS\system32\mnufmkn.exe
2008-06-02 16:11:26 1635 --a------ C:\WINDOWS\system32\afay.exe
2008-06-02 15:55:48 0 d-------- C:\Documents and Settings\Jennifer Peterson\Application Data\AXPDefender
2008-06-02 15:54:40 0 d-------- C:\Program Files\AXPDefender
2008-06-02 15:51:10 1635 --a------ C:\WINDOWS\system32\ldmg.exe
2008-06-02 15:51:10 1635 --a------ C:\WINDOWS\system32\ddzlz.exe
2008-06-02 15:51:09 1635 --a------ C:\WINDOWS\system32\odvzrty.exe
2008-06-02 15:15:31 473600 --a------ C:\WINDOWS\system32\aswBoot.exe <Not Verified; ; avast! Antivirus>
2008-06-02 15:15:20 0 d-------- C:\Program Files\Alwil Software
2008-06-02 14:56:08 1635 --a------ C:\WINDOWS\system32\odqkmxgh.exe
2008-06-02 14:56:08 1635 --a------ C:\WINDOWS\system32\jtll.exe
2008-06-02 14:56:08 1635 --a------ C:\WINDOWS\system32\ikuawjw.exe
2008-06-02 14:22:05 1635 --a------ C:\WINDOWS\system32\tenfes.exe
2008-06-02 14:22:05 1635 --a------ C:\WINDOWS\system32\bvkmdej.exe
2008-06-02 14:22:05 1635 --a------ C:\WINDOWS\system32\apixobge.exe
2008-06-02 13:58:23 1635 --a------ C:\WINDOWS\system32\ljtrrcy.exe
2008-06-02 13:58:23 1635 --a------ C:\WINDOWS\system32\csshmq.exe
2008-06-02 13:58:22 1635 --a------ C:\WINDOWS\system32\gxoeq.exe
2008-06-02 13:50:38 1635 --a------ C:\WINDOWS\system32\ukui.exe
2008-06-02 13:50:38 1635 --a------ C:\WINDOWS\system32\fajlwg.exe
2008-06-02 13:50:37 1635 --a------ C:\WINDOWS\system32\xlznne.exe
2008-06-02 13:27:17 0 d-------- C:\WINDOWS\system32\905757
2008-06-02 13:25:47 2560 --a------ C:\WINDOWS\system32\uhrjofkb.exe
2008-06-02 13:23:17 1635 --a------ C:\WINDOWS\system32\vlqxxa.exe
2008-06-02 13:23:17 1635 --a------ C:\WINDOWS\system32\ukngeii.exe
2008-06-02 13:23:17 1635 --a------ C:\WINDOWS\system32\thsl.exe
2008-06-02 13:22:54 30080 --a------ C:\WINDOWS\system32\drivers\flQ38.sys
2008-06-02 13:14:54 92160 --a------ C:\WINDOWS\system32\lwifpalk.dll
2008-06-02 13:14:41 82432 --a------ C:\WINDOWS\system32\pkkbaxko.dll
2008-06-02 13:13:08 90624 --a------ C:\WINDOWS\system32\wivyhkdo.dll
2008-06-02 13:11:29 0 d-------- C:\Program Files\AbsoluteTransfer
2008-06-02 13:10:24 1635 --a------ C:\WINDOWS\system32\vligp.exe
2008-06-02 13:10:24 1635 --a------ C:\WINDOWS\system32\nbvq.exe
2008-06-02 13:10:24 1635 --a------ C:\WINDOWS\system32\ieto.exe
2008-06-02 13:10:24 29440 --a------ C:\WINDOWS\system32\drivers\ekP84.sys
2008-06-02 13:09:15 9728 --a------ C:\Program Files\tmp2.exe
2008-06-02 13:09:15 9728 --a------ C:\Program Files\tmp1.exe
2008-06-02 13:09:15 9728 --a------ C:\Program Files\tmp0.exe
2008-06-02 13:09:13 0 d-------- C:\WINDOWS\system32\818646
2008-06-02 10:03:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-01 23:32:25 0 d-------- C:\Program Files\PestPatrol
2008-06-01 23:30:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-06-01 23:30:32 57344 --a------ C:\WINDOWS\Unwash6.exe <Not Verified; Webroot Software, Inc.; >
2008-06-01 23:12:58 0 --a------ C:\WINDOWS\system32\Ultra.dll
