[Me Too] XP Pro Hacked: Lost Admin rights on User Account!

taylorwn · 2007/12/02

Hi Guys, I was wondering if you can help me too. I am having all the same issues as left4dead but what you guys recommeded for him is not work for me, please help. I am trying to clean a my wife friends computer and she or her kids took off the virus scanner. Needless to say and 2500+ virus and 100+ Spyware removed later, I am stuck with a computer where all the admin rights have been removed, no access to the control panel, and I still keep getting a Mcafee report saying it has found (Expweb.dll)

Can someone please help, I have posted my HJT log below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:24 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://0.0.0.1/
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7388 bytes

PeteC · 2007/12/02

taylorwn - Welcome to the board

A couple of points to note .....

Do not tack onto the end of another thread even if your problem appears to be the same and particularly not when the thread has been marked 'Resolved'.

It is most unwise to follow solutions in other spyware threads as the actions specified may be specific to the original poster not be applicable to your circumstances.

I have moved your post to a new thread.

noahdfear · 2007/12/02

Hi taylorwn

Please do the following while in normal mode.

Download Deckard's System Scanner (dss.exe) and save it to your desktop.

Close all applications and windows.

Double click on dss.exe to run it and follow the prompts.

When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

taylorwn · 2007/12/02

main.txt part 1

Thanks for the heads up PeteC on posting, it won't happen again. noahdfear, thank you also for your help in advance, I have posted the half the results of my Deckard scan below. The half in a second post due to the length of the text file.

Main.txt

Deckard's System Scanner v20071014.68
Run by ADMIN on 2007-12-02 14:53:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
72: 2007-12-02 21:53:42 UTC - RP512 - Deckard's System Scanner Restore Point
71: 2007-12-03 03:58:16 UTC - RP511 - System Checkpoint
70: 2007-12-02 02:48:28 UTC - RP510 - System Checkpoint
69: 2007-11-29 04:44:10 UTC - RP509 - System Checkpoint
68: 2007-11-28 04:00:27 UTC - RP508 - Installed McAfee VirusScan Enterprise

-- First Restore Point --
1: 2007-09-05 00:08:14 UTC - RP441 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as ADMIN.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:43 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Documents and Settings\ADMIN\Desktop\dss.exe
C:\HJT\ADMIN.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: {215c0d41-0251-955b-87b4-1bd15f632b13} - {31b236f5-1db1-4b78-b559-152014d0c512} - C:\WINDOWS\system32\fmlpxrsj.dll (file missing)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8D6EBFA7-67AB-49B2-B4E3-EDF8AC5018D5} - C:\Program Files\ComPlus Applications\vizybi24418.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FD7B67CC-F528-A6D8-0C27-F79A84FC4CB4} - C:\WINDOWS\system32\mofaa.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - Winlogon Notify: dllabl - dllabl.dll (file missing)
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll (file missing)
O20 - Winlogon Notify: opnkkkl - opnkkkl.dll (file missing)
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9996 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)
S3 dlcc_device - c:\windows\system32\dlcccoms.exe -service (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-12-02 14:45:01 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-11-23 18:30:00 352 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JACKSON-shavon).job

-- Files created between 2007-11-02 and 2007-12-02 -----------------------------

2007-12-02 20:27:22 1372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 14:46:13 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 19:30:14 0 d-------- C:\HJT
2007-11-28 20:48:32 0 d-------- C:\Program Files\Lavasoft
2007-11-27 21:28:04 0 d-------- C:\quarantine
2007-11-27 21:23:19 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 21:05:48 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 21:05:25 58464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 21:05:24 108480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 21:01:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 21:00:13 0 d-------- C:\Program Files\Network Associates
2007-11-27 21:00:13 0 d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 20:02:44 0 d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 20:00:55 0 dr------- C:\Documents and Settings\ADMIN\Favorites
2007-11-27 20:00:55 0 d-------- C:\Documents and Settings\ADMIN\Desktop
2007-11-27 20:00:55 0 d--hs---- C:\Documents and Settings\ADMIN\Cookies
2007-11-27 20:00:55 0 dr-h----- C:\Documents and Settings\ADMIN\Application Data
2007-11-27 20:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Sun
2007-11-27 20:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Identities
2007-11-27 20:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Google
2007-11-27 20:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-27 20:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Templates
2007-11-27 20:00:54 0 dr------- C:\Documents and Settings\ADMIN\Start Menu
2007-11-27 20:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\SendTo
2007-11-27 20:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\Recent
2007-11-27 20:00:54 0 d--h----- C:\Documents and Settings\ADMIN\PrintHood
2007-11-27 20:00:54 1310720 --ah----- C:\Documents and Settings\ADMIN\NTUSER.DAT
2007-11-27 20:00:54 0 d--h----- C:\Documents and Settings\ADMIN\NetHood
2007-11-27 20:00:54 0 dr------- C:\Documents and Settings\ADMIN\My Documents
2007-11-27 20:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Local Settings
2007-11-27 14:24:19 85056 --a------ C:\WINDOWS\system32\mjgfapac.dll
2007-11-27 11:14:40 69652 --a------ C:\WINDOWS\system32\fhyldxjg.dll
2007-11-26 22:33:10 69652 --a------ C:\WINDOWS\system32\qkqrykst.dll
2007-11-26 22:32:43 85056 --a------ C:\WINDOWS\system32\pmgjaayf.dll
2007-11-26 22:25:09 69652 --a------ C:\WINDOWS\system32\uvqrhwhp.dll
2007-11-26 21:54:11 85056 --a------ C:\WINDOWS\system32\aqapglbl.dll
2007-11-26 21:21:41 69652 --a------ C:\WINDOWS\system32\kvtoorjh.dll
2007-11-26 21:19:51 69652 --a------ C:\WINDOWS\system32\btpixlud.dll
2007-11-26 21:07:26 85056 --a------ C:\WINDOWS\system32\tdfitmrr.dll
2007-11-26 20:32:48 85056 --a------ C:\WINDOWS\system32\hiqqyxum.dll
2007-11-26 18:02:19 75028 --a------ C:\WINDOWS\system32\iqvrumsd.dll
2007-11-26 18:01:34 69652 --a------ C:\WINDOWS\system32\lppmqyfi.dll
2007-11-26 17:59:57 85056 --a------ C:\WINDOWS\system32\epnvkaet.dll
2007-11-26 16:18:12 69652 --a------ C:\WINDOWS\system32\idhgftlu.dll
2007-11-26 14:58:06 0 d-------- C:\Documents and Settings\trey\Application Data\ultra
2007-11-26 14:57:39 20944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-26 13:25:14 85056 -----n--- C:\WINDOWS\system32\kfjymsng.dll
2007-11-26 13:25:02 75028 --a------ C:\WINDOWS\system32\wfkqmglc.dll
2007-11-26 13:22:38 75028 -----n--- C:\WINDOWS\system32\bfyoxnuu.dll
2007-11-26 13:22:01 69652 --a------ C:\WINDOWS\system32\gfjaannb.dll
2007-11-25 22:58:30 75028 -----n--- C:\WINDOWS\system32\dhaxwyks.dll
2007-11-25 22:58:26 69652 --a------ C:\WINDOWS\system32\pgeygrlc.dll
2007-11-25 22:56:41 75028 --a------ C:\WINDOWS\system32\wekmutie.dll
2007-11-25 22:56:29 85056 -----n--- C:\WINDOWS\system32\unswscrl.dll
2007-11-25 17:35:06 69652 --a------ C:\WINDOWS\system32\xyoioikq.dll
2007-11-25 17:34:49 75028 --a------ C:\WINDOWS\system32\sqkxgoqs.dll
2007-11-25 17:33:08 75028 --a------ C:\WINDOWS\system32\nvskkfol.dll
2007-11-25 17:32:58 85056 -----n--- C:\WINDOWS\system32\poexmthd.dll
2007-11-25 17:05:59 85056 -----n--- C:\WINDOWS\system32\sraotqua.dll
2007-11-25 17:03:58 75028 -----n--- C:\WINDOWS\system32\qrpqxinj.dll
2007-11-25 17:03:49 69652 --a------ C:\WINDOWS\system32\mldwultm.dll
2007-11-25 17:02:18 75028 -----n--- C:\WINDOWS\system32\pvnrxbxa.dll
2007-11-25 16:58:10 69652 --a------ C:\WINDOWS\system32\freqntys.dll
2007-11-25 11:24:13 69652 --a------ C:\WINDOWS\system32\itobetwf.dll
2007-11-25 11:24:08 75028 --a------ C:\WINDOWS\system32\rnwgykdq.dll
2007-11-25 11:22:32 85056 --a------ C:\WINDOWS\system32\gnpfttjx.dll
2007-11-25 11:22:28 75028 -----n--- C:\WINDOWS\system32\pxuosduh.dll
2007-11-25 11:22:08 69652 --a------ C:\WINDOWS\system32\agksjwhq.dll
2007-11-25 10:44:32 75028 --a------ C:\WINDOWS\system32\iveijftm.dll
2007-11-25 10:44:23 69652 --a------ C:\WINDOWS\system32\epxvhhap.dll
2007-11-25 10:42:43 85056 --a------ C:\WINDOWS\system32\fekiainx.dll
2007-11-25 10:42:31 75028 -----n--- C:\WINDOWS\system32\njjyfxep.dll
2007-11-25 10:42:23 69652 --a------ C:\WINDOWS\system32\milhrcwi.dll
2007-11-25 10:32:20 69652 --a------ C:\WINDOWS\system32\simdgxph.dll
2007-11-25 10:29:31 85056 -----n--- C:\WINDOWS\system32\pnsvaldt.dll
2007-11-25 10:28:49 75028 --a------ C:\WINDOWS\system32\elrjmixu.dll
2007-11-24 23:53:07 75028 --a------ C:\WINDOWS\system32\usgbwfgn.dll
2007-11-24 23:52:40 69652 --a------ C:\WINDOWS\system32\hxbcqmfv.dll
2007-11-24 23:45:35 75028 --a------ C:\WINDOWS\system32\tuekqucd.dll
2007-11-24 23:38:42 69652 --a------ C:\WINDOWS\system32\uibpmmlc.dll
2007-11-24 20:04:07 0 d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 19:53:58 69652 --a------ C:\WINDOWS\system32\flgeaaff.dll
2007-11-24 19:52:03 75028 -----n--- C:\WINDOWS\system32\fdkcwdvl.dll
2007-11-24 19:50:22 75028 --a------ C:\WINDOWS\system32\aitpbtbe.dll
2007-11-24 19:50:00 85056 -----n--- C:\WINDOWS\system32\yksjlkwl.dll
2007-11-24 13:39:44 69652 --a------ C:\WINDOWS\system32\qnnjuuyc.dll
2007-11-24 13:02:05 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 12:59:15 0 d-------- C:\Program Files\AIM6
2007-11-24 10:01:30 85056 --a------ C:\WINDOWS\system32\vfumpmdt.dll
2007-11-24 09:56:52 69652 --a------ C:\WINDOWS\system32\joansyom.dll
2007-11-24 09:54:15 75028 --a------ C:\WINDOWS\system32\whfrmufr.dll
2007-11-24 09:53:37 69652 --a------ C:\WINDOWS\system32\xcupytly.dll
2007-11-24 09:07:14 75028 --a------ C:\WINDOWS\system32\kdlfgyex.dll
2007-11-24 09:05:14 69652 --a------ C:\WINDOWS\system32\sogrqliq.dll
2007-11-24 09:03:09 75028 --a------ C:\WINDOWS\system32\jbbiwpsk.dll
2007-11-24 09:03:09 85056 --a------ C:\WINDOWS\system32\aqgdwlcr.dll
2007-11-24 09:02:44 69652 --a------ C:\WINDOWS\system32\dkgabbsg.dll
2007-11-23 20:42:55 75028 -----n--- C:\WINDOWS\system32\teyfvflp.dll
2007-11-23 20:42:35 69652 --a------ C:\WINDOWS\system32\emoqnhfa.dll
2007-11-23 20:41:30 75028 -----n--- C:\WINDOWS\system32\qtwptnwp.dll
2007-11-23 20:41:07 85056 -----n--- C:\WINDOWS\system32\porvlwlw.dll
2007-11-23 20:41:00 69652 --a------ C:\WINDOWS\system32\svdlsijw.dll
2007-11-23 19:27:15 75028 --a------ C:\WINDOWS\system32\ljlfbtqk.dll
2007-11-23 19:27:06 75028 --a------ C:\WINDOWS\system32\hkxlxvwn.dll
2007-11-23 19:26:31 85056 -----n--- C:\WINDOWS\system32\jseukkmq.dll
2007-11-23 19:26:30 69652 --a------ C:\WINDOWS\system32\oifswgdq.dll
2007-11-23 18:01:48 75028 --a------ C:\WINDOWS\system32\tnoifcvf.dll
2007-11-23 18:00:36 69652 --a------ C:\WINDOWS\system32\jjulbobl.dll
2007-11-23 17:59:05 85056 --a------ C:\WINDOWS\system32\fdxutmkm.dll
2007-11-23 17:58:56 75028 -----n--- C:\WINDOWS\system32\hnsluhsb.dll
2007-11-23 14:41:49 69652 --a------ C:\WINDOWS\system32\vhbfmeyf.dll
2007-11-23 14:40:35 75028 --a------ C:\WINDOWS\system32\ehwrxnvq.dll
2007-11-23 14:40:12 69652 --a------ C:\WINDOWS\system32\enmqncvh.dll
2007-11-23 12:00:30 85056 --a------ C:\WINDOWS\system32\cpqtisgq.dll
2007-11-23 11:58:56 75028 -----n--- C:\WINDOWS\system32\ypobtbmy.dll
2007-11-23 11:57:11 69652 --a------ C:\WINDOWS\system32\htuoidkb.dll
2007-11-22 21:10:48 75028 --a------ C:\WINDOWS\system32\xhhokrvs.dll
2007-11-22 21:10:34 69652 --a------ C:\WINDOWS\system32\dujidehh.dll
2007-11-22 21:07:41 69652 --a------ C:\WINDOWS\system32\ndrqvpqm.dll
2007-11-22 19:23:23 85056 --a------ C:\WINDOWS\system32\xltduiiw.dll
2007-11-22 19:15:33 69652 --a------ C:\WINDOWS\system32\kbdeocxa.dll
2007-11-22 18:50:05 85056 --a------ C:\WINDOWS\system32\lqknoabd.dll
2007-11-22 18:42:12 75028 --a------ C:\WINDOWS\system32\wrnkbjqh.dll
2007-11-22 10:34:30 69652 --a------ C:\WINDOWS\system32\togawwpx.dll
2007-11-22 10:33:24 10240 --a------ C:\Program Files\spoolsv.exe <Not Verified; NoName Corp.; NNC module>
2007-11-22 10:32:46 69652 --a------ C:\WINDOWS\system32\hpfwwdtu.dll
2007-11-21 21:29:19 75028 -----n--- C:\WINDOWS\system32\ysiasgfy.dll
2007-11-21 21:02:30 69652 --a------ C:\WINDOWS\system32\nlrebear.dll
2007-11-21 21:01:01 75028 --a------ C:\WINDOWS\system32\watoixea.dll
2007-11-21 21:00:58 85056 --a------ C:\WINDOWS\system32\nyqmknfd.dll
2007-11-21 20:59:43 69652 --a------ C:\WINDOWS\system32\srnuvajc.dll
2007-11-21 15:14:05 75028 -----n--- C:\WINDOWS\system32\hbirgyky.dll
2007-11-21 15:13:45 69652 --a------ C:\WINDOWS\system32\rjxcwawc.dll
2007-11-21 15:12:10 75028 --a------ C:\WINDOWS\system32\gtuxdjbg.dll
2007-11-21 15:11:39 85056 -----n--- C:\WINDOWS\system32\jexqpovu.dll
2007-11-21 14:24:55 69652 --a------ C:\WINDOWS\system32\ycvepaub.dll
2007-11-21 12:19:20 1979795 ---hs---- C:\WINDOWS\system32\hjkkj.ini2
2007-11-21 10:16:20 75028 --a------ C:\WINDOWS\system32\kbmjxptf.dll
2007-11-21 10:15:44 85056 -----n--- C:\WINDOWS\system32\ybqomgyi.dll
2007-11-21 10:14:35 11840 --a------ C:\WINDOWS\system32\uouueagu.dll
2007-11-21 10:14:23 75028 -----n--- C:\WINDOWS\system32\dwgyjoky.dll
2007-11-21 10:14:06 69652 --a------ C:\WINDOWS\system32\uigsemwd.dll
2007-11-21 10:11:33 75028 --a------ C:\WINDOWS\system32\xbvlkxhp.dll
2007-11-21 10:11:31 69652 --a------ C:\WINDOWS\system32\rwlcyuhu.dll
2007-11-21 10:09:32 75028 --a------ C:\WINDOWS\system32\dotcyqqs.dll
2007-11-21 10:09:05 11840 --a------ C:\WINDOWS\system32\vlflykmo.dll
2007-11-21 10:08:52 85056 -----n--- C:\WINDOWS\system32\ctupepod.dll
2007-11-21 00:25:14 75028 -----n--- C:\WINDOWS\system32\pomjenyt.dll
2007-11-21 00:24:58 85056 -----n--- C:\WINDOWS\system32\hwxundsj.dll
2007-11-21 00:20:48 75028 --a------ C:\WINDOWS\system32\wwccoems.dll
2007-11-21 00:16:38 69652 --a------ C:\WINDOWS\system32\fwisylgp.dll
2007-11-21 00:15:54 85056 -----n--- C:\WINDOWS\system32\iwtjwstm.dll
2007-11-20 23:53:39 85056 -----n--- C:\WINDOWS\system32\kqvmxfrx.dll
2007-11-20 23:51:23 75028 --a------ C:\WINDOWS\system32\ihghfqrh.dll
2007-11-20 23:51:10 69652 --a------ C:\WINDOWS\system32\qaqonmqs.dll
2007-11-20 23:21:44 75028 -----n--- C:\WINDOWS\system32\ylfehxir.dll
2007-11-20 23:20:59 69652 --a------ C:\WINDOWS\system32\cdrydknw.dll
2007-11-20 23:20:37 85056 -----n--- C:\WINDOWS\system32\dokqqcda.dll
2007-11-20 20:55:02 75028 --a------ C:\WINDOWS\system32\xeytbmnr.dll
2007-11-20 20:55:01 85056 --a------ C:\WINDOWS\system32\ubpfmdkw.dll
2007-11-20 20:54:54 69652 --a------ C:\WINDOWS\system32\twmayotu.dll
2007-11-20 19:20:07 85056 -----n--- C:\WINDOWS\system32\sdloqfjw.dll
2007-11-20 19:19:42 69652 --a------ C:\WINDOWS\system32\mgnhlwkh.dll
2007-11-20 19:17:29 75028 -----n--- C:\WINDOWS\system32\dqridfus.dll
2007-11-20 19:15:35 85056 --a------ C:\WINDOWS\system32\nladwbej.dll
2007-11-20 19:15:33 69652 --a------ C:\WINDOWS\system32\ykhldgyj.dll
2007-11-20 13:59:31 85056 --a------ C:\WINDOWS\system32\wybcbdyb.dll
2007-11-20 13:51:35 69652 --a------ C:\WINDOWS\system32\ifnbfdwf.dll
2007-11-20 13:00:55 85056 --a------ C:\WINDOWS\system32\gkjdxeya.dll
2007-11-20 12:21:41 69652 --a------ C:\WINDOWS\system32\tlkkfsca.dll
2007-11-20 09:21:39 75028 --a------ C:\WINDOWS\system32\myhopyyd.dll
2007-11-20 09:21:13 85056 --a------ C:\WINDOWS\system32\qafjamsj.dll
2007-11-20 09:21:12 69652 --a------ C:\WINDOWS\system32\yebvpgre.dll
2007-11-19 21:38:30 85056 -----n--- C:\WINDOWS\system32\rgbyjujl.dll
2007-11-19 19:59:00 85056 --a------ C:\WINDOWS\system32\mqvnnefw.dll
2007-11-19 19:53:24 69652 --a------ C:\WINDOWS\system32\nhvfxavx.dll
2007-11-19 17:53:43 69652 --a------ C:\WINDOWS\system32\gqbnthld.dll
2007-11-19 17:27:15 69652 --a------ C:\WINDOWS\system32\uaqcafhk.dll
2007-11-18 19:03:47 75028 --a------ C:\WINDOWS\system32\hvsaatiq.dll
2007-11-18 19:03:41 69652 --a------ C:\WINDOWS\system32\nqfkxbie.dll
2007-11-18 19:02:55 85056 -----n--- C:\WINDOWS\system32\lpjwkhqk.dll
2007-11-18 12:06:46 85056 -----n--- C:\WINDOWS\system32\wtrinvfi.dll
2007-11-18 11:20:25 75028 -----n--- C:\WINDOWS\system32\vsyinbis.dll
2007-11-18 11:20:06 69652 --a------ C:\WINDOWS\system32\jadhteoa.dll
2007-11-18 10:47:50 75028 --a------ C:\WINDOWS\system32\mphcpgvq.dll
2007-11-18 10:29:07 85056 -----n--- C:\WINDOWS\system32\wvjordtc.dll
2007-11-17 21:53:09 75028 -----n--- C:\WINDOWS\system32\pqxlokgt.dll
2007-11-17 21:52:48 85056 -----n--- C:\WINDOWS\system32\cnuiuxgu.dll
2007-11-17 19:25:03 85056 -----n--- C:\WINDOWS\system32\hnwkembn.dll
2007-11-17 16:39:45 75028 --a------ C:\WINDOWS\system32\ugevykag.dll
2007-11-17 16:39:33 69652 --a------ C:\WINDOWS\system32\gwrxvatp.dll
2007-11-17 16:39:06 85056 --a------ C:\WINDOWS\system32\sffbqthj.dll
2007-11-17 11:10:04 75028 -----n--- C:\WINDOWS\system32\kgpfntey.dll
2007-11-17 11:09:50 85056 -----n--- C:\WINDOWS\system32\hbsjilme.dll
2007-11-17 10:28:44 85056 -----n--- C:\WINDOWS\system32\kxmrbdjc.dll
2007-11-17 10:25:58 75028 -----n--- C:\WINDOWS\system32\twybsxuu.dll
2007-11-16 22:39:36 85056 -----n--- C:\WINDOWS\system32\gkxhebnw.dll
2007-11-16 22:38:48 75028 -----n--- C:\WINDOWS\system32\hueljmog.dll
2007-11-16 22:25:39 75028 --a------ C:\WINDOWS\system32\goneyhpq.dll
2007-11-16 22:25:11 85056 -----n--- C:\WINDOWS\system32\myvvivax.dll
2007-11-16 21:51:28 85056 --a------ C:\WINDOWS\system32\uvppqavp.dll
2007-11-16 21:51:25 75028 --a------ C:\WINDOWS\system32\xtptjhab.dll
2007-11-16 21:37:32 75028 --a------ C:\WINDOWS\system32\dlhcjqbo.dll
2007-11-16 21:37:06 69652 --a------ C:\WINDOWS\system32\soqxyanu.dll
2007-11-16 21:36:55 85056 -----n--- C:\WINDOWS\system32\lnojhcfp.dll
2007-11-15 21:25:03 75028 --a------ C:\WINDOWS\system32\xqbfpimv.dll
2007-11-15 21:24:49 85056 -----n--- C:\WINDOWS\system32\xhqnepex.dll
2007-11-15 18:08:48 85056 -----n--- C:\WINDOWS\system32\dhxrwstp.dll
2007-11-15 17:43:16 85056 -----n--- C:\WINDOWS\system32\yihffvwu.dll
2007-11-15 13:50:17 75028 --a------ C:\WINDOWS\system32\wrmroqmc.dll
2007-11-15 13:50:12 85056 --a------ C:\WINDOWS\system32\fovcwuje.dll
2007-11-15 13:50:10 69652 --a------ C:\WINDOWS\system32\aoroxwsa.dll
2007-11-15 09:12:44 0 d-------- C:\Program Files\Ultimate Cleaner
2007-11-15 09:09:11 0 d-------- C:\Program Files\E404 Helper
2007-11-15 08:37:44 0 d-------- C:\Program Files\Common Files\??crosoft.NET
2007-11-15 08:35:48 75028 --a------ C:\WINDOWS\system32\poicexxe.dll
2007-11-15 07:46:49 85056 -----n--- C:\WINDOWS\system32\shimdgto.dll
2007-11-15 07:46:42 75028 --a------ C:\WINDOWS\system32\uwrneghw.dll
2007-11-14 23:46:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-11-14 23:42:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Sun
2007-11-14 19:02:00 0 d-------- C:\Documents and Settings\trey\Application Data\Sonic
2007-11-14 18:59:37 85056 -----n--- C:\WINDOWS\system32\xolwhauc.dll
2007-11-14 17:01:59 85056 -----n--- C:\WINDOWS\system32\jhjqrcgb.dll
2007-11-14 16:12:10 85056 -----n--- C:\WINDOWS\system32\yvlkurbb.dll
2007-11-14 13:35:55 85056 -----n--- C:\WINDOWS\system32\ogfvgxqw.dll
2007-11-14 11:25:10 85056 --a------ C:\WINDOWS\system32\cigdfwqe.dll
2007-11-13 20:07:03 89664 --a------ C:\WINDOWS\system32\ybvmuscx.dll
2007-11-13 19:56:22 69652 --a------ C:\WINDOWS\system32\eiydeqbk.dll
2007-11-13 19:10:33 75028 -----n--- C:\WINDOWS\system32\cgyvcbod.dll
2007-11-13 19:10:09 89664 -----n--- C:\WINDOWS\system32\ftxohdmg.dll
2007-11-13 18:53:34 75028 -----n--- C:\WINDOWS\system32\ykqlkjei.dll
2007-11-13 18:52:47 89664 -----n--- C:\WINDOWS\system32\ssvavcbt.dll
2007-11-13 17:07:36 75028 -----n--- C:\WINDOWS\system32\fwcehbnx.dll
2007-11-13 17:07:02 89664 -----n--- C:\WINDOWS\system32\ndtdxppn.dll
2007-11-13 10:39:13 75028 --a------ C:\WINDOWS\system32\ocpauthl.dll
2007-11-13 10:35:35 69652 --a------ C:\WINDOWS\system32\gboxympu.dll
2007-11-13 09:23:27 75028 --a------ C:\WINDOWS\system32\pirxmras.dll
2007-11-13 09:23:21 69652 --a------ C:\WINDOWS\system32\veeplasn.dll
2007-11-13 09:22:36 89664 -----n--- C:\WINDOWS\system32\auesffwf.dll
2007-11-13 09:05:42 89664 -----n--- C:\WINDOWS\system32\kjleercf.dll
2007-11-12 21:04:32 69652 --a------ C:\WINDOWS\system32\ikkjnhbc.dll
2007-11-12 21:04:28 75028 --a------ C:\WINDOWS\system32\ujhkxabl.dll
2007-11-12 21:04:28 88128 --a------ C:\WINDOWS\system32\soatkhxq.dll
2007-11-12 19:08:40 75028 -----n--- C:\WINDOWS\system32\yedrbavo.dll
2007-11-12 19:08:32 88128 --a------ C:\WINDOWS\system32\grrigqqa.dll
2007-11-12 19:08:31 69652 --a------ C:\WINDOWS\system32\twwyyccq.dll
2007-11-12 09:52:32 69652 --a------ C:\WINDOWS\system32\mosmlkxo.dll
2007-11-12 09:52:23 88128 --a------ C:\WINDOWS\system32\atqjkwvv.dll
2007-11-12 09:51:13 75028 -----n--- C:\WINDOWS\system32\eiwekkjs.dll
2007-11-11 17:51:58 75028 --a------ C:\WINDOWS\system32\latukswl.dll
2007-11-09 19:53:11 75028 --a------ C:\WINDOWS\system32\ivxuwaqa.dll
2007-11-09 19:52:51 69652 --a------ C:\WINDOWS\system32\semgocdk.dll
2007-11-09 19:20:37 75028 --a------ C:\WINDOWS\system32\ysgwyfwx.dll
2007-11-09 19:20:16 69652 --a------ C:\WINDOWS\system32\iicajajh.dll
2007-11-09 08:41:00 75028 --a------ C:\WINDOWS\system32\biouhcmu.dll
2007-11-09 08:40:40 69652 --a------ C:\WINDOWS\system32\lxefqdye.dll
2007-11-08 21:03:58 75028 -----n--- C:\WINDOWS\system32\afleuvhm.dll
2007-11-08 21:03:47 69652 --a------ C:\WINDOWS\system32\ounbount.dll
2007-11-08 20:31:18 75028 -----n--- C:\WINDOWS\system32\rdbllktv.dll
2007-11-08 08:34:10 75028 -----n--- C:\WINDOWS\system32\dailuktn.dll
2007-11-08 08:33:49 69652 --a------ C:\WINDOWS\system32\jjbcoksy.dll
2007-11-07 21:29:52 75028 -----n--- C:\WINDOWS\system32\pacmpetm.dll
2007-11-07 21:29:22 69652 --a------ C:\WINDOWS\system32\rdojiyhb.dll
2007-11-07 16:28:27 75028 --a------ C:\WINDOWS\system32\swxrlayp.dll
2007-11-07 16:28:19 69652 --a------ C:\WINDOWS\system32\ruysferj.dll
2007-11-07 10:43:43 75028 --a------ C:\WINDOWS\system32\jolmcrix.dll
2007-11-06 17:30:51 75028 --a------ C:\WINDOWS\system32

taylorwn · 2007/12/02

main.txt part 2

Ok this is going to take 3 parts, it is a really big file. Sorry

\sjhuwgre.dll
2007-11-06 09:10:38 85568 --a------ C:\WINDOWS\system32\hifhdxxy.dll
2007-11-06 09:10:28 69652 --a------ C:\WINDOWS\system32\eslqwjlj.dll
2007-11-05 20:08:52 75028 -----n--- C:\WINDOWS\system32\cvoonugp.dll
2007-11-05 20:08:45 69652 --a------ C:\WINDOWS\system32\etmlpbmn.dll
2007-11-05 19:20:37 75028 --a------ C:\WINDOWS\system32\xkromiko.dll
2007-11-05 18:50:15 75028 --a------ C:\WINDOWS\system32\xjopvfos.dll
2007-11-05 18:49:56 69652 --a------ C:\WINDOWS\system32\lxyocbna.dll
2007-11-05 18:39:00 75028 --a------ C:\WINDOWS\system32\tgwgrueg.dll
2007-11-05 18:38:53 69652 --a------ C:\WINDOWS\system32\vdcdbbrw.dll
2007-11-05 12:13:47 0 d-------- C:\Program Files\QdrPack
2007-11-05 12:11:59 75028 --a------ C:\WINDOWS\system32\ayijwuuy.dll
2007-11-05 12:11:49 69652 --a------ C:\WINDOWS\system32\rmhufvne.dll
2007-11-05 10:21:38 75028 -----n--- C:\WINDOWS\system32\vwjalpdx.dll
2007-11-05 10:21:22 69652 --a------ C:\WINDOWS\system32\tmbdsypx.dll
2007-11-05 10:04:11 69652 --a------ C:\WINDOWS\system32\chhcrwrn.dll
2007-11-05 09:47:23 75028 -----n--- C:\WINDOWS\system32\kewuhncl.dll
2007-11-05 09:47:08 69652 --a------ C:\WINDOWS\system32\lrdsdxbc.dll
2007-11-05 09:02:26 75028 --a------ C:\WINDOWS\system32\vhldhfei.dll
2007-11-05 09:02:13 69652 --a------ C:\WINDOWS\system32\eydkoadu.dll
2007-11-04 11:19:39 87616 --a------ C:\WINDOWS\system32\oalxbtbp.dll
2007-11-04 11:18:24 0 d-------- C:\WINDOWS\?ecurity
2007-11-04 08:12:36 87616 --a------ C:\WINDOWS\system32\taljwryv.dll
2007-11-04 08:11:51 75028 -----n--- C:\WINDOWS\system32\begafajs.dll
2007-11-04 08:11:43 69652 --a------ C:\WINDOWS\system32\avocyecl.dll
2007-11-03 23:19:24 87616 -----n--- C:\WINDOWS\system32\omkmedxj.dll
2007-11-03 23:18:48 75028 -----n--- C:\WINDOWS\system32\mlidcrwy.dll
2007-11-03 17:42:04 75028 --a------ C:\WINDOWS\system32\utodvuev.dll
2007-11-03 17:42:04 86080 --a------ C:\WINDOWS\system32\iowgmvlb.dll
2007-11-03 16:23:36 75028 --a------ C:\WINDOWS\system32\vobxfdyv.dll
2007-11-03 16:23:33 69652 --a------ C:\WINDOWS\system32\lmutfwld.dll
2007-11-03 16:23:15 86080 -----n--- C:\WINDOWS\system32\dtsdbeds.dll
2007-11-03 12:55:29 69652 --a------ C:\WINDOWS\system32\mqljxfvp.dll
2007-11-03 12:55:27 75028 -----n--- C:\WINDOWS\system32\fnbbstvt.dll
2007-11-03 12:54:20 86080 -----n--- C:\WINDOWS\system32\sdqpkiop.dll
2007-11-03 06:52:55 75028 --a------ C:\WINDOWS\system32\bhmhryae.dll
2007-11-03 06:52:40 69652 --a------ C:\WINDOWS\system32\cvtgnjgu.dll
2007-11-03 06:52:01 86080 -----n--- C:\WINDOWS\system32\qydvyctq.dll
2007-11-02 21:39:35 75028 --a------ C:\WINDOWS\system32\nkuyoogr.dll
2007-11-02 20:21:55 75028 -----n--- C:\WINDOWS\system32\uibddwif.dll
2007-11-02 20:21:31 69652 --a------ C:\WINDOWS\system32\rpmpfjuy.dll
2007-11-02 18:53:15 0 d-------- C:\WINDOWS\system32\S?mantec
2007-11-02 18:47:55 69652 --a------ C:\WINDOWS\system32\vvxueihn.dll
2007-11-02 14:19:59 75028 --a------ C:\WINDOWS\system32\jefdkkgl.dll
2007-11-02 14:18:51 69652 --a------ C:\WINDOWS\system32\mihxplri.dll

