1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved userinit.exe application error - blue screen

Discussion in 'Malware and Virus Removal Archive' started by myfama, 2008/08/02.

Page 2 of 2
  1. 2008/08/04
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    Yes eden is a developer for my working application software.

    I've performed the repair on my current instlalled AV and now it's working back to normal.

    I'm now running the Kaspersky Online Scanner and will get the log posted here once done.
     
    myfama,
    #21
  2. 2008/08/04
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please open C:\Qoobox\Quarantine\Registry_backups

    You should see a file named similar to the following.

    BHO-{D615BD7D-5ED0-4F29-B8CB-5DC5C1F39AE3}.reg.cf

    Right click the file and Rename, removing the .cf so that the file now has the .reg extension. It's icon should change to what looks similar to a rubics cube.
    Now double click the file and allow it to merge with the registry.

    In case you're wondering, that file contains information for a Browser Helper Object related to the Eden software. I previously had you remove it until it could be identified as legitimate.
     
    noahdfear,
    #22


  3. to hide this advert.

  4. 2008/08/05
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, August 05, 2008 2:19:26 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 4/08/2008
    Kaspersky Anti-Virus database records: 935803
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan Statistics:
    Total number of scanned objects: 174046
    Number of viruses found: 14
    Number of infected objects: 82
    Number of suspicious objects: 0
    Duration of the scan process: 03:35:39