2008-06-01 23:05:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-06-01 23:05:19 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-01 23:05:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-06-01 23:05:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-01 23:05:19 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-06-01 23:05:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-01 23:05:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-01 23:05:18 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-01 23:05:18 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-01 23:05:18 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-01 23:05:18 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-01 23:05:18 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-01 23:05:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-01 23:05:18 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-01 23:05:18 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-01 23:05:18 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-01 23:05:18 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-01 23:05:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-01 23:05:17 2359296 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-01 22:59:16 1635 --a------ C:\WINDOWS\system32\muvgftr.exe
2008-06-01 22:59:16 1635 --a------ C:\WINDOWS\system32\hrhgk.exe
2008-06-01 22:59:14 1635 --a------ C:\WINDOWS\system32\byegwxw.exe
2008-06-01 22:57:20 28928 --a------ C:\WINDOWS\system32\drivers\djO38.sys
2008-06-01 22:55:52 0 d-------- C:\Program Files\PCBugDoctor
2008-06-01 22:52:23 1635 --a------ C:\WINDOWS\system32\vytqi.exe
2008-06-01 22:52:23 1635 --a------ C:\WINDOWS\system32\tgpqknv.exe
2008-06-01 22:52:23 1635 --a------ C:\WINDOWS\system32\njsopxuw.exe
2008-06-01 22:51:38 28928 --a------ C:\WINDOWS\system32\drivers\ntY51.sys
2008-06-01 22:42:51 1635 --a------ C:\WINDOWS\system32\ljgl.exe
2008-06-01 22:42:51 1635 --a------ C:\WINDOWS\system32\gcgptitq.exe
2008-06-01 22:42:51 1635 --a------ C:\WINDOWS\system32\bcdvatur.exe
2008-06-01 22:42:37 28928 --a------ C:\WINDOWS\system32\drivers\lrW38.sys
2008-06-01 22:38:27 28928 --a------ C:\WINDOWS\system32\drivers\jpU40.sys
2008-06-01 22:16:58 33408 --a------ C:\WINDOWS\system32\pmnkhhIB.dll
2008-06-01 22:16:26 13187 --ahs---- C:\WINDOWS\system32\deefMUvw.ini2
2008-06-01 22:15:27 12792 --a------ C:\WINDOWS\system32\mssrv32.exe
2008-06-01 22:15:19 28928 --a------ C:\WINDOWS\system32\drivers\lrW84.sys
2008-06-01 22:15:14 15360 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-06-01 22:14:40 33408 --a------ C:\WINDOWS\system32\cbXnMCst.dll
2008-06-01 22:14:35 0 d-------- C:\Documents and Settings\Jennifer Peterson\Application Data\sp1
2008-06-01 22:14:16 32768 --a------ C:\WINDOWS\system32\sockins32.dll <Not Verified; ThinkPad; ThinkPad repl>
2008-06-01 22:14:00 36352 --a------ C:\WINDOWS\system32\ljJccArQ.dll
2008-06-01 22:13:30 1635 --a------ C:\WINDOWS\system32\tjdioege.exe
2008-06-01 22:13:30 1635 --a------ C:\WINDOWS\system32\imdwm.exe
2008-06-01 22:13:29 1635 --a------ C:\WINDOWS\system32\omdydqj.exe
2008-06-01 22:12:05 2 --a------ C:\5188831
2008-06-01 22:12:01 68018 --a------ C:\WINDOWS\system32\ksnhtr.sys
2008-06-01 22:12:00 53 --a------ C:\smp.bat
2008-06-01 22:11:10 93696 --a------ C:\WINDOWS\system32\ntpl.bin
2008-06-01 22:10:51 7680 --a------ C:\WINDOWS\system32\drivers\spools.exe