-- Find3M Report ---------------------------------------------------------------

2007-11-28 22:35:53 0 d-a------ C:\Program Files\Common Files
2007-11-28 21:50:25 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-28 21:50:24 0 d-------- C:\Program Files\Common Files\zmki
2007-11-28 20:40:45 0 d-------- C:\Program Files\BFG
2007-11-27 20:02:29 0 d-------- C:\Program Files\Dl_cats
2007-11-27 14:21:25 440868 ---hs---- C:\WINDOWS\system32\hjkkj.bak2
2007-11-27 11:14:41 69652 --a------ C:\WINDOWS\system32\ciip32.dll
2007-11-24 13:04:00 0 d-------- C:\Program Files\Viewpoint
2007-11-24 13:00:05 0 d-------- C:\Program Files\Common Files\AOL
2007-11-22 19:15:09 440919 ---hs---- C:\WINDOWS\system32\hjkkj.bak1
2007-11-15 08:37:50 2 --a------ C:\WINDOWS\system32\wapiisv.exe
2007-11-15 08:37:44 0 d-------- C:\Program Files\Common Files\??crosoft.NET
2007-11-05 12:12:46 0 d-------- C:\Program Files\ISM2
2007-11-04 16:30:03 0 d-------- C:\Program Files\Temporary
2007-11-04 11:17:27 0 d-------- C:\Program Files\QdrModule
2007-11-03 14:18:58 142 --a------ C:\Program Files\page.html
2007-11-02 18:55:05 0 d-------- C:\Program Files\LimeWire
2007-11-01 14:18:51 75028 --a------ C:\WINDOWS\system32\dnmpctcv.dll
2007-11-01 00:11:10 75028 -----n--- C:\WINDOWS\system32\shjlmqco.dll
2007-11-01 00:11:04 69652 --a------ C:\WINDOWS\system32\mdycimus.dll
2007-10-31 20:44:41 75028 -----n--- C:\WINDOWS\system32\ofskbbui.dll
2007-10-31 20:44:21 69652 --a------ C:\WINDOWS\system32\xmhurdhr.dll
2007-10-31 15:56:47 75028 --a------ C:\WINDOWS\system32\stpexgxd.dll
2007-10-31 15:56:32 69652 --a------ C:\WINDOWS\system32\tivcbqxb.dll
2007-10-31 15:47:27 75028 --a------ C:\WINDOWS\system32\pxtvesxc.dll
2007-10-31 06:11:49 77888 --a------ C:\WINDOWS\system32\pcdksgav.dll
2007-10-31 06:09:58 69652 --a------ C:\WINDOWS\system32\jfqdbojx.dll
2007-10-30 19:23:31 75028 --a------ C:\WINDOWS\system32\wlvrfivf.dll
2007-10-30 18:42:12 75028 --a------ C:\WINDOWS\system32\cviqpqky.dll
2007-10-30 18:35:20 69652 --a------ C:\WINDOWS\system32\dcfvlcnw.dll
2007-10-30 17:46:36 77376 --a------ C:\WINDOWS\system32\lcoycrsn.dll
2007-10-30 15:51:13 77376 --a------ C:\WINDOWS\system32\bddiwbfw.dll
2007-10-30 13:43:33 77376 --a------ C:\WINDOWS\system32\irprwenv.dll
2007-10-30 13:38:54 77376 --a------ C:\WINDOWS\system32\irsfwlrp.dll
2007-10-30 13:37:30 69652 --a------ C:\WINDOWS\system32\mbhogewt.dll
2007-10-30 13:36:46 75028 -----n--- C:\WINDOWS\system32\sxpwqrvw.dll
2007-10-30 13:36:28 69652 --a------ C:\WINDOWS\system32\glbdwoue.dll
2007-10-30 07:07:29 75028 --a------ C:\WINDOWS\system32\flyonuuq.dll
2007-10-30 07:07:08 69652 --a------ C:\WINDOWS\system32\lvafimtd.dll
2007-10-29 23:52:11 75028 --a------ C:\WINDOWS\system32\todbleom.dll
2007-10-29 23:52:01 69652 --a------ C:\WINDOWS\system32\ljttmfir.dll
2007-10-29 23:46:39 75028 --a------ C:\WINDOWS\system32\ghkkxxtf.dll
2007-10-29 23:46:26 69652 --a------ C:\WINDOWS\system32\rxxmunno.dll
2007-10-29 23:15:28 69652 --a------ C:\WINDOWS\system32\yvbcvupd.dll
2007-10-29 22:34:51 69652 --a------ C:\WINDOWS\system32\qembjkfq.dll
2007-10-29 22:16:26 69652 --a------ C:\WINDOWS\system32\igogsslw.dll
2007-10-29 22:01:22 69652 --a------ C:\WINDOWS\system32\cugjivqx.dll
2007-10-29 21:38:15 0 d-------- C:\Program Files\?ecurity
2007-10-29 20:09:20 75028 -----n--- C:\WINDOWS\system32\wulaxdrn.dll
2007-10-29 20:09:10 69652 --a------ C:\WINDOWS\system32\ppkshdls.dll
2007-10-29 18:55:32 75028 -----n--- C:\WINDOWS\system32\joxupgak.dll
2007-10-29 18:55:11 69652 --a------ C:\WINDOWS\system32\twmxabmu.dll
2007-10-29 17:08:11 75028 -----n--- C:\WINDOWS\system32\tnkgvktn.dll
2007-10-29 17:07:57 69652 --a------ C:\WINDOWS\system32\bycndyag.dll
2007-10-29 14:33:35 75028 -----n--- C:\WINDOWS\system32\uthynfgs.dll
2007-10-29 14:33:30 69652 --a------ C:\WINDOWS\system32\enpeivme.dll
2007-10-29 13:37:02 75028 -----n--- C:\WINDOWS\system32\sjtbiusf.dll
2007-10-29 13:36:48 69652 --a------ C:\WINDOWS\system32\xdputhft.dll
2007-10-28 13:37:08 75028 -----n--- C:\WINDOWS\system32\evpqbxjs.dll
2007-10-28 13:36:53 69652 --a------ C:\WINDOWS\system32\oemcrsvc.dll
2007-10-28 10:10:32 75028 -----n--- C:\WINDOWS\system32\ropiwdvq.dll
2007-10-28 10:10:22 69652 --a------ C:\WINDOWS\system32\jjnbfeov.dll
2007-10-27 22:16:50 69652 --a------ C:\WINDOWS\system32\aiyqojan.dll
2007-10-27 15:56:22 69652 --a------ C:\WINDOWS\system32\hvdrhsrr.dll
2007-10-27 15:52:07 75028 --a------ C:\WINDOWS\system32\apqnfqrj.dll
2007-10-27 15:51:47 69652 --a------ C:\WINDOWS\system32\gyrvajru.dll
2007-10-27 14:11:04 75028 --a------ C:\WINDOWS\system32\wfoannhw.dll
2007-10-27 14:10:50 69652 --a------ C:\WINDOWS\system32\fxfovbnj.dll
2007-10-26 23:26:47 237588 -----n--- C:\WINDOWS\system32\sfsegavt.dll
2007-10-26 23:26:26 69652 --a------ C:\WINDOWS\system32\aomnbrvg.dll
2007-10-26 20:54:30 237588 -----n--- C:\WINDOWS\system32\gmrmiegy.dll
2007-10-26 20:54:19 69652 --a------ C:\WINDOWS\system32\xhiejeyw.dll
2007-10-26 20:05:56 237588 -----n--- C:\WINDOWS\system32\fpjpwswa.dll
2007-10-26 20:03:30 69652 --a------ C:\WINDOWS\system32\grtsmqtv.dll
2007-10-26 15:39:21 237588 -----n--- C:\WINDOWS\system32\sgkkyhxn.dll
2007-10-26 15:38:57 69652 --a------ C:\WINDOWS\system32\pnewatkg.dll
2007-10-26 11:33:57 237588 --a------ C:\WINDOWS\system32\wllurnbn.dll
2007-10-26 11:33:45 69652 --a------ C:\WINDOWS\system32\hcrwoduw.dll
2007-10-26 08:14:35 237588 -----n--- C:\WINDOWS\system32\cfuqqhki.dll
2007-10-26 08:14:12 69652 --a------ C:\WINDOWS\system32\csdqhvka.dll
2007-10-25 21:09:06 237588 --a------ C:\WINDOWS\system32\ejumcnpo.dll
2007-10-25 21:08:44 69652 --a------ C:\WINDOWS\system32\huyhhldd.dll
2007-10-25 16:33:02 69652 --a------ C:\WINDOWS\system32\gwjbeaqs.dll
2007-10-25 14:34:58 237588 --a------ C:\WINDOWS\system32\ttocjbpr.dll
2007-10-25 14:34:23 69652 --a------ C:\WINDOWS\system32\fxkewfir.dll
2007-10-25 09:55:40 237588 --a------ C:\WINDOWS\system32\cxmehwev.dll
2007-10-25 09:55:26 69652 --a------ C:\WINDOWS\system32\kqerhsko.dll
2007-10-24 20:43:34 69652 --a------ C:\WINDOWS\system32\ulssnuwh.dll
2007-10-24 18:38:46 69652 --a------ C:\WINDOWS\system32\vbacuoaw.dll
2007-10-24 14:21:02 69652 --a------ C:\WINDOWS\system32\fkvgbqmu.dll
2007-10-24 12:06:27 237588 -----n--- C:\WINDOWS\system32\drpnsvbt.dll
2007-10-24 12:06:16 69652 --a------ C:\WINDOWS\system32\vfogbwtx.dll
2007-10-24 07:44:58 237588 -----n--- C:\WINDOWS\system32\nwimtvcq.dll
2007-10-24 07:44:46 69652 --a------ C:\WINDOWS\system32\cmkjguix.dll
2007-10-24 01:10:02 237588 --a------ C:\WINDOWS\system32\haeclxts.dll
2007-10-24 01:09:41 69652 --a------ C:\WINDOWS\system32\ritgvagd.dll
2007-10-23 23:15:12 237588 -----n--- C:\WINDOWS\system32\ljrvagqc.dll
2007-10-23 23:14:56 69652 --a------ C:\WINDOWS\system32\mxqtvqps.dll
2007-10-23 22:33:07 237588 --a------ C:\WINDOWS\system32\imubkrwv.dll
2007-10-23 22:32:57 69652 --a------ C:\WINDOWS\system32\aaslsspb.dll
2007-10-23 22:16:25 237588 --a------ C:\WINDOWS\system32\ecnsppgk.dll
2007-10-23 22:16:03 69652 --a------ C:\WINDOWS\system32\rpqrvtgr.dll
2007-10-23 18:12:17 237588 --a------ C:\WINDOWS\system32\uompnufj.dll
2007-10-23 18:10:41 69652 --a------ C:\WINDOWS\system32\kxcksvjn.dll
2007-10-23 11:52:37 69652 --a------ C:\WINDOWS\system32\goolvbrd.dll
2007-10-23 11:12:01 237588 --a------ C:\WINDOWS\system32\nuthjfnf.dll
2007-10-23 11:11:08 69652 --a------ C:\WINDOWS\system32\dlsdodsb.dll
2007-10-23 08:48:27 237588 -----n--- C:\WINDOWS\system32\oxupdsja.dll
2007-10-23 08:18:15 69652 --a------ C:\WINDOWS\system32\abvstrge.dll
2007-10-22 23:10:27 69652 --a------ C:\WINDOWS\system32\ylwjenay.dll
2007-10-22 21:02:27 237588 --a------ C:\WINDOWS\system32\jtmqhllh.dll
2007-10-22 21:02:06 69652 --a------ C:\WINDOWS\system32\tcbuyfxj.dll
2007-10-22 17:17:00 69652 --a------ C:\WINDOWS\system32\hpleapdi.dll
2007-10-22 16:53:50 69652 --a------ C:\WINDOWS\system32\sngaarxn.dll
2007-10-22 16:45:21 69652 --a------ C:\WINDOWS\system32\chikpifu.dll
2007-10-22 16:38:52 69652 --a------ C:\WINDOWS\system32\keaaghpq.dll
2007-10-22 15:59:38 237588 --a------ C:\WINDOWS\system32\kfyxhitc.dll
2007-10-22 15:59:27 69652 --a------ C:\WINDOWS\system32\csqppimh.dll
2007-10-22 15:49:17 0 d-------- C:\Program Files\Common Files\??crosoft
2007-10-22 15:48:45 69652 --a------ C:\WINDOWS\system32\cqdbxhet.dll
2007-10-22 15:33:13 69652 --a------ C:\WINDOWS\system32\moesdnps.dll
2007-10-22 15:22:31 69652 --a------ C:\WINDOWS\system32\tqclwpga.dll
2007-10-22 14:04:21 237588 --a------ C:\WINDOWS\system32\asryvqjl.dll
2007-10-22 14:04:02 69652 --a------ C:\WINDOWS\system32\nhdxctim.dll
2007-10-22 13:05:58 237588 -----n--- C:\WINDOWS\system32\ajqehoay.dll
2007-10-22 13:05:33 69652 --a------ C:\WINDOWS\system32\wrjqbjmr.dll
2007-10-22 11:03:54 7728 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-22 11:03:53 152 -r-hs---- C:\WINDOWS\system32\C4A95FEE05.sys
2007-10-22 10:26:43 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
2007-10-22 10:15:32 69652 --a------ C:\WINDOWS\system32\dbtpacqa.dll
2007-10-22 09:44:12 69652 --a------ C:\WINDOWS\system32\rbqodbsb.dll
2007-10-22 06:55:40 237588 --a------ C:\WINDOWS\system32\kyjiyxgd.dll
2007-10-22 06:55:15 69652 --a------ C:\WINDOWS\system32\dihykjxy.dll
2007-10-21 23:10:24 237588 --a------ C:\WINDOWS\system32\cmqrfrjr.dll
2007-10-21 23:10:04 69652 --a------ C:\WINDOWS\system32\pabqlujy.dll
2007-10-21 22:27:39 237588 -----n--- C:\WINDOWS\system32\bnfexypf.dll
2007-10-21 22:27:19 69652 --a------ C:\WINDOWS\system32\lutphaio.dll
2007-10-21 21:06:48 237588 --a------ C:\WINDOWS\system32\kgtkipud.dll
2007-10-21 21:06:18 69652 --a------ C:\WINDOWS\system32\mjhhbrak.dll
2007-10-21 20:17:01 237588 --a------ C:\WINDOWS\system32\xgsqurqk.dll
2007-10-21 20:16:31 69652 --a------ C:\WINDOWS\system32\ajynmtva.dll
2007-10-21 18:28:50 237588 --a------ C:\WINDOWS\system32\bwidjrcm.dll
2007-10-21 18:28:36 69652 --a------ C:\WINDOWS\system32\jpakrnix.dll
2007-10-21 11:20:04 237588 --a------ C:\WINDOWS\system32\uwiyhjmv.dll
2007-10-21 11:19:47 69652 --a------ C:\WINDOWS\system32\smscnyxw.dll
2007-10-21 11:00:38 69652 --a------ C:\WINDOWS\system32\qedwpueh.dll
2007-10-21 10:46:09 69652 --a------ C:\WINDOWS\system32\dtulhokw.dll
2007-10-21 10:36:52 237588 --a------ C:\WINDOWS\system32\gcjmsfrr.dll
2007-10-21 10:36:41 69652 --a------ C:\WINDOWS\system32\xwbfbfkw.dll
2007-10-21 10:27:40 237588 --a------ C:\WINDOWS\system32\dpfdmnxq.dll
2007-10-21 10:27:19 69652 --a------ C:\WINDOWS\system32\nxthvhka.dll
2007-10-21 10:18:07 237588 --a------ C:\WINDOWS\system32\hmtctoki.dll
2007-10-21 01:31:17 0 d-------- C:\Program Files\Common Files\?ymantec
2007-10-21 01:29:34 69652 --a------ C:\WINDOWS\system32\albsveri.dll
2007-10-20 21:06:51 237588 -----n--- C:\WINDOWS\system32\kkpvanqx.dll
2007-10-20 21:06:36 69652 --a------ C:\WINDOWS\system32\pelpsakl.dll
2007-10-20 17:28:11 237588 --a------ C:\WINDOWS\system32\jwpaynmx.dll
2007-10-20 17:27:48 69652 --a------ C:\WINDOWS\system32\mbtueeym.dll
2007-10-20 17:15:06 237588 -----n--- C:\WINDOWS\system32\urtrepuy.dll
2007-10-20 17:12:37 69652 --a------ C:\WINDOWS\system32\jlpnenke.dll
2007-10-20 16:30:10 69652 --a------ C:\WINDOWS\system32\nytipyxr.dll
2007-10-20 16:24:40 237588 --a------ C:\WINDOWS\system32\husanwcx.dll
2007-10-20 16:24:10 69652 --a------ C:\WINDOWS\system32\mvukusuk.dll
2007-10-20 14:37:56 237588 -----n--- C:\WINDOWS\system32\dmkyfjqn.dll
2007-10-20 14:37:38 69652 --a------ C:\WINDOWS\system32\oeqbcyjx.dll
2007-10-20 14:33:54 69652 --a------ C:\WINDOWS\system32\hanvwfxw.dll
2007-10-20 14:30:26 69652 --a------ C:\WINDOWS\system32\vbhwyjti.dll
2007-10-20 14:30:17 237588 --a------ C:\WINDOWS\system32\rubdwmae.dll
2007-10-20 14:14:40 69652 --a------ C:\WINDOWS\system32\aovmbhkx.dll
2007-10-20 14:09:09 237588 --a------ C:\WINDOWS\system32\ngconbwq.dll
2007-10-20 14:08:51 69652 --a------ C:\WINDOWS\system32\rtfhgnje.dll
2007-10-20 13:45:46 237588 --a------ C:\WINDOWS\system32\jvluradf.dll
2007-10-20 13:45:23 69652 --a------ C:\WINDOWS\system32\jbttiocv.dll
2007-10-20 13:19:54 69652 --a------ C:\WINDOWS\system32\xdfrlqae.dll
2007-10-20 13:08:32 69652 --a------ C:\WINDOWS\system32\ycibnvpx.dll
2007-10-20 10:28:01 237588 --a------ C:\WINDOWS\system32\jifhmwuo.dll
2007-10-20 10:27:37 69652 --a------ C:\WINDOWS\system32\ntjuruhd.dll
2007-10-20 07:54:59 69652 --a------ C:\WINDOWS\system32\ylbrurqn.dll
2007-10-20 07:45:06 69652 --a------ C:\WINDOWS\system32\nqlcttpi.dll
2007-10-20 07:28:11 69652 --a------ C:\WINDOWS\system32\uekevpsg.dll
2007-10-20 07:15:31 69652 --a------ C:\WINDOWS\system32\qugslpoj.dll
2007-10-20 07:09:40 69652 --a------ C:\WINDOWS\system32\rbxalfsb.dll
2007-10-20 06:13:48 69652 --a------ C:\WINDOWS\system32\yqdjmbts.dll
2007-10-20 06:09:39 69652 --a------ C:\WINDOWS\system32\lvwnfkau.dll
2007-10-20 05:43:58 237588 --a------ C:\WINDOWS\system32\smijlxem.dll
2007-10-20 05:43:35 69652 --a------ C:\WINDOWS\system32\wxmervqb.dll
2007-10-20 05:38:16 69652 --a------ C:\WINDOWS\system32\fvxmrvcf.dll
2007-10-19 20:09:46 237588 -----n--- C:\WINDOWS\system32\riyydegh.dll
2007-10-19 20:04:47 69652 --a------ C:\WINDOWS\system32\twjyjmyy.dll
2007-10-19 18:17:04 237588 --a------ C:\WINDOWS\system32\dimkffss.dll
2007-10-19 18:16:29 69652 --a------ C:\WINDOWS\system32\rkehisyq.dll
2007-10-19 18:10:45 69652 --a------ C:\WINDOWS\system32\ptysrjws.dll
2007-10-19 16:01:24 0 d-------- C:\Program Files\?icrosoft
2007-10-19 16:01:19 69652 --a------ C:\WINDOWS\system32\iocpnkyq.dll
2007-10-19 15:05:50 69652 --a------ C:\WINDOWS\system32\ccyqtgau.dll
2007-10-18 23:44:41 69652 --a------ C:\WINDOWS\system32\kakpropi.dll
2007-10-18 23:43:54 237588 --a------ C:\WINDOWS\system32\doqymvic.dll
2007-10-18 21:45:03 237588 --a------ C:\WINDOWS\system32\ghemcxsk.dll
2007-10-18 21:44:28 69652 --a------ C:\WINDOWS\system32\xhlebneg.dll
2007-10-18 21:30:10 69652 --a------ C:\WINDOWS\system32\vbhvyiep.dll
2007-10-18 18:09:42 69652 --a------ C:\WINDOWS\system32\hfihhmff.dll
2007-10-18 17:45:21 69652 --a------ C:\WINDOWS\system32\pevpilll.dll
2007-10-18 17:31:08 69652 --a------ C:\WINDOWS\system32\wdcbawxq.dll
2007-10-18 17:28:02 69652 --a------ C:\WINDOWS\system32\lynvmmtd.dll
2007-10-18 17:18:40 69652 --a------ C:\WINDOWS\system32\efvsdxne.dll
2007-10-18 17:10:43 69652 --a------ C:\WINDOWS\system32\wrqrtybp.dll
2007-10-18 13:50:05 69652 --a------ C:\WINDOWS\system32\eoeqayph.dll
2007-10-18 09:26:21 300032 --a------ C:\WINDOWS\b148.exe
2007-10-18 05:08:39 0 d-------- C:\Program Files\S?mantec
2007-10-17 15:58:55 237588 --a------ C:\WINDOWS\system32\qtxhstvo.dll
2007-10-17 15:58:45 69652 --a------ C:\WINDOWS\system32\mmkowvjr.dll
2007-10-17 15:48:21 69652 --a------ C:\WINDOWS\system32\ydmayrud.dll
2007-10-17 15:08:15 69652 --a------ C:\WINDOWS\system32\rihxjorh.dll
2007-10-17 14:19:41 69652 --a------ C:\WINDOWS\system32\bquwnxug.dll
2007-10-17 09:00:38 69652 --a------ C:\WINDOWS\system32\yncbpauy.dll
2007-10-17 07:41:29 69652 --a------ C:\WINDOWS\system32\gbpuwaoe.dll
2007-10-17 07:29:39 69652 --a------ C:\WINDOWS\system32\qhiiudri.dll
2007-10-17 07:22:49 69652 --a------ C:\WINDOWS\system32\cqmsrboa.dll
2007-10-16 22:56:24 69652 --a------ C:\WINDOWS\system32\gthoacnu.dll
2007-10-16 16:38:00 237588 -----n--- C:\WINDOWS\system32\swsuxuum.dll
2007-10-16 16:37:28 69652 --a------ C:\WINDOWS\system32\fvxvhnud.dll
2007-10-16 16:20:20 237588 --a------ C:\WINDOWS\system32\lbfywgqt.dll
2007-10-16 16:20:13 69652 --a------ C:\WINDOWS\system32\qvrqvnjp.dll
2007-10-16 16:17:18 69652 --a------ C:\WINDOWS\system32\tbwiknss.dll
2007-10-16 08:58:36 60928 --a------ C:\WINDOWS\system32\mofaa.dll
2007-10-16 07:56:05 173568 --a------ C:\WINDOWS\b149.exe
2007-10-15 21:45:55 237588 --a------ C:\WINDOWS\system32\jcjfawxp.dll
2007-10-15 21:16:04 237588 --a------ C:\WINDOWS\system32\kwofyaik.dll
2007-10-15 21:15:21 69652 --a------ C:\WINDOWS\system32\urtpyjnl.dll
2007-10-15 19:27:59 237588 --a------ C:\WINDOWS\system32\bsrgwsbw.dll
2007-10-15 19:27:05 69652 --a------ C:\WINDOWS\system32\ydyhqbmx.dll
2007-10-15 13:01:03 69652 --a------ C:\WINDOWS\system32\bikrvkjc.dll
2007-10-15 12:41:47 237588 --a------ C:\WINDOWS\system32\utaavjvh.dll
2007-10-15 12:41:33 69652 --a------ C:\WINDOWS\system32\gkncsyor.dll
2007-10-15 11:25:21 69652 --a------ C:\WINDOWS\system32\pwgfocni.dll
2007-10-15 10:38:50 1667237 --a------ C:\WINDOWS\system32\version69ie7fix.dll <Not Verified; Mirar; BAR NoL NT 1:1 NoF VIP RSV RPT AFF>
2007-10-15 08:21:13 237588 --a------ C:\WINDOWS\system32\cmhlkvyc.dll
2007-10-15 08:21:02 69652 --a------ C:\WINDOWS\system32\thgwswrh.dll
2007-10-15 02:19:32 237588 --a------ C:\WINDOWS\system32\ascbkidi.dll
2007-10-15 02:19:22 69652 --a------ C:\WINDOWS\system32\rnattiwn.dll
2007-10-15 02:04:51 69652 --a------ C:\WINDOWS\system32\xyhryrdp.dll
2007-10-14 21:32:07 237588 -----n--- C:\WINDOWS\system32\vaihvhua.dll
2007-10-14 21:31:38 69652 --a------ C:\WINDOWS\system32\bjkylltf.dll
2007-10-14 16:46:51 69652 --a------ C:\WINDOWS\system32\xcvrvsvn.dll
2007-10-14 16:21:34 69652 --a------ C:\WINDOWS\system32\qknbbsfl.dll
2007-10-14 16:19:03 237588 --a------ C:\WINDOWS\system32\mwbmifik.dll
2007-10-14 16:18:29 69652 --a------ C:\WINDOWS\system32\mkqlytib.dll
2007-10-14 00:18:17 69652 --a------ C:\WINDOWS\system32\fmslddos.dll
2007-10-13 20:17:02 69652 --a------ C:\WINDOWS\system32\dpcsbekm.dll
2007-10-13 20:07:08 69652 --a------ C:\WINDOWS\system32\ecrejrdx.dll
2007-10-13 20:00:23 69652 --a------ C:\WINDOWS\system32\nnqrvjtr.dll
2007-10-13 19:44:55 69652 --a------ C:\WINDOWS\system32\howucbyj.dll
2007-10-13 19:00:16 69652 --a------ C:\WINDOWS\system32\mkbvvwuy.dll
2007-10-13 18:57:18 237588 --a------ C:\WINDOWS\system32\dilvupws.dll
2007-10-13 18:57:08 69652 --a------ C:\WINDOWS\system32\udchdjqx.dll
2007-10-13 18:34:23 237588 --a------ C:\WINDOWS\system32\jslykffj.dll
2007-10-13 18:34:04 69652 --a------ C:\WINDOWS\system32\eeaoulef.dll
2007-10-13 18:03:33 69652 --a------ C:\WINDOWS\system32\yoqwcens.dll
2007-10-12 07:36:31 69652 --a------ C:\WINDOWS\system32\fpctgdfh.dll
2007-10-12 05:53:09 69652 --a------ C:\WINDOWS\system32\xnwxfvxv.dll
2007-10-12 05:37:13 69652 --a------ C:\WINDOWS\system32\fmxulovv.dll
2007-10-12 05:33:30 237588 --a------ C:\WINDOWS\system32\njytklwx.dll
2007-10-12 05:33:08 69652 --a------ C:\WINDOWS\system32\qndopjjm.dll
2007-10-11 19:08:23 69652 --a------ C:\WINDOWS\system32\qhtteygr.dll
2007-10-11 19:03:00 237588 --a------ C:\WINDOWS\system32\iguosqmh.dll
2007-10-11 19:02:39 69652 --a------ C:\WINDOWS\system32\sokakryr.dll
2007-10-11 17:47:45 69652 --a------ C:\WINDOWS\system32\hjcwsssh.dll
2007-10-11 15:21:32 69652 --a------ C:\WINDOWS\system32\btuuekwu.dll
2007-10-11 15:06:16 237588 --a------ C:\WINDOWS\system32\kevvggid.dll
2007-10-11 15:06:06 69652 --a------ C:\WINDOWS\system32\cxmgogci.dll
2007-10-11 14:26:45 69652 --a------ C:\WINDOWS\system32\onfvooyi.dll
2007-10-11 11:52:11 69652 --a------ C:\WINDOWS\system32\avbshvyy.dll
2007-10-11 09:37:36 237588 -----n--- C:\WINDOWS\system32\vxoedaba.dll
2007-10-11 09:37:15 69652 --a------ C:\WINDOWS\system32\fndputnk.dll
2007-10-10 22:56:26 69652 --a------ C:\WINDOWS\system32\eamjxkim.dll
2007-10-10 22:40:59 69652 --a------ C:\WINDOWS\system32\rbtledme.dll
2007-10-10 21:35:11 69652 --a------ C:\WINDOWS\system32\dbutdose.dll
2007-10-10 21:19:20 69652 --a------ C:\WINDOWS\system32\tjvbdtkp.dll
2007-10-10 20:35:22 69652 --a------ C:\WINDOWS\system32\hhqqlutj.dll
2007-10-10 20:06:49 69652 --a------ C:\WINDOWS\system32\dwhihntl.dll
2007-10-10 19:54:37 69652 --a------ C:\WINDOWS\system32\njpwwnpg.dll
2007-10-10 17:57:40 0 d-------- C:\Program Files\McAfee
2007-10-10 17:22:49 69652 --a------ C:\WINDOWS\system32\xnbpfptp.dll
2007-10-10 17:16:31 69652 --a------ C:\WINDOWS\system32\hwclnvkn.dll
2007-10-10 14:27:32 69652 --a------ C:\WINDOWS\system32\myhnkaqw.dll
2007-10-10 14:10:57 237588 --a------ C:\WINDOWS\system32\sxyqqenw.dll
2007-10-10 14:10:41 69652 --a------ C:\WINDOWS\system32\klxcyegc.dll
2007-10-10 09:44:20 69652 --a------ C:\WINDOWS\system32\qkppsebd.dll
2007-10-10 08:47:56 69652 --a------ C:\WINDOWS\system32\mnheikhn.dll
2007-10-10 08:43:51 69652 --a------ C:\WINDOWS\system32\mmehxioy.dll
2007-10-10 06:53:54 184320 --a------ C:\WINDOWS\b111.exe
2007-10-10 00:55:38 69652 --a------ C:\WINDOWS\system32\ibyairbd.dll
2007-10-09 23:07:27 69652 --a------ C:\WINDOWS\system32\btyxpqbg.dll
2007-10-09 22:49:38 69652 --a------ C:\WINDOWS\system32\nvpjwwvb.dll
2007-10-09 22:36:53 69652 --a------ C:\WINDOWS\system32\lcjcvkwb.dll
2007-10-09 16:13:38 69652 --a------ C:\WINDOWS\system32\ccxngqln.dll
2007-10-09 07:11:31 69652 --a------ C:\WINDOWS\system32\letgvnts.dll
2007-10-08 15:50:33 69652 --a------ C:\WINDOWS\system32\chhmktji.dll
2007-10-08 15:39:57 69652 --a------ C:\WINDOWS\system32\wjtftkag.dll
2007-10-08 07:59:27 237588 -----n--- C:\WINDOWS\system32\tbhvjkyp.dll
2007-10-08 07:59:09 69652 --a------ C:\WINDOWS\system32\rrryqtkp.dll
2007-10-08 07:36:30 69652 --a------ C:\WINDOWS\system32\elvuocle.dll
2007-10-08 01:00:41 69652 --a------ C:\WINDOWS\system32\ecjcewvc.dll
2007-10-08 00:36:54 69652 --a------ C:\WINDOWS\system32\taprngit.dll
2007-10-08 00:25:02 69652 --a------ C:\WINDOWS\system32\twjjsfrm.dll
2007-10-08 00:03:33 69652 --a------ C:\WINDOWS\system32\kpvtpwoy.dll
2007-10-07 11:45:50 69652 --a------ C:\WINDOWS\system32\muhdbrru.dll
2007-10-07 11:42:02 237588 --a------ C:\WINDOWS\system32\lmxiugyj.dll
2007-10-07 11:40:47 69652 --a------ C:\WINDOWS\system32\ummtgpeb.dll
2007-10-07 08:31:35 237588 -----n--- C:\WINDOWS\system32\rjwfohhy.dll
2007-10-07 08:31:24 69652 --a------ C:\WINDOWS\system32\jenqwbad.dll
2007-10-07 08:17:03 237588 --a------ C:\WINDOWS\system32\mwhimobd.dll
2007-10-07 08:15:41 69652 --a------ C:\WINDOWS\system32\xmcrydlm.dll
2007-10-07 03:05:14 69652 --a------ C:\WINDOWS\system32\niutghdj.dll
2007-10-07 02:31:46 69652 --a------ C:\WINDOWS\system32\xuxkqepm.dll
2007-10-07 01:21:49 69652 --a------ C:\WINDOWS\system32\sufibwpk.dll
2007-10-06 23:06:34 237588 --a------ C:\WINDOWS\system32\bqlaaspc.dll
2007-10-06 23:06:21 69652 --a------ C:\WINDOWS\system32\slclctjh.dll
2007-10-06 18:52:54 0 d-------- C:\Program Files\MySpace
2007-10-06 18:42:15 237588 --a------ C:\WINDOWS\system32\meetannm.dll
2007-10-06 18:41:46 69652 --a------ C:\WINDOWS\system32\rfglojgy.dll
2007-10-06 17:36:39 237588 -----n--- C:\WINDOWS\system32\bodmmanf.dll
2007-10-06 17:35:25 69652 --a------ C:\WINDOWS\system32\amsmwefe.dll
2007-10-06 14:54:35 69652 --a------ C:\WINDOWS\system32\pfsmnxdj.dll
2007-10-06 14:25:43 237588 --a------ C:\WINDOWS\system32\fqtdquve.dll
2007-10-06 14:25:24 69652 --a------ C:\WINDOWS\system32\abpsibuh.dll
2007-10-05 18:35:05 237588 --a------ C:\WINDOWS\system32\xdmpeqgo.dll
2007-10-05 18:34:43 69652 --a------ C:\WINDOWS\system32\ftffgpnb.dll
2007-10-05 18:34:00 237588 -----n--- C:\WINDOWS\system32\lkonrefe.dll
2007-10-05 18:33:45 69652 --a------ C:\WINDOWS\system32\mxumnolu.dll
2007-10-05 15:42:30 69652 --a------ C:\WINDOWS\system32\bitxxquv.dll
2007-10-05 15:20:38 237588 --a------ C:\WINDOWS\system32\rhvhlwjy.dll
2007-10-05 15:20:31 69652 --a------ C:\WINDOWS\system32\teteudww.dll
2007-10-05 14:41:04 69652 --a------ C:\WINDOWS\system32\lrjuvenh.dll
2007-10-05 13:19:40 237588 -----n--- C:\WINDOWS\system32\inqxjcre.dll
2007-10-05 13:19:22 69652 --a------ C:\WINDOWS\system32\dxmgciqy.dll
2007-10-05 12:57:16 237588 -----n--- C:\WINDOWS\system32\tsuvkamb.dll
2007-10-05 12:57:00 69652 --a------ C:\WINDOWS\system32\uhuthrsr.dll
2007-10-05 10:38:24 69652 --a------ C:\WINDOWS\system32\dpsipain.dll
2007-10-04 20:42:18 237588 --a------ C:\WINDOWS\system32\waygnllj.dll
2007-10-04 20:42:13 69652 --a------ C:\WINDOWS\system32\jrdgxeet.dll
2007-10-04 20:37:25 237588 --a------ C:\WINDOWS\system32\qucayjri.dll
2007-10-04 20:35:58 69652 --a------ C:\WINDOWS\system32\ggpsrndm.dll
2007-10-04 17:54:09 237588 -----n--- C:\WINDOWS\system32\tixuwums.dll
2007-10-04 17:53:53 69652 --a------ C:\WINDOWS\system32\uwftsmlj.dll
2007-10-04 15:40:46 237588 -----n--- C:\WINDOWS\system32\ynwsdlcg.dll
2007-10-04 15:40:43 69652 --a------ C:\WINDOWS\system32\vpixojpi.dll
2007-10-04 09:55:04 69652 --a------ C:\WINDOWS\system32\hthyjndi.dll
2007-10-04 08:04:16 237588 --a------ C:\WINDOWS\system32\qyqhggmt.dll
2007-10-04 08:03:55 69652 --a------ C:\WINDOWS\system32\egcgmjlb.dll
2007-10-04 07:45:39 237588 --a------ C:\WINDOWS\system32\pjujjmai.dll
2007-10-04 07:45:26 69652 --a------ C:\WINDOWS\system32\wcmxqiyt.dll
2007-10-04 04:14:15 237588 -----n--- C:\WINDOWS\system32\mcoovglt.dll
2007-10-04 04:14:05 69652 --a------ C:\WINDOWS\system32\ivcvbiro.dll
2007-10-03 22:30:45 237588 --a------ C:\WINDOWS\system32\qvrdtlcs.dll
2007-10-03 22:30:24 69652 --a------ C:\WINDOWS\system32\ejdcaoca.dll
2007-10-03 21:58:44 69652 --a------ C:\WINDOWS\system32\vvevbfxi.dll
2007-10-03 15:06:57 69652 --a------ C:\WINDOWS\system32\sqmuwnru.dll
2007-10-03 14:58:03 237588 --a------ C:\WINDOWS\system32\vnhtlvef.dll
2007-10-03 14:56:30 69652 --a------ C:\WINDOWS\system32\jujaqcvu.dll
2007-10-03 14:49:33 237588 --a------ C:\WINDOWS\system32\ldvwytlb.dll
2007-10-03 14:48:49 69652 --a------ C:\WINDOWS\system32\uwljtdrm.dll
2007-10-03 14:13:40 69652 --a------ C:\WINDOWS\system32\sqxqkvut.dll
2007-10-03 13:11:01 69652 --a------ C:\WINDOWS\system32\gifyjbsn.dll
2007-10-03 09:23:40 69652 --a------ C:\WINDOWS\system32\vvpkqijd.dll
2007-10-03 08:18:53 237588 --a------ C:\WINDOWS\system32\yrcmivjc.dll
2007-10-02 20:54:28 237588 -----n--- C:\WINDOWS\system32\rvuvgkvy.dll
2007-10-02 20:54:14 69652 --a------ C:\WINDOWS\system32\dmbxkhpi.dll
2007-10-02 17:37:04 69652 --a------ C:\WINDOWS\system32\lyormpov.dll
2007-10-02 14:27:46 237588 --a------ C:\WINDOWS\system32\nrkutpso.dll
2007-10-02 14:27:27 69652 --a------ C:\WINDOWS\system32\bfvtasrv.dll
2007-10-02 14:06:34 69652 --a------ C:\WINDOWS\system32\ggektcue.dll
2007-10-02 11:57:11 237588 -----n--- C:\WINDOWS\system32\xtapqdet.dll
2007-10-02 11:57:10 69652 --a------ C:\WINDOWS\system32\cyvkgerr.dll
2007-10-02 11:54:22 237588 --a------ C:\WINDOWS\system32\achrwwag.dll
2007-10-02 11:52:23 69652 --a------ C:\WINDOWS\system32\oyfmsuec.dll
2007-10-02 08:10:41 69652 --a------ C:\WINDOWS\system32\myhfpbid.dll
2007-10-02 07:41:29 69652 --a------ C:\WINDOWS\system32\msehcytp.dll
2007-10-02 07:38:07 237588 --a------ C:\WINDOWS\system32\dcwgkgob.dll
2007-10-02 07:37:23 64788 --a------ C:\WINDOWS\system32\mxtkrwbb.dll
2007-10-02 07:37:05 69652 --a------ C:\WINDOWS\system32\dktenuuy.dll
2007-10-02 07:36:45 81172 --a------ C:\WINDOWS\system32\naqievhj.dll
2007-10-01 20:38:19 69652 --a------ C:\WINDOWS\system32\wuvnlqjl.dll
2007-10-01 20:13:02 69652 --a------ C:\WINDOWS\system32\vafoctam.dll
2007-10-01 18:21:00 69652 --a------ C:\WINDOWS\system32\ndorvyod.dll
2007-10-01 18:12:15 69652 --a------ C:\WINDOWS\system32\umifsxoe.dll
2007-10-01 18:10:38 69652 --a------ C:\WINDOWS\system32\hqcmjfgk.dll
2007-10-01 16:30:38 69652 --a------ C:\WINDOWS\system32\nbbmvskm.dll
2007-10-01 13:19:01 69652 --a------ C:\WINDOWS\system32\mbvsbjrf.dll
2007-10-01 11:18:49 69652 --a------ C:\WINDOWS\system32\eoycskau.dll
2007-10-01 09:01:14 69652 --a------ C:\WINDOWS\system32\oohovhep.dll
2007-10-01 08:30:50 69652 --a------ C:\WINDOWS\system32\feeewrnh.dll
2007-10-01 07:50:34 69652 --a------ C:\WINDOWS\system32\sjspfqqg.dll
2007-10-01 07:48:29 69652 --a------ C:\WINDOWS\system32\kvuhkubs.dll
2007-09-30 22:01:10 69652 --a------ C:\WINDOWS\system32\gpxxdala.dll
2007-09-30 21:51:41 69652 --a------ C:\WINDOWS\system32\xnpwapxu.dll
2007-09-30 21:41:47 69652 --a------ C:\WINDOWS\system32\ibemjidr.dll
2007-09-30 21:32:25 69652 --a------ C:\WINDOWS\system32\xcwnlrkd.dll
2007-09-30 21:14:04 69652 --a------ C:\WINDOWS\system32\dfuylnqs.dll
2007-09-30 15:56:30 69652 --a------ C:\WINDOWS\system32\qtfayvmd.dll
2007-09-30 15:31:22 69652 --a------ C:\WINDOWS\system32\ojkvgtpg.dll
2007-09-30 14:12:31 69652 --a------ C:\WINDOWS\system32\hjmqhqqe.dll
2007-09-30 13:36:36 69652 --a------ C:\WINDOWS\system32\xasorjmx.dll