    Infected Object Name / Virus Name / Last Action
    C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector locked skipped
    C:\Deckard\System Scanner\20080804073941\backup\DOCUME~1\FAIRUZ~1\LOCALS~1\Temp\tgdbrrex.dll Infected: Trojan.Win32.Monder.cbv skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.70.Crwl locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.70.gthr locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wsb locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010036.wid locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl379.gthr locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy222.gthr locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_b40.dat locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40000\47BF86EE.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40001\47BFCB3D.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40002\47BFCB6C.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40003\47BFCB9C.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40004\47BFCBC9.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40005\47BFD44F.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40006\47BFD47D.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40007\47BFD4AC.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40008\47BFD4D9.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40009\47BFD509.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000A\47BFD536.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000B\47BFD564.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000C\47BFD591.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000D\47BFD5BF.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000E\47BFD5EB.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000F\47BFD618.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40010\47BFD645.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40011\47BFD671.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E40000\4FFE31C8.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB4001C\4AB672A0.VBN Infected: Trojan-Downloader.Win32.Mutant.aqt skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB4001D\4AB672BD.VBN Infected: Trojan-Downloader.Win32.Mutant.aqt skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0000\4FBC72DE.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0001\4FBC7B9F.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0002\4FBC87F4.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0003\4FBC9618.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0004\4FBCA413.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0005\4FBCBCF1.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00000\4FBDB94B.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00001\4FBDC37E.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00002\4FBDDBA0.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00003\4FBDE925.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00004\4FBDF7BF.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F1C0000\4FBF70BE.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F3C0000\4FBD1526.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F3C0001\4FBD2066.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480000\4FFB1D63.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480001\4FFB2944.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4FFB3754.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003\4FFB4564.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004\4FFB5374.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480005\4FFB6184.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900000.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900001.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900002.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900003.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900004.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900005.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900006.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900007.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900008.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900009.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10CC0000\58CED0F7.VBN Infected: Trojan.Win32.Agent.ad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11900000\59F58803.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12900000\5A9E89E9.VBN Infected: Worm.Win32.AutoRun.ek skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13980000\57DE7879.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13980001\57DE78A9.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13980002\57DE78D9.VBN Infected: Worm.Win32.AutoRun.aqq skipped
    C:\Documents and Settings\Fairuz Azmi\Application Data\$_hpcst$.hpc locked skipped
    C:\Documents and Settings\Fairuz Azmi\Application Data\Microsoft\Outlook\Outlook.srs locked skipped
    C:\Documents and Settings\Fairuz Azmi\Application Data\Microsoft\Templates\NormalEmail.dotm locked skipped
    C:\Documents and Settings\Fairuz Azmi\Application Data\Roxio\MediaManager9\Album.ldb locked skipped
    C:\Documents and Settings\Fairuz Azmi\Application Data\Roxio\MediaManager9\Album.psod locked skipped
    C:\Documents and Settings\Fairuz Azmi\Cookies\index.dat locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Application Data\Microsoft\Outlook\Personal Folders.pst locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Application Data\Microsoft\Outlook\~Personal Folders.pst.tmp locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\History\History.IE5\index.dat locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Temp\Perflib_Perfdata_1454.dat locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Temp\Perflib_Perfdata_dc8.dat locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Temp\WCESLog.log locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Temp\~DF248F.tmp locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Temp\~DF27E5.tmp locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Temp\~DF65A0.tmp locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Temp\~DF6682.tmp locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Temp\~DF798B.tmp locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Temp\~ROMFN_000007A0 locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Temporary Internet Files\Content.IE5\index.dat locked skipped
    C:\Documents and Settings\Fairuz Azmi\Local Settings\Temporary Internet Files\Content.Word\~WRS{BB551F6A-5C97-4A86-A655-C25A1722755F}.tmp locked skipped
    C:\Documents and Settings\Fairuz Azmi\NTUSER.DAT locked skipped
    C:\Documents and Settings\Fairuz Azmi\ntuser.dat.LOG locked skipped
    C:\Documents and Settings\ingres\Application Data\Roxio\MediaManager9\Album.ldb locked skipped
    C:\Documents and Settings\ingres\Application Data\Roxio\MediaManager9\Album.psod locked skipped
    C:\Documents and Settings\ingres\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat locked skipped
    C:\Documents and Settings\ingres\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG locked skipped
    C:\Documents and Settings\ingres\NTUSER.DAT locked skipped
    C:\Documents and Settings\ingres\ntuser.dat.LOG locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG locked skipped
    C:\ingresII\ingres\files\errlog.log locked skipped
    C:\Oracle\Ora92\network\agent\blackout.q locked skipped
    C:\Oracle\Ora92\network\agent\ereg.q locked skipped
    C:\Oracle\Ora92\network\agent\evocc1.q locked skipped
    C:\Oracle\Ora92\network\agent\job.q locked skipped