2008-06-01 22:10:31 41984 --a------ C:\WINDOWS\mrofinu1535.exe
2008-06-01 22:10:00 28160 --a------ C:\WINDOWS\system32\mlJBRLBU.dll
2008-06-01 21:13:45 237057 --a------ C:\WINDOWS\system32\Office [Keygen].exe
2008-06-01 21:13:44 118785 --a------ C:\WINDOWS\system32\rxbot2.exe


-- Find3M Report ---------------------------------------------------------------

2008-06-05 22:59:27 0 d-------- C:\Program Files\Trend Micro
2008-06-05 16:35:49 0 d-------- C:\Program Files\Common Files
2008-06-05 16:35:48 0 d-------- C:\Program Files\Webroot
2008-06-04 15:29:02 0 d-------- C:\Program Files\TuneUp Utilities 2006
2008-06-02 19:00:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-01 22:29:30 0 d-------- C:\Documents and Settings\Jennifer Peterson\Application Data\uTorrent
2008-06-01 22:11:15 577536 --a------ C:\WINDOWS\system32\user32.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 21:21:05 0 d-------- C:\Documents and Settings\Jennifer Peterson\Application Data\Orbit
2008-05-13 22:02:38 0 d-------- C:\Program Files\dl_Cats
2008-04-13 21:29:21 0 d-------- C:\Documents and Settings\Jennifer Peterson\Application Data\acccore
2008-04-13 21:28:31 0 d-------- C:\Program Files\AIM6
2008-04-13 21:24:56 0 d-------- C:\Program Files\Common Files\AOL
2008-04-09 03:16:00 0 d-------- C:\Program Files\Common Files\Pointstone
2008-04-05 13:52:41 0 d-------- C:\Program Files\Pointstone
2008-04-05 13:52:20 0 d-------- C:\Program Files\TweakNow RegCleaner Pro
2008-03-18 21:39:47 25 --a------ C:\WINDOWS\SW_Win2146X32.DLL
2008-03-18 21:39:41 133 --a------ C:\WINDOWS\SW_Win2000X6.DLL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00C5F89E-F65E-4EE3-8D6D-CF9323FDBFC6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0671B932-80FC-4564-BFC2-4062EA867EF7}]
06/05/2008 10:22 PM 281088 --a------ C:\WINDOWS\system32\nnnmmlkh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BFC3780-B486-4472-821D-635071630304}]
C:\WINDOWS\system32\ljJAPGVO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7fee321d-5406-49cf-807e-ce7e84b8c83e}]
06/05/2008 10:23 PM 95744 --a------ C:\WINDOWS\system32\kjjkdahv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3D90879-4AFC-4618-BD21-3F295C2B3C22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C83F6149-4782-4DAB-A478-96F195A376A2}]
06/01/2008 10:10 PM 28160 --a------ C:\WINDOWS\system32\mlJBRLBU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E046F543-D8E6-4084-B201-75D19AF91CEF}]
C:\WINDOWS\system32\nnnnOggg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffffffff-bbbb-4146-86fd-a722e8ab3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"C:\WINDOWS\system32\kdzxu.exe"="C:\WINDOWS\system 32\kdzxu.exe" [06/13/2007 03:23 AM]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent .exe" [09/22/2005 06:29 PM]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" [06/18/2003 01:00 PM]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.exe" [07/01/2003 01:41 PM]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [04/19/2008 04:35 PM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.e xe" [06/01/2008 10:10 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [01/11/2006 12:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"run"="regsvr32.exe" [08/04/2004 04:00 AM C:\WINDOWS\SYSTEM32\REGSVR32.EXE]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"ntuser"=C:\WINDOWS\system32\drivers\spools.ex e