taylorwn · 2007/12/02

main.txt part 3

Ok last part

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31b236f5-1db1-4b78-b559-152014d0c512}]
C:\WINDOWS\system32\fmlpxrsj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D6EBFA7-67AB-49B2-B4E3-EDF8AC5018D5}]
C:\Program Files\ComPlus Applications\vizybi24418.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD7B67CC-F528-A6D8-0C27-F79A84FC4CB4}]
10/16/2007 08:58 AM 60928 --a------ C:\WINDOWS\system32\mofaa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 12:02 AM]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [07/22/2005 12:03 PM]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 10:06 AM]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 09:48 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"Spoolsv "= "C:\WINDOWS\system32\spoolvs.exe" []
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/19/2007 06:16 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
2Wire Wireless Client.lnk - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE [2/23/2006 5:04:14 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [8/11/2004 1:22:40 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 1:12:08 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dllabl]
dllabl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjh]
C:\WINDOWS\system32\jkkjh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl]
opnkkkl.dll

*Newly Created Service* - ENTDRV51

-- Hosts -----------------------------------------------------------------------

10.18.250.4 www.symantec.com

-- End of Deckard's System Scanner: finished at 2007-12-02 14:56:15 ------------

noahdfear · 2007/12/02

Wow!

Download ComboFix by sUBs from here, saving the file to your desktop.

(the code box below is huge.... just click in the top left and drag till it reaches the bottom right corner)
Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\spoolsv.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\system32\aaslsspb.dll
C:\WINDOWS\system32\abpsibuh.dll
C:\WINDOWS\system32\abvstrge.dll
C:\WINDOWS\system32\achrwwag.dll
C:\WINDOWS\system32\afleuvhm.dll
C:\WINDOWS\system32\agksjwhq.dll
C:\WINDOWS\system32\aitpbtbe.dll
C:\WINDOWS\system32\aiyqojan.dll
C:\WINDOWS\system32\ajqehoay.dll
C:\WINDOWS\system32\ajynmtva.dll
C:\WINDOWS\system32\albsveri.dll
C:\WINDOWS\system32\amsmwefe.dll
C:\WINDOWS\system32\aomnbrvg.dll
C:\WINDOWS\system32\aoroxwsa.dll
C:\WINDOWS\system32\aovmbhkx.dll
C:\WINDOWS\system32\apqnfqrj.dll
C:\WINDOWS\system32\aqapglbl.dll
C:\WINDOWS\system32\aqgdwlcr.dll
C:\WINDOWS\system32\ascbkidi.dll
C:\WINDOWS\system32\asryvqjl.dll
C:\WINDOWS\system32\atqjkwvv.dll
C:\WINDOWS\system32\auesffwf.dll
C:\WINDOWS\system32\avbshvyy.dll
C:\WINDOWS\system32\avocyecl.dll
C:\WINDOWS\system32\ayijwuuy.dll
C:\WINDOWS\system32\bddiwbfw.dll
C:\WINDOWS\system32\begafajs.dll
C:\WINDOWS\system32\bfvtasrv.dll
C:\WINDOWS\system32\bfyoxnuu.dll
C:\WINDOWS\system32\bhmhryae.dll
C:\WINDOWS\system32\bikrvkjc.dll
C:\WINDOWS\system32\biouhcmu.dll
C:\WINDOWS\system32\bitxxquv.dll
C:\WINDOWS\system32\bjkylltf.dll
C:\WINDOWS\system32\bnfexypf.dll
C:\WINDOWS\system32\bodmmanf.dll
C:\WINDOWS\system32\bqlaaspc.dll
C:\WINDOWS\system32\bquwnxug.dll
C:\WINDOWS\system32\bsrgwsbw.dll
C:\WINDOWS\system32\btpixlud.dll
C:\WINDOWS\system32\btuuekwu.dll
C:\WINDOWS\system32\btyxpqbg.dll
C:\WINDOWS\system32\bwidjrcm.dll
C:\WINDOWS\system32\bycndyag.dll
C:\WINDOWS\system32\ccxngqln.dll
C:\WINDOWS\system32\ccyqtgau.dll
C:\WINDOWS\system32\cdrydknw.dll
C:\WINDOWS\system32\cfuqqhki.dll
C:\WINDOWS\system32\cgyvcbod.dll
C:\WINDOWS\system32\chhcrwrn.dll
C:\WINDOWS\system32\chhmktji.dll
C:\WINDOWS\system32\chikpifu.dll
C:\WINDOWS\system32\cigdfwqe.dll
C:\WINDOWS\system32\ciip32.dll
C:\WINDOWS\system32\cmhlkvyc.dll
C:\WINDOWS\system32\cmkjguix.dll
C:\WINDOWS\system32\cmqrfrjr.dll
C:\WINDOWS\system32\cnuiuxgu.dll
C:\WINDOWS\system32\cpqtisgq.dll
C:\WINDOWS\system32\cqdbxhet.dll
C:\WINDOWS\system32\cqmsrboa.dll
C:\WINDOWS\system32\csdqhvka.dll
C:\WINDOWS\system32\csqppimh.dll
C:\WINDOWS\system32\ctupepod.dll
C:\WINDOWS\system32\cugjivqx.dll
C:\WINDOWS\system32\cviqpqky.dll
C:\WINDOWS\system32\cvoonugp.dll
C:\WINDOWS\system32\cvtgnjgu.dll
C:\WINDOWS\system32\cxmehwev.dll
C:\WINDOWS\system32\cxmgogci.dll
C:\WINDOWS\system32\cyvkgerr.dll
C:\WINDOWS\system32\dailuktn.dll
C:\WINDOWS\system32\dbtpacqa.dll
C:\WINDOWS\system32\dbutdose.dll
C:\WINDOWS\system32\dcfvlcnw.dll
C:\WINDOWS\system32\dcwgkgob.dll
C:\WINDOWS\system32\dfuylnqs.dll
C:\WINDOWS\system32\dhaxwyks.dll
C:\WINDOWS\system32\dhxrwstp.dll
C:\WINDOWS\system32\dihykjxy.dll
C:\WINDOWS\system32\dilvupws.dll
C:\WINDOWS\system32\dimkffss.dll
C:\WINDOWS\system32\dkgabbsg.dll
C:\WINDOWS\system32\dktenuuy.dll
C:\WINDOWS\system32\dlhcjqbo.dll
C:\WINDOWS\system32\dlsdodsb.dll
C:\WINDOWS\system32\dmbxkhpi.dll
C:\WINDOWS\system32\dmkyfjqn.dll
C:\WINDOWS\system32\dnmpctcv.dll
C:\WINDOWS\system32\dokqqcda.dll
C:\WINDOWS\system32\doqymvic.dll
C:\WINDOWS\system32\dotcyqqs.dll
C:\WINDOWS\system32\dpcsbekm.dll
C:\WINDOWS\system32\dpfdmnxq.dll
C:\WINDOWS\system32\dpsipain.dll
C:\WINDOWS\system32\dqridfus.dll
C:\WINDOWS\system32\drpnsvbt.dll
C:\WINDOWS\system32\dtsdbeds.dll
C:\WINDOWS\system32\dtulhokw.dll
C:\WINDOWS\system32\dujidehh.dll
C:\WINDOWS\system32\dwgyjoky.dll
C:\WINDOWS\system32\dwhihntl.dll
C:\WINDOWS\system32\dxmgciqy.dll
C:\WINDOWS\system32\eamjxkim.dll
C:\WINDOWS\system32\ecjcewvc.dll
C:\WINDOWS\system32\ecnsppgk.dll
C:\WINDOWS\system32\ecrejrdx.dll
C:\WINDOWS\system32\eeaoulef.dll
C:\WINDOWS\system32\efvsdxne.dll
C:\WINDOWS\system32\egcgmjlb.dll
C:\WINDOWS\system32\ehwrxnvq.dll
C:\WINDOWS\system32\eiwekkjs.dll
C:\WINDOWS\system32\eiydeqbk.dll
C:\WINDOWS\system32\ejdcaoca.dll
C:\WINDOWS\system32\ejumcnpo.dll
C:\WINDOWS\system32\elrjmixu.dll
C:\WINDOWS\system32\elvuocle.dll
C:\WINDOWS\system32\emoqnhfa.dll
C:\WINDOWS\system32\enmqncvh.dll
C:\WINDOWS\system32\enpeivme.dll
C:\WINDOWS\system32\eoeqayph.dll
C:\WINDOWS\system32\eoycskau.dll
C:\WINDOWS\system32\epnvkaet.dll
C:\WINDOWS\system32\epxvhhap.dll
C:\WINDOWS\system32\eslqwjlj.dll
C:\WINDOWS\system32\etmlpbmn.dll
C:\WINDOWS\system32\evpqbxjs.dll
C:\WINDOWS\system32\eydkoadu.dll
C:\WINDOWS\system32\fdkcwdvl.dll
C:\WINDOWS\system32\fdxutmkm.dll
C:\WINDOWS\system32\feeewrnh.dll
C:\WINDOWS\system32\fekiainx.dll
C:\WINDOWS\system32\fkvgbqmu.dll
C:\WINDOWS\system32\flgeaaff.dll
C:\WINDOWS\system32\flyonuuq.dll
C:\WINDOWS\system32\fmslddos.dll
C:\WINDOWS\system32\fmxulovv.dll
C:\WINDOWS\system32\fnbbstvt.dll
C:\WINDOWS\system32\fndputnk.dll
C:\WINDOWS\system32\fovcwuje.dll
C:\WINDOWS\system32\fpctgdfh.dll
C:\WINDOWS\system32\fpjpwswa.dll
C:\WINDOWS\system32\fqtdquve.dll
C:\WINDOWS\system32\freqntys.dll
C:\WINDOWS\system32\ftffgpnb.dll
C:\WINDOWS\system32\ftxohdmg.dll
C:\WINDOWS\system32\fvxmrvcf.dll
C:\WINDOWS\system32\fvxvhnud.dll
C:\WINDOWS\system32\fwcehbnx.dll
C:\WINDOWS\system32\fwisylgp.dll
C:\WINDOWS\system32\fxfovbnj.dll
C:\WINDOWS\system32\fxkewfir.dll
C:\WINDOWS\system32\gboxympu.dll
C:\WINDOWS\system32\gbpuwaoe.dll
C:\WINDOWS\system32\gcjmsfrr.dll
C:\WINDOWS\system32\gfjaannb.dll
C:\WINDOWS\system32\ggektcue.dll
C:\WINDOWS\system32\ggpsrndm.dll
C:\WINDOWS\system32\ghemcxsk.dll
C:\WINDOWS\system32\ghkkxxtf.dll
C:\WINDOWS\system32\gifyjbsn.dll
C:\WINDOWS\system32\gkjdxeya.dll
C:\WINDOWS\system32\gkncsyor.dll
C:\WINDOWS\system32\gkxhebnw.dll
C:\WINDOWS\system32\glbdwoue.dll
C:\WINDOWS\system32\gmrmiegy.dll
C:\WINDOWS\system32\gnpfttjx.dll
C:\WINDOWS\system32\goneyhpq.dll
C:\WINDOWS\system32\goolvbrd.dll
C:\WINDOWS\system32\gpxxdala.dll
C:\WINDOWS\system32\gqbnthld.dll
C:\WINDOWS\system32\grrigqqa.dll
C:\WINDOWS\system32\grtsmqtv.dll
C:\WINDOWS\system32\gthoacnu.dll
C:\WINDOWS\system32\gtuxdjbg.dll
C:\WINDOWS\system32\gwjbeaqs.dll
C:\WINDOWS\system32\gwrxvatp.dll
C:\WINDOWS\system32\gyrvajru.dll
C:\WINDOWS\system32\haeclxts.dll
C:\WINDOWS\system32\hanvwfxw.dll
C:\WINDOWS\system32\hbirgyky.dll
C:\WINDOWS\system32\hbsjilme.dll
C:\WINDOWS\system32\hcrwoduw.dll
C:\WINDOWS\system32\hfihhmff.dll
C:\WINDOWS\system32\hhqqlutj.dll
C:\WINDOWS\system32\hifhdxxy.dll
C:\WINDOWS\system32\hiqqyxum.dll
C:\WINDOWS\system32\hjcwsssh.dll
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjmqhqqe.dll
C:\WINDOWS\system32\hkxlxvwn.dll
C:\WINDOWS\system32\hmtctoki.dll
C:\WINDOWS\system32\hnsluhsb.dll
C:\WINDOWS\system32\hnwkembn.dll
C:\WINDOWS\system32\howucbyj.dll
C:\WINDOWS\system32\hpfwwdtu.dll
C:\WINDOWS\system32\hpleapdi.dll
C:\WINDOWS\system32\hqcmjfgk.dll
C:\WINDOWS\system32\hthyjndi.dll
C:\WINDOWS\system32\htuoidkb.dll
C:\WINDOWS\system32\hueljmog.dll
C:\WINDOWS\system32\husanwcx.dll
C:\WINDOWS\system32\huyhhldd.dll
C:\WINDOWS\system32\hvdrhsrr.dll
C:\WINDOWS\system32\hvsaatiq.dll
C:\WINDOWS\system32\hwclnvkn.dll
C:\WINDOWS\system32\hwxundsj.dll
C:\WINDOWS\system32\hxbcqmfv.dll
C:\WINDOWS\system32\ibemjidr.dll
C:\WINDOWS\system32\ibyairbd.dll
C:\WINDOWS\system32\idhgftlu.dll
C:\WINDOWS\system32\ifnbfdwf.dll
C:\WINDOWS\system32\igogsslw.dll
C:\WINDOWS\system32\iguosqmh.dll
C:\WINDOWS\system32\ihghfqrh.dll
C:\WINDOWS\system32\iicajajh.dll
C:\WINDOWS\system32\ikkjnhbc.dll
C:\WINDOWS\system32\imubkrwv.dll
C:\WINDOWS\system32\inqxjcre.dll
C:\WINDOWS\system32\iocpnkyq.dll
C:\WINDOWS\system32\iowgmvlb.dll
C:\WINDOWS\system32\iqvrumsd.dll
C:\WINDOWS\system32\irprwenv.dll
C:\WINDOWS\system32\irsfwlrp.dll
C:\WINDOWS\system32\itobetwf.dll
C:\WINDOWS\system32\ivcvbiro.dll
C:\WINDOWS\system32\iveijftm.dll
C:\WINDOWS\system32\ivxuwaqa.dll
C:\WINDOWS\system32\iwtjwstm.dll
C:\WINDOWS\system32\jadhteoa.dll
C:\WINDOWS\system32\jbbiwpsk.dll
C:\WINDOWS\system32\jbttiocv.dll
C:\WINDOWS\system32\jcjfawxp.dll
C:\WINDOWS\system32\jefdkkgl.dll
C:\WINDOWS\system32\jenqwbad.dll
C:\WINDOWS\system32\jexqpovu.dll
C:\WINDOWS\system32\jfqdbojx.dll
C:\WINDOWS\system32\jhjqrcgb.dll
C:\WINDOWS\system32\jifhmwuo.dll
C:\WINDOWS\system32\jjbcoksy.dll
C:\WINDOWS\system32\jjnbfeov.dll
C:\WINDOWS\system32\jjulbobl.dll
C:\WINDOWS\system32\jlpnenke.dll
C:\WINDOWS\system32\joansyom.dll
C:\WINDOWS\system32\jolmcrix.dll
C:\WINDOWS\system32\joxupgak.dll
C:\WINDOWS\system32\jpakrnix.dll
C:\WINDOWS\system32\jrdgxeet.dll
C:\WINDOWS\system32\jseukkmq.dll
C:\WINDOWS\system32\jslykffj.dll
C:\WINDOWS\system32\jtmqhllh.dll
C:\WINDOWS\system32\jujaqcvu.dll
C:\WINDOWS\system32\jvluradf.dll
C:\WINDOWS\system32\jwpaynmx.dll
C:\WINDOWS\system32\kakpropi.dll
C:\WINDOWS\system32\kbdeocxa.dll
C:\WINDOWS\system32\kbmjxptf.dll
C:\WINDOWS\system32\kdlfgyex.dll
C:\WINDOWS\system32\keaaghpq.dll
C:\WINDOWS\system32\kevvggid.dll
C:\WINDOWS\system32\kewuhncl.dll
C:\WINDOWS\system32\kfjymsng.dll
C:\WINDOWS\system32\kfyxhitc.dll
C:\WINDOWS\system32\kgpfntey.dll
C:\WINDOWS\system32\kgtkipud.dll
C:\WINDOWS\system32\kjleercf.dll
C:\WINDOWS\system32\kkpvanqx.dll
C:\WINDOWS\system32\klxcyegc.dll
C:\WINDOWS\system32\kpvtpwoy.dll
C:\WINDOWS\system32\kqerhsko.dll
C:\WINDOWS\system32\kqvmxfrx.dll
C:\WINDOWS\system32\kvtoorjh.dll
C:\WINDOWS\system32\kvuhkubs.dll
C:\WINDOWS\system32\kwofyaik.dll
C:\WINDOWS\system32\kxcksvjn.dll
C:\WINDOWS\system32\kxmrbdjc.dll
C:\WINDOWS\system32\kyjiyxgd.dll
C:\WINDOWS\system32\latukswl.dll
C:\WINDOWS\system32\lbfywgqt.dll
C:\WINDOWS\system32\lcjcvkwb.dll
C:\WINDOWS\system32\lcoycrsn.dll
C:\WINDOWS\system32\ldvwytlb.dll
C:\WINDOWS\system32\letgvnts.dll
C:\WINDOWS\system32\ljlfbtqk.dll
C:\WINDOWS\system32\ljrvagqc.dll
C:\WINDOWS\system32\ljttmfir.dll
C:\WINDOWS\system32\lkonrefe.dll
C:\WINDOWS\system32\lmutfwld.dll
C:\WINDOWS\system32\lmxiugyj.dll
C:\WINDOWS\system32\lnojhcfp.dll
C:\WINDOWS\system32\lpjwkhqk.dll
C:\WINDOWS\system32\lppmqyfi.dll
C:\WINDOWS\system32\lqknoabd.dll
C:\WINDOWS\system32\lrdsdxbc.dll
C:\WINDOWS\system32\lrjuvenh.dll
C:\WINDOWS\system32\lutphaio.dll
C:\WINDOWS\system32\lvafimtd.dll
C:\WINDOWS\system32\lvwnfkau.dll
C:\WINDOWS\system32\lxefqdye.dll
C:\WINDOWS\system32\lxyocbna.dll
C:\WINDOWS\system32\lynvmmtd.dll
C:\WINDOWS\system32\lyormpov.dll
C:\WINDOWS\system32\mbhogewt.dll
C:\WINDOWS\system32\mbtueeym.dll
C:\WINDOWS\system32\mbvsbjrf.dll
C:\WINDOWS\system32\mcoovglt.dll
C:\WINDOWS\system32\mdycimus.dll
C:\WINDOWS\system32\meetannm.dll
C:\WINDOWS\system32\mgnhlwkh.dll
C:\WINDOWS\system32\mihxplri.dll
C:\WINDOWS\system32\milhrcwi.dll
C:\WINDOWS\system32\mjhhbrak.dll
C:\WINDOWS\system32\mkbvvwuy.dll
C:\WINDOWS\system32\mkqlytib.dll
C:\WINDOWS\system32\mldwultm.dll
C:\WINDOWS\system32\mlidcrwy.dll
C:\WINDOWS\system32\mmehxioy.dll
C:\WINDOWS\system32\mmkowvjr.dll
C:\WINDOWS\system32\mnheikhn.dll
C:\WINDOWS\system32\moesdnps.dll
C:\WINDOWS\system32\mofaa.dll
C:\WINDOWS\system32\mosmlkxo.dll
C:\WINDOWS\system32\mphcpgvq.dll
C:\WINDOWS\system32\mqljxfvp.dll
C:\WINDOWS\system32\mqvnnefw.dll
C:\WINDOWS\system32\msehcytp.dll
C:\WINDOWS\system32\muhdbrru.dll
C:\WINDOWS\system32\mvukusuk.dll
C:\WINDOWS\system32\mwbmifik.dll
C:\WINDOWS\system32\mwhimobd.dll
C:\WINDOWS\system32\mxqtvqps.dll
C:\WINDOWS\system32\mxtkrwbb.dll
C:\WINDOWS\system32\mxumnolu.dll
C:\WINDOWS\system32\myhfpbid.dll
C:\WINDOWS\system32\myhnkaqw.dll
C:\WINDOWS\system32\myhopyyd.dll
C:\WINDOWS\system32\myvvivax.dll
C:\WINDOWS\system32\naqievhj.dll
C:\WINDOWS\system32\nbbmvskm.dll
C:\WINDOWS\system32\ndorvyod.dll
C:\WINDOWS\system32\ndrqvpqm.dll
C:\WINDOWS\system32\ndtdxppn.dll
C:\WINDOWS\system32\ngconbwq.dll
C:\WINDOWS\system32\nhdxctim.dll
C:\WINDOWS\system32\nhvfxavx.dll
C:\WINDOWS\system32\niutghdj.dll
C:\WINDOWS\system32\njjyfxep.dll
C:\WINDOWS\system32\njpwwnpg.dll
C:\WINDOWS\system32\njytklwx.dll
C:\WINDOWS\system32\nkuyoogr.dll
C:\WINDOWS\system32\nladwbej.dll
C:\WINDOWS\system32\nlrebear.dll
C:\WINDOWS\system32\nnqrvjtr.dll
C:\WINDOWS\system32\nqfkxbie.dll
C:\WINDOWS\system32\nqlcttpi.dll
C:\WINDOWS\system32\nrkutpso.dll
C:\WINDOWS\system32\ntjuruhd.dll
C:\WINDOWS\system32\nuthjfnf.dll
C:\WINDOWS\system32\nvpjwwvb.dll
C:\WINDOWS\system32\nvskkfol.dll
C:\WINDOWS\system32\nwimtvcq.dll
C:\WINDOWS\system32\nxthvhka.dll
C:\WINDOWS\system32\nyqmknfd.dll
C:\WINDOWS\system32\nytipyxr.dll
C:\WINDOWS\system32\oalxbtbp.dll
C:\WINDOWS\system32\ocpauthl.dll
C:\WINDOWS\system32\oemcrsvc.dll
C:\WINDOWS\system32\oeqbcyjx.dll
C:\WINDOWS\system32\ofskbbui.dll
C:\WINDOWS\system32\ogfvgxqw.dll
C:\WINDOWS\system32\oifswgdq.dll
C:\WINDOWS\system32\ojkvgtpg.dll
C:\WINDOWS\system32\omkmedxj.dll
C:\WINDOWS\system32\onfvooyi.dll
C:\WINDOWS\system32\oohovhep.dll
C:\WINDOWS\system32\ounbount.dll
C:\WINDOWS\system32\oxupdsja.dll
C:\WINDOWS\system32\oyfmsuec.dll
C:\WINDOWS\system32\pabqlujy.dll
C:\WINDOWS\system32\pacmpetm.dll
C:\WINDOWS\system32\pcdksgav.dll
C:\WINDOWS\system32\pelpsakl.dll
C:\WINDOWS\system32\pevpilll.dll
C:\WINDOWS\system32\pfsmnxdj.dll
C:\WINDOWS\system32\pgeygrlc.dll
C:\WINDOWS\system32\pirxmras.dll
C:\WINDOWS\system32\pjujjmai.dll
C:\WINDOWS\system32\pmgjaayf.dll
C:\WINDOWS\system32\pnewatkg.dll
C:\WINDOWS\system32\pnsvaldt.dll
C:\WINDOWS\system32\poexmthd.dll
C:\WINDOWS\system32\poicexxe.dll
C:\WINDOWS\system32\pomjenyt.dll
C:\WINDOWS\system32\porvlwlw.dll
C:\WINDOWS\system32\ppkshdls.dll
C:\WINDOWS\system32\pqxlokgt.dll
C:\WINDOWS\system32\ptysrjws.dll
C:\WINDOWS\system32\pvnrxbxa.dll
C:\WINDOWS\system32\pwgfocni.dll
C:\WINDOWS\system32\pxtvesxc.dll
C:\WINDOWS\system32\pxuosduh.dll
C:\WINDOWS\system32\qafjamsj.dll
C:\WINDOWS\system32\qaqonmqs.dll
C:\WINDOWS\system32\qedwpueh.dll
C:\WINDOWS\system32\qembjkfq.dll
C:\WINDOWS\system32\qhiiudri.dll
C:\WINDOWS\system32\qhtteygr.dll
C:\WINDOWS\system32\qknbbsfl.dll
C:\WINDOWS\system32\qkppsebd.dll
C:\WINDOWS\system32\qndopjjm.dll
C:\WINDOWS\system32\qnnjuuyc.dll
C:\WINDOWS\system32\qrpqxinj.dll
C:\WINDOWS\system32\qtfayvmd.dll
C:\WINDOWS\system32\qtwptnwp.dll
C:\WINDOWS\system32\qtxhstvo.dll
C:\WINDOWS\system32\qucayjri.dll
C:\WINDOWS\system32\qugslpoj.dll
C:\WINDOWS\system32\qvrdtlcs.dll
C:\WINDOWS\system32\qvrqvnjp.dll
C:\WINDOWS\system32\qydvyctq.dll
C:\WINDOWS\system32\qyqhggmt.dll
C:\WINDOWS\system32\rbqodbsb.dll
C:\WINDOWS\system32\rbtledme.dll
C:\WINDOWS\system32\rbxalfsb.dll
C:\WINDOWS\system32\rdbllktv.dll
C:\WINDOWS\system32\rdojiyhb.dll
C:\WINDOWS\system32\rfglojgy.dll
C:\WINDOWS\system32\rgbyjujl.dll
C:\WINDOWS\system32\rhvhlwjy.dll
C:\WINDOWS\system32\rihxjorh.dll
C:\WINDOWS\system32\ritgvagd.dll
C:\WINDOWS\system32\riyydegh.dll
C:\WINDOWS\system32\rjwfohhy.dll
C:\WINDOWS\system32\rjxcwawc.dll
C:\WINDOWS\system32\rkehisyq.dll
C:\WINDOWS\system32\rmhufvne.dll
C:\WINDOWS\system32\rnattiwn.dll
C:\WINDOWS\system32\rnwgykdq.dll
C:\WINDOWS\system32\ropiwdvq.dll
C:\WINDOWS\system32\rpmpfjuy.dll
C:\WINDOWS\system32\rpqrvtgr.dll
C:\WINDOWS\system32\rrryqtkp.dll
C:\WINDOWS\system32\rtfhgnje.dll
C:\WINDOWS\system32\rubdwmae.dll
C:\WINDOWS\system32\ruysferj.dll
C:\WINDOWS\system32\rvuvgkvy.dll
C:\WINDOWS\system32\rwlcyuhu.dll
C:\WINDOWS\system32\rxxmunno.dll
C:\WINDOWS\system32\sdloqfjw.dll
C:\WINDOWS\system32\sdqpkiop.dll
C:\WINDOWS\system32\semgocdk.dll
C:\WINDOWS\system32\sffbqthj.dll
C:\WINDOWS\system32\sfsegavt.dll
C:\WINDOWS\system32\sgkkyhxn.dll
C:\WINDOWS\system32\shimdgto.dll
C:\WINDOWS\system32\shjlmqco.dll
C:\WINDOWS\system32\simdgxph.dll
C:\WINDOWS\system32\sjhuwgre.dll
C:\WINDOWS\system32\sjspfqqg.dll
C:\WINDOWS\system32\sjtbiusf.dll
C:\WINDOWS\system32\slclctjh.dll
C:\WINDOWS\system32\smijlxem.dll
C:\WINDOWS\system32\smscnyxw.dll
C:\WINDOWS\system32\sngaarxn.dll
C:\WINDOWS\system32\soatkhxq.dll
C:\WINDOWS\system32\sogrqliq.dll
C:\WINDOWS\system32\sokakryr.dll
C:\WINDOWS\system32\soqxyanu.dll
C:\WINDOWS\system32\sqkxgoqs.dll
C:\WINDOWS\system32\sqmuwnru.dll
C:\WINDOWS\system32\sqxqkvut.dll
C:\WINDOWS\system32\sraotqua.dll
C:\WINDOWS\system32\srnuvajc.dll
C:\WINDOWS\system32\ssvavcbt.dll
C:\WINDOWS\system32\stpexgxd.dll
C:\WINDOWS\system32\sufibwpk.dll
C:\WINDOWS\system32\svdlsijw.dll
C:\WINDOWS\system32\swsuxuum.dll
C:\WINDOWS\system32\swxrlayp.dll
C:\WINDOWS\system32\sxpwqrvw.dll
C:\WINDOWS\system32\sxyqqenw.dll
C:\WINDOWS\system32\taljwryv.dll
C:\WINDOWS\system32\taprngit.dll
C:\WINDOWS\system32\tbhvjkyp.dll
C:\WINDOWS\system32\tbwiknss.dll
C:\WINDOWS\system32\tcbuyfxj.dll
C:\WINDOWS\system32\tdfitmrr.dll
C:\WINDOWS\system32\teteudww.dll
C:\WINDOWS\system32\teyfvflp.dll
C:\WINDOWS\system32\tgwgrueg.dll
C:\WINDOWS\system32\thgwswrh.dll
C:\WINDOWS\system32\tivcbqxb.dll
C:\WINDOWS\system32\tixuwums.dll
C:\WINDOWS\system32\tjvbdtkp.dll
C:\WINDOWS\system32\tlkkfsca.dll
C:\WINDOWS\system32\tmbdsypx.dll
C:\WINDOWS\system32\tnkgvktn.dll
C:\WINDOWS\system32\tnoifcvf.dll
C:\WINDOWS\system32\todbleom.dll
C:\WINDOWS\system32\togawwpx.dll
C:\WINDOWS\system32\tqclwpga.dll
C:\WINDOWS\system32\tsuvkamb.dll
C:\WINDOWS\system32\ttocjbpr.dll
C:\WINDOWS\system32\tuekqucd.dll
C:\WINDOWS\system32\twjjsfrm.dll
C:\WINDOWS\system32\twjyjmyy.dll
C:\WINDOWS\system32\twmayotu.dll
C:\WINDOWS\system32\twmxabmu.dll
C:\WINDOWS\system32\twwyyccq.dll
C:\WINDOWS\system32\twybsxuu.dll
C:\WINDOWS\system32\uaqcafhk.dll
C:\WINDOWS\system32\ubpfmdkw.dll
C:\WINDOWS\system32\udchdjqx.dll
C:\WINDOWS\system32\uekevpsg.dll
C:\WINDOWS\system32\ugevykag.dll
C:\WINDOWS\system32\uhuthrsr.dll
C:\WINDOWS\system32\uibddwif.dll
C:\WINDOWS\system32\uibpmmlc.dll
C:\WINDOWS\system32\uigsemwd.dll
C:\WINDOWS\system32\ujhkxabl.dll
C:\WINDOWS\system32\ulssnuwh.dll
C:\WINDOWS\system32\umifsxoe.dll
C:\WINDOWS\system32\ummtgpeb.dll
C:\WINDOWS\system32\unswscrl.dll
C:\WINDOWS\system32\uompnufj.dll
C:\WINDOWS\system32\uouueagu.dll
C:\WINDOWS\system32\urtpyjnl.dll
C:\WINDOWS\system32\urtrepuy.dll
C:\WINDOWS\system32\usgbwfgn.dll
C:\WINDOWS\system32\utaavjvh.dll
C:\WINDOWS\system32\uthynfgs.dll
C:\WINDOWS\system32\utodvuev.dll
C:\WINDOWS\system32\uvppqavp.dll
C:\WINDOWS\system32\uvqrhwhp.dll
C:\WINDOWS\system32\uwftsmlj.dll
C:\WINDOWS\system32\uwiyhjmv.dll
C:\WINDOWS\system32\uwljtdrm.dll
C:\WINDOWS\system32\uwrneghw.dll
C:\WINDOWS\system32\vafoctam.dll
C:\WINDOWS\system32\vaihvhua.dll
C:\WINDOWS\system32\vbacuoaw.dll
C:\WINDOWS\system32\vbhvyiep.dll
C:\WINDOWS\system32\vbhwyjti.dll
C:\WINDOWS\system32\vdcdbbrw.dll
C:\WINDOWS\system32\veeplasn.dll
C:\WINDOWS\system32\version69ie7fix.dll
C:\WINDOWS\system32\vfogbwtx.dll
C:\WINDOWS\system32\vfumpmdt.dll
C:\WINDOWS\system32\vhbfmeyf.dll
C:\WINDOWS\system32\vhldhfei.dll
C:\WINDOWS\system32\vlflykmo.dll
C:\WINDOWS\system32\vnhtlvef.dll
C:\WINDOWS\system32\vobxfdyv.dll
C:\WINDOWS\system32\vpixojpi.dll
C:\WINDOWS\system32\vsyinbis.dll
C:\WINDOWS\system32\vvevbfxi.dll
C:\WINDOWS\system32\vvpkqijd.dll
C:\WINDOWS\system32\vvxueihn.dll
C:\WINDOWS\system32\vwjalpdx.dll
C:\WINDOWS\system32\vxoedaba.dll
C:\WINDOWS\system32\wapiisv.exe
C:\WINDOWS\system32\watoixea.dll
C:\WINDOWS\system32\waygnllj.dll
C:\WINDOWS\system32\wcmxqiyt.dll
C:\WINDOWS\system32\wdcbawxq.dll
C:\WINDOWS\system32\wekmutie.dll
C:\WINDOWS\system32\wfkqmglc.dll
C:\WINDOWS\system32\wfoannhw.dll
C:\WINDOWS\system32\whfrmufr.dll
C:\WINDOWS\system32\wjtftkag.dll
C:\WINDOWS\system32\wllurnbn.dll
C:\WINDOWS\system32\wlvrfivf.dll
C:\WINDOWS\system32\wrjqbjmr.dll
C:\WINDOWS\system32\wrmroqmc.dll
C:\WINDOWS\system32\wrnkbjqh.dll
C:\WINDOWS\system32\wrqrtybp.dll
C:\WINDOWS\system32\wtrinvfi.dll
C:\WINDOWS\system32\wulaxdrn.dll
C:\WINDOWS\system32\wuvnlqjl.dll
C:\WINDOWS\system32\wvjordtc.dll
C:\WINDOWS\system32\wwccoems.dll
C:\WINDOWS\system32\wxmervqb.dll
C:\WINDOWS\system32\wybcbdyb.dll
C:\WINDOWS\system32\xasorjmx.dll
C:\WINDOWS\system32\xbvlkxhp.dll
C:\WINDOWS\system32\xcupytly.dll
C:\WINDOWS\system32\xcvrvsvn.dll
C:\WINDOWS\system32\xcwnlrkd.dll
C:\WINDOWS\system32\xdfrlqae.dll
C:\WINDOWS\system32\xdmpeqgo.dll
C:\WINDOWS\system32\xdputhft.dll
C:\WINDOWS\system32\xeytbmnr.dll
C:\WINDOWS\system32\xgsqurqk.dll
C:\WINDOWS\system32\xhhokrvs.dll
C:\WINDOWS\system32\xhiejeyw.dll
C:\WINDOWS\system32\xhlebneg.dll
C:\WINDOWS\system32\xhqnepex.dll
C:\WINDOWS\system32\xjopvfos.dll
C:\WINDOWS\system32\xkromiko.dll
C:\WINDOWS\system32\xltduiiw.dll
C:\WINDOWS\system32\xmcrydlm.dll
C:\WINDOWS\system32\xmhurdhr.dll
C:\WINDOWS\system32\xnbpfptp.dll
C:\WINDOWS\system32\xnpwapxu.dll
C:\WINDOWS\system32\xnwxfvxv.dll
C:\WINDOWS\system32\xolwhauc.dll
C:\WINDOWS\system32\xqbfpimv.dll
C:\WINDOWS\system32\xtapqdet.dll
C:\WINDOWS\system32\xtptjhab.dll
C:\WINDOWS\system32\xuxkqepm.dll
C:\WINDOWS\system32\xwbfbfkw.dll
C:\WINDOWS\system32\xyhryrdp.dll
C:\WINDOWS\system32\xyoioikq.dll
C:\WINDOWS\system32\ybqomgyi.dll
C:\WINDOWS\system32\ybvmuscx.dll
C:\WINDOWS\system32\ycibnvpx.dll
C:\WINDOWS\system32\ycvepaub.dll
C:\WINDOWS\system32\ydmayrud.dll
C:\WINDOWS\system32\ydyhqbmx.dll
C:\WINDOWS\system32\yebvpgre.dll
C:\WINDOWS\system32\yedrbavo.dll
C:\WINDOWS\system32\yihffvwu.dll
C:\WINDOWS\system32\ykhldgyj.dll
C:\WINDOWS\system32\ykqlkjei.dll
C:\WINDOWS\system32\yksjlkwl.dll
C:\WINDOWS\system32\ylbrurqn.dll
C:\WINDOWS\system32\ylfehxir.dll
C:\WINDOWS\system32\ylwjenay.dll
C:\WINDOWS\system32\yncbpauy.dll
C:\WINDOWS\system32\ynwsdlcg.dll
C:\WINDOWS\system32\yoqwcens.dll
C:\WINDOWS\system32\ypobtbmy.dll
C:\WINDOWS\system32\yqdjmbts.dll
C:\WINDOWS\system32\yrcmivjc.dll
C:\WINDOWS\system32\ysgwyfwx.dll
C:\WINDOWS\system32\ysiasgfy.dll
C:\WINDOWS\system32\yvbcvupd.dll
C:\WINDOWS\system32\yvlkurbb.dll
Folder::
C:\Program Files\Ultimate Cleaner
C:\Program Files\E404 Helper
C:\Program Files\Common Files\??crosoft.NET
C:\Program Files\QdrPack
C:\WINDOWS\?ecurity
C:\WINDOWS\system32\S?mantec
 C:\Program Files\Common Files\??crosoft.NET
C:\Program Files\QdrModule
C:\Program Files\?ecurity
C:\Program Files\Common Files\??crosoft
C:\Program Files\Common Files\?ymantec
C:\Program Files\?icrosoft
C:\Program Files\S?mantec
DirLook::
C:\Program Files\Common Files\zmki
C:\Program Files\BFG
C:\Program Files\Dl_cats
C:\Program Files\ISM2
C:\Program Files\Temporary
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31b236f5-1db1-4b78-b559-152014d0c512}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D6EBFA7-67AB-49B2-B4E3-EDF8AC5018D5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD7B67CC-F528-A6D8-0C27-F79A84FC4CB4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Spoolsv "=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
 "NoControlPanel "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dllabl] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjh] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Note - Your internet connection will be terminated while ComboFix runs. Do Not attempt to re-enable it. Should ComboFix terminate prematurely, restart the computer to restore connectivity.