    C:\Oracle\Ora92\network\agent\jstat1.q locked skipped
    C:\Oracle\Ora92\network\agent\reco\service.vps locked skipped
    C:\Oracle\Ora92\network\agent\user.q locked skipped
    C:\Oracle\Ora92\network\log\agntsrvc.log locked skipped
    C:\Oracle\Ora92\network\log\dbsnmp.log locked skipped
    C:\Oracle\Ora92\network\log\listener.log locked skipped
    C:\Oracle\Ora92\network\log\OracleOraHome92Agent.nohup locked skipped
    C:\Oracle\Ora92\oramts\trace\OracleMTSRecoveryService(1828).trc locked skipped
    C:\Oracle\oradata\FAMPS\CONTROL01.CTL locked skipped
    C:\Oracle\oradata\FAMPS\CONTROL02.CTL locked skipped
    C:\Oracle\oradata\FAMPS\CONTROL03.CTL locked skipped
    C:\Oracle\oradata\FAMPS\CWMLITE01.DBF locked skipped
    C:\Oracle\oradata\FAMPS\DRSYS01.DBF locked skipped
    C:\Oracle\oradata\FAMPS\EXAMPLE01.DBF locked skipped
    C:\Oracle\oradata\FAMPS\INDX01.DBF locked skipped
    C:\Oracle\oradata\FAMPS\MIS.ORA locked skipped
    C:\Oracle\oradata\FAMPS\ODM01.DBF locked skipped
    C:\Oracle\oradata\FAMPS\PV021.ORA locked skipped
    C:\Oracle\oradata\FAMPS\PV1.ORA locked skipped
    C:\Oracle\oradata\FAMPS\REDO01.LOG locked skipped
    C:\Oracle\oradata\FAMPS\SYSTEM01.DBF locked skipped
    C:\Oracle\oradata\FAMPS\TEMP01.DBF locked skipped
    C:\Oracle\oradata\FAMPS\TOOLS01.DBF locked skipped
    C:\Oracle\oradata\FAMPS\UNDOTBS01.DBF locked skipped
    C:\Oracle\oradata\FAMPS\USERS01.DBF locked skipped
    C:\Oracle\oradata\FAMPS\XDB01.DBF locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt locked skipped
    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log locked skipped
    C:\Program Files\Symantec AntiVirus\SAVRT\0633NAV~.TMP locked skipped
    C:\Program Files\Symantec AntiVirus\SAVRT\0652NAV~.TMP locked skipped
    C:\Program Files\Yahoo!\Messenger\logs\billing_Fairuz Azmi.log locked skipped
    C:\Program Files\Yahoo!\Messenger\logs\client_Fairuz Azmi.log locked skipped
    C:\Program Files\Yahoo!\Messenger\logs\network_Fairuz Azmi.log locked skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\llkrvhna.dll.vir Infected: Trojan.Win32.Monder.cep skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\lphcgngj0et27.exe.vir Infected: Trojan-Downloader.Win32.Small.zsu skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\nnnOheDV.dll.vir Infected: Trojan.Win32.Monderb.dlh skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\ntovenhe.dll.vir Infected: Trojan.Win32.Monder.cmm skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\pwdqbtjj.dll.vir Infected: Trojan.Win32.Monder.cbv skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\ssqQkLba.dll.vir Infected: Trojan.Win32.Monderb.dlh skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\tgdbrrex.dll.vir Infected: Trojan.Win32.Monder.cbv skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\yayXQgGy.dll.vir Infected: Trojan.Win32.Monder.cmk skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase locked skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP324\A0064532.dll Infected: Trojan.Win32.Monder.cca skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP324\A0064707.dll Infected: Trojan.Win32.Monder.cca skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP327\A0067236.exe Infected: Trojan-Downloader.Win32.Small.zsu skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP327\A0067244.dll Infected: Trojan-Downloader.Win32.Agent.xxa skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP327\A0067250.dll Infected: Trojan.Win32.Monder.cep skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP327\A0067253.dll Infected: Trojan.Win32.Monderb.dlh skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP327\A0067254.dll Infected: Trojan.Win32.Monder.cmm skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP327\A0067258.dll Infected: Trojan.Win32.Monder.cbv skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP327\A0067260.dll Infected: Trojan.Win32.Monderb.dlh skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP327\A0067262.dll Infected: Trojan.Win32.Monder.cbv skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP327\A0067268.dll Infected: Trojan-Downloader.Win32.Agent.xxa skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP327\A0067269.dll Infected: Trojan.Win32.Monder.cmk skipped
    C:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP329\change.log locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG locked skipped
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{49E4515A-9278-4EF2-AD8A-3E0305DE577C}.crmlog locked skipped
    C:\WINDOWS\SchedLgU.Txt locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{0E3E7CE2-2E96-45F2-A0A7-7B0B6283AF01}.bin locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log locked skipped
    C:\WINDOWS\Sti_Trace.log locked skipped
    C:\WINDOWS\system32\config\AMPSLog.evt locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt locked skipped
    C:\WINDOWS\system32\config\default locked skipped
    C:\WINDOWS\system32\config\default.LOG locked skipped
    C:\WINDOWS\system32\config\Internet.evt locked skipped
    C:\WINDOWS\system32\config\ODiag.evt locked skipped
    C:\WINDOWS\system32\config\OSession.evt locked skipped
    C:\WINDOWS\system32\config\SAM locked skipped
    C:\WINDOWS\system32\config\SAM.LOG locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt locked skipped
    C:\WINDOWS\system32\config\SECURITY locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG locked skipped
    C:\WINDOWS\system32\config\software locked skipped
    C:\WINDOWS\system32\config\software.LOG locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt locked skipped
    C:\WINDOWS\system32\config\system locked skipped
    C:\WINDOWS\system32\config\system.LOG locked skipped
    C:\WINDOWS\system32\h323log.txt locked skipped
    C:\WINDOWS\system32\Logfiles\W3SVC1\ex080805.log locked skipped
    C:\WINDOWS\system32\MsDtc\MSDTC.LOG locked skipped
    C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP locked skipped
    C:\WINDOWS\Temp\JET94E8.tmp locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_c8.dat locked skipped
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt locked skipped
    C:\WINDOWS\wiadebug.log locked skipped
    C:\WINDOWS\wiaservc.log locked skipped
    C:\WINDOWS\WindowsUpdate.log locked skipped
    D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector locked skipped
    D:\Data\Downloads\Wonder Woman Season 1\Wonder Woman - 01x02 - Fausta- The Nazi Wonder Woman - DVDRip - MP3 - DivX 5.2 - [RG].avi locked skipped
    D:\Data\Downloads\Wonder Woman Season 1\Wonder Woman - 01x03 - Beauty On Parade - DVDRip - MP3 - DivX 5.2 - [RG].avi locked skipped
    D:\Data\Downloads\Wonder Woman Season 1\Wonder Woman - 01x09 - Judgement From Outer Space Part 1 - DVDRip - MP3 - DivX 5.2 - [RG].avi locked skipped
    D:\Data\Downloads\Wonder Woman Season 1\Wonder Woman - Pilot - The New Original Wonder Woman - DVDRip - MP3 - DivX 5.2 - [RG].avi locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase locked skipped
    D:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP324\A0064877.exe/file.exe/data0003 Infected: Trojan.Win32.Agent.vlm skipped
    D:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP324\A0064877.exe/file.exe/data0004 Infected: Trojan.Win32.Monder.avm skipped
    D:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP324\A0064877.exe/file.exe Infected: Trojan.Win32.Monder.avm skipped
    D:\System Volume Information\_restore{F94B5C47-BD9D-431B-8AB5-D531952E347A}\RP324\A0064877.exe CAB: infected - 3 skipped