"autoload"=C:\Documents and Settings\LocalService\cftmon.exe

C:\Documents and Settings\Jennifer Peterson\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 12:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME [1/18/2008 4:14:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [11/23/2004 05:51 PM 192512]
"{C83F6149-4782-4DAB-A478-96F195A376A2}"= C:\WINDOWS\system32\mlJBRLBU.dll [06/01/2008 10:10 PM 28160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]
"DrvKbd"= {35135365-f8fa-4d05-b8bf-2f7fe7ec77fb} - C:\WINDOWS\Resources\DrvKbd.dll [06/02/2008 01:09 PM 14886]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdzxu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJBRLBU]
mlJBRLBU.dll 06/01/2008 10:10 PM 28160 C:\WINDOWS\SYSTEM32\mlJBRLBU.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winctrl32]
WinCtrl32.dll 06/05/2008 10:31 PM 15360 C:\WINDOWS\SYSTEM32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=iSecurity.cpl

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnmmlkh

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\djO38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ekP84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\flQ38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\jpU40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\lrW38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ntY51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZ Smileys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"ntuser"=C:\WINDOWS\system32\drivers\spools.ex e

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"C:\WINDOWS\system32\kdzxu.exe"=C:\WINDOWS\system3 2\kdzxu.exe
"Winamp Agent"=C:\WINDOWS\system32\winamp.exe
"BM037c1fec"=Rundll32.exe "C:\WINDOWS\system32\dskopian.dll",s
"ntuser"=C:\WINDOWS\system32\drivers\spools.ex e
"004f2c70"=rundll32.exe "C:\WINDOWS\system32\xcotphat.dll",b
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdat e.exe

*Newly Created Service* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186f05-bbbb-4a39-864f-72d84615c679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-06-05 23:12:04 ------------
  #4  
Old 06-06-2008
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,571
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default Re: my computer is sick :(
Hello, and welcome to PCHF.

I have deleted the extra thread that you have posted. Let's try to keep everything within this thread.


First we need to download ComboFix.exe.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
  #5  
Old 06-06-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 9
PC Experience: Some Experience
jennibean - See this Members User comments on their Profile page
Default Re: my computer is sick :(
can i run these on safe mode? cause as if right now that's all my computer will allow me to run on
  #6  
Old 06-06-2008
Bronze Member
  
Join Date: Jun 2008
Posts: 9
PC Experience: Some Experience