taylorwn · 2007/12/02

Hijack this and CFScript Log - part 1

noahdfear, here part of the CFScript Log, I will post the rest in a second post along with the HJT log.

ComboFix 07-12-02.7 - ADMIN 2007-12-02 20:13:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.194 [GMT -7:00]
Running from: C:\Documents and Settings\ADMIN\Desktop\ComboFix.exe
Command switches used :: E:\New Folder\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\spoolsv.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\system32\aaslsspb.dll
C:\WINDOWS\system32\abpsibuh.dll
C:\WINDOWS\system32\abvstrge.dll
C:\WINDOWS\system32\achrwwag.dll
C:\WINDOWS\system32\afleuvhm.dll
C:\WINDOWS\system32\agksjwhq.dll
C:\WINDOWS\system32\aitpbtbe.dll
C:\WINDOWS\system32\aiyqojan.dll
C:\WINDOWS\system32\ajqehoay.dll
C:\WINDOWS\system32\ajynmtva.dll
C:\WINDOWS\system32\albsveri.dll
C:\WINDOWS\system32\amsmwefe.dll
C:\WINDOWS\system32\aomnbrvg.dll
C:\WINDOWS\system32\aoroxwsa.dll
C:\WINDOWS\system32\aovmbhkx.dll
C:\WINDOWS\system32\apqnfqrj.dll
C:\WINDOWS\system32\aqapglbl.dll
C:\WINDOWS\system32\aqgdwlcr.dll
C:\WINDOWS\system32\ascbkidi.dll
C:\WINDOWS\system32\asryvqjl.dll
C:\WINDOWS\system32\atqjkwvv.dll
C:\WINDOWS\system32\auesffwf.dll
C:\WINDOWS\system32\avbshvyy.dll
C:\WINDOWS\system32\avocyecl.dll
C:\WINDOWS\system32\ayijwuuy.dll
C:\WINDOWS\system32\bddiwbfw.dll
C:\WINDOWS\system32\begafajs.dll
C:\WINDOWS\system32\bfvtasrv.dll
C:\WINDOWS\system32\bfyoxnuu.dll
C:\WINDOWS\system32\bhmhryae.dll
C:\WINDOWS\system32\bikrvkjc.dll
C:\WINDOWS\system32\biouhcmu.dll
C:\WINDOWS\system32\bitxxquv.dll
C:\WINDOWS\system32\bjkylltf.dll
C:\WINDOWS\system32\bnfexypf.dll
C:\WINDOWS\system32\bodmmanf.dll
C:\WINDOWS\system32\bqlaaspc.dll
C:\WINDOWS\system32\bquwnxug.dll
C:\WINDOWS\system32\bsrgwsbw.dll
C:\WINDOWS\system32\btpixlud.dll
C:\WINDOWS\system32\btuuekwu.dll
C:\WINDOWS\system32\btyxpqbg.dll
C:\WINDOWS\system32\bwidjrcm.dll
C:\WINDOWS\system32\bycndyag.dll
C:\WINDOWS\system32\ccxngqln.dll
C:\WINDOWS\system32\ccyqtgau.dll
C:\WINDOWS\system32\cdrydknw.dll
C:\WINDOWS\system32\cfuqqhki.dll
C:\WINDOWS\system32\cgyvcbod.dll
C:\WINDOWS\system32\chhcrwrn.dll
C:\WINDOWS\system32\chhmktji.dll
C:\WINDOWS\system32\chikpifu.dll
C:\WINDOWS\system32\cigdfwqe.dll
C:\WINDOWS\system32\ciip32.dll
C:\WINDOWS\system32\cmhlkvyc.dll
C:\WINDOWS\system32\cmkjguix.dll
C:\WINDOWS\system32\cmqrfrjr.dll
C:\WINDOWS\system32\cnuiuxgu.dll
C:\WINDOWS\system32\cpqtisgq.dll
C:\WINDOWS\system32\cqdbxhet.dll
C:\WINDOWS\system32\cqmsrboa.dll
C:\WINDOWS\system32\csdqhvka.dll
C:\WINDOWS\system32\csqppimh.dll
C:\WINDOWS\system32\ctupepod.dll
C:\WINDOWS\system32\cugjivqx.dll
C:\WINDOWS\system32\cviqpqky.dll
C:\WINDOWS\system32\cvoonugp.dll
C:\WINDOWS\system32\cvtgnjgu.dll
C:\WINDOWS\system32\cxmehwev.dll
C:\WINDOWS\system32\cxmgogci.dll
C:\WINDOWS\system32\cyvkgerr.dll
C:\WINDOWS\system32\dailuktn.dll
C:\WINDOWS\system32\dbtpacqa.dll
C:\WINDOWS\system32\dbutdose.dll
C:\WINDOWS\system32\dcfvlcnw.dll
C:\WINDOWS\system32\dcwgkgob.dll
C:\WINDOWS\system32\dfuylnqs.dll
C:\WINDOWS\system32\dhaxwyks.dll
C:\WINDOWS\system32\dhxrwstp.dll
C:\WINDOWS\system32\dihykjxy.dll
C:\WINDOWS\system32\dilvupws.dll
C:\WINDOWS\system32\dimkffss.dll
C:\WINDOWS\system32\dkgabbsg.dll
C:\WINDOWS\system32\dktenuuy.dll
C:\WINDOWS\system32\dlhcjqbo.dll
C:\WINDOWS\system32\dlsdodsb.dll
C:\WINDOWS\system32\dmbxkhpi.dll
C:\WINDOWS\system32\dmkyfjqn.dll
C:\WINDOWS\system32\dnmpctcv.dll
C:\WINDOWS\system32\dokqqcda.dll
C:\WINDOWS\system32\doqymvic.dll
C:\WINDOWS\system32\dotcyqqs.dll
C:\WINDOWS\system32\dpcsbekm.dll
C:\WINDOWS\system32\dpfdmnxq.dll
C:\WINDOWS\system32\dpsipain.dll
C:\WINDOWS\system32\dqridfus.dll
C:\WINDOWS\system32\drpnsvbt.dll
C:\WINDOWS\system32\dtsdbeds.dll
C:\WINDOWS\system32\dtulhokw.dll
C:\WINDOWS\system32\dujidehh.dll
C:\WINDOWS\system32\dwgyjoky.dll
C:\WINDOWS\system32\dwhihntl.dll
C:\WINDOWS\system32\dxmgciqy.dll
C:\WINDOWS\system32\eamjxkim.dll
C:\WINDOWS\system32\ecjcewvc.dll
C:\WINDOWS\system32\ecnsppgk.dll
C:\WINDOWS\system32\ecrejrdx.dll
C:\WINDOWS\system32\eeaoulef.dll
C:\WINDOWS\system32\efvsdxne.dll
C:\WINDOWS\system32\egcgmjlb.dll
C:\WINDOWS\system32\ehwrxnvq.dll
C:\WINDOWS\system32\eiwekkjs.dll
C:\WINDOWS\system32\eiydeqbk.dll
C:\WINDOWS\system32\ejdcaoca.dll
C:\WINDOWS\system32\ejumcnpo.dll
C:\WINDOWS\system32\elrjmixu.dll
C:\WINDOWS\system32\elvuocle.dll
C:\WINDOWS\system32\emoqnhfa.dll
C:\WINDOWS\system32\enmqncvh.dll
C:\WINDOWS\system32\enpeivme.dll
C:\WINDOWS\system32\eoeqayph.dll
C:\WINDOWS\system32\eoycskau.dll
C:\WINDOWS\system32\epnvkaet.dll
C:\WINDOWS\system32\epxvhhap.dll
C:\WINDOWS\system32\eslqwjlj.dll
C:\WINDOWS\system32\etmlpbmn.dll
C:\WINDOWS\system32\evpqbxjs.dll
C:\WINDOWS\system32\eydkoadu.dll
C:\WINDOWS\system32\fdkcwdvl.dll
C:\WINDOWS\system32\fdxutmkm.dll
C:\WINDOWS\system32\feeewrnh.dll
C:\WINDOWS\system32\fekiainx.dll
C:\WINDOWS\system32\fkvgbqmu.dll
C:\WINDOWS\system32\flgeaaff.dll
C:\WINDOWS\system32\flyonuuq.dll
C:\WINDOWS\system32\fmslddos.dll
C:\WINDOWS\system32\fmxulovv.dll
C:\WINDOWS\system32\fnbbstvt.dll
C:\WINDOWS\system32\fndputnk.dll
C:\WINDOWS\system32\fovcwuje.dll
C:\WINDOWS\system32\fpctgdfh.dll
C:\WINDOWS\system32\fpjpwswa.dll
C:\WINDOWS\system32\fqtdquve.dll
C:\WINDOWS\system32\freqntys.dll
C:\WINDOWS\system32\ftffgpnb.dll
C:\WINDOWS\system32\ftxohdmg.dll
C:\WINDOWS\system32\fvxmrvcf.dll
C:\WINDOWS\system32\fvxvhnud.dll
C:\WINDOWS\system32\fwcehbnx.dll
C:\WINDOWS\system32\fwisylgp.dll
C:\WINDOWS\system32\fxfovbnj.dll
C:\WINDOWS\system32\fxkewfir.dll
C:\WINDOWS\system32\gboxympu.dll
C:\WINDOWS\system32\gbpuwaoe.dll
C:\WINDOWS\system32\gcjmsfrr.dll
C:\WINDOWS\system32\gfjaannb.dll
C:\WINDOWS\system32\ggektcue.dll
C:\WINDOWS\system32\ggpsrndm.dll
C:\WINDOWS\system32\ghemcxsk.dll
C:\WINDOWS\system32\ghkkxxtf.dll
C:\WINDOWS\system32\gifyjbsn.dll
C:\WINDOWS\system32\gkjdxeya.dll
C:\WINDOWS\system32\gkncsyor.dll
C:\WINDOWS\system32\gkxhebnw.dll
C:\WINDOWS\system32\glbdwoue.dll
C:\WINDOWS\system32\gmrmiegy.dll
C:\WINDOWS\system32\gnpfttjx.dll
C:\WINDOWS\system32\goneyhpq.dll
C:\WINDOWS\system32\goolvbrd.dll
C:\WINDOWS\system32\gpxxdala.dll
C:\WINDOWS\system32\gqbnthld.dll
C:\WINDOWS\system32\grrigqqa.dll
C:\WINDOWS\system32\grtsmqtv.dll
C:\WINDOWS\system32\gthoacnu.dll
C:\WINDOWS\system32\gtuxdjbg.dll
C:\WINDOWS\system32\gwjbeaqs.dll
C:\WINDOWS\system32\gwrxvatp.dll
C:\WINDOWS\system32\gyrvajru.dll
C:\WINDOWS\system32\haeclxts.dll
C:\WINDOWS\system32\hanvwfxw.dll
C:\WINDOWS\system32\hbirgyky.dll
C:\WINDOWS\system32\hbsjilme.dll
C:\WINDOWS\system32\hcrwoduw.dll
C:\WINDOWS\system32\hfihhmff.dll
C:\WINDOWS\system32\hhqqlutj.dll
C:\WINDOWS\system32\hifhdxxy.dll
C:\WINDOWS\system32\hiqqyxum.dll
C:\WINDOWS\system32\hjcwsssh.dll
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjmqhqqe.dll
C:\WINDOWS\system32\hkxlxvwn.dll
C:\WINDOWS\system32\hmtctoki.dll
C:\WINDOWS\system32\hnsluhsb.dll
C:\WINDOWS\system32\hnwkembn.dll
C:\WINDOWS\system32\howucbyj.dll
C:\WINDOWS\system32\hpfwwdtu.dll
C:\WINDOWS\system32\hpleapdi.dll
C:\WINDOWS\system32\hqcmjfgk.dll
C:\WINDOWS\system32\hthyjndi.dll
C:\WINDOWS\system32\htuoidkb.dll
C:\WINDOWS\system32\hueljmog.dll
C:\WINDOWS\system32\husanwcx.dll
C:\WINDOWS\system32\huyhhldd.dll
C:\WINDOWS\system32\hvdrhsrr.dll
C:\WINDOWS\system32\hvsaatiq.dll
C:\WINDOWS\system32\hwclnvkn.dll
C:\WINDOWS\system32\hwxundsj.dll
C:\WINDOWS\system32\hxbcqmfv.dll
C:\WINDOWS\system32\ibemjidr.dll
C:\WINDOWS\system32\ibyairbd.dll
C:\WINDOWS\system32\idhgftlu.dll
C:\WINDOWS\system32\ifnbfdwf.dll
C:\WINDOWS\system32\igogsslw.dll
C:\WINDOWS\system32\iguosqmh.dll
C:\WINDOWS\system32\ihghfqrh.dll
C:\WINDOWS\system32\iicajajh.dll
C:\WINDOWS\system32\ikkjnhbc.dll
C:\WINDOWS\system32\imubkrwv.dll
C:\WINDOWS\system32\inqxjcre.dll
C:\WINDOWS\system32\iocpnkyq.dll
C:\WINDOWS\system32\iowgmvlb.dll
C:\WINDOWS\system32\iqvrumsd.dll
C:\WINDOWS\system32\irprwenv.dll
C:\WINDOWS\system32\irsfwlrp.dll
C:\WINDOWS\system32\itobetwf.dll
C:\WINDOWS\system32\ivcvbiro.dll
C:\WINDOWS\system32\iveijftm.dll
C:\WINDOWS\system32\ivxuwaqa.dll
C:\WINDOWS\system32\iwtjwstm.dll
C:\WINDOWS\system32\jadhteoa.dll
C:\WINDOWS\system32\jbbiwpsk.dll
C:\WINDOWS\system32\jbttiocv.dll
C:\WINDOWS\system32\jcjfawxp.dll
C:\WINDOWS\system32\jefdkkgl.dll
C:\WINDOWS\system32\jenqwbad.dll
C:\WINDOWS\system32\jexqpovu.dll
C:\WINDOWS\system32\jfqdbojx.dll
C:\WINDOWS\system32\jhjqrcgb.dll
C:\WINDOWS\system32\jifhmwuo.dll
C:\WINDOWS\system32\jjbcoksy.dll
C:\WINDOWS\system32\jjnbfeov.dll
C:\WINDOWS\system32\jjulbobl.dll
C:\WINDOWS\system32\jlpnenke.dll
C:\WINDOWS\system32\joansyom.dll
C:\WINDOWS\system32\jolmcrix.dll
C:\WINDOWS\system32\joxupgak.dll
C:\WINDOWS\system32\jpakrnix.dll
C:\WINDOWS\system32\jrdgxeet.dll
C:\WINDOWS\system32\jseukkmq.dll
C:\WINDOWS\system32\jslykffj.dll
C:\WINDOWS\system32\jtmqhllh.dll
C:\WINDOWS\system32\jujaqcvu.dll
C:\WINDOWS\system32\jvluradf.dll
C:\WINDOWS\system32\jwpaynmx.dll
C:\WINDOWS\system32\kakpropi.dll
C:\WINDOWS\system32\kbdeocxa.dll
C:\WINDOWS\system32\kbmjxptf.dll
C:\WINDOWS\system32\kdlfgyex.dll
C:\WINDOWS\system32\keaaghpq.dll
C:\WINDOWS\system32\kevvggid.dll
C:\WINDOWS\system32\kewuhncl.dll
C:\WINDOWS\system32\kfjymsng.dll
C:\WINDOWS\system32\kfyxhitc.dll
C:\WINDOWS\system32\kgpfntey.dll
C:\WINDOWS\system32\kgtkipud.dll
C:\WINDOWS\system32\kjleercf.dll
C:\WINDOWS\system32\kkpvanqx.dll
C:\WINDOWS\system32\klxcyegc.dll
C:\WINDOWS\system32\kpvtpwoy.dll
C:\WINDOWS\system32\kqerhsko.dll
C:\WINDOWS\system32\kqvmxfrx.dll
C:\WINDOWS\system32\kvtoorjh.dll
C:\WINDOWS\system32\kvuhkubs.dll
C:\WINDOWS\system32\kwofyaik.dll
C:\WINDOWS\system32\kxcksvjn.dll
C:\WINDOWS\system32\kxmrbdjc.dll
C:\WINDOWS\system32\kyjiyxgd.dll
C:\WINDOWS\system32\latukswl.dll
C:\WINDOWS\system32\lbfywgqt.dll
C:\WINDOWS\system32\lcjcvkwb.dll
C:\WINDOWS\system32\lcoycrsn.dll
C:\WINDOWS\system32\ldvwytlb.dll
C:\WINDOWS\system32\letgvnts.dll
C:\WINDOWS\system32\ljlfbtqk.dll
C:\WINDOWS\system32\ljrvagqc.dll
C:\WINDOWS\system32\ljttmfir.dll
C:\WINDOWS\system32\lkonrefe.dll
C:\WINDOWS\system32\lmutfwld.dll
C:\WINDOWS\system32\lmxiugyj.dll
C:\WINDOWS\system32\lnojhcfp.dll
C:\WINDOWS\system32\lpjwkhqk.dll
C:\WINDOWS\system32\lppmqyfi.dll
C:\WINDOWS\system32\lqknoabd.dll
C:\WINDOWS\system32\lrdsdxbc.dll
C:\WINDOWS\system32\lrjuvenh.dll
C:\WINDOWS\system32\lutphaio.dll
C:\WINDOWS\system32\lvafimtd.dll
C:\WINDOWS\system32\lvwnfkau.dll
C:\WINDOWS\system32\lxefqdye.dll
C:\WINDOWS\system32\lxyocbna.dll
C:\WINDOWS\system32\lynvmmtd.dll
C:\WINDOWS\system32\lyormpov.dll
C:\WINDOWS\system32\mbhogewt.dll
C:\WINDOWS\system32\mbtueeym.dll
C:\WINDOWS\system32\mbvsbjrf.dll
C:\WINDOWS\system32\mcoovglt.dll
C:\WINDOWS\system32\mdycimus.dll
C:\WINDOWS\system32\meetannm.dll
C:\WINDOWS\system32\mgnhlwkh.dll
C:\WINDOWS\system32\mihxplri.dll
C:\WINDOWS\system32\milhrcwi.dll
C:\WINDOWS\system32\mjhhbrak.dll
C:\WINDOWS\system32\mkbvvwuy.dll
C:\WINDOWS\system32\mkqlytib.dll
C:\WINDOWS\system32\mldwultm.dll
C:\WINDOWS\system32\mlidcrwy.dll
C:\WINDOWS\system32\mmehxioy.dll
C:\WINDOWS\system32\mmkowvjr.dll
C:\WINDOWS\system32\mnheikhn.dll
C:\WINDOWS\system32\moesdnps.dll
C:\WINDOWS\system32\mofaa.dll
C:\WINDOWS\system32\mosmlkxo.dll
C:\WINDOWS\system32\mphcpgvq.dll
C:\WINDOWS\system32\mqljxfvp.dll
C:\WINDOWS\system32\mqvnnefw.dll
C:\WINDOWS\system32\msehcytp.dll
C:\WINDOWS\system32\muhdbrru.dll
C:\WINDOWS\system32\mvukusuk.dll
C:\WINDOWS\system32\mwbmifik.dll
C:\WINDOWS\system32\mwhimobd.dll
C:\WINDOWS\system32\mxqtvqps.dll
C:\WINDOWS\system32\mxtkrwbb.dll
C:\WINDOWS\system32\mxumnolu.dll
C:\WINDOWS\system32\myhfpbid.dll
C:\WINDOWS\system32\myhnkaqw.dll
C:\WINDOWS\system32\myhopyyd.dll
C:\WINDOWS\system32\myvvivax.dll
C:\WINDOWS\system32\naqievhj.dll
C:\WINDOWS\system32\nbbmvskm.dll
C:\WINDOWS\system32\ndorvyod.dll
C:\WINDOWS\system32\ndrqvpqm.dll
C:\WINDOWS\system32\ndtdxppn.dll
C:\WINDOWS\system32\ngconbwq.dll
C:\WINDOWS\system32\nhdxctim.dll
C:\WINDOWS\system32\nhvfxavx.dll
C:\WINDOWS\system32\niutghdj.dll
C:\WINDOWS\system32\njjyfxep.dll
C:\WINDOWS\system32\njpwwnpg.dll
C:\WINDOWS\system32\njytklwx.dll
C:\WINDOWS\system32\nkuyoogr.dll
C:\WINDOWS\system32\nladwbej.dll
C:\WINDOWS\system32\nlrebear.dll
C:\WINDOWS\system32\nnqrvjtr.dll
C:\WINDOWS\system32\nqfkxbie.dll
C:\WINDOWS\system32\nqlcttpi.dll
C:\WINDOWS\system32\nrkutpso.dll
C:\WINDOWS\system32\ntjuruhd.dll
C:\WINDOWS\system32\nuthjfnf.dll
C:\WINDOWS\system32\nvpjwwvb.dll
C:\WINDOWS\system32\nvskkfol.dll
C:\WINDOWS\system32\nwimtvcq.dll
C:\WINDOWS\system32\nxthvhka.dll
C:\WINDOWS\system32\nyqmknfd.dll
C:\WINDOWS\system32\nytipyxr.dll
C:\WINDOWS\system32\oalxbtbp.dll
C:\WINDOWS\system32\ocpauthl.dll
C:\WINDOWS\system32\oemcrsvc.dll
C:\WINDOWS\system32\oeqbcyjx.dll
C:\WINDOWS\system32\ofskbbui.dll
C:\WINDOWS\system32\ogfvgxqw.dll
C:\WINDOWS\system32\oifswgdq.dll
C:\WINDOWS\system32\ojkvgtpg.dll
C:\WINDOWS\system32\omkmedxj.dll
C:\WINDOWS\system32\onfvooyi.dll
C:\WINDOWS\system32\oohovhep.dll
C:\WINDOWS\system32\ounbount.dll
C:\WINDOWS\system32\oxupdsja.dll
C:\WINDOWS\system32\oyfmsuec.dll
C:\WINDOWS\system32\pabqlujy.dll
C:\WINDOWS\system32\pacmpetm.dll
C:\WINDOWS\system32\pcdksgav.dll
C:\WINDOWS\system32\pelpsakl.dll
C:\WINDOWS\system32\pevpilll.dll
C:\WINDOWS\system32\pfsmnxdj.dll
C:\WINDOWS\system32\pgeygrlc.dll
C:\WINDOWS\system32\pirxmras.dll
C:\WINDOWS\system32\pjujjmai.dll
C:\WINDOWS\system32\pmgjaayf.dll
C:\WINDOWS\system32\pnewatkg.dll
C:\WINDOWS\system32\pnsvaldt.dll
C:\WINDOWS\system32\poexmthd.dll
C:\WINDOWS\system32\poicexxe.dll
C:\WINDOWS\system32\pomjenyt.dll
C:\WINDOWS\system32\porvlwlw.dll
C:\WINDOWS\system32\ppkshdls.dll
C:\WINDOWS\system32\pqxlokgt.dll
C:\WINDOWS\system32\ptysrjws.dll
C:\WINDOWS\system32\pvnrxbxa.dll
C:\WINDOWS\system32\pwgfocni.dll
C:\WINDOWS\system32\pxtvesxc.dll
C:\WINDOWS\system32\pxuosduh.dll
C:\WINDOWS\system32\qafjamsj.dll
C:\WINDOWS\system32\qaqonmqs.dll
C:\WINDOWS\system32\qedwpueh.dll
C:\WINDOWS\system32\qembjkfq.dll
C:\WINDOWS\system32\qhiiudri.dll
C:\WINDOWS\system32\qhtteygr.dll
C:\WINDOWS\system32\qknbbsfl.dll
C:\WINDOWS\system32\qkppsebd.dll
C:\WINDOWS\system32\qndopjjm.dll
C:\WINDOWS\system32\qnnjuuyc.dll
C:\WINDOWS\system32\qrpqxinj.dll
C:\WINDOWS\system32\qtfayvmd.dll
C:\WINDOWS\system32\qtwptnwp.dll
C:\WINDOWS\system32\qtxhstvo.dll
C:\WINDOWS\system32\qucayjri.dll
C:\WINDOWS\system32\qugslpoj.dll
C:\WINDOWS\system32\qvrdtlcs.dll
C:\WINDOWS\system32\qvrqvnjp.dll
C:\WINDOWS\system32\qydvyctq.dll
C:\WINDOWS\system32\qyqhggmt.dll
C:\WINDOWS\system32\rbqodbsb.dll
C:\WINDOWS\system32\rbtledme.dll
C:\WINDOWS\system32\rbxalfsb.dll
C:\WINDOWS\system32\rdbllktv.dll
C:\WINDOWS\system32\rdojiyhb.dll
C:\WINDOWS\system32\rfglojgy.dll
C:\WINDOWS\system32\rgbyjujl.dll
C:\WINDOWS\system32\rhvhlwjy.dll
C:\WINDOWS\system32\rihxjorh.dll
C:\WINDOWS\system32\ritgvagd.dll
C:\WINDOWS\system32\riyydegh.dll
C:\WINDOWS\system32\rjwfohhy.dll
C:\WINDOWS\system32\rjxcwawc.dll
C:\WINDOWS\system32\rkehisyq.dll
C:\WINDOWS\system32\rmhufvne.dll
C:\WINDOWS\system32\rnattiwn.dll
C:\WINDOWS\system32\rnwgykdq.dll
C:\WINDOWS\system32\ropiwdvq.dll
C:\WINDOWS\system32\rpmpfjuy.dll
C:\WINDOWS\system32\rpqrvtgr.dll
C:\WINDOWS\system32\rrryqtkp.dll
C:\WINDOWS\system32\rtfhgnje.dll
C:\WINDOWS\system32\rubdwmae.dll
C:\WINDOWS\system32\ruysferj.dll
C:\WINDOWS\system32\rvuvgkvy.dll
C:\WINDOWS\system32\rwlcyuhu.dll
C:\WINDOWS\system32\rxxmunno.dll
C:\WINDOWS\system32\sdloqfjw.dll
C:\WINDOWS\system32\sdqpkiop.dll
C:\WINDOWS\system32\semgocdk.dll
C:\WINDOWS\system32\sffbqthj.dll
C:\WINDOWS\system32\sfsegavt.dll
C:\WINDOWS\system32\sgkkyhxn.dll
C:\WINDOWS\system32\shimdgto.dll
C:\WINDOWS\system32\shjlmqco.dll
C:\WINDOWS\system32\simdgxph.dll
C:\WINDOWS\system32\sjhuwgre.dll
C:\WINDOWS\system32\sjspfqqg.dll
C:\WINDOWS\system32\sjtbiusf.dll
C:\WINDOWS\system32\slclctjh.dll
C:\WINDOWS\system32\smijlxem.dll
C:\WINDOWS\system32\smscnyxw.dll
C:\WINDOWS\system32\sngaarxn.dll
C:\WINDOWS\system32\soatkhxq.dll
C:\WINDOWS\system32\sogrqliq.dll
C:\WINDOWS\system32\sokakryr.dll
C:\WINDOWS\system32\soqxyanu.dll
C:\WINDOWS\system32\sqkxgoqs.dll
C:\WINDOWS\system32\sqmuwnru.dll
C:\WINDOWS\system32\sqxqkvut.dll
C:\WINDOWS\system32\sraotqua.dll
C:\WINDOWS\system32\srnuvajc.dll
C:\WINDOWS\system32\ssvavcbt.dll
C:\WINDOWS\system32\stpexgxd.dll