    Scan process completed.
     
    myfama,
    #23
  5. 2008/08/05
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    I've browsed into the said path but couldn't find any file that match the one you did mentioned i.e BHO-{D615BD7D-5ED0-4F29-B8CB-5DC5C1F39AE3}.reg.cf

    The folder happened to contain the following files only:
    HKLM-Run-BMcf2d925a.reg.dat
    HKLM-Run-cc1ea1c6.reg.dat
    HKLM-Run-CFSServ.exe.reg.dat
    HKLM-Run-lphcgngj0et27.reg.dat
    HKLM-Run-NDSTray.exe.reg.dat
    HKLM-Run-SMrhclngj0et27.reg.dat
    HKLM-Run-TFncKy.reg.dat
     
    myfama,
    #24
  6. 2008/08/07
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    All infected items are in quarantine. :)

    Is your Eden software working as it should? Please post a fresh main.txt log from dss.
     
    noahdfear,
    #25
  7. 2008/08/08
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    Yes it's working beautifully and plus my machine is now running faster. Thanks again.

    Below is the fresh main.txt log.

    Deckard's System Scanner v20071014.68
    Run by Fairuz Azmi on 2008-08-08 23:33:03
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-08-08 23:33:34
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Oracle\Ora92\bin\omtsreco.exe
    C:\Oracle\Ora92\bin\agntsrvc.exe
    C:\Oracle\Ora92\bin\TNSLSNR.EXE
    C:\WINDOWS\system32\cmd.exe
    C:\Oracle\Ora92\bin\oracle.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Oracle\Ora92\bin\dbsnmp.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\searchindexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Microsoft ActiveSync\rapimgr.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Analog Devices\ADSL USB MODEM\DSLMON.exe
    C:\ingresII\ingres\vdba\ivm.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Orbitdownloader\orbitdm.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
    C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Crawler\Toolbar\CToolbar.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\searchprotocolhost.exe
    D:\Data\dss.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://imis-203/amps/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exe
    O4 - Global Startup: Ingres Visual Manager [ II ].lnk = C:\WINDOWS\system32\ingwrap.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Orbit.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://imis-203 (HKCU)
    O15 - Trusted Zone: http://localhost (HKCU)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} () - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCDF} (CS Order Entry Control (AIB)) - http://download.excelforce.com.my/aib/cab/csoex_aib.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194242816093
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jumboplay.bluehyppo.com/class/DragonbackCtl.ocx
    O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://download.excelforce.com.my/aib/cab/cswx.cab
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{266B33C0-BD6F-4258-8E77-52CC43AF3D94}: NameServer = 202.188.0.133 202.188.1.5
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
    O23 - Service: ADEListener - Eden Technology Pty Limited - C:\WINDOWS\system32\ADEListener.exe
    O23 - Service: AMPS Email Processor - Unknown owner - C:\WINDOWS\system32\EmailProcessor.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FSDFileWatcher - Unknown owner - C:\WINDOWS\system32\FSDFileWatcher.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Ingres Intelligent Database [II] (Ingres_Database_II) - Computer Associates - C:\ingresII\ingres\bin\servproc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Oracle\Ora92\bin\omtsreco.exe
    O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\Oracle\Ora92\bin\agntsrvc.exe
    O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Oracle\Ora92\bin\ONRSD.EXE
    O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\Oracle\Ora92\Apache\Apache\Apache.exe
    O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\Oracle\Ora92/bin/pagntsrv.exe
    O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\Oracle\Ora92\bin\encsvc.exe
    O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\Oracle\Ora92\bin\agntsvc.exe
    O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\Oracle\Ora92\BIN\TNSLSNR
    O23 - Service: OracleServiceFAMPS - Oracle Corporation - C:\Oracle\Ora92\bin\oracle.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: SCAMS_FileWatcher - Unknown owner - C:\WINDOWS\system32\SCAMS_FileWatcher.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