jennibean - See this Members User comments on their Profile page
Default Re: my computer is sick :(
ComboFix 08-06-05.3 - Jennifer Peterson 2008-06-06 9:14:24.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.104 [GMT -7:00]
Running from: C:\Documents and Settings\Jennifer Peterson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jennifer Peterson\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Jennifer Peterson\Application Data\sp1
C:\Documents and Settings\Jennifer Peterson\Application Data\sp1\qtfinal.dll
C:\Program Files\iSecurity
C:\Program Files\iSecurity\{494F96D1-DA28-494d-96C3-69BFCA09C28D}}\install.exe
C:\Program Files\iSecurity\axpdefender.bmp
C:\Program Files\iSecurity\axpdefender.ico
C:\Program Files\iSecurity\axpdefenderi.bmp
C:\Program Files\iSecurity\axpfixer.bmp
C:\Program Files\iSecurity\axpfixer.ico
C:\Program Files\iSecurity\axpfixeri.bmp
C:\Program Files\iSecurity\iSecurity.dat
C:\Program Files\iSecurity\iSecurity.html
C:\Program Files\iSecurity\systemdefender.bmp
C:\Program Files\iSecurity\systemdefender.ico
C:\Program Files\iSecurity\systemdefenderi.bmp
C:\Program Files\iSecurity\v12\iSecurity.cpl
C:\smp.bat
C:\WINDOWS\BM037c1fec.xml
C:\WINDOWS\homepage.html
C:\WINDOWS\index.html
C:\WINDOWS\promo1.html
C:\WINDOWS\promo2.html
C:\WINDOWS\promo3.html
C:\WINDOWS\promo4.html
C:\WINDOWS\promo5.html
C:\WINDOWS\promo6.html
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\promogif3.gif
C:\WINDOWS\pskt.ini
C:\WINDOWS\resources\DrvKbd.dll
C:\WINDOWS\resources\WinKbd.dll
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\SYSTEM32\247880\247880.dll
C:\WINDOWS\system32\818646
C:\WINDOWS\SYSTEM32\818646\818646.dll
C:\WINDOWS\SYSTEM32\905757\905757.dll
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\aendqcno.exe
C:\WINDOWS\system32\aumpavnn.ini
C:\WINDOWS\system32\bmf.cs
C:\WINDOWS\system32\cbXnMCst.dll
C:\WINDOWS\system32\ccs.so
C:\WINDOWS\SYSTEM32\deefMUvw.ini
C:\WINDOWS\SYSTEM32\deefMUvw.ini2
C:\WINDOWS\system32\drivers\djO38.sys
C:\WINDOWS\system32\drivers\ekP84.sys
C:\WINDOWS\system32\drivers\flQ38.sys
C:\WINDOWS\system32\drivers\jpU40.sys
C:\WINDOWS\system32\drivers\lrW38.sys
C:\WINDOWS\system32\drivers\lrW84.sys
C:\WINDOWS\system32\drivers\ntY51.sys
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\dsqxyxds.dll
C:\WINDOWS\system32\eupfstuw.exe
C:\WINDOWS\system32\evbmyayu.ini
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\gggOnnnn.ini
C:\WINDOWS\SYSTEM32\gggOnnnn.ini2
C:\WINDOWS\SYSTEM32\hklmmnnn.ini
C:\WINDOWS\SYSTEM32\hklmmnnn.ini2
C:\WINDOWS\system32\ho.ln
C:\WINDOWS\system32\hvmdcmbh.exe
C:\WINDOWS\system32\ISECUR~1.CPL
C:\WINDOWS\system32\iSecurity.cpl
C:\WINDOWS\system32\kdzxu.exe
C:\WINDOWS\system32\ko.o
C:\WINDOWS\system32\ksnhtr.sys
C:\WINDOWS\system32\ljJccArQ.dll
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\lwifpalk.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJBRLBU.dll
C:\WINDOWS\system32\mn.n
C:\WINDOWS\system32\mssrv32.exe
C:\WINDOWS\system32\nnvapmua.dll
C:\WINDOWS\system32\ntpl.bin
C:\WINDOWS\system32\nvrsma.dll
C:\WINDOWS\SYSTEM32\okxabkkp.ini
C:\WINDOWS\system32\other.txt
C:\WINDOWS\SYSTEM32\OVGPAJjl.ini
C:\WINDOWS\SYSTEM32\OVGPAJjl.ini2
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\pkkbaxko.dll
C:\WINDOWS\system32\pmnkhhIB.dll
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\sn.txt
C:\WINDOWS\system32\sockins32.dll
C:\WINDOWS\system32\suvolcmb.dll
C:\WINDOWS\system32\tahptocx.ini
C:\WINDOWS\system32\tawwrxkd.ini
C:\WINDOWS\system32\uhrjofkb.exe
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\wivyhkdo.dll
C:\WINDOWS\system32\wjufgxun.exe
C:\WINDOWS\system32\wxggelkk.dll

----- BITS: Possible infected sites -----

hxxp://statsboat.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DJO38
-------\Legacy_EKP84
-------\Legacy_FLQ38
-------\Legacy_JPU40
-------\Legacy_LRW38
-------\Legacy_MSUPDATE
-------\Legacy_NTY51
-------\Service_djO38
-------\Service_ekP84
-------\Service_flQ38
-------\Service_jpU40
-------\Service_lrW38
-------\Service_msupdate
-------\Service_ntY51
-------\Legacy_Schedule
-------\Service_Schedule


((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-06 08:56 . 2008-06-06 08:56 <DIR> d-------- C:\Program Files\IE Extensions
2008-06-06 08:55 . 2008-06-06 09:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\247880
2008-06-05 22:31 . 2008-06-01 22:10 7,680 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-06-05 22:28 . 2008-06-05 22:28 <DIR> d-------- C:\Deckard
2008-06-05 22:25 . 2008-06-05 22:25 82,944 --a------ C:\WINDOWS\SYSTEM32\uyaymbve.dll
2008-06-05 22:23 . 2008-06-05 22:23 95,744 --a------ C:\WINDOWS\SYSTEM32\kjjkdahv.dll
2008-06-05 22:23 . 2008-06-05 22:23 91,136 --a------ C:\WINDOWS\SYSTEM32\rnykbjfm.dll
2008-06-05 22:22 . 2008-06-05 22:22 281,088 --a------ C:\WINDOWS\SYSTEM32\nnnmmlkh.dll
2008-06-05 22:18 . 2008-06-01 22:10 7,680 --a------ C:\Documents and Settings\Administrator\cftmon.exe
2008-06-05 21:40 . 2008-06-05 21:40 95,744 --a------ C:\WINDOWS\SYSTEM32\ijbbchju.dll
2008-06-05 21:40 . 2008-06-05 21:40 82,944 --a------ C:\WINDOWS\SYSTEM32\dkxrwwat.dll
2008-06-05 21:38 . 2008-06-05 21:38 91,136 --a------ C:\WINDOWS\SYSTEM32\lydbjrim.dll
2008-06-05 18:03 . 2008-06-01 22:10 7,680 --a------ C:\Documents and Settings\Jennifer Peterson\cftmon.exe
2008-06-05 17:03 . 2008-06-05 17:03 <DIR> d-------- C:\Documents and Settings\Jennifer Peterson\Application Data\.clamwin
2008-06-05 16:38 . 2008-06-05 16:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-06-04 15:05 . 2008-06-04 15:05 82,432 --a------ C:\WINDOWS\SYSTEM32\xcotphat.dll
2008-06-04 15:02 . 2008-06-04 15:02 95,232 --a------ C:\WINDOWS\SYSTEM32\aafnastk.dll
2008-06-04 14:56 . 2008-06-04 14:56 91,136 --a------ C:\WINDOWS\SYSTEM32\dskopian.dll
2008-06-04 14:39 . 2008-06-04 14:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.clamwin
2008-06-04 14:38 . 2008-06-04 14:38 <DIR> d-------- C:\Program Files\ClamWin
2008-06-04 14:38 . 2008-06-04 14:38 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin
2008-06-03 13:19 . 2008-06-06 09:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-03 13:19 . 2008-06-06 09:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 13:15 . 2008-06-03 13:15 58 --a------ C:\WINDOWS\BOC426.INI
2008-06-03 13:14 . 2008-06-03 13:14 <DIR> d-------- C:\Program Files\Comodo
2008-06-03 12:51 . 2008-06-03 12:51 1,635 --a------ C:\WINDOWS\SYSTEM32\vypwjbpm.exe
2008-06-03 12:51 . 2008-06-03 12:51 1,635 --a------ C:\WINDOWS\SYSTEM32\fxcrdfi.exe
2008-06-03 12:51 . 2008-06-03 12:51 1,635 --a------ C:\WINDOWS\SYSTEM32\burduy.exe
2008-06-03 00:05 . 2008-06-03 00:05 1,635 --a------ C:\WINDOWS\SYSTEM32\quvkoo.exe
2008-06-03 00:05 . 2008-06-03 00:05 1,635 --a------ C:\WINDOWS\SYSTEM32\mjzncgue.exe
2008-06-03 00:05 . 2008-06-03 00:05 1,635 --a------ C:\WINDOWS\SYSTEM32\kvsjt.exe
2008-06-02 23:22 . 2008-06-02 23:22 1,635 --a------ C:\WINDOWS\SYSTEM32\jjqxee.exe
2008-06-02 23:22 . 2008-06-02 23:22 1,635 --a------ C:\WINDOWS\SYSTEM32\daywnf.exe
2008-06-02 23:22 . 2008-06-02 23:22 1,635 --a------ C:\WINDOWS\SYSTEM32\cccnd.exe
2008-06-02 23:12 . 2008-06-02 23:12 255 --a------ C:\WINDOWS\SYSTEM32\Diagnose.lic
2008-06-02 22:56 . 2008-06-02 22:56 1,635 --a------ C:\WINDOWS\SYSTEM32\ylntmc.exe
2008-06-02 22:56 . 2008-06-02 22:56 1,635 --a------ C:\WINDOWS\SYSTEM32\ihzn.exe
2008-06-02 22:56 . 2008-06-02 22:56 1,635 --a------ C:\WINDOWS\SYSTEM32\evdgg.exe
2008-06-02 19:06 . 2008-06-02 19:06 1,635 --a------ C:\WINDOWS\SYSTEM32\lzoc.exe
2008-06-02 19:06 . 2008-06-02 19:06 1,635 --a------ C:\WINDOWS\SYSTEM32\lqcoeujl.exe
2008-06-02 19:06 . 2008-06-02 19:06 1,635 --a------ C:\WINDOWS\SYSTEM32\jlcb.exe
2008-06-02 19:01 . 2002-08-12 09:46 85,456 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Teefer.sys
2008-06-02 19:01 . 2003-02-13 16:21 58,752 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Pavdrv51.sys
2008-06-02 19:01 . 2002-08-12 09:46 15,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys
2008-06-02 19:01 . 2002-08-12 09:46 8,023 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg3n.sys
2008-06-02 19:00 . 2008-06-02 19:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV
2008-06-02 19:00 . 2008-06-02 19:00 <DIR> d-------- C:\Program Files\Panda Software
2008-06-02 19:00 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2008-06-02 18:50 . 2008-06-02 18:50 1,635 --a------ C:\WINDOWS\SYSTEM32\uqcwi.exe
2008-06-02 18:50 . 2008-06-02 18:50 1,635 --a------ C:\WINDOWS\SYSTEM32\rlyi.exe
2008-06-02 18:50 . 2008-06-02 18:50 1,635 --a------ C:\WINDOWS\SYSTEM32\oxtxrfaa.exe
2008-06-02 18:42 . 2008-06-02 18:42 1,635 --a------ C:\WINDOWS\SYSTEM32\vsvqtyz.exe
2008-06-02 18:42 . 2008-06-02 18:42 1,635 --a------ C:\WINDOWS\SYSTEM32\repwe.exe
2008-06-02 18:42 . 2008-06-02 18:42 1,635 --a------ C:\WINDOWS\SYSTEM32\akwnpgc.exe
2008-06-02 18:04 . 2008-06-02 18:04 1,635 --a------ C:\WINDOWS\SYSTEM32\qqlz.exe
2008-06-02 18:04 . 2008-06-02 18:04 1,635 --a------ C:\WINDOWS\SYSTEM32\qjsr.exe
2008-06-02 18:04 . 2008-06-02 18:04 1,635 --a------ C:\WINDOWS\SYSTEM32\afazeju.exe
2008-06-02 16:11 . 2008-06-02 16:11 1,635 --a------ C:\WINDOWS\SYSTEM32\pbdv.exe
2008-06-02 16:11 . 2008-06-02 16:11 1,635 --a------ C:\WINDOWS\SYSTEM32\mnufmkn.exe
2008-06-02 16:11 . 2008-06-02 16:11 1,635 --a------ C:\WINDOWS\SYSTEM32\afay.exe
2008-06-02 15:55 . 2008-06-02 15:55 <DIR> d-------- C:\Documents and Settings\Jennifer Peterson\Application Data\AXPDefender
2008-06-02 15:54 . 2008-06-02 23:10 <DIR> d-------- C:\Program Files\AXPDefender