C:\WINDOWS\system32\sufibwpk.dll
C:\WINDOWS\system32\svdlsijw.dll
C:\WINDOWS\system32\swsuxuum.dll
C:\WINDOWS\system32\swxrlayp.dll
C:\WINDOWS\system32\sxpwqrvw.dll
C:\WINDOWS\system32\sxyqqenw.dll
C:\WINDOWS\system32\taljwryv.dll
C:\WINDOWS\system32\taprngit.dll
C:\WINDOWS\system32\tbhvjkyp.dll
C:\WINDOWS\system32\tbwiknss.dll
C:\WINDOWS\system32\tcbuyfxj.dll
C:\WINDOWS\system32\tdfitmrr.dll
C:\WINDOWS\system32\teteudww.dll
C:\WINDOWS\system32\teyfvflp.dll
C:\WINDOWS\system32\tgwgrueg.dll
C:\WINDOWS\system32\thgwswrh.dll
C:\WINDOWS\system32\tivcbqxb.dll
C:\WINDOWS\system32\tixuwums.dll
C:\WINDOWS\system32\tjvbdtkp.dll
C:\WINDOWS\system32\tlkkfsca.dll
C:\WINDOWS\system32\tmbdsypx.dll
C:\WINDOWS\system32\tnkgvktn.dll
C:\WINDOWS\system32\tnoifcvf.dll
C:\WINDOWS\system32\todbleom.dll
C:\WINDOWS\system32\togawwpx.dll
C:\WINDOWS\system32\tqclwpga.dll
C:\WINDOWS\system32\tsuvkamb.dll
C:\WINDOWS\system32\ttocjbpr.dll
C:\WINDOWS\system32\tuekqucd.dll
C:\WINDOWS\system32\twjjsfrm.dll
C:\WINDOWS\system32\twjyjmyy.dll
C:\WINDOWS\system32\twmayotu.dll
C:\WINDOWS\system32\twmxabmu.dll
C:\WINDOWS\system32\twwyyccq.dll
C:\WINDOWS\system32\twybsxuu.dll
C:\WINDOWS\system32\uaqcafhk.dll
C:\WINDOWS\system32\ubpfmdkw.dll
C:\WINDOWS\system32\udchdjqx.dll
C:\WINDOWS\system32\uekevpsg.dll
C:\WINDOWS\system32\ugevykag.dll
C:\WINDOWS\system32\uhuthrsr.dll
C:\WINDOWS\system32\uibddwif.dll
C:\WINDOWS\system32\uibpmmlc.dll
C:\WINDOWS\system32\uigsemwd.dll
C:\WINDOWS\system32\ujhkxabl.dll
C:\WINDOWS\system32\ulssnuwh.dll
C:\WINDOWS\system32\umifsxoe.dll
C:\WINDOWS\system32\ummtgpeb.dll
C:\WINDOWS\system32\unswscrl.dll
C:\WINDOWS\system32\uompnufj.dll
C:\WINDOWS\system32\uouueagu.dll
C:\WINDOWS\system32\urtpyjnl.dll
C:\WINDOWS\system32\urtrepuy.dll
C:\WINDOWS\system32\usgbwfgn.dll
C:\WINDOWS\system32\utaavjvh.dll
C:\WINDOWS\system32\uthynfgs.dll
C:\WINDOWS\system32\utodvuev.dll
C:\WINDOWS\system32\uvppqavp.dll
C:\WINDOWS\system32\uvqrhwhp.dll
C:\WINDOWS\system32\uwftsmlj.dll
C:\WINDOWS\system32\uwiyhjmv.dll
C:\WINDOWS\system32\uwljtdrm.dll
C:\WINDOWS\system32\uwrneghw.dll
C:\WINDOWS\system32\vafoctam.dll
C:\WINDOWS\system32\vaihvhua.dll
C:\WINDOWS\system32\vbacuoaw.dll
C:\WINDOWS\system32\vbhvyiep.dll
C:\WINDOWS\system32\vbhwyjti.dll
C:\WINDOWS\system32\vdcdbbrw.dll
C:\WINDOWS\system32\veeplasn.dll
C:\WINDOWS\system32\version69ie7fix.dll
C:\WINDOWS\system32\vfogbwtx.dll
C:\WINDOWS\system32\vfumpmdt.dll
C:\WINDOWS\system32\vhbfmeyf.dll
C:\WINDOWS\system32\vhldhfei.dll
C:\WINDOWS\system32\vlflykmo.dll
C:\WINDOWS\system32\vnhtlvef.dll
C:\WINDOWS\system32\vobxfdyv.dll
C:\WINDOWS\system32\vpixojpi.dll
C:\WINDOWS\system32\vsyinbis.dll
C:\WINDOWS\system32\vvevbfxi.dll
C:\WINDOWS\system32\vvpkqijd.dll
C:\WINDOWS\system32\vvxueihn.dll
C:\WINDOWS\system32\vwjalpdx.dll
C:\WINDOWS\system32\vxoedaba.dll
C:\WINDOWS\system32\wapiisv.exe
C:\WINDOWS\system32\watoixea.dll
C:\WINDOWS\system32\waygnllj.dll
C:\WINDOWS\system32\wcmxqiyt.dll
C:\WINDOWS\system32\wdcbawxq.dll
C:\WINDOWS\system32\wekmutie.dll
C:\WINDOWS\system32\wfkqmglc.dll
C:\WINDOWS\system32\wfoannhw.dll
C:\WINDOWS\system32\whfrmufr.dll
C:\WINDOWS\system32\wjtftkag.dll
C:\WINDOWS\system32\wllurnbn.dll
C:\WINDOWS\system32\wlvrfivf.dll
C:\WINDOWS\system32\wrjqbjmr.dll
C:\WINDOWS\system32\wrmroqmc.dll
C:\WINDOWS\system32\wrnkbjqh.dll
C:\WINDOWS\system32\wrqrtybp.dll
C:\WINDOWS\system32\wtrinvfi.dll
C:\WINDOWS\system32\wulaxdrn.dll
C:\WINDOWS\system32\wuvnlqjl.dll
C:\WINDOWS\system32\wvjordtc.dll
C:\WINDOWS\system32\wwccoems.dll
C:\WINDOWS\system32\wxmervqb.dll
C:\WINDOWS\system32\wybcbdyb.dll
C:\WINDOWS\system32\xasorjmx.dll
C:\WINDOWS\system32\xbvlkxhp.dll
C:\WINDOWS\system32\xcupytly.dll
C:\WINDOWS\system32\xcvrvsvn.dll
C:\WINDOWS\system32\xcwnlrkd.dll
C:\WINDOWS\system32\xdfrlqae.dll
C:\WINDOWS\system32\xdmpeqgo.dll
C:\WINDOWS\system32\xdputhft.dll
C:\WINDOWS\system32\xeytbmnr.dll
C:\WINDOWS\system32\xgsqurqk.dll
C:\WINDOWS\system32\xhhokrvs.dll
C:\WINDOWS\system32\xhiejeyw.dll
C:\WINDOWS\system32\xhlebneg.dll
C:\WINDOWS\system32\xhqnepex.dll
C:\WINDOWS\system32\xjopvfos.dll
C:\WINDOWS\system32\xkromiko.dll
C:\WINDOWS\system32\xltduiiw.dll
C:\WINDOWS\system32\xmcrydlm.dll
C:\WINDOWS\system32\xmhurdhr.dll
C:\WINDOWS\system32\xnbpfptp.dll
C:\WINDOWS\system32\xnpwapxu.dll
C:\WINDOWS\system32\xnwxfvxv.dll
C:\WINDOWS\system32\xolwhauc.dll
C:\WINDOWS\system32\xqbfpimv.dll
C:\WINDOWS\system32\xtapqdet.dll
C:\WINDOWS\system32\xtptjhab.dll
C:\WINDOWS\system32\xuxkqepm.dll
C:\WINDOWS\system32\xwbfbfkw.dll
C:\WINDOWS\system32\xyhryrdp.dll
C:\WINDOWS\system32\xyoioikq.dll
C:\WINDOWS\system32\ybqomgyi.dll
C:\WINDOWS\system32\ybvmuscx.dll
C:\WINDOWS\system32\ycibnvpx.dll
C:\WINDOWS\system32\ycvepaub.dll
C:\WINDOWS\system32\ydmayrud.dll
C:\WINDOWS\system32\ydyhqbmx.dll
C:\WINDOWS\system32\yebvpgre.dll
C:\WINDOWS\system32\yedrbavo.dll
C:\WINDOWS\system32\yihffvwu.dll
C:\WINDOWS\system32\ykhldgyj.dll
C:\WINDOWS\system32\ykqlkjei.dll
C:\WINDOWS\system32\yksjlkwl.dll
C:\WINDOWS\system32\ylbrurqn.dll
C:\WINDOWS\system32\ylfehxir.dll
C:\WINDOWS\system32\ylwjenay.dll
C:\WINDOWS\system32\yncbpauy.dll
C:\WINDOWS\system32\ynwsdlcg.dll
C:\WINDOWS\system32\yoqwcens.dll
C:\WINDOWS\system32\ypobtbmy.dll
C:\WINDOWS\system32\yqdjmbts.dll
C:\WINDOWS\system32\yrcmivjc.dll
C:\WINDOWS\system32\ysgwyfwx.dll
C:\WINDOWS\system32\ysiasgfy.dll
C:\WINDOWS\system32\yvbcvupd.dll
C:\WINDOWS\system32\yvlkurbb.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\dj\Application Data\DriveCleaner Freeware
C:\Documents and Settings\dj\Application Data\DriveCleaner Freeware\Logs\update.log
C:\Documents and Settings\dj\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\dj\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\dj\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\dj\err.log
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\trey\Application Data\DriveCleaner Freeware
C:\Documents and Settings\trey\Application Data\DriveCleaner Freeware\Logs\update.log
C:\Documents and Settings\trey\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\trey\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\trey\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\trey\err.log
C:\Documents and Settings\trey\Start Menu\Programs\Startup\findfast.exe
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\ymante~1
C:\Program Files\E404 Helper
C:\Program Files\E404 Helper\e404.v6.dll
C:\Program Files\ecurit~1
C:\Program Files\icroso~1
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\hydramedupd.exe
C:\Program Files\ISM2\ISMPack5.exe
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\ISMPack8.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kupd.exe
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule9.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack9.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\smante~1
C:\Program Files\spoolsv.exe
C:\Program Files\Temporary
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b111.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\ecurit~1
C:\WINDOWS\invupd.exe
C:\WINDOWS\racle~1
C:\WINDOWS\system32\aaslsspb.dll
C:\WINDOWS\system32\abpsibuh.dll
C:\WINDOWS\system32\abvstrge.dll
C:\WINDOWS\system32\achrwwag.dll
C:\WINDOWS\system32\adcqqkod.ini
C:\WINDOWS\system32\afleuvhm.dll
C:\WINDOWS\system32\agksjwhq.dll
C:\WINDOWS\system32\aitpbtbe.dll
C:\WINDOWS\system32\aiyqojan.dll
C:\WINDOWS\system32\ajqehoay.dll
C:\WINDOWS\system32\ajynmtva.dll
C:\WINDOWS\system32\albsveri.dll
C:\WINDOWS\system32\amsmwefe.dll
C:\WINDOWS\system32\aomnbrvg.dll
C:\WINDOWS\system32\aoroxwsa.dll
C:\WINDOWS\system32\aovmbhkx.dll
C:\WINDOWS\system32\apqnfqrj.dll
C:\WINDOWS\system32\aqapglbl.dll
C:\WINDOWS\system32\aqgdwlcr.dll
C:\WINDOWS\system32\aqqgirrg.ini
C:\WINDOWS\system32\ascbkidi.dll
C:\WINDOWS\system32\asryvqjl.dll
C:\WINDOWS\system32\atqjkwvv.dll
C:\WINDOWS\system32\auesffwf.dll
C:\WINDOWS\system32\auqtoars.ini
C:\WINDOWS\system32\avbshvyy.dll
C:\WINDOWS\system32\avocyecl.dll
C:\WINDOWS\system32\ayijwuuy.dll
C:\WINDOWS\system32\bbruklvy.ini
C:\WINDOWS\system32\bddiwbfw.dll
C:\WINDOWS\system32\begafajs.dll
C:\WINDOWS\system32\bfvtasrv.dll
C:\WINDOWS\system32\bfyoxnuu.dll
C:\WINDOWS\system32\bgcrqjhj.ini
C:\WINDOWS\system32\bhmhryae.dll
C:\WINDOWS\system32\bikrvkjc.dll
C:\WINDOWS\system32\biouhcmu.dll
C:\WINDOWS\system32\bitxxquv.dll
C:\WINDOWS\system32\bjkylltf.dll
C:\WINDOWS\system32\blvmgwoi.ini
C:\WINDOWS\system32\bnfexypf.dll
C:\WINDOWS\system32\bodmmanf.dll
C:\WINDOWS\system32\bqlaaspc.dll
C:\WINDOWS\system32\bquwnxug.dll
C:\WINDOWS\system32\bsrgwsbw.dll
C:\WINDOWS\system32\btpixlud.dll
C:\WINDOWS\system32\btuuekwu.dll
C:\WINDOWS\system32\btyxpqbg.dll
C:\WINDOWS\system32\bwidjrcm.dll
C:\WINDOWS\system32\bycndyag.dll
C:\WINDOWS\system32\ccxngqln.dll
C:\WINDOWS\system32\ccyqtgau.dll
C:\WINDOWS\system32\cdrydknw.dll
C:\WINDOWS\system32\cfuqqhki.dll
C:\WINDOWS\system32\cgyvcbod.dll
C:\WINDOWS\system32\chhcrwrn.dll
C:\WINDOWS\system32\chhmktji.dll
C:\WINDOWS\system32\chikpifu.dll
C:\WINDOWS\system32\cigdfwqe.dll
C:\WINDOWS\system32\ciip32.dll
C:\WINDOWS\system32\cjdbrmxk.ini
C:\WINDOWS\system32\cmhlkvyc.dll
C:\WINDOWS\system32\cmkjguix.dll
C:\WINDOWS\system32\cmqrfrjr.dll
C:\WINDOWS\system32\cnuiuxgu.dll
C:\WINDOWS\system32\cpqtisgq.dll
C:\WINDOWS\system32\cqdbxhet.dll
C:\WINDOWS\system32\cqmsrboa.dll
C:\WINDOWS\system32\csdqhvka.dll
C:\WINDOWS\system32\csqppimh.dll
C:\WINDOWS\system32\ctdrojvw.ini
C:\WINDOWS\system32\ctupepod.dll
C:\WINDOWS\system32\cuahwlox.ini
C:\WINDOWS\system32\cugjivqx.dll
C:\WINDOWS\system32\cviqpqky.dll
C:\WINDOWS\system32\cvoonugp.dll
C:\WINDOWS\system32\cvtgnjgu.dll
C:\WINDOWS\system32\cxmehwev.dll
C:\WINDOWS\system32\cxmgogci.dll
C:\WINDOWS\system32\cyvkgerr.dll
C:\WINDOWS\system32\dailuktn.dll
C:\WINDOWS\system32\dbtpacqa.dll
C:\WINDOWS\system32\dbutdose.dll
C:\WINDOWS\system32\dcfvlcnw.dll
C:\WINDOWS\system32\dcwgkgob.dll
C:\WINDOWS\system32\dfnkmqyn.ini
C:\WINDOWS\system32\dfuylnqs.dll
C:\WINDOWS\system32\dhaxwyks.dll
C:\WINDOWS\system32\dhtmxeop.ini
C:\WINDOWS\system32\dhxrwstp.dll
C:\WINDOWS\system32\dihykjxy.dll
C:\WINDOWS\system32\dilvupws.dll
C:\WINDOWS\system32\dimkffss.dll
C:\WINDOWS\system32\dkgabbsg.dll
C:\WINDOWS\system32\dktenuuy.dll
C:\WINDOWS\system32\dlhcjqbo.dll
C:\WINDOWS\system32\dlsdodsb.dll
C:\WINDOWS\system32\dmbxkhpi.dll
C:\WINDOWS\system32\dmkyfjqn.dll
C:\WINDOWS\system32\dnmpctcv.dll
C:\WINDOWS\system32\dokqqcda.dll
C:\WINDOWS\system32\dopeputc.ini
C:\WINDOWS\system32\doqymvic.dll
C:\WINDOWS\system32\dotcyqqs.dll
C:\WINDOWS\system32\dpcsbekm.dll
C:\WINDOWS\system32\dpfdmnxq.dll
C:\WINDOWS\system32\dpsipain.dll
C:\WINDOWS\system32\dqridfus.dll
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\ww88.exe
C:\WINDOWS\system32\drpnsvbt.dll
C:\WINDOWS\system32\dtsdbeds.dll
C:\WINDOWS\system32\dtulhokw.dll
C:\WINDOWS\system32\dujidehh.dll
C:\WINDOWS\system32\dwgyjoky.dll
C:\WINDOWS\system32\dwhihntl.dll
C:\WINDOWS\system32\dxmgciqy.dll
C:\WINDOWS\system32\eamjxkim.dll
C:\WINDOWS\system32\ecjcewvc.dll
C:\WINDOWS\system32\ecnsppgk.dll
C:\WINDOWS\system32\ecrejrdx.dll
C:\WINDOWS\system32\eeaoulef.dll
C:\WINDOWS\system32\efvsdxne.dll
C:\WINDOWS\system32\egcgmjlb.dll
C:\WINDOWS\system32\ehwrxnvq.dll
C:\WINDOWS\system32\eiwekkjs.dll
C:\WINDOWS\system32\eiydeqbk.dll
C:\WINDOWS\system32\ejdcaoca.dll
C:\WINDOWS\system32\ejumcnpo.dll
C:\WINDOWS\system32\ejuwcvof.ini
C:\WINDOWS\system32\elrjmixu.dll
C:\WINDOWS\system32\elvuocle.dll
C:\WINDOWS\system32\emlijsbh.ini
C:\WINDOWS\system32\emoqnhfa.dll
C:\WINDOWS\system32\enmqncvh.dll
C:\WINDOWS\system32\enpeivme.dll
C:\WINDOWS\system32\eoeqayph.dll
C:\WINDOWS\system32\eoycskau.dll
C:\WINDOWS\system32\epnvkaet.dll
C:\WINDOWS\system32\epxvhhap.dll
C:\WINDOWS\system32\eqwfdgic.ini
C:\WINDOWS\system32\eslqwjlj.dll
C:\WINDOWS\system32\etmlpbmn.dll
C:\WINDOWS\system32\evpqbxjs.dll
C:\WINDOWS\system32\eydkoadu.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\fcreeljk.ini
C:\WINDOWS\system32\fdkcwdvl.dll
C:\WINDOWS\system32\fdxutmkm.dll
C:\WINDOWS\system32\feeewrnh.dll
C:\WINDOWS\system32\fekiainx.dll
C:\WINDOWS\system32\fkvgbqmu.dll
C:\WINDOWS\system32\flgeaaff.dll
C:\WINDOWS\system32\flyonuuq.dll
C:\WINDOWS\system32\fmslddos.dll
C:\WINDOWS\system32\fmxulovv.dll
C:\WINDOWS\system32\fnbbstvt.dll
C:\WINDOWS\system32\fndputnk.dll
C:\WINDOWS\system32\fovcwuje.dll
C:\WINDOWS\system32\fpctgdfh.dll
C:\WINDOWS\system32\fpjpwswa.dll
C:\WINDOWS\system32\fqtdquve.dll
C:\WINDOWS\system32\freqntys.dll
C:\WINDOWS\system32\ftffgpnb.dll
C:\WINDOWS\system32\ftxohdmg.dll
C:\WINDOWS\system32\fvxmrvcf.dll
C:\WINDOWS\system32\fvxvhnud.dll
C:\WINDOWS\system32\fwcehbnx.dll
C:\WINDOWS\system32\fwffseua.ini
C:\WINDOWS\system32\fwffseua.tmp
C:\WINDOWS\system32\fwisylgp.dll
C:\WINDOWS\system32\fxfovbnj.dll
C:\WINDOWS\system32\fxkewfir.dll
C:\WINDOWS\system32\gboxympu.dll
C:\WINDOWS\system32\gbpuwaoe.dll
C:\WINDOWS\system32\gcjmsfrr.dll
C:\WINDOWS\system32\gfjaannb.dll
C:\WINDOWS\system32\ggektcue.dll
C:\WINDOWS\system32\ggpsrndm.dll
C:\WINDOWS\system32\ghemcxsk.dll
C:\WINDOWS\system32\ghkkxxtf.dll
C:\WINDOWS\system32\gifyjbsn.dll
C:\WINDOWS\system32\gkjdxeya.dll
C:\WINDOWS\system32\gkncsyor.dll
C:\WINDOWS\system32\gkxhebnw.dll
C:\WINDOWS\system32\glbdwoue.dll
C:\WINDOWS\system32\gmdhoxtf.ini
C:\WINDOWS\system32\gmrmiegy.dll
C:\WINDOWS\system32\gnpfttjx.dll
C:\WINDOWS\system32\gnsmyjfk.ini
C:\WINDOWS\system32\goneyhpq.dll
C:\WINDOWS\system32\goolvbrd.dll
C:\WINDOWS\system32\gpxxdala.dll
C:\WINDOWS\system32\gqbnthld.dll
C:\WINDOWS\system32\grrigqqa.dll
C:\WINDOWS\system32\grtsmqtv.dll
C:\WINDOWS\system32\gthoacnu.dll
C:\WINDOWS\system32\gtuxdjbg.dll
C:\WINDOWS\system32\gwjbeaqs.dll
C:\WINDOWS\system32\gwrxvatp.dll
C:\WINDOWS\system32\gyrvajru.dll
C:\WINDOWS\system32\haeclxts.dll
C:\WINDOWS\system32\hanvwfxw.dll
C:\WINDOWS\system32\hbirgyky.dll
C:\WINDOWS\system32\hbsjilme.dll
C:\WINDOWS\system32\hcrwoduw.dll
C:\WINDOWS\system32\hfihhmff.dll
C:\WINDOWS\system32\hhqqlutj.dll
C:\WINDOWS\system32\hifhdxxy.dll
C:\WINDOWS\system32\hiqqyxum.dll
C:\WINDOWS\system32\hjcwsssh.dll
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.tmp
C:\WINDOWS\system32\hjmqhqqe.dll
C:\WINDOWS\system32\hkxlxvwn.dll
C:\WINDOWS\system32\hmtctoki.dll
C:\WINDOWS\system32\hnsluhsb.dll
C:\WINDOWS\system32\hnwkembn.dll
C:\WINDOWS\system32\howucbyj.dll
C:\WINDOWS\system32\hpfwwdtu.dll
C:\WINDOWS\system32\hpleapdi.dll
C:\WINDOWS\system32\hqcmjfgk.dll
C:\WINDOWS\system32\hthyjndi.dll
C:\WINDOWS\system32\htuoidkb.dll
C:\WINDOWS\system32\hueljmog.dll
C:\WINDOWS\system32\husanwcx.dll
C:\WINDOWS\system32\huyhhldd.dll
C:\WINDOWS\system32\hvdrhsrr.dll
C:\WINDOWS\system32\hvsaatiq.dll
C:\WINDOWS\system32\hwclnvkn.dll
C:\WINDOWS\system32\hwxundsj.dll
C:\WINDOWS\system32\hxbcqmfv.dll
C:\WINDOWS\system32\ibemjidr.dll
C:\WINDOWS\system32\ibyairbd.dll
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\idhgftlu.dll
C:\WINDOWS\system32\ifnbfdwf.dll
C:\WINDOWS\system32\ifvnirtw.ini
C:\WINDOWS\system32\igogsslw.dll
C:\WINDOWS\system32\iguosqmh.dll
C:\WINDOWS\system32\ihghfqrh.dll
C:\WINDOWS\system32\iicajajh.dll
C:\WINDOWS\system32\ikkjnhbc.dll
C:\WINDOWS\system32\imubkrwv.dll
C:\WINDOWS\system32\inqxjcre.dll
C:\WINDOWS\system32\iocpnkyq.dll
C:\WINDOWS\system32\iowgmvlb.dll
C:\WINDOWS\system32\iqvrumsd.dll
C:\WINDOWS\system32\irprwenv.dll
C:\WINDOWS\system32\irsfwlrp.dll
C:\WINDOWS\system32\itobetwf.dll
C:\WINDOWS\system32\ivcvbiro.dll
C:\WINDOWS\system32\iveijftm.dll
C:\WINDOWS\system32\ivxuwaqa.dll
C:\WINDOWS\system32\iwtjwstm.dll
C:\WINDOWS\system32\iygmoqby.ini
C:\WINDOWS\system32\jadhteoa.dll
C:\WINDOWS\system32\jbbiwpsk.dll
C:\WINDOWS\system32\jbttiocv.dll
C:\WINDOWS\system32\jcjfawxp.dll
C:\WINDOWS\system32\jebwdaln.ini
C:\WINDOWS\system32\jefdkkgl.dll
C:\WINDOWS\system32\jenqwbad.dll
C:\WINDOWS\system32\jexqpovu.dll
C:\WINDOWS\system32\jfqdbojx.dll
C:\WINDOWS\system32\jhjqrcgb.dll
C:\WINDOWS\system32\jhtqbffs.ini
C:\WINDOWS\system32\jifhmwuo.dll
C:\WINDOWS\system32\jjbcoksy.dll
C:\WINDOWS\system32\jjnbfeov.dll
C:\WINDOWS\system32\jjulbobl.dll
C:\WINDOWS\system32\jlpnenke.dll
C:\WINDOWS\system32\joansyom.dll
C:\WINDOWS\system32\jolmcrix.dll
C:\WINDOWS\system32\joxupgak.dll
C:\WINDOWS\system32\jpakrnix.dll

taylorwn · 2007/12/02

Hijack this and CFScript Log - part 2

C:\WINDOWS\system32\jrdgxeet.dll
C:\WINDOWS\system32\jsdnuxwh.ini
C:\WINDOWS\system32\jseukkmq.dll
C:\WINDOWS\system32\jslykffj.dll
C:\WINDOWS\system32\jsmajfaq.ini
C:\WINDOWS\system32\jtmqhllh.dll
C:\WINDOWS\system32\jujaqcvu.dll
C:\WINDOWS\system32\jvluradf.dll
C:\WINDOWS\system32\jwpaynmx.dll
C:\WINDOWS\system32\jxdemkmo.ini
C:\WINDOWS\system32\kakpropi.dll
C:\WINDOWS\system32\kbdeocxa.dll
C:\WINDOWS\system32\kbmjxptf.dll
C:\WINDOWS\system32\kdlfgyex.dll
C:\WINDOWS\system32\keaaghpq.dll
C:\WINDOWS\system32\kevvggid.dll
C:\WINDOWS\system32\kewuhncl.dll
C:\WINDOWS\system32\kfjymsng.dll
C:\WINDOWS\system32\kfyxhitc.dll
C:\WINDOWS\system32\kgpfntey.dll
C:\WINDOWS\system32\kgtkipud.dll
C:\WINDOWS\system32\kjfgxrfj.dll
C:\WINDOWS\system32\kjleercf.dll
C:\WINDOWS\system32\kkpvanqx.dll
C:\WINDOWS\system32\klxcyegc.dll
C:\WINDOWS\system32\kpvtpwoy.dll
C:\WINDOWS\system32\kqerhsko.dll
C:\WINDOWS\system32\kqhkwjpl.ini
C:\WINDOWS\system32\kqvmxfrx.dll
C:\WINDOWS\system32\kvtoorjh.dll
C:\WINDOWS\system32\kvuhkubs.dll
C:\WINDOWS\system32\kwofyaik.dll
C:\WINDOWS\system32\kxcksvjn.dll
C:\WINDOWS\system32\kxmrbdjc.dll
C:\WINDOWS\system32\kyjiyxgd.dll
C:\WINDOWS\system32\latukswl.dll
C:\WINDOWS\system32\lbfywgqt.dll
C:\WINDOWS\system32\lcjcvkwb.dll
C:\WINDOWS\system32\lcoycrsn.dll
C:\WINDOWS\system32\ldvwytlb.dll
C:\WINDOWS\system32\letgvnts.dll
C:\WINDOWS\system32\ljlfbtqk.dll
C:\WINDOWS\system32\ljrvagqc.dll
C:\WINDOWS\system32\ljttmfir.dll
C:\WINDOWS\system32\ljujybgr.ini
C:\WINDOWS\system32\lkonrefe.dll

C:\WINDOWS\system32\lmutfwld.dll
C:\WINDOWS\system32\lmxiugyj.dll
C:\WINDOWS\system32\lnojhcfp.dll
C:\WINDOWS\system32\lpjwkhqk.dll
C:\WINDOWS\system32\lppmqyfi.dll
C:\WINDOWS\system32\lqknoabd.dll
C:\WINDOWS\system32\lrcswsnu.ini
C:\WINDOWS\system32\lrdsdxbc.dll
C:\WINDOWS\system32\lrjuvenh.dll
C:\WINDOWS\system32\lutphaio.dll
C:\WINDOWS\system32\lvafimtd.dll
C:\WINDOWS\system32\lvwnfkau.dll
C:\WINDOWS\system32\lwkljsky.ini
C:\WINDOWS\system32\lxefqdye.dll
C:\WINDOWS\system32\lxyocbna.dll
C:\WINDOWS\system32\lynvmmtd.dll
C:\WINDOWS\system32\lyormpov.dll
C:\WINDOWS\system32\mbhogewt.dll
C:\WINDOWS\system32\mbtueeym.dll
C:\WINDOWS\system32\mbvsbjrf.dll
C:\WINDOWS\system32\mcoovglt.dll
C:\WINDOWS\system32\mdycimus.dll
C:\WINDOWS\system32\meetannm.dll
C:\WINDOWS\system32\mgnhlwkh.dll
C:\WINDOWS\system32\mihxplri.dll
C:\WINDOWS\system32\milhrcwi.dll
C:\WINDOWS\system32\mjhhbrak.dll
C:\WINDOWS\system32\mkbvvwuy.dll
C:\WINDOWS\system32\mkmtuxdf.ini
C:\WINDOWS\system32\mkqlytib.dll
C:\WINDOWS\system32\mldwultm.dll
C:\WINDOWS\system32\mlidcrwy.dll
C:\WINDOWS\system32\mmehxioy.dll
C:\WINDOWS\system32\mmkowvjr.dll
C:\WINDOWS\system32\mnheikhn.dll
C:\WINDOWS\system32\moesdnps.dll
C:\WINDOWS\system32\mofaa.dll
C:\WINDOWS\system32\mosmlkxo.dll
C:\WINDOWS\system32\mphcpgvq.dll
C:\WINDOWS\system32\mqljxfvp.dll
C:\WINDOWS\system32\mqvnnefw.dll
C:\WINDOWS\system32\msehcytp.dll
C:\WINDOWS\system32\mtswjtwi.ini
C:\WINDOWS\system32\muhdbrru.dll
C:\WINDOWS\system32\muxyqqih.ini
C:\WINDOWS\system32\mvukusuk.dll

C:\WINDOWS\system32\mwbmifik.dll
C:\WINDOWS\system32\mwhimobd.dll
C:\WINDOWS\system32\mxqtvqps.dll
C:\WINDOWS\system32\mxtkrwbb.dll
C:\WINDOWS\system32\mxumnolu.dll
C:\WINDOWS\system32\myhfpbid.dll
C:\WINDOWS\system32\myhnkaqw.dll
C:\WINDOWS\system32\myhopyyd.dll
C:\WINDOWS\system32\myvvivax.dll
C:\WINDOWS\system32\naqievhj.dll
C:\WINDOWS\system32\nbbmvskm.dll
C:\WINDOWS\system32\nbmekwnh.ini
C:\WINDOWS\system32\ndorvyod.dll
C:\WINDOWS\system32\ndrqvpqm.dll
C:\WINDOWS\system32\ndtdxppn.dll
C:\WINDOWS\system32\ngconbwq.dll
C:\WINDOWS\system32\nhdxctim.dll
C:\WINDOWS\system32\nhvfxavx.dll
C:\WINDOWS\system32\niutghdj.dll
C:\WINDOWS\system32\njjyfxep.dll
C:\WINDOWS\system32\njpwwnpg.dll
C:\WINDOWS\system32\njytklwx.dll
C:\WINDOWS\system32\nkuyoogr.dll
C:\WINDOWS\system32\nladwbej.dll
C:\WINDOWS\system32\nlrebear.dll
C:\WINDOWS\system32\nnqrvjtr.dll
C:\WINDOWS\system32\nppxdtdn.ini
C:\WINDOWS\system32\nqfkxbie.dll
C:\WINDOWS\system32\nqlcttpi.dll
C:\WINDOWS\system32\nrkutpso.dll
C:\WINDOWS\system32\ntjuruhd.dll
C:\WINDOWS\system32\nuthjfnf.dll
C:\WINDOWS\system32\nvpjwwvb.dll
C:\WINDOWS\system32\nvskkfol.dll
C:\WINDOWS\system32\nwimtvcq.dll
C:\WINDOWS\system32\nxthvhka.dll
C:\WINDOWS\system32\nyqmknfd.dll
C:\WINDOWS\system32\nytipyxr.dll
C:\WINDOWS\system32\oalxbtbp.dll
C:\WINDOWS\system32\ocpauthl.dll
C:\WINDOWS\system32\oemcrsvc.dll
C:\WINDOWS\system32\oeqbcyjx.dll
C:\WINDOWS\system32\ofskbbui.dll
C:\WINDOWS\system32\ogfvgxqw.dll
C:\WINDOWS\system32\oifswgdq.dll
C:\WINDOWS\system32\ojkvgtpg.dll
C:\WINDOWS\system32\omkmedxj.dll
C:\WINDOWS\system32\onfvooyi.dll
C:\WINDOWS\system32\oohovhep.dll
C:\WINDOWS\system32\otgdmihs.ini
C:\WINDOWS\system32\ounbount.dll
C:\WINDOWS\system32\oxupdsja.dll
C:\WINDOWS\system32\oyfmsuec.dll
C:\WINDOWS\system32\pabqlujy.dll
C:\WINDOWS\system32\pacmpetm.dll
C:\WINDOWS\system32\pcdksgav.dll
C:\WINDOWS\system32\pelpsakl.dll
C:\WINDOWS\system32\pevpilll.dll
C:\WINDOWS\system32\pfchjonl.ini
C:\WINDOWS\system32\pfsmnxdj.dll
C:\WINDOWS\system32\pgeygrlc.dll
C:\WINDOWS\system32\pirxmras.dll
C:\WINDOWS\system32\pjujjmai.dll
C:\WINDOWS\system32\pmgjaayf.dll
C:\WINDOWS\system32\pnewatkg.dll
C:\WINDOWS\system32\pnsvaldt.dll
C:\WINDOWS\system32\poexmthd.dll
C:\WINDOWS\system32\poicexxe.dll
C:\WINDOWS\system32\poikpqds.ini
C:\WINDOWS\system32\pomjenyt.dll
C:\WINDOWS\system32\porvlwlw.dll
C:\WINDOWS\system32\ppkshdls.dll
C:\WINDOWS\system32\pqxlokgt.dll
C:\WINDOWS\system32\ptswrxhd.ini
C:\WINDOWS\system32\ptysrjws.dll
C:\WINDOWS\system32\pvaqppvu.ini
C:\WINDOWS\system32\pvnrxbxa.dll
C:\WINDOWS\system32\pwgfocni.dll
C:\WINDOWS\system32\pxtvesxc.dll
C:\WINDOWS\system32\pxuosduh.dll
C:\WINDOWS\system32\qafjamsj.dll
C:\WINDOWS\system32\qaqonmqs.dll
C:\WINDOWS\system32\qedwpueh.dll
C:\WINDOWS\system32\qembjkfq.dll
C:\WINDOWS\system32\qgsitqpc.ini
C:\WINDOWS\system32\qhiiudri.dll
C:\WINDOWS\system32\qhtteygr.dll
C:\WINDOWS\system32\qknbbsfl.dll
C:\WINDOWS\system32\qkppsebd.dll
C:\WINDOWS\system32\qmkkuesj.ini
C:\WINDOWS\system32\qndopjjm.dll
C:\WINDOWS\system32\qnnjuuyc.dll
C:\WINDOWS\system32\qrpqxinj.dll
C:\WINDOWS\system32\qtcyvdyq.ini
C:\WINDOWS\system32\qtfayvmd.dll
C:\WINDOWS\system32\qtwptnwp.dll
C:\WINDOWS\system32\qtxhstvo.dll
C:\WINDOWS\system32\qucayjri.dll
C:\WINDOWS\system32\qugslpoj.dll
C:\WINDOWS\system32\qvrdtlcs.dll
C:\WINDOWS\system32\qvrqvnjp.dll
C:\WINDOWS\system32\qxhktaos.ini
C:\WINDOWS\system32\qydvyctq.dll
C:\WINDOWS\system32\qyqhggmt.dll
C:\WINDOWS\system32\rbqodbsb.dll
C:\WINDOWS\system32\rbtledme.dll
C:\WINDOWS\system32\rbxalfsb.dll
C:\WINDOWS\system32\rclwdgqa.ini
C:\WINDOWS\system32\rdbllktv.dll
C:\WINDOWS\system32\rdojiyhb.dll
C:\WINDOWS\system32\rfglojgy.dll
C:\WINDOWS\system32\rgbyjujl.dll
C:\WINDOWS\system32\rhvhlwjy.dll
C:\WINDOWS\system32\rihxjorh.dll
C:\WINDOWS\system32\ritgvagd.dll
C:\WINDOWS\system32\riyydegh.dll
C:\WINDOWS\system32\rjwfohhy.dll
C:\WINDOWS\system32\rjxcwawc.dll
C:\WINDOWS\system32\rkehisyq.dll
C:\WINDOWS\system32\rmhufvne.dll
C:\WINDOWS\system32\rnattiwn.dll
C:\WINDOWS\system32\rnwgykdq.dll
C:\WINDOWS\system32\ropiwdvq.dll
C:\WINDOWS\system32\rpmpfjuy.dll
C:\WINDOWS\system32\rpqrvtgr.dll
C:\WINDOWS\system32\rrmtifdt.ini
C:\WINDOWS\system32\rrryqtkp.dll
C:\WINDOWS\system32\rtfhgnje.dll
C:\WINDOWS\system32\rubdwmae.dll
C:\WINDOWS\system32\ruysferj.dll
C:\WINDOWS\system32\rvuvgkvy.dll
C:\WINDOWS\system32\rwlcyuhu.dll
C:\WINDOWS\system32\rxxmunno.dll
C:\WINDOWS\system32\sdebdstd.ini
C:\WINDOWS\system32\sdloqfjw.dll
C:\WINDOWS\system32\sdqpkiop.dll
C:\WINDOWS\system32\semgocdk.dll
C:\WINDOWS\system32\sffbqthj.dll
C:\WINDOWS\system32\sfsegavt.dll
C:\WINDOWS\system32\sgkkyhxn.dll
C:\WINDOWS\system32\shimdgto.dll
C:\WINDOWS\system32\shjlmqco.dll
C:\WINDOWS\system32\simdgxph.dll
C:\WINDOWS\system32\sjhuwgre.dll
C:\WINDOWS\system32\sjspfqqg.dll
C:\WINDOWS\system32\sjtbiusf.dll
C:\WINDOWS\system32\slclctjh.dll
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\smijlxem.dll
C:\WINDOWS\system32\smscnyxw.dll
C:\WINDOWS\system32\sngaarxn.dll
C:\WINDOWS\system32\soatkhxq.dll
C:\WINDOWS\system32\sogrqliq.dll
C:\WINDOWS\system32\sokakryr.dll
C:\WINDOWS\system32\soqxyanu.dll
C:\WINDOWS\system32\sqkxgoqs.dll
C:\WINDOWS\system32\sqmuwnru.dll
C:\WINDOWS\system32\sqxqkvut.dll
C:\WINDOWS\system32\sraotqua.dll
C:\WINDOWS\system32\srnuvajc.dll
C:\WINDOWS\system32\ssvavcbt.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\stpexgxd.dll
C:\WINDOWS\system32\sufibwpk.dll
C:\WINDOWS\system32\svdlsijw.dll
C:\WINDOWS\system32\swsuxuum.dll
C:\WINDOWS\system32\swxrlayp.dll
C:\WINDOWS\system32\sxpwqrvw.dll
C:\WINDOWS\system32\sxyqqenw.dll
C:\WINDOWS\system32\taljwryv.dll
C:\WINDOWS\system32\taprngit.dll
C:\WINDOWS\system32\tbcvavss.ini
C:\WINDOWS\system32\tbhvjkyp.dll
C:\WINDOWS\system32\tbwiknss.dll
C:\WINDOWS\system32\tcbuyfxj.dll
C:\WINDOWS\system32\tdfitmrr.dll
C:\WINDOWS\system32\tdlavsnp.ini
C:\WINDOWS\system32\teakvnpe.ini
C:\WINDOWS\system32\tempchk
C:\WINDOWS\system32\tempchk\w86.exe
C:\WINDOWS\system32\teteudww.dll
C:\WINDOWS\system32\teyfvflp.dll
C:\WINDOWS\system32\tgwgrueg.dll
C:\WINDOWS\system32\thgwswrh.dll
C:\WINDOWS\system32\tivcbqxb.dll
C:\WINDOWS\system32\tixuwums.dll
C:\WINDOWS\system32\tjvbdtkp.dll
C:\WINDOWS\system32\tlkkfsca.dll
C:\WINDOWS\system32\tmbdsypx.dll
C:\WINDOWS\system32\tnkgvktn.dll
C:\WINDOWS\system32\tnoifcvf.dll
C:\WINDOWS\system32\todbleom.dll
C:\WINDOWS\system32\togawwpx.dll
C:\WINDOWS\system32\tqclwpga.dll
C:\WINDOWS\system32\tsuvkamb.dll
C:\WINDOWS\system32\ttocjbpr.dll
C:\WINDOWS\system32\tuekqucd.dll
C:\WINDOWS\system32\twjjsfrm.dll
C:\WINDOWS\system32\twjyjmyy.dll
C:\WINDOWS\system32\twmayotu.dll
C:\WINDOWS\system32\twmxabmu.dll
C:\WINDOWS\system32\twwyyccq.dll
C:\WINDOWS\system32\twybsxuu.dll
C:\WINDOWS\system32\uaqcafhk.dll
C:\WINDOWS\system32\ubpfmdkw.dll
C:\WINDOWS\system32\udchdjqx.dll
C:\WINDOWS\system32\uekevpsg.dll
C:\WINDOWS\system32\ugevykag.dll
C:\WINDOWS\system32\ugxuiunc.ini
C:\WINDOWS\system32\uhuthrsr.dll
C:\WINDOWS\system32\uibddwif.dll
C:\WINDOWS\system32\uibpmmlc.dll
C:\WINDOWS\system32\uigsemwd.dll
C:\WINDOWS\system32\ujhkxabl.dll
C:\WINDOWS\system32\ulssnuwh.dll
C:\WINDOWS\system32\umifsxoe.dll
C:\WINDOWS\system32\ummtgpeb.dll
C:\WINDOWS\system32\unswscrl.dll
C:\WINDOWS\system32\uompnufj.dll
C:\WINDOWS\system32\uouueagu.dll
C:\WINDOWS\system32\urtpyjnl.dll
C:\WINDOWS\system32\urtrepuy.dll
C:\WINDOWS\system32\usgbwfgn.dll
C:\WINDOWS\system32\utaavjvh.dll
C:\WINDOWS\system32\uthynfgs.dll
C:\WINDOWS\system32\utodvuev.dll
C:\WINDOWS\system32\uvopqxej.ini
C:\WINDOWS\system32\uvppqavp.dll
C:\WINDOWS\system32\uvqrhwhp.dll
C:\WINDOWS\system32\uwftsmlj.dll
C:\WINDOWS\system32\uwiyhjmv.dll
C:\WINDOWS\system32\uwljtdrm.dll
C:\WINDOWS\system32\uwrneghw.dll
C:\WINDOWS\system32\uwvffhiy.ini
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\vafoctam.dll
C:\WINDOWS\system32\vaihvhua.dll
C:\WINDOWS\system32\vbacuoaw.dll
C:\WINDOWS\system32\vbhvyiep.dll
C:\WINDOWS\system32\vbhwyjti.dll
C:\WINDOWS\system32\vdcdbbrw.dll
C:\WINDOWS\system32\veeplasn.dll
C:\WINDOWS\system32\version69ie7fix.dll
C:\WINDOWS\system32\vfogbwtx.dll
C:\WINDOWS\system32\vfumpmdt.dll
C:\WINDOWS\system32\vhbfmeyf.dll
C:\WINDOWS\system32\vhldhfei.dll
C:\WINDOWS\system32\vlflykmo.dll
C:\WINDOWS\system32\vnhtlvef.dll
C:\WINDOWS\system32\vobxfdyv.dll
C:\WINDOWS\system32\vpixojpi.dll
C:\WINDOWS\system32\vsyinbis.dll
C:\WINDOWS\system32\vvevbfxi.dll
C:\WINDOWS\system32\vvpkqijd.dll
C:\WINDOWS\system32\vvwkjqta.ini
C:\WINDOWS\system32\vvxueihn.dll
C:\WINDOWS\system32\vwjalpdx.dll
C:\WINDOWS\system32\vxoedaba.dll
C:\WINDOWS\system32\vyrwjlat.ini
C:\WINDOWS\system32\wapiisv.exe
C:\WINDOWS\system32\watoixea.dll
C:\WINDOWS\system32\waygnllj.dll
C:\WINDOWS\system32\wcmxqiyt.dll
C:\WINDOWS\system32\wdcbawxq.dll
C:\WINDOWS\system32\wekmutie.dll
C:\WINDOWS\system32\wfkqmglc.dll
C:\WINDOWS\system32\wfoannhw.dll
C:\WINDOWS\system32\whfrmufr.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wjfqolds.ini
C:\WINDOWS\system32\wjtftkag.dll
C:\WINDOWS\system32\wkdmfpbu.ini
C:\WINDOWS\system32\wllurnbn.dll
C:\WINDOWS\system32\wlvrfivf.dll
C:\WINDOWS\system32\wlwlvrop.ini
C:\WINDOWS\system32\wnbehxkg.ini
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wqxgvfgo.ini
C:\WINDOWS\system32\wrjqbjmr.dll
C:\WINDOWS\system32\wrmroqmc.dll
C:\WINDOWS\system32\wrnkbjqh.dll
C:\WINDOWS\system32\wrqrtybp.dll
C:\WINDOWS\system32\wtrinvfi.dll
C:\WINDOWS\system32\wulaxdrn.dll
C:\WINDOWS\system32\wuvnlqjl.dll
C:\WINDOWS\system32\wvjordtc.dll
C:\WINDOWS\system32\wwccoems.dll
C:\WINDOWS\system32\wxmervqb.dll
C:\WINDOWS\system32\wybcbdyb.dll
C:\WINDOWS\system32\xasorjmx.dll
C:\WINDOWS\system32\xavivvym.ini
C:\WINDOWS\system32\xbvlkxhp.dll
C:\WINDOWS\system32\xcupytly.dll
C:\WINDOWS\system32\xcvrvsvn.dll
C:\WINDOWS\system32\xcwnlrkd.dll
C:\WINDOWS\system32\xdfrlqae.dll
C:\WINDOWS\system32\xdmpeqgo.dll
C:\WINDOWS\system32\xdputhft.dll
C:\WINDOWS\system32\xepenqhx.ini
C:\WINDOWS\system32\xeytbmnr.dll
C:\WINDOWS\system32\xgsqurqk.dll
C:\WINDOWS\system32\xhhokrvs.dll
C:\WINDOWS\system32\xhiejeyw.dll
C:\WINDOWS\system32\xhlebneg.dll
C:\WINDOWS\system32\xhqnepex.dll
C:\WINDOWS\system32\xjopvfos.dll
C:\WINDOWS\system32\xjttfpng.ini
C:\WINDOWS\system32\xkromiko.dll
C:\WINDOWS\system32\xltduiiw.dll
C:\WINDOWS\system32\xmcrydlm.dll
C:\WINDOWS\system32\xmhurdhr.dll
C:\WINDOWS\system32\xnbpfptp.dll
C:\WINDOWS\system32\xniaikef.ini
C:\WINDOWS\system32\xnpwapxu.dll
C:\WINDOWS\system32\xnwxfvxv.dll
C:\WINDOWS\system32\xolwhauc.dll
C:\WINDOWS\system32\xqbfpimv.dll
C:\WINDOWS\system32\xrfxmvqk.ini
C:\WINDOWS\system32\xtapqdet.dll
C:\WINDOWS\system32\xtptjhab.dll
C:\WINDOWS\system32\xuxkqepm.dll
C:\WINDOWS\system32\xwbfbfkw.dll
C:\WINDOWS\system32\xyhryrdp.dll
C:\WINDOWS\system32\xyoioikq.dll
C:\WINDOWS\system32\ybqomgyi.dll
C:\WINDOWS\system32\ybvmuscx.dll
C:\WINDOWS\system32\ycibnvpx.dll
C:\WINDOWS\system32\ycvepaub.dll
C:\WINDOWS\system32\ydmayrud.dll
C:\WINDOWS\system32\ydyhqbmx.dll
C:\WINDOWS\system32\yebvpgre.dll
C:\WINDOWS\system32\yedrbavo.dll
C:\WINDOWS\system32\yihffvwu.dll
C:\WINDOWS\system32\ykhldgyj.dll
C:\WINDOWS\system32\ykqlkjei.dll
C:\WINDOWS\system32\yksjlkwl.dll
C:\WINDOWS\system32\ylbrurqn.dll
C:\WINDOWS\system32\ylfehxir.dll
C:\WINDOWS\system32\ylwjenay.dll
C:\WINDOWS\system32\ymante~1
C:\WINDOWS\system32\yncbpauy.dll
C:\WINDOWS\system32\ynwsdlcg.dll
C:\WINDOWS\system32\yoqwcens.dll
C:\WINDOWS\system32\ypobtbmy.dll
C:\WINDOWS\system32\yqdjmbts.dll
C:\WINDOWS\system32\yrcmivjc.dll
C:\WINDOWS\system32\ysgwyfwx.dll
C:\WINDOWS\system32\ysiasgfy.dll
C:\WINDOWS\system32\yvbcvupd.dll
C:\WINDOWS\system32\yvlkurbb.dll
C:\WINDOWS\system32\yxxdhfih.ini
C:\WINDOWS\system32\Z1
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\Network Monitor

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-02 20:27 . 2007-12-02 20:32 1,372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 14:53 . 2007-12-02 14:53 <DIR> d-------- C:\Deckard
2007-12-02 14:46 . 2007-12-02 14:46 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 19:30 . 2007-12-02 14:54 <DIR> d-------- C:\HJT
2007-11-28 20:48 . 2007-11-28 20:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-27 21:28 . 2007-12-02 00:05 <DIR> d-------- C:\quarantine
2007-11-27 21:23 . 2007-11-27 21:23 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 21:05 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 21:05 . 2005-01-14 20:00 108,480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-11-27 21:05 . 2005-01-14 20:00 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-11-27 21:01 . 2007-11-27 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 21:00 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Network Associates
2007-11-27 21:00 . 2007-11-27 21:01 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 20:02 . 2007-11-27 20:02 <DIR> d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 20:00 . 2006-02-15 09:48 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-27 14:24 . 2007-11-27 14:39 780,396 ---hs---- C:\WINDOWS\system32\capafgjm.ini
2007-11-27 14:24 . 2007-11-27 14:24 85,056 --a------ C:\WINDOWS\system32\mjgfapac.dll
2007-11-27 14:24 . 2007-11-27 14:24 295 ---hs---- C:\WINDOWS\system32\wsrnseqb.tmp
2007-11-27 14:24 . 2007-11-27 14:24 295 ---hs---- C:\WINDOWS\system32\wsrnseqb.ini
2007-11-27 11:14 . 2007-11-27 11:14 69,652 --a------ C:\WINDOWS\system32\fhyldxjg.dll
2007-11-26 22:33 . 2007-11-26 22:33 69,652 --a------ C:\WINDOWS\system32\qkqrykst.dll
2007-11-26 22:32 . 2007-11-26 22:44 807,113 ---hs---- C:\WINDOWS\system32\fyaajgmp.ini
2007-11-26 22:29 . 2007-11-26 22:29 316,071 ---hs---- C:\WINDOWS\system32\tamhgpxi.ini
2007-11-26 21:54 . 2007-11-26 21:54 807,104 ---hs---- C:\WINDOWS\system32\lblgpaqa.ini
2007-11-26 21:20 . 2007-11-26 21:20 316,071 ---hs---- C:\WINDOWS\system32\eoxokxrm.ini
2007-11-26 18:02 . 2007-11-26 18:02 775,833 ---hs---- C:\WINDOWS\system32\dsmurvqi.ini
2007-11-26 14:58 . 2007-11-26 14:58 <DIR> d-------- C:\Documents and Settings\trey\Application Data\ultra
2007-11-26 14:57 . 2007-11-26 15:05 20,944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-26 13:25 . 2007-11-26 16:16 822,384 ---hs---- C:\WINDOWS\system32\clgmqkfw.ini
2007-11-26 13:22 . 2007-11-26 13:23 870,340 ---hs---- C:\WINDOWS\system32\uunxoyfb.ini
2007-11-25 22:58 . 2007-11-26 13:21 886,008 ---hs---- C:\WINDOWS\system32\skywxahd.ini
2007-11-25 22:56 . 2007-11-25 22:56 295 ---hs---- C:\WINDOWS\system32\eitumkew.ini
2007-11-25 17:34 . 2007-11-25 17:35 1,118,418 ---hs---- C:\WINDOWS\system32\sqogxkqs.ini
2007-11-25 17:33 . 2007-11-25 17:33 295 ---hs---- C:\WINDOWS\system32\lofkksvn.ini
2007-11-25 17:04 . 2007-11-25 17:04 316,131 ---hs---- C:\WINDOWS\system32\jnixqprq.ini
2007-11-25 17:02 . 2007-11-25 17:02 316,071 ---hs---- C:\WINDOWS\system32\axbxrnvp.ini
2007-11-25 11:24 . 2007-11-25 16:57 316,227 ---hs---- C:\WINDOWS\system32\qdkygwnr.ini
2007-11-25 11:22 . 2007-11-25 11:22 316,071 ---hs---- C:\WINDOWS\system32\hudsouxp.ini
2007-11-25 10:44 . 2007-11-25 11:22 870,237 ---hs---- C:\WINDOWS\system32\mtfjievi.ini
2007-11-25 10:42 . 2007-11-25 10:43 885,818 ---hs---- C:\WINDOWS\system32\pexfyjjn.ini
2007-11-25 10:28 . 2007-11-25 10:29 316,209 ---hs---- C:\WINDOWS\system32\uximjrle.ini
2007-11-24 23:53 . 2007-11-24 23:56 1,118,436 ---hs---- C:\WINDOWS\system32\ngfwbgsu.ini
2007-11-24 23:45 . 2007-11-24 23:53 805,238 ---hs---- C:\WINDOWS\system32\grwibrmy.ini
2007-11-24 23:45 . 2007-11-24 23:45 295 ---hs---- C:\WINDOWS\system32\dcuqkeut.ini
2007-11-24 20:04 . 2007-11-24 20:04 <DIR> d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 19:52 . 2007-11-25 10:29 316,131 ---hs---- C:\WINDOWS\system32\lvdwckdf.ini
2007-11-24 19:50 . 2007-11-24 19:50 295 ---hs---- C:\WINDOWS\system32\ebtbptia.ini
2007-11-24 13:39 . 2007-11-24 23:39 805,277 ---hs---- C:\WINDOWS\system32\nmryetxp.ini
2007-11-24 13:39 . 2007-11-24 13:39 316,071 ---hs---- C:\WINDOWS\system32\hsaxvnah.ini
2007-11-24 13:04 . 2007-11-24 13:04 21 --a------ C:\WINDOWS\atid.ini
2007-11-24 13:02 . 2007-11-24 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 12:59 . 2007-11-24 13:06 <DIR> d-------- C:\Program Files\AIM6
2007-11-24 10:01 . 2007-11-24 10:01 316,088 ---hs---- C:\WINDOWS\system32\tdmpmufv.ini
2007-11-24 09:56 . 2007-11-24 10:01 316,071 ---hs---- C:\WINDOWS\system32\obtkqwet.ini
2007-11-24 09:54 . 2007-11-24 09:54 316,251 ---hs---- C:\WINDOWS\system32\rfumrfhw.ini
2007-11-24 09:07 . 2007-11-24 09:07 316,089 ---hs---- C:\WINDOWS\system32\xeygfldk.ini
2007-11-24 09:03 . 2007-11-24 09:03 316,251 ---hs---- C:\WINDOWS\system32\kspwibbj.ini
2007-11-23 20:42 . 2007-11-24 09:03 316,191 ---hs---- C:\WINDOWS\system32\plfvfyet.ini
2007-11-23 20:41 . 2007-11-23 20:41 316,071 ---hs---- C:\WINDOWS\system32\pwntpwtq.ini
2007-11-23 19:27 . 2007-11-23 19:27 738,297 ---hs---- C:\WINDOWS\system32\nwvxlxkh.ini
2007-11-23 19:27 . 2007-11-23 19:27 738,297 ---hs---- C:\WINDOWS\system32\kqtbfljl.ini
2007-11-23 18:01 . 2007-11-23 18:02 316,131 ---hs---- C:\WINDOWS\system32\fvcfiont.ini
2007-11-23 17:59 . 2007-11-23 18:02 316,071 ---hs---- C:\WINDOWS\system32\bshulsnh.ini
2007-11-23 14:42 . 2007-11-24 09:54 316,191 ---hs---- C:\WINDOWS\system32\usqprqvb.ini
2007-11-23 14:40 . 2007-11-23 14:48 316,071 ---hs---- C:\WINDOWS\system32\qvnxrwhe.ini
2007-11-23 11:58 . 2007-11-23 12:00 316,200 ---hs---- C:\WINDOWS\system32\ymbtbopy.ini
2007-11-22 21:10 . 2007-11-22 21:11 316,131 ---hs---- C:\WINDOWS\system32\svrkohhx.ini
2007-11-22 21:08 . 2007-11-22 21:11 316,071 ---hs---- C:\WINDOWS\system32\krilbdls.ini
2007-11-22 19:23 . 2007-11-22 19:23 316,070 ---hs---- C:\WINDOWS\system32\wiiudtlx.ini
2007-11-22 19:17 . 2007-11-22 19:25 316,131 ---hs---- C:\WINDOWS\system32\juxhtctb.ini
2007-11-22 19:16 . 2007-11-22 19:16 316,071 ---hs---- C:\WINDOWS\system32\pliesgla.ini
2007-11-22 18:50 . 2007-11-22 18:50 714,281 ---hs---- C:\WINDOWS\system32\dbaonkql.ini
2007-11-22 18:42 . 2007-11-22 18:42 1,051,751 ---hs---- C:\WINDOWS\system32\hqjbknrw.ini
2007-11-22 18:40 . 2007-11-22 18:43 1,364,745 ---hs---- C:\WINDOWS\system32\hbullpuh.ini
2007-11-22 10:43 . 2007-11-22 10:43 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico
2007-11-22 10:40 . 2007-11-22 18:39 738,543 ---hs---- C:\WINDOWS\system32\dnlcvlxj.ini
2007-11-22 10:36 . 2007-11-22 10:36 316,131 ---hs---- C:\WINDOWS\system32\fycglvka.ini
2007-11-22 10:33 . 2007-11-22 10:33 316,071 ---hs---- C:\WINDOWS\system32\gbrekjvd.ini
2007-11-21 21:29 . 2007-11-23 11:59 316,131 ---hs---- C:\WINDOWS\system32\yfgsaisy.ini
2007-11-21 21:01 . 2007-11-21 21:01 316,191 ---hs---- C:\WINDOWS\system32\aexiotaw.ini
2007-11-21 15:14 . 2007-11-21 21:02 316,131 ---hs---- C:\WINDOWS\system32\ykygribh.ini
2007-11-21 15:12 . 2007-11-21 15:12 689,164 ---hs---- C:\WINDOWS\system32\gbjdxutg.ini
2007-11-21 10:16 . 2007-11-21 10:16 316,071 ---hs---- C:\WINDOWS\system32\ftpxjmbk.ini
2007-11-21 10:14 . 2007-11-21 10:14 316,071 ---hs---- C:\WINDOWS\system32\ykojygwd.ini
2007-11-21 10:11 . 2007-11-21 10:09 727,739 --ahs---- C:\WINDOWS\system32\phxklvbx.ini
2007-11-21 10:09 . 2007-11-21 10:09 727,739 ---hs---- C:\WINDOWS\system32\sqqyctod.ini
2007-11-21 10:09 . 2007-11-21 10:09 0 --a------ C:\WINDOWS\system32\sqqyctod.tmp
2007-11-21 00:25 . 2007-11-21 10:08 316,131 ---hs---- C:\WINDOWS\system32\tynejmop.ini
2007-11-21 00:20 . 2007-11-21 00:21 688,541 ---hs---- C:\WINDOWS\system32\smeoccww.ini
2007-11-20 23:51 . 2007-11-20 23:51 794,561 ---hs---- C:\WINDOWS\system32\hrqfhghi.ini
2007-11-20 23:21 . 2007-11-20 23:52 745,725 ---hs---- C:\WINDOWS\system32\rixhefly.ini
2007-11-20 20:55 . 2007-11-20 20:55 709,877 ---hs---- C:\WINDOWS\system32\rnmbtyex.ini
2007-11-20 19:18 . 2007-11-20 19:18 316,071 ---hs---- C:\WINDOWS\system32\sufdirqd.ini
2007-11-20 13:59 . 2007-11-22 10:31 709,882 ---hs---- C:\WINDOWS\system32\bydbcbyw.ini
2007-11-20 13:52 . 2007-11-20 13:53 316,071 ---hs---- C:\WINDOWS\system32\lfadlpcc.ini
2007-11-20 13:00 . 2007-11-20 13:01 1,276,727 ---hs---- C:\WINDOWS\system32\ayexdjkg.ini
2007-11-20 12:53 . 2007-11-20 12:54 785,521 ---hs---- C:\WINDOWS\system32\dbhetvwa.ini
2007-11-20 12:26 . 2007-11-20 12:52 685,763 ---hs---- C:\WINDOWS\system32\ggrfadra.ini
2007-11-20 09:21 . 2007-11-20 19:15 776,720 ---hs---- C:\WINDOWS\system32\dyypohym.ini
2007-11-19 19:59 . 2007-11-19 19:59 316,070 ---hs---- C:\WINDOWS\system32\wfennvqm.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 04:50 --------- d-----w C:\Program Files\Common Files\zmki
2007-11-29 03:40 --------- d-----w C:\Program Files\BFG
2007-11-28 03:02 --------- d-----w C:\Program Files\Dl_cats
2007-11-26 20:29 --------- d-----w C:\Documents and Settings\trey\Application Data\Yahoo!
2007-11-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-24 20:04 --------- d-----w C:\Program Files\Viewpoint
2007-11-24 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-24 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-24 20:00 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-15 06:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-11-03 21:18 142 ----a-w C:\Program Files\page.html
2007-11-03 01:55 --------- d-----w C:\Program Files\LimeWire
2007-10-19 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-11 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-11 00:57 --------- d-----w C:\Program Files\McAfee
2007-10-07 15:15 --------- d-----w C:\Documents and Settings\trey\Application Data\MySpace
2007-10-07 01:52 --------- d-----w C:\Program Files\MySpace
2006-12-03 01:05 2,522 ----a-w C:\Program Files\func.js
2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js
2006-04-22 16:35 749,838 --sha-w C:\WINDOWS\system32\yybeg.bak1
2006-07-07 16:55 1,072,140 --sh--w C:\WINDOWS\system32\yybeg.bak2
2006-07-07 18:41 1,073,238 --sh--w C:\WINDOWS\system32\yybeg.ini2
2005-07-29 22:24 472 --sha-r C:\WINDOWS\Y2FycmllIGphY2tzb24\sZIVwA55K3D1sZQWvZb.vbs
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\BFG ----

2007-11-28 20:40 10240 --ahs---- C:\Program Files\BFG\Thumbs.db
2006-01-23 11:51 4286 --a------ C:\Program Files\BFG\CMT.ico
2006-01-23 11:45 4286 --a------ C:\Program Files\BFG\VH1.ico
2005-12-19 19:17 4538 --a------ C:\Program Files\BFG\NEOPETS.ico
2005-06-05 16:22 19166 --a------ C:\Program Files\BFG\NICK.ico
2005-04-02 16:03 21174 --a------ C:\Program Files\BFG\PLAIN.ico
2005-04-02 16:03 21174 --a------ C:\Program Files\BFG\KABOOSE.ico
2005-03-12 10:27 21174 --a------ C:\Program Files\BFG\BFG.ico

---- Directory of C:\Program Files\Common Files\zmki ----

2007-11-15 09:04 1536 --a------ C:\Program Files\Common Files\zmki\zmkih
2007-11-13 20:35 109 --a------ C:\Program Files\Common Files\zmki\zmkip.cfg
2007-10-15 02:56 0 --a------ C:\Program Files\Common Files\zmki\zmkil.lck
2007-10-15 02:55 0 --a------ C:\Program Files\Common Files\zmki\zmkim.lck
2007-10-15 02:55 0 --a------ C:\Program Files\Common Files\zmki\zmkia.lck
2004-04-19 20:26 4933375 --a------ C:\Program Files\Common Files\zmki\zmkid\class-barrel
2004-04-19 20:26 1234193 --a------ C:\Program Files\Common Files\zmki\zmkid\vocabulary

---- Directory of C:\Program Files\Dl_cats ----

2007-11-27 20:02 5498 --a------ C:\Program Files\Dl_cats\8LDY681.A01
2007-11-27 20:02 5498 --a------ C:\Program Files\Dl_cats\8LDY681.A00
2007-11-27 20:02 529 --a------ C:\Program Files\Dl_cats\DLCCCATS.INI
2007-10-29 14:33 5499 --a------ C:\Program Files\Dl_cats\8LDY681.A02
2004-11-04 08:20 259 -ra------ C:\Program Files\Dl_cats\dlccdefs.xml

---- Directory of C:\Program Files\ISM2 ----

2007-11-05 12:12 197708 --a------ C:\Program Files\ISM2\hydramedupd.exe
2007-10-31 17:58 195775 --a------ C:\Program Files\ISM2\dictionary.gz
2007-10-25 14:34 224288 --a------ C:\Program Files\ISM2\cringupd.exe
2007-10-24 10:53 376832 --a------ C:\Program Files\ISM2\ISMPack8.exe
2007-10-23 08:18 5106 --a------ C:\Program Files\ISM2\targets.gz
2007-10-16 08:10 376832 --a------ C:\Program Files\ISM2\ISMPack7.exe
2007-09-28 06:27 376832 --a------ C:\Program Files\ISM2\ISMPack6.exe
2007-09-21 09:18 335872 --a------ C:\Program Files\ISM2\ISMPack5.exe

---- Directory of C:\Program Files\Temporary ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 18:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 12:03]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 10:06]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
2Wire Wireless Client.lnk - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE [2006-02-23 17:04:14]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 01:22:40]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl]
opnkkkl.dll

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-03 03:45:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-24 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JACKSON-shavon).job "
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 21:23:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-02 21:25:53 - machine was rebooted
.
--- E O F ---

taylorwn · 2007/12/02

Hijack this and CFScript Log - part 3

Last one

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:42 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - Winlogon Notify: opnkkkl - opnkkkl.dll (file missing)
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8675 bytes

noahdfear · 2007/12/03

Download DelDomains.inf created by MVP Mike Burgess.

http://www.mvps.org/winhelp2002/DelDomains.inf

Save the file to your desktop. Right-click on the deldomains.inf file and select Install.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\Program Files\Del.js
C:\Program Files\func.js
C:\WINDOWS\atid.ini
C:\WINDOWS\system32\aexiotaw.ini
C:\WINDOWS\system32\axbxrnvp.ini
C:\WINDOWS\system32\ayexdjkg.ini
C:\WINDOWS\system32\bshulsnh.ini
C:\WINDOWS\system32\bydbcbyw.ini
C:\WINDOWS\system32\clgmqkfw.ini
C:\WINDOWS\system32\dbaonkql.ini
C:\WINDOWS\system32\dbhetvwa.ini
C:\WINDOWS\system32\dcuqkeut.ini
C:\WINDOWS\system32\dnlcvlxj.ini
C:\WINDOWS\system32\dsmurvqi.ini
C:\WINDOWS\system32\dyypohym.ini
C:\WINDOWS\system32\ebtbptia.ini
C:\WINDOWS\system32\eitumkew.ini
C:\WINDOWS\system32\eoxokxrm.ini
C:\WINDOWS\system32\fhyldxjg.dll
C:\WINDOWS\system32\ftpxjmbk.ini
C:\WINDOWS\system32\fvcfiont.ini
C:\WINDOWS\system32\fyaajgmp.ini
C:\WINDOWS\system32\fycglvka.ini
C:\WINDOWS\system32\GameFly_2.ico
C:\WINDOWS\system32\gbjdxutg.ini
C:\WINDOWS\system32\gbrekjvd.ini
C:\WINDOWS\system32\ggrfadra.ini
C:\WINDOWS\system32\grwibrmy.ini
C:\WINDOWS\system32\hbullpuh.ini
C:\WINDOWS\system32\hqjbknrw.ini
C:\WINDOWS\system32\hrqfhghi.ini
C:\WINDOWS\system32\hsaxvnah.ini
C:\WINDOWS\system32\hudsouxp.ini
C:\WINDOWS\system32\jnixqprq.ini
C:\WINDOWS\system32\juxhtctb.ini
C:\WINDOWS\system32\kqtbfljl.ini
C:\WINDOWS\system32\krilbdls.ini
C:\WINDOWS\system32\kspwibbj.ini
C:\WINDOWS\system32\lblgpaqa.ini
C:\WINDOWS\system32\lfadlpcc.ini
C:\WINDOWS\system32\lofkksvn.ini
C:\WINDOWS\system32\lvdwckdf.ini
C:\WINDOWS\system32\mjgfapac.dll
C:\WINDOWS\system32\mtfjievi.ini
C:\WINDOWS\system32\ngfwbgsu.ini
C:\WINDOWS\system32\nmryetxp.ini
C:\WINDOWS\system32\nwvxlxkh.ini
C:\WINDOWS\system32\obtkqwet.ini
C:\WINDOWS\system32\pexfyjjn.ini
C:\WINDOWS\system32\phxklvbx.ini
C:\WINDOWS\system32\plfvfyet.ini
C:\WINDOWS\system32\pliesgla.ini
C:\WINDOWS\system32\pwntpwtq.ini
C:\WINDOWS\system32\qdkygwnr.ini
C:\WINDOWS\system32\qkqrykst.dll
C:\WINDOWS\system32\qvnxrwhe.ini
C:\WINDOWS\system32\rfumrfhw.ini
C:\WINDOWS\system32\rixhefly.ini
C:\WINDOWS\system32\rnmbtyex.ini
C:\WINDOWS\system32\skywxahd.ini
C:\WINDOWS\system32\smeoccww.ini
C:\WINDOWS\system32\sqogxkqs.ini
C:\WINDOWS\system32\sqqyctod.ini
C:\WINDOWS\system32\sqqyctod.tmp
C:\WINDOWS\system32\sufdirqd.ini
C:\WINDOWS\system32\svrkohhx.ini
C:\WINDOWS\system32\tamhgpxi.ini
C:\WINDOWS\system32\tdmpmufv.ini
C:\WINDOWS\system32\tynejmop.ini
C:\WINDOWS\system32\usqprqvb.ini
C:\WINDOWS\system32\uunxoyfb.ini
C:\WINDOWS\system32\uximjrle.ini
C:\WINDOWS\system32\wfennvqm.ini
C:\WINDOWS\system32\wiiudtlx.ini
C:\WINDOWS\system32\wsrnseqb.ini
C:\WINDOWS\system32\wsrnseqb.tmp
C:\WINDOWS\system32\xeygfldk.ini
C:\WINDOWS\system32\yfgsaisy.ini
C:\WINDOWS\system32\ykojygwd.ini
C:\WINDOWS\system32\ykygribh.ini
C:\WINDOWS\system32\ymbtbopy.ini
C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak2
C:\WINDOWS\system32\yybeg.ini2
Folder::
C:\WINDOWS\Y2FycmllIGphY2tzb24
C:\Program Files\Common Files\zmki
C:\Program Files\ISM2
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Note - Your internet connection will be terminated while ComboFix runs. Do Not attempt to re-enable it. Should ComboFix terminate prematurely, restart the computer to restore connectivity.

Please check the following file for it's contents (open it with Word) or upload it to my submission channel and leave a link back to this topic.

C:\Program Files\page.html

Please veirfy that the contents of the following folder are belonging to Dell.

C:\Program Files\Dl_cats

taylorwn · 2007/12/05

noahdfear, thank you so much for all your help. I think she running will again.

ComboFix 07-12-02.7 - ADMIN 2007-12-05 20:15:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.178 [GMT -7:00]
Running from: C:\Documents and Settings\ADMIN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ADMIN\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\Del.js
C:\Program Files\func.js
C:\WINDOWS\atid.ini
C:\WINDOWS\system32\aexiotaw.ini
C:\WINDOWS\system32\axbxrnvp.ini
C:\WINDOWS\system32\ayexdjkg.ini
C:\WINDOWS\system32\bshulsnh.ini
C:\WINDOWS\system32\bydbcbyw.ini
C:\WINDOWS\system32\clgmqkfw.ini
C:\WINDOWS\system32\dbaonkql.ini
C:\WINDOWS\system32\dbhetvwa.ini
C:\WINDOWS\system32\dcuqkeut.ini
C:\WINDOWS\system32\dnlcvlxj.ini
C:\WINDOWS\system32\dsmurvqi.ini
C:\WINDOWS\system32\dyypohym.ini
C:\WINDOWS\system32\ebtbptia.ini
C:\WINDOWS\system32\eitumkew.ini
C:\WINDOWS\system32\eoxokxrm.ini
C:\WINDOWS\system32\fhyldxjg.dll
C:\WINDOWS\system32\ftpxjmbk.ini
C:\WINDOWS\system32\fvcfiont.ini
C:\WINDOWS\system32\fyaajgmp.ini
C:\WINDOWS\system32\fycglvka.ini
C:\WINDOWS\system32\GameFly_2.ico
C:\WINDOWS\system32\gbjdxutg.ini
C:\WINDOWS\system32\gbrekjvd.ini
C:\WINDOWS\system32\ggrfadra.ini
C:\WINDOWS\system32\grwibrmy.ini
C:\WINDOWS\system32\hbullpuh.ini
C:\WINDOWS\system32\hqjbknrw.ini
C:\WINDOWS\system32\hrqfhghi.ini
C:\WINDOWS\system32\hsaxvnah.ini
C:\WINDOWS\system32\hudsouxp.ini
C:\WINDOWS\system32\jnixqprq.ini
C:\WINDOWS\system32\juxhtctb.ini
C:\WINDOWS\system32\kqtbfljl.ini
C:\WINDOWS\system32\krilbdls.ini
C:\WINDOWS\system32\kspwibbj.ini
C:\WINDOWS\system32\lblgpaqa.ini
C:\WINDOWS\system32\lfadlpcc.ini
C:\WINDOWS\system32\lofkksvn.ini
C:\WINDOWS\system32\lvdwckdf.ini
C:\WINDOWS\system32\mjgfapac.dll
C:\WINDOWS\system32\mtfjievi.ini
C:\WINDOWS\system32\ngfwbgsu.ini
C:\WINDOWS\system32\nmryetxp.ini
C:\WINDOWS\system32\nwvxlxkh.ini
C:\WINDOWS\system32\obtkqwet.ini
C:\WINDOWS\system32\pexfyjjn.ini
C:\WINDOWS\system32\phxklvbx.ini
C:\WINDOWS\system32\plfvfyet.ini
C:\WINDOWS\system32\pliesgla.ini
C:\WINDOWS\system32\pwntpwtq.ini
C:\WINDOWS\system32\qdkygwnr.ini
C:\WINDOWS\system32\qkqrykst.dll
C:\WINDOWS\system32\qvnxrwhe.ini
C:\WINDOWS\system32\rfumrfhw.ini
C:\WINDOWS\system32\rixhefly.ini
C:\WINDOWS\system32\rnmbtyex.ini
C:\WINDOWS\system32\skywxahd.ini
C:\WINDOWS\system32\smeoccww.ini
C:\WINDOWS\system32\sqogxkqs.ini
C:\WINDOWS\system32\sqqyctod.ini
C:\WINDOWS\system32\sqqyctod.tmp
C:\WINDOWS\system32\sufdirqd.ini
C:\WINDOWS\system32\svrkohhx.ini
C:\WINDOWS\system32\tamhgpxi.ini
C:\WINDOWS\system32\tdmpmufv.ini
C:\WINDOWS\system32\tynejmop.ini
C:\WINDOWS\system32\usqprqvb.ini
C:\WINDOWS\system32\uunxoyfb.ini
C:\WINDOWS\system32\uximjrle.ini
C:\WINDOWS\system32\wfennvqm.ini
C:\WINDOWS\system32\wiiudtlx.ini
C:\WINDOWS\system32\wsrnseqb.ini
C:\WINDOWS\system32\wsrnseqb.tmp
C:\WINDOWS\system32\xeygfldk.ini
C:\WINDOWS\system32\yfgsaisy.ini
C:\WINDOWS\system32\ykojygwd.ini
C:\WINDOWS\system32\ykygribh.ini
C:\WINDOWS\system32\ymbtbopy.ini
C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak2
C:\WINDOWS\system32\yybeg.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\zmki
C:\Program Files\Common Files\zmki\zmkia.lck
C:\Program Files\Common Files\zmki\zmkid\class-barrel
C:\Program Files\Common Files\zmki\zmkid\vocabulary
C:\Program Files\Common Files\zmki\zmkih
C:\Program Files\Common Files\zmki\zmkil.lck
C:\Program Files\Common Files\zmki\zmkim.lck
C:\Program Files\Common Files\zmki\zmkip.cfg
C:\Program Files\Del.js
C:\Program Files\func.js
C:\WINDOWS\atid.ini
C:\WINDOWS\system32\aexiotaw.ini
C:\WINDOWS\system32\axbxrnvp.ini
C:\WINDOWS\system32\ayexdjkg.ini
C:\WINDOWS\system32\bshulsnh.ini
C:\WINDOWS\system32\bydbcbyw.ini
C:\WINDOWS\system32\clgmqkfw.ini
C:\WINDOWS\system32\dbaonkql.ini
C:\WINDOWS\system32\dbhetvwa.ini
C:\WINDOWS\system32\dcuqkeut.ini
C:\WINDOWS\system32\dnlcvlxj.ini
C:\WINDOWS\system32\dsmurvqi.ini
C:\WINDOWS\system32\dyypohym.ini
C:\WINDOWS\system32\ebtbptia.ini
C:\WINDOWS\system32\eitumkew.ini
C:\WINDOWS\system32\eoxokxrm.ini
C:\WINDOWS\system32\fhyldxjg.dll
C:\WINDOWS\system32\ftpxjmbk.ini
C:\WINDOWS\system32\fvcfiont.ini
C:\WINDOWS\system32\fyaajgmp.ini
C:\WINDOWS\system32\fycglvka.ini
C:\WINDOWS\system32\GameFly_2.ico
C:\WINDOWS\system32\gbjdxutg.ini
C:\WINDOWS\system32\gbrekjvd.ini
C:\WINDOWS\system32\ggrfadra.ini
C:\WINDOWS\system32\grwibrmy.ini
C:\WINDOWS\system32\hbullpuh.ini
C:\WINDOWS\system32\hqjbknrw.ini
C:\WINDOWS\system32\hrqfhghi.ini
C:\WINDOWS\system32\hsaxvnah.ini
C:\WINDOWS\system32\hudsouxp.ini
C:\WINDOWS\system32\jnixqprq.ini
C:\WINDOWS\system32\juxhtctb.ini
C:\WINDOWS\system32\kqtbfljl.ini
C:\WINDOWS\system32\krilbdls.ini
C:\WINDOWS\system32\kspwibbj.ini
C:\WINDOWS\system32\lblgpaqa.ini
C:\WINDOWS\system32\lfadlpcc.ini
C:\WINDOWS\system32\lofkksvn.ini
C:\WINDOWS\system32\lvdwckdf.ini
C:\WINDOWS\system32\mjgfapac.dll
C:\WINDOWS\system32\mtfjievi.ini
C:\WINDOWS\system32\ngfwbgsu.ini
C:\WINDOWS\system32\nmryetxp.ini
C:\WINDOWS\system32\nwvxlxkh.ini
C:\WINDOWS\system32\obtkqwet.ini
C:\WINDOWS\system32\pexfyjjn.ini
C:\WINDOWS\system32\phxklvbx.ini
C:\WINDOWS\system32\plfvfyet.ini
C:\WINDOWS\system32\pliesgla.ini
C:\WINDOWS\system32\pwntpwtq.ini
C:\WINDOWS\system32\qdkygwnr.ini
C:\WINDOWS\system32\qkqrykst.dll
C:\WINDOWS\system32\qvnxrwhe.ini
C:\WINDOWS\system32\rfumrfhw.ini
C:\WINDOWS\system32\rixhefly.ini
C:\WINDOWS\system32\rnmbtyex.ini
C:\WINDOWS\system32\skywxahd.ini
C:\WINDOWS\system32\smeoccww.ini
C:\WINDOWS\system32\sqogxkqs.ini
C:\WINDOWS\system32\sqqyctod.ini
C:\WINDOWS\system32\sqqyctod.tmp
C:\WINDOWS\system32\sufdirqd.ini
C:\WINDOWS\system32\svrkohhx.ini
C:\WINDOWS\system32\tamhgpxi.ini
C:\WINDOWS\system32\tdmpmufv.ini
C:\WINDOWS\system32\tynejmop.ini
C:\WINDOWS\system32\usqprqvb.ini
C:\WINDOWS\system32\uunxoyfb.ini
C:\WINDOWS\system32\uximjrle.ini
C:\WINDOWS\system32\wfennvqm.ini
C:\WINDOWS\system32\wiiudtlx.ini
C:\WINDOWS\system32\wsrnseqb.ini
C:\WINDOWS\system32\wsrnseqb.tmp
C:\WINDOWS\system32\xeygfldk.ini
C:\WINDOWS\system32\yfgsaisy.ini
C:\WINDOWS\system32\ykojygwd.ini
C:\WINDOWS\system32\ykygribh.ini
C:\WINDOWS\system32\ymbtbopy.ini
C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak2
C:\WINDOWS\system32\yybeg.ini2
C:\WINDOWS\Y2FycmllIGphY2tzb24
C:\WINDOWS\Y2FycmllIGphY2tzb24\sZIVwA55K3D1sZQWvZb.vbs

.
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-03 17:02 . 2007-12-05 20:09 512 --a------ C:\WINDOWS\randseed.rnd
2007-12-02 20:27 . 2007-12-02 20:32 1,372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 14:53 . 2007-12-02 14:53 <DIR> d-------- C:\Deckard
2007-12-02 14:46 . 2007-12-02 14:46 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 19:30 . 2007-12-02 21:28 <DIR> d-------- C:\HJT
2007-11-28 20:48 . 2007-11-28 20:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-27 21:28 . 2007-12-02 00:05 <DIR> d-------- C:\quarantine
2007-11-27 21:23 . 2007-11-27 21:23 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 21:05 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 21:05 . 2005-01-14 20:00 108,480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-11-27 21:05 . 2005-01-14 20:00 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-11-27 21:01 . 2007-11-27 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 21:00 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Network Associates
2007-11-27 21:00 . 2007-11-27 21:01 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 20:02 . 2007-12-02 21:37 <DIR> d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 20:00 . 2006-02-15 09:48 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-27 14:24 . 2007-11-27 14:39 780,396 ---hs---- C:\WINDOWS\system32\capafgjm.ini
2007-11-26 14:58 . 2007-11-26 14:58 <DIR> d-------- C:\Documents and Settings\trey\Application Data\ultra
2007-11-26 14:57 . 2007-11-26 15:05 20,944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-24 20:04 . 2007-11-24 20:04 <DIR> d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 13:02 . 2007-11-24 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 12:59 . 2007-11-24 13:06 <DIR> d-------- C:\Program Files\AIM6
2007-11-19 19:53 . 2007-11-19 19:59 316,071 ---hs---- C:\WINDOWS\system32\ovnverib.ini
2007-11-19 17:54 . 2007-11-19 17:54 475 ---hs---- C:\WINDOWS\system32\ffwxpbuf.ini
2007-11-18 19:03 . 2007-11-18 19:04 702,031 ---hs---- C:\WINDOWS\system32\qitaasvh.ini
2007-11-18 11:20 . 2007-11-18 11:20 316,071 ---hs---- C:\WINDOWS\system32\sibniysv.ini
2007-11-18 10:47 . 2007-11-18 10:48 1,431,225 ---hs---- C:\WINDOWS\system32\qvgpchpm.ini
2007-11-18 10:19 . 2007-11-19 17:52 976,091 ---hs---- C:\WINDOWS\system32\yvcwkulk.ini
2007-11-17 21:53 . 2007-11-18 10:29 721,815 ---hs---- C:\WINDOWS\system32\tgkolxqp.ini
2007-11-17 16:39 . 2007-11-17 16:40 316,191 ---hs---- C:\WINDOWS\system32\gakyvegu.ini
2007-11-17 11:10 . 2007-11-17 16:40 316,131 ---hs---- C:\WINDOWS\system32\yetnfpgk.ini
2007-11-17 10:26 . 2007-11-17 10:28 1,011,513 ---hs---- C:\WINDOWS\system32\uuxsbywt.ini
2007-11-16 22:39 . 2007-11-16 22:39 316,071 ---hs---- C:\WINDOWS\system32\gomjleuh.ini
2007-11-16 22:25 . 2007-11-16 22:26 770,940 ---hs---- C:\WINDOWS\system32\qphyenog.ini
2007-11-16 21:51 . 2007-11-16 22:09 770,967 ---hs---- C:\WINDOWS\system32\bahjtptx.ini
2007-11-16 21:50 . 2007-11-16 21:51 672,447 ---hs---- C:\WINDOWS\system32\cphfsdbr.ini
2007-11-16 21:37 . 2007-11-16 21:37 316,071 ---hs---- C:\WINDOWS\system32\obqjchld.ini
2007-11-16 21:33 . 2007-11-16 21:33 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-15 21:25 . 2007-11-16 21:37 767,171 ---hs---- C:\WINDOWS\system32\vmipfbqx.ini
2007-11-15 13:50 . 2007-11-15 13:50 295 ---hs---- C:\WINDOWS\system32\cmqormrw.ini
2007-11-15 08:46 . 2007-11-18 10:18 784,039 ---hs---- C:\WINDOWS\system32\xkpwwpgd.ini
2007-11-15 08:36 . 2007-11-15 08:36 295 ---hs---- C:\WINDOWS\system32\exxeciop.ini
2007-11-15 07:46 . 2007-11-15 07:47 764,979 ---hs---- C:\WINDOWS\system32\whgenrwu.ini
2007-11-14 19:02 . 2007-11-14 19:02 <DIR> d-------- C:\Documents and Settings\trey\Application Data\Sonic
2007-11-13 20:17 . 2007-11-15 08:36 645,329 ---hs---- C:\WINDOWS\system32\clqcbsti.ini
2007-11-13 20:17 . 2007-11-13 20:17 590,356 ---hs---- C:\WINDOWS\system32\psihvbqg.ini
2007-11-13 20:07 . 2007-11-13 20:07 316,070 ---hs---- C:\WINDOWS\system32\xcsumvby.ini
2007-11-13 19:56 . 2007-11-13 20:07 316,071 ---hs---- C:\WINDOWS\system32\dtuqfbgd.ini
2007-11-13 19:10 . 2007-11-14 11:25 686,688 ---hs---- C:\WINDOWS\system32\dobcvygc.ini
2007-11-13 18:53 . 2007-11-13 19:10 316,131 ---hs---- C:\WINDOWS\system32\iejklqky.ini
2007-11-13 17:07 . 2007-11-13 18:52 686,688 ---hs---- C:\WINDOWS\system32\xnbhecwf.ini
2007-11-13 10:39 . 2007-11-13 10:56 686,655 ---hs---- C:\WINDOWS\system32\lhtuapco.ini
2007-11-13 10:38 . 2007-11-13 10:39 590,356 ---hs---- C:\WINDOWS\system32\hacuaotf.ini
2007-11-13 09:23 . 2007-11-13 17:07 686,763 ---hs---- C:\WINDOWS\system32\sarmxrip.ini
2007-11-12 21:04 . 2007-11-14 13:36 316,131 ---hs---- C:\WINDOWS\system32\lbaxkhju.ini
2007-11-12 19:08 . 2007-11-12 21:04 355 ---hs---- C:\WINDOWS\system32\ovabrdey.ini
2007-11-12 19:07 . 2007-11-12 19:08 584,416 ---hs---- C:\WINDOWS\system32\jkgqauih.ini
2007-11-12 09:51 . 2007-11-12 09:52 316,071 ---hs---- C:\WINDOWS\system32\sjkkewie.ini
2007-11-11 17:52 . 2007-11-11 17:52 589,327 ---hs---- C:\WINDOWS\system32\lwskutal.ini
2007-11-09 19:53 . 2007-11-12 19:08 679,426 ---hs---- C:\WINDOWS\system32\aqawuxvi.ini
2007-11-09 19:51 . 2007-11-09 19:51 582,820 ---hs---- C:\WINDOWS\system32\wcbwgxhj.ini
2007-11-09 19:20 . 2007-11-09 19:20 582,820 ---hs---- C:\WINDOWS\system32\jghpjwuq.ini
2007-11-09 19:20 . 2007-11-09 19:20 295 ---hs---- C:\WINDOWS\system32\xwfywgsy.ini
2007-11-09 19:19 . 2007-11-09 19:20 582,820 ---hs---- C:\WINDOWS\system32\nbeovpfy.ini
2007-11-09 08:41 . 2007-11-09 08:41 316,191 ---hs---- C:\WINDOWS\system32\umchuoib.ini
2007-11-09 08:40 . 2007-11-09 19:20 582,880 ---hs---- C:\WINDOWS\system32\aexryowc.ini
2007-11-09 08:40 . 2007-11-09 08:41 316,070 ---hs---- C:\WINDOWS\system32\lptjqqjy.ini
2007-11-08 21:04 . 2007-11-09 08:41 316,131 ---hs---- C:\WINDOWS\system32\mhvuelfa.ini
2007-11-08 21:03 . 2007-11-08 21:04 587,399 ---hs---- C:\WINDOWS\system32\lglpulnr.ini
2007-11-08 20:31 . 2007-11-08 21:03 316,191 ---hs---- C:\WINDOWS\system32\vtkllbdr.ini
2007-11-08 20:30 . 2007-11-08 20:31 569,861 ---hs---- C:\WINDOWS\system32\vigpubks.ini
2007-11-08 08:34 . 2007-11-08 08:34 569,842 ---hs---- C:\WINDOWS\system32\ulvvjyfi.ini
2007-11-08 08:34 . 2007-11-08 20:30 535 ---hs---- C:\WINDOWS\system32\ntkuliad.ini
2007-11-07 21:30 . 2007-11-08 08:33 355 ---hs---- C:\WINDOWS\system32\mtepmcap.ini
2007-11-07 21:29 . 2007-11-07 21:29 569,842 ---hs---- C:\WINDOWS\system32\ytwqlhbh.ini
2007-11-07 16:29 . 2007-11-11 17:52 541,037 ---hs---- C:\WINDOWS\system32\hdldqtcc.ini
2007-11-07 16:28 . 2007-11-07 16:28 295 ---hs---- C:\WINDOWS\system32\pyalrxws.ini
2007-11-07 10:43 . 2007-11-07 10:43 570,299 ---hs---- C:\WINDOWS\system32\efrcpcvh.tmp
2007-11-07 10:43 . 2007-11-07 10:43 570,299 ---hs---- C:\WINDOWS\system32\efrcpcvh.ini
2007-11-07 10:43 . 2007-11-07 11:09 316,098 ---hs---- C:\WINDOWS\system32\xircmloj.ini
2007-11-07 09:08 . 2007-11-07 09:09 294 ---hs---- C:\WINDOWS\system32\qspenrtc.ini
2007-11-06 17:32 . 2007-11-07 16:29 569,902 ---hs---- C:\WINDOWS\system32\ypkiyesb.ini
2007-11-06 17:30 . 2007-11-06 17:31 591,782 ---hs---- C:\WINDOWS\system32\ergwuhjs.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 10:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 03:40 --------- d-----w C:\Program Files\BFG
2007-11-28 03:02 --------- d-----w C:\Program Files\Dl_cats
2007-11-26 20:29 --------- d-----w C:\Documents and Settings\trey\Application Data\Yahoo!
2007-11-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-24 20:04 --------- d-----w C:\Program Files\Viewpoint
2007-11-24 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-24 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-24 20:00 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-15 06:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-11-03 21:18 142 ----a-w C:\Program Files\page.html
2007-11-03 01:55 --------- d-----w C:\Program Files\LimeWire
2007-10-19 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-11 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-11 00:57 --------- d-----w C:\Program Files\McAfee
2007-10-07 15:15 --------- d-----w C:\Documents and Settings\trey\Application Data\MySpace
2007-10-07 01:52 --------- d-----w C:\Program Files\MySpace
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 18:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 12:03]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 10:06]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
2Wire Wireless Client.lnk - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE [2006-02-23 17:04:14]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 01:22:40]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl]
opnkkkl.dll

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 03:28:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-24 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JACKSON-shavon).job "
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 20:24:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-05 20:26:27 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-02 21:25
.
--- E O F ---

taylorwn · 2007/12/05

"noahdfear said: ↑

Please check the following file for it's contents (open it with Word) or upload it to my submission channel and leave a link back to this topic.

C:\Program Files\page.html

Please veirfy that the contents of the following folder are belonging to Dell.

C:\Program Files\Dl_cats
Click to expand...

These files did not look familiar so I removed them, in fact they look suspicious.

noahdfear · 2007/12/05

Not done yet, but we're getting closer. Please upload the following file to my submission channel link above.

C:\WINDOWS\system32\MRT.INI

Delete the ComboFix.exe file you currently have and download an updated copy from here, saving it to your desktop.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\system32\aexryowc.ini
C:\WINDOWS\system32\aqawuxvi.ini
C:\WINDOWS\system32\bahjtptx.ini
C:\WINDOWS\system32\clqcbsti.ini
C:\WINDOWS\system32\cmqormrw.ini
C:\WINDOWS\system32\cphfsdbr.ini
C:\WINDOWS\system32\dobcvygc.ini
C:\WINDOWS\system32\dtuqfbgd.ini
C:\WINDOWS\system32\efrcpcvh.ini
C:\WINDOWS\system32\efrcpcvh.tmp
C:\WINDOWS\system32\ergwuhjs.ini
C:\WINDOWS\system32\exxeciop.ini
C:\WINDOWS\system32\ffwxpbuf.ini
C:\WINDOWS\system32\gakyvegu.ini
C:\WINDOWS\system32\gomjleuh.ini
C:\WINDOWS\system32\hacuaotf.ini
C:\WINDOWS\system32\hdldqtcc.ini
C:\WINDOWS\system32\iejklqky.ini
C:\WINDOWS\system32\jghpjwuq.ini
C:\WINDOWS\system32\jkgqauih.ini
C:\WINDOWS\system32\lbaxkhju.ini
C:\WINDOWS\system32\lglpulnr.ini
C:\WINDOWS\system32\lhtuapco.ini
C:\WINDOWS\system32\lptjqqjy.ini
C:\WINDOWS\system32\lwskutal.ini
C:\WINDOWS\system32\mhvuelfa.ini
C:\WINDOWS\system32\mtepmcap.ini
C:\WINDOWS\system32\nbeovpfy.ini
C:\WINDOWS\system32\ntkuliad.ini
C:\WINDOWS\system32\obqjchld.ini
C:\WINDOWS\system32\ovabrdey.ini
C:\WINDOWS\system32\ovnverib.ini
C:\WINDOWS\system32\psihvbqg.ini
C:\WINDOWS\system32\pyalrxws.ini
C:\WINDOWS\system32\qitaasvh.ini
C:\WINDOWS\system32\qphyenog.ini
C:\WINDOWS\system32\qspenrtc.ini
C:\WINDOWS\system32\qvgpchpm.ini
C:\WINDOWS\system32\sarmxrip.ini
C:\WINDOWS\system32\sibniysv.ini
C:\WINDOWS\system32\sjkkewie.ini
C:\WINDOWS\system32\tgkolxqp.ini
C:\WINDOWS\system32\ulvvjyfi.ini
C:\WINDOWS\system32\umchuoib.ini
C:\WINDOWS\system32\uuxsbywt.ini
C:\WINDOWS\system32\vigpubks.ini
C:\WINDOWS\system32\vmipfbqx.ini
C:\WINDOWS\system32\vtkllbdr.ini
C:\WINDOWS\system32\wcbwgxhj.ini
C:\WINDOWS\system32\whgenrwu.ini
C:\WINDOWS\system32\xcsumvby.ini
C:\WINDOWS\system32\xircmloj.ini
C:\WINDOWS\system32\xkpwwpgd.ini
C:\WINDOWS\system32\xnbhecwf.ini
C:\WINDOWS\system32\xwfywgsy.ini
C:\WINDOWS\system32\yetnfpgk.ini
C:\WINDOWS\system32\ypkiyesb.ini
C:\WINDOWS\system32\ytwqlhbh.ini
C:\WINDOWS\system32\yvcwkulk.ini
C:\WINDOWS\system32\opnkkkl.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

taylorwn · 2007/12/06

You are right, it is not done yet, I logged onto one of the other profiles and no CP and rights still restricted, yikes. Only this one account I am using is working right.

ComboFix 07-12-07.3 - ADMIN 2007-12-06 21:04:09.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT -7:00]
Running from: C:\Documents and Settings\ADMIN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ADMIN\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\aexryowc.ini
C:\WINDOWS\system32\aqawuxvi.ini
C:\WINDOWS\system32\bahjtptx.ini
C:\WINDOWS\system32\clqcbsti.ini
C:\WINDOWS\system32\cmqormrw.ini
C:\WINDOWS\system32\cphfsdbr.ini
C:\WINDOWS\system32\dobcvygc.ini
C:\WINDOWS\system32\dtuqfbgd.ini
C:\WINDOWS\system32\efrcpcvh.ini
C:\WINDOWS\system32\efrcpcvh.tmp
C:\WINDOWS\system32\ergwuhjs.ini
C:\WINDOWS\system32\exxeciop.ini
C:\WINDOWS\system32\ffwxpbuf.ini
C:\WINDOWS\system32\gakyvegu.ini
C:\WINDOWS\system32\gomjleuh.ini
C:\WINDOWS\system32\hacuaotf.ini
C:\WINDOWS\system32\hdldqtcc.ini
C:\WINDOWS\system32\iejklqky.ini
C:\WINDOWS\system32\jghpjwuq.ini
C:\WINDOWS\system32\jkgqauih.ini
C:\WINDOWS\system32\lbaxkhju.ini
C:\WINDOWS\system32\lglpulnr.ini
C:\WINDOWS\system32\lhtuapco.ini
C:\WINDOWS\system32\lptjqqjy.ini
C:\WINDOWS\system32\lwskutal.ini
C:\WINDOWS\system32\mhvuelfa.ini
C:\WINDOWS\system32\mtepmcap.ini
C:\WINDOWS\system32\nbeovpfy.ini
C:\WINDOWS\system32\ntkuliad.ini
C:\WINDOWS\system32\obqjchld.ini
C:\WINDOWS\system32\opnkkkl.dll
C:\WINDOWS\system32\ovabrdey.ini
C:\WINDOWS\system32\ovnverib.ini
C:\WINDOWS\system32\psihvbqg.ini
C:\WINDOWS\system32\pyalrxws.ini
C:\WINDOWS\system32\qitaasvh.ini
C:\WINDOWS\system32\qphyenog.ini
C:\WINDOWS\system32\qspenrtc.ini
C:\WINDOWS\system32\qvgpchpm.ini
C:\WINDOWS\system32\sarmxrip.ini
C:\WINDOWS\system32\sibniysv.ini
C:\WINDOWS\system32\sjkkewie.ini
C:\WINDOWS\system32\tgkolxqp.ini
C:\WINDOWS\system32\ulvvjyfi.ini
C:\WINDOWS\system32\umchuoib.ini
C:\WINDOWS\system32\uuxsbywt.ini
C:\WINDOWS\system32\vigpubks.ini
C:\WINDOWS\system32\vmipfbqx.ini
C:\WINDOWS\system32\vtkllbdr.ini
C:\WINDOWS\system32\wcbwgxhj.ini
C:\WINDOWS\system32\whgenrwu.ini
C:\WINDOWS\system32\xcsumvby.ini
C:\WINDOWS\system32\xircmloj.ini
C:\WINDOWS\system32\xkpwwpgd.ini
C:\WINDOWS\system32\xnbhecwf.ini
C:\WINDOWS\system32\xwfywgsy.ini
C:\WINDOWS\system32\yetnfpgk.ini
C:\WINDOWS\system32\ypkiyesb.ini
C:\WINDOWS\system32\ytwqlhbh.ini
C:\WINDOWS\system32\yvcwkulk.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\trey\Application Data\ultra
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\system32\aexryowc.ini
C:\WINDOWS\system32\aqawuxvi.ini
C:\WINDOWS\system32\bahjtptx.ini
C:\WINDOWS\system32\clqcbsti.ini
C:\WINDOWS\system32\cmqormrw.ini
C:\WINDOWS\system32\cphfsdbr.ini
C:\WINDOWS\system32\dobcvygc.ini
C:\WINDOWS\system32\dtuqfbgd.ini
C:\WINDOWS\system32\efrcpcvh.ini
C:\WINDOWS\system32\efrcpcvh.tmp
C:\WINDOWS\system32\ergwuhjs.ini
C:\WINDOWS\system32\exxeciop.ini
C:\WINDOWS\system32\ffwxpbuf.ini
C:\WINDOWS\system32\gakyvegu.ini
C:\WINDOWS\system32\gomjleuh.ini
C:\WINDOWS\system32\hacuaotf.ini
C:\WINDOWS\system32\hdldqtcc.ini
C:\WINDOWS\system32\iejklqky.ini
C:\WINDOWS\system32\jghpjwuq.ini
C:\WINDOWS\system32\jkgqauih.ini
C:\WINDOWS\system32\lbaxkhju.ini
C:\WINDOWS\system32\lglpulnr.ini
C:\WINDOWS\system32\lhtuapco.ini
C:\WINDOWS\system32\lptjqqjy.ini
C:\WINDOWS\system32\lwskutal.ini
C:\WINDOWS\system32\mhvuelfa.ini
C:\WINDOWS\system32\mtepmcap.ini
C:\WINDOWS\system32\nbeovpfy.ini
C:\WINDOWS\system32\ntkuliad.ini
C:\WINDOWS\system32\obqjchld.ini
C:\WINDOWS\system32\ovabrdey.ini
C:\WINDOWS\system32\ovnverib.ini
C:\WINDOWS\system32\psihvbqg.ini
C:\WINDOWS\system32\pyalrxws.ini
C:\WINDOWS\system32\qitaasvh.ini
C:\WINDOWS\system32\qphyenog.ini
C:\WINDOWS\system32\qspenrtc.ini
C:\WINDOWS\system32\qvgpchpm.ini
C:\WINDOWS\system32\sarmxrip.ini
C:\WINDOWS\system32\sibniysv.ini
C:\WINDOWS\system32\sjkkewie.ini
C:\WINDOWS\system32\tgkolxqp.ini
C:\WINDOWS\system32\ulvvjyfi.ini
C:\WINDOWS\system32\umchuoib.ini
C:\WINDOWS\system32\uuxsbywt.ini
C:\WINDOWS\system32\vigpubks.ini
C:\WINDOWS\system32\vmipfbqx.ini
C:\WINDOWS\system32\vtkllbdr.ini
C:\WINDOWS\system32\wcbwgxhj.ini
C:\WINDOWS\system32\whgenrwu.ini
C:\WINDOWS\system32\xcsumvby.ini
C:\WINDOWS\system32\xircmloj.ini
C:\WINDOWS\system32\xkpwwpgd.ini
C:\WINDOWS\system32\xnbhecwf.ini
C:\WINDOWS\system32\xwfywgsy.ini
C:\WINDOWS\system32\yetnfpgk.ini
C:\WINDOWS\system32\ypkiyesb.ini
C:\WINDOWS\system32\ytwqlhbh.ini
C:\WINDOWS\system32\yvcwkulk.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-05 20:48 . 2007-12-05 20:48 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-03 17:02 . 2007-12-06 17:09 512 --a------ C:\WINDOWS\randseed.rnd
2007-12-02 20:27 . 2007-12-02 20:32 1,372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 14:53 . 2007-12-02 14:53 <DIR> d-------- C:\Deckard
2007-12-02 14:46 . 2007-12-02 14:46 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 19:30 . 2007-12-02 21:28 <DIR> d-------- C:\HJT
2007-11-28 20:48 . 2007-11-28 20:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-27 21:28 . 2007-12-02 00:05 <DIR> d-------- C:\quarantine
2007-11-27 21:23 . 2007-12-05 20:34 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 21:05 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 21:05 . 2005-01-14 20:00 108,480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-11-27 21:05 . 2005-01-14 20:00 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-11-27 21:01 . 2007-11-27 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 21:00 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Network Associates
2007-11-27 21:00 . 2007-11-27 21:01 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 20:02 . 2007-12-02 21:37 <DIR> d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 20:00 . 2006-02-15 09:48 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-27 14:24 . 2007-11-27 14:39 780,396 ---hs---- C:\WINDOWS\system32\capafgjm.ini
2007-11-26 14:57 . 2007-11-26 15:05 20,944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-24 20:04 . 2007-11-24 20:04 <DIR> d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 13:02 . 2007-11-24 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 12:59 . 2007-11-24 13:06 <DIR> d-------- C:\Program Files\AIM6
2007-11-16 21:33 . 2007-11-16 21:33 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-14 19:02 . 2007-11-14 19:02 <DIR> d-------- C:\Documents and Settings\trey\Application Data\Sonic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 10:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 03:40 --------- d-----w C:\Program Files\BFG
2007-11-26 20:29 --------- d-----w C:\Documents and Settings\trey\Application Data\Yahoo!
2007-11-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-24 20:04 --------- d-----w C:\Program Files\Viewpoint
2007-11-24 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-24 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-24 20:00 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-15 06:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-11-03 01:55 --------- d-----w C:\Program Files\LimeWire
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-22 18:03 7,728 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-19 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-11 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-11 00:57 --------- d-----w C:\Program Files\McAfee
2007-10-07 15:15 --------- d-----w C:\Documents and Settings\trey\Application Data\MySpace
2007-10-07 01:52 --------- d-----w C:\Program Files\MySpace
.

((((((((((((((((((((((((((((( snapshot@2007-12-02_21.24.29.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-06-19 22:19:42 571,184 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 21:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2006-09-25 23:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 21:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 18:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 12:03]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 10:06]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl]
opnkkkl.dll

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 03:28:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-24 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JACKSON-shavon).job "
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 21:07:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-06 21:09:29
C:\ComboFix2.txt ... 2007-12-05 20:26
C:\ComboFix3.txt ... 2007-12-02 21:25
.
--- E O F ---

noahdfear · 2007/12/06

Please close all open applications, reset the system date to Oct 6, 2007 then run a new dss scan. Set the date back to current and post the log please.

taylorwn · 2007/12/07

New DSS scan

Deckard's System Scanner v20071014.68
Run by ADMIN on 2007-10-06 21:05:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as ADMIN.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:59 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ADMIN\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\ADMIN.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Sen] "C:\DOCUME~1\shavon\MYDOCU~1\ECURIT~1\iexplore.exe" -vt yazb (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Nrsbg] "C:\Documents and Settings\shavon\Application Data\s?stem32\?ttrib.exe" (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [WinTouch] C:\Documents and Settings\shavon\Application Data\WinTouch\WinTouch.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [SfKg6w] C:\Documents and Settings\shavon\Application Data\Microsoft\Windows\rayiou.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Words] C:\Program Files\Words\Words.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe" (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe" (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Insider] C:\Program Files\Insider\Insider.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - Winlogon Notify: opnkkkl - opnkkkl.dll (file missing)
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10916 bytes

-- Files created between 2007-09-06 and 2007-10-06 -----------------------------

2007-12-05 21:48:21 0 d-------- C:\WINDOWS\LastGood
2007-12-05 21:06:14 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Macromedia
2007-12-02 21:27:22 1372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 15:46:13 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 20:30:14 0 d-------- C:\HJT
2007-11-28 22:26:23 0 d-------- C:\Documents and Settings\shavon\Application Data\Lavasoft
2007-11-28 21:51:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-28 21:48:32 0 d-------- C:\Program Files\Lavasoft
2007-11-27 22:28:04 0 d-------- C:\quarantine
2007-11-27 22:23:19 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 22:05:48 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 22:05:25 58464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 22:05:24 108480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 22:01:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 22:00:13 0 d-------- C:\Program Files\Network Associates
2007-11-27 22:00:13 0 d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 21:16:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-27 21:16:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2007-11-27 21:16:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-11-27 21:16:13 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-27 21:16:13 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-27 21:16:13 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-27 21:16:13 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-27 21:16:13 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-27 21:16:13 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-27 21:16:13 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-27 21:16:13 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-27 21:16:13 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-27 21:16:13 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-27 21:16:13 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-27 21:16:13 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-27 21:16:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-27 21:16:13 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-27 21:16:12 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-27 21:02:44 0 d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 21:00:55 0 dr------- C:\Documents and Settings\ADMIN\Favorites
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Desktop
2007-11-27 21:00:55 0 d--hs---- C:\Documents and Settings\ADMIN\Cookies
2007-11-27 21:00:55 0 dr-h----- C:\Documents and Settings\ADMIN\Application Data
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Sun
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Identities
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Google
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Templates
2007-11-27 21:00:54 0 dr------- C:\Documents and Settings\ADMIN\Start Menu
2007-11-27 21:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\SendTo
2007-11-27 21:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\Recent
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\PrintHood
2007-11-27 21:00:54 1572864 --ah----- C:\Documents and Settings\ADMIN\NTUSER.DAT
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\NetHood
2007-11-27 21:00:54 0 dr------- C:\Documents and Settings\ADMIN\My Documents
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Local Settings
2007-11-27 15:31:08 0 d-------- C:\Documents and Settings\carrie\Application Data\Ultimate Cleaner
2007-11-27 15:24:44 0 d-------- C:\Documents and Settings\carrie\Application Data\Zango
2007-11-26 15:57:39 20944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-24 21:04:07 0 d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 19:03:56 0 d-------- C:\Documents and Settings\shavon\Application Data\acccore
2007-11-24 14:02:05 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 13:59:15 0 d-------- C:\Program Files\AIM6
2007-11-22 11:36:52 20944 --a------ C:\Documents and Settings\shavon\Application Data\info.dat
2007-11-20 14:06:04 0 d-------- C:\Documents and Settings\shavon\Application Data\Ultimate Cleaner
2007-11-19 20:51:48 0 d-------- C:\Documents and Settings\shavon\Application Data\ultra
2007-11-15 00:46:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-11-15 00:42:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Sun
2007-11-14 20:02:00 0 d-------- C:\Documents and Settings\trey\Application Data\Sonic
2007-11-07 00:49:37 0 d-------- C:\Documents and Settings\shavon\Application Data\Zango
2007-10-18 15:24:42 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-10-18 15:00:41 0 d-------- C:\Documents and Settings\carrie\Application Data\DriveCleaner Freeware
2007-10-15 15:17:31 0 d-------- C:\Documents and Settings\shavon\Application Data\DriveCleaner Freeware
2007-10-15 03:55:37 0 d-------- C:\WINDOWS\zmki
2007-10-15 03:15:18 0 d-------- C:\Documents and Settings\shavon\Application Data\WinTouch
2007-10-13 19:05:03 0 d-------- C:\Documents and Settings\shavon\Application Data\WinAntiSpyware 2007
2007-10-11 20:37:40 0 d-------- C:\Documents and Settings\carrie\Application Data\WinAntiSpyware 2007
2007-10-10 20:54:51 0 d-------- C:\Documents and Settings\shavon\Application Data\s?stem32
2007-10-07 09:15:03 0 d-------- C:\Documents and Settings\trey\Application Data\MySpace
2007-09-30 14:40:15 0 d-------- C:\Documents and Settings\carrie\Application Data\Error Safe
2007-09-07 11:54:56 0 d-------- C:\Documents and Settings\carrie\Application Data\Error Safe Free
2007-09-07 11:48:54 87760 --a------ C:\Documents and Settings\carrie\Application Data\errorsafenewreleaseinstall[1].exe

-- Find3M Report ---------------------------------------------------------------

2007-12-05 21:19:46 0 d-a------ C:\Program Files\Common Files
2007-12-03 04:01:05 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-28 22:50:25 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-28 21:40:45 0 d-------- C:\Program Files\BFG
2007-11-24 14:04:00 0 d-------- C:\Program Files\Viewpoint
2007-11-24 14:00:05 0 d-------- C:\Program Files\Common Files\AOL
2007-11-02 19:55:05 0 d-------- C:\Program Files\LimeWire
2007-10-22 12:03:54 7728 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-22 12:03:53 152 -r-hs---- C:\WINDOWS\system32\C4A95FEE05.sys
2007-10-10 18:57:40 0 d-------- C:\Program Files\McAfee
2007-10-06 19:52:54 0 d-------- C:\Program Files\MySpace
2007-09-25 09:32:20 0 d-------- C:\Program Files\Yahoo!
2007-08-21 10:46:03 0 d-------- C:\Program Files\Nick Arcade
2007-08-15 23:04:32 75328 --a------ C:\WINDOWS\system32\tqfettwp.exe
2007-08-15 23:02:06 75328 --a------ C:\WINDOWS\system32\aacqcycx.exe <Not Verified; ; DDC>
2007-08-14 23:02:35 75328 --a------ C:\WINDOWS\system32\owoylscl.exe
2007-08-14 23:02:00 75328 --a------ C:\WINDOWS\system32\akqvxueo.exe <Not Verified; ; DDC>
2007-08-14 23:01:53 75328 --a------ C:\WINDOWS\system32\hoctphvc.exe <Not Verified; ; DDC>
2007-08-13 23:01:19 75328 --a------ C:\WINDOWS\system32\uyepujpo.exe <Not Verified; ; DDC>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 01:02 AM]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [07/22/2005 01:03 PM]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 11:06 AM]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 09:00 PM]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 04:50 AM]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 10:48 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/19/2007 07:16 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl]
opnkkkl.dll

-- End of Deckard's System Scanner: finished at 2007-10-06 21:06:31 ------------

noahdfear · 2007/12/07

Please logon to the same account from which you ran the dss scan and run the following script (Administrator account?).

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
C:\Documents and Settings\shavon\Application Data\Microsoft\Windows\rayiou.exe
C:\Documents and Settings\carrie\Application Data\errorsafenewreleaseinstall[1].exe
C:\WINDOWS\system32\tqfettwp.exe
C:\WINDOWS\system32\aacqcycx.exe
C:\WINDOWS\system32\owoylscl.exe
C:\WINDOWS\system32\akqvxueo.exe
C:\WINDOWS\system32\hoctphvc.exe
C:\WINDOWS\system32\uyepujpo.exe
Rootkit::
C:\WINDOWS\system32\opnkkkl.dll
Folder::
C:\Documents and Settings\carrie\Application Data\Ultimate Cleaner
C:\Documents and Settings\carrie\Application Data\Zango
C:\Documents and Settings\shavon\Application Data\Ultimate Cleaner
C:\Documents and Settings\shavon\Application Data\ultra
C:\Documents and Settings\carrie\Application Data\DriveCleaner Freeware
C:\Documents and Settings\shavon\Application Data\DriveCleaner Freeware
C:\WINDOWS\zmki
C:\Documents and Settings\shavon\Application Data\WinTouch
C:\Documents and Settings\shavon\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\carrie\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\shavon\Application Data\s?stem32
C:\Documents and Settings\carrie\Application Data\Error Safe
C:\Documents and Settings\carrie\Application Data\Error Safe Free
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl] 
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Post a HijackThis log from the same account as well. I would also like to see a new dss log with the system date set to 8-15-07

**Make sure you set the proper date as soon as the dss scan is finished.

We will need a HijackThis log from the shavon account too.

taylorwn · 2007/12/08

I ran scan twice because I forgot to change the date

Hope this does not ***** up things, I forgot to change the date and ran the scan. Then I change it and ran it again. Let me no if you want me to post the other scan. I will post a HJT scan log from Shavon account in second post. That is the account (Friends Daughter's account) that all this **** started from.

Deckard's System Scanner v20071014.68
Run by ADMIN on 2007-08-07 08:48:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as ADMIN.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:34 AM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ADMIN\Desktop\dss.exe
C:\HJT\ADMIN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Sen] "C:\DOCUME~1\shavon\MYDOCU~1\ECURIT~1\iexplore.exe" -vt yazb (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Nrsbg] "C:\Documents and Settings\shavon\Application Data\s?stem32\?ttrib.exe" (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [WinTouch] C:\Documents and Settings\shavon\Application Data\WinTouch\WinTouch.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [SfKg6w] C:\Documents and Settings\shavon\Application Data\Microsoft\Windows\rayiou.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Words] C:\Program Files\Words\Words.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe" (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe" (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Insider] C:\Program Files\Insider\Insider.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide (User 'shavon')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'shavon')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - Winlogon Notify: opnkkkl - opnkkkl.dll (file missing)
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10689 bytes

-- Files created between 2007-07-07 and 2007-08-07 -----------------------------

2007-12-05 21:48:21 0 d-------- C:\WINDOWS\LastGood
2007-12-05 21:06:14 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Macromedia
2007-12-02 21:27:22 1372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 15:46:13 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 20:30:14 0 d-------- C:\HJT