    --
    End of file - 19121 bytes

    -- Files created between 2008-07-08 and 2008-08-08 -----------------------------

    2008-08-05 00:42:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-08-05 00:42:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-08-04 10:36:49 0 d-------- C:\Documents and Settings\ingres\Application Data\Spyware Terminator
    2008-08-04 07:15:22 0 drahs---- C:\autorun.inf
    2008-08-04 00:03:35 68096 --a------ C:\WINDOWS\zip.exe
    2008-08-04 00:03:35 49152 --a------ C:\WINDOWS\VFind.exe
    2008-08-04 00:03:35 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-08-04 00:03:35 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-08-04 00:03:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-08-04 00:03:35 98816 --a------ C:\WINDOWS\sed.exe
    2008-08-04 00:03:35 80412 --a------ C:\WINDOWS\grep.exe
    2008-08-04 00:03:35 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-08-03 16:55:16 0 d-------- C:\Program Files\Crawler
    2008-08-03 16:54:43 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-08-03 16:54:39 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Spyware Terminator
    2008-08-03 16:54:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-08-03 16:54:34 0 d-------- C:\Program Files\Spyware Terminator
    2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\Templates
    2008-08-02 15:33:42 0 dr------- C:\Documents and Settings\Administrator\Start Menu
    2008-08-02 15:33:42 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
    2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\Recent
    2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
    2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\NetHood
    2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\My Documents
    2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
    2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\Favorites
    2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\Desktop
    2008-08-02 15:33:42 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
    2008-08-02 15:33:42 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
    2008-08-02 15:33:42 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
    2008-08-02 15:33:41 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2008-08-02 15:32:35 0 d-------- C:\WINDOWS\CSC
    2008-08-02 02:35:05 0 d-------- C:\Documents and Settings\ingres\Application Data\Lavasoft
    2008-08-02 02:27:21 0 d-------- C:\Documents and Settings\ingres\Application Data\Macromedia
    2008-08-02 02:18:52 0 d-------- C:\Documents and Settings\ingres\Application Data\Logitech
    2008-08-02 02:13:35 0 dr-h----- C:\Documents and Settings\ingres\Recent
    2008-08-01 10:06:25 0 d-------- C:\Program Files\Intelore
    2008-07-29 11:07:43 0 d--h----- C:\WINDOWS\PIF
    2008-07-28 12:55:44 0 dr-h----- C:\Documents and Settings\Fairuz Azmi\Recent
    2008-07-19 12:11:31 0 d-------- C:\WINDOWS\Sun
    2008-07-19 12:11:31 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Sun
    2008-07-19 12:10:44 0 d-------- C:\Program Files\Sun
    2008-07-19 12:09:30 0 d-------- C:\Program Files\Java
    2008-07-19 12:04:31 0 d-------- C:\Program Files\Common Files\Java
    2008-07-16 23:34:14 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Logitech
    2008-07-16 23:27:26 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-07-16 23:27:26 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-07-16 23:27:26 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-07-16 23:27:26 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-07-16 23:26:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
    2008-07-16 23:26:22 0 d-------- C:\Program Files\Logitech
    2008-07-16 23:26:14 0 d-------- C:\Program Files\Common Files\Logitech
    2008-07-16 23:25:28 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-07-15 12:48:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-07-15 03:03:38 58594 --a------ C:\WINDOWS\system32\mpt.exe


    -- Find3M Report ---------------------------------------------------------------

    2008-08-08 23:33:29 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\uTorrent
    2008-08-08 23:17:49 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Orbit
    2008-08-08 23:08:57 0 d-------- C:\Program Files\Symantec AntiVirus
    2008-08-05 21:49:36 0 d-------- C:\Program Files\Novativa Streamster
    2008-08-04 07:24:59 0 d-------- C:\Program Files\Common Files
    2008-07-23 16:55:28 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\AdobeUM
    2008-07-16 23:26:19 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-07-06 00:28:09 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Roxio
    2008-06-18 17:19:24 0 d-------- C:\Program Files\uTorrent