2008-06-02 15:51 . 2008-06-02 15:51 1,635 --a------ C:\WINDOWS\SYSTEM32\odvzrty.exe
2008-06-02 15:51 . 2008-06-02 15:51 1,635 --a------ C:\WINDOWS\SYSTEM32\ldmg.exe
2008-06-02 15:51 . 2008-06-02 15:51 1,635 --a------ C:\WINDOWS\SYSTEM32\ddzlz.exe
2008-06-02 15:17 . 2008-06-02 15:17 130 --a------ C:\WINDOWS\ODBC.INI
2008-06-02 15:15 . 2008-06-02 15:15 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-02 14:56 . 2008-06-02 14:56 1,635 --a------ C:\WINDOWS\SYSTEM32\odqkmxgh.exe
2008-06-02 14:56 . 2008-06-02 14:56 1,635 --a------ C:\WINDOWS\SYSTEM32\jtll.exe
2008-06-02 14:56 . 2008-06-02 14:56 1,635 --a------ C:\WINDOWS\SYSTEM32\ikuawjw.exe
2008-06-02 14:22 . 2008-06-02 14:22 1,635 --a------ C:\WINDOWS\SYSTEM32\tenfes.exe
2008-06-02 14:22 . 2008-06-02 14:22 1,635 --a------ C:\WINDOWS\SYSTEM32\bvkmdej.exe
2008-06-02 14:22 . 2008-06-02 14:22 1,635 --a------ C:\WINDOWS\SYSTEM32\apixobge.exe
2008-06-02 13:58 . 2008-06-02 13:58 1,635 --a------ C:\WINDOWS\SYSTEM32\ljtrrcy.exe
2008-06-02 13:58 . 2008-06-02 13:58 1,635 --a------ C:\WINDOWS\SYSTEM32\gxoeq.exe
2008-06-02 13:58 . 2008-06-02 13:58 1,635 --a------ C:\WINDOWS\SYSTEM32\csshmq.exe
2008-06-02 13:50 . 2008-06-02 13:50 1,635 --a------ C:\WINDOWS\SYSTEM32\xlznne.exe
2008-06-02 13:50 . 2008-06-02 13:50 1,635 --a------ C:\WINDOWS\SYSTEM32\ukui.exe
2008-06-02 13:50 . 2008-06-02 13:50 1,635 --a------ C:\WINDOWS\SYSTEM32\fajlwg.exe
2008-06-02 13:27 . 2008-06-06 09:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\905757
2008-06-02 13:23 . 2008-06-02 13:23 1,635 --a------ C:\WINDOWS\SYSTEM32\vlqxxa.exe
2008-06-02 13:23 . 2008-06-02 13:23 1,635 --a------ C:\WINDOWS\SYSTEM32\ukngeii.exe
2008-06-02 13:23 . 2008-06-02 13:23 1,635 --a------ C:\WINDOWS\SYSTEM32\thsl.exe
2008-06-02 13:11 . 2008-06-02 13:11 <DIR> d-------- C:\Program Files\AbsoluteTransfer
2008-06-02 13:10 . 2008-06-02 13:10 1,635 --a------ C:\WINDOWS\SYSTEM32\vligp.exe
2008-06-02 13:10 . 2008-06-02 13:10 1,635 --a------ C:\WINDOWS\SYSTEM32\nbvq.exe
2008-06-02 13:10 . 2008-06-02 13:10 1,635 --a------ C:\WINDOWS\SYSTEM32\ieto.exe
2008-06-02 13:09 . 2008-06-02 13:09 9,728 --a------ C:\Program Files\tmp2.exe
2008-06-02 13:09 . 2008-06-02 13:09 9,728 --a------ C:\Program Files\tmp1.exe
2008-06-02 13:09 . 2008-06-02 13:09 9,728 --a------ C:\Program Files\tmp0.exe
2008-06-01 23:32 . 2008-06-05 16:34 <DIR> d-------- C:\Program Files\PestPatrol
2008-06-01 23:32 . 2008-06-02 13:43 1,737 --a------ C:\WINDOWS\SetupPestPatrolCorporate.mif
2008-06-01 23:30 . 2008-06-05 16:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-06-01 23:30 . 2005-05-04 09:15 57,344 --a------ C:\WINDOWS\Unwash6.exe
2008-06-01 23:12 . 2008-06-01 23:12 0 --a------ C:\WINDOWS\SYSTEM32\Ultra.dll
2008-06-01 23:05 . 2005-01-27 05:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-06-01 23:05 . 2005-01-27 05:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-06-01 23:05 . 2007-09-09 00:34 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-06-01 23:05 . 2008-06-05 22:18 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-01 22:59 . 2008-06-01 22:59 1,635 --a------ C:\WINDOWS\SYSTEM32\muvgftr.exe
2008-06-01 22:59 . 2008-06-01 22:59 1,635 --a------ C:\WINDOWS\SYSTEM32\hrhgk.exe