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelZeroConfig "= "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [21/02/2007 11:19]
    "IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [21/02/2007 11:17]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [11/05/2007 22:57]
    "nwiz "= "nwiz.exe" [11/05/2007 22:57 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey "= "nvHotkey.dll" [11/05/2007 22:57 C:\WINDOWS\system32\nvhotkey.dll]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [11/05/2007 22:57]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [03/10/2006 11:35]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
    "RoxWatchTray "= "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
    "SigmatelSysTrayApp "= "stsystra.exe" [06/05/2007 17:10 C:\WINDOWS\stsystra.exe]
    "KADxMain "= "C:\WINDOWS\system32\KADxMain.exe" [02/11/2006 14:05]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [14/05/2007 14:23]
    "OrderReminder "= "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [21/12/2005 17:00]
    "pdfFactory Pro Dispatcher v2 "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [31/05/2005 22:31]
    "YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [08/06/2007 22:59]
    "GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [19/07/2006 19:26]
    "vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [27/09/2006 20:33]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [11/04/2007 15:32 C:\WINDOWS\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [11/04/2007 15:32 C:\WINDOWS\KHALMNPR.Exe]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 17:43]
    "YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [08/06/2007 22:59]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 18:00]
    "uTorrent "= "C:\Program Files\uTorrent\uTorrent.exe" [05/01/2008 23:53]
    "H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [15/11/2005 19:44]
    "mpt "= "c:\WINDOWS\system32\mpt.exe" [15/07/2008 03:03]

    C:\Documents and Settings\Fairuz Azmi\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24/08/2007 4:45:42]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [24/10/2003 12:37:56]
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [24/05/2006 18:28:28]
    DSLMON.lnk - C:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exe [07/11/2007 0:54:35]
    Ingres Visual Manager [ II ].lnk - C:\WINDOWS\system32\ingwrap.exe [14/05/2003 19:32:18]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [16/07/2008 23:27:25]
    Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [23/05/2008 16:44:26]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 15:40:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableStatusMessages "=0 (0x0)
    "HideLegacyLogonScripts "=0 (0x0)
    "HideLogoffScripts "=0 (0x0)
    "RunLogonScriptSync "=1 (0x1)
    "RunStartupScriptSync "=0 (0x0)
    "HideStartupScripts "=0 (0x0)
    "DisableRegistryTools "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts "=0 (0x0)
    "HideLogoffScripts "=0 (0x0)
    "RunLogonScriptSync "=1 (0x1)
    "RunStartupScriptSync "=0 (0x0)
    "HideStartupScripts "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 15:39 294400]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b5e7e2-a465-11dc-941a-001c239b40f5}]
    Auto\command- project.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL project.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{613bf76b-4bf4-11dd-95f0-001c26f066af}]
    Autoplay\Command- xmss.exe
    AutoRun\command- xmss.exe
    Explore\Command- xmss.exe
    Open\Command- xmss.exe




    -- End of Deckard's System Scanner: finished at 2008-08-08 23:34:03 ------------
     
    myfama,
    #26
  8. 2008/08/08
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Great! Lets clean up now.

    Highlight and copy the contents of the code box below.

    Code:
    
reg delete  "HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b5e7e2-a465-11dc-941a-001c239b40f5}" /f
reg delete  "HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{613bf76b-4bf4-11dd-95f0-001c26f066af}" /f
exit
cls
    Click Start>Run and type cmd then hit Enter to open a command window.
    Right click in the command window and Paste the copied text.
    It will process the commands quickly and close the command window on it's own.

    Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.


    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
    Reboot


    Now lets make sure your Java is up-to-date. Please download JavaRa and save the file to your desktop.
    • Right click and Extract All
    • Once extracted, open and run JavaRa.exe
    • Click Search For Updates
    • Select Update Using jucheck.exe
    • Click Search
    • If a newer version is found, allow it to be installed
    • When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
    • When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
    • Exit the tool when complete.


    That should wrap things up. Now you get the P2P file sharing speech :p

    I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    References for the risk of these programs are here,
    here and here.

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.


    And finally, Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showthread.php?t=67958

    Surf safe!
     
    noahdfear,
    #27
  9. 2008/08/09
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    noahdfear

    Thank you for all your kindness, advices, friendly and easy-to-understand guidances in sorting out the problem and now making my machine become a good slave (running faster):p.

    May god bless you bro:)
     
    myfama,
    #28
  10. 2008/08/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You're most welcome. Glad I could help. :)
     
    noahdfear,
    #29
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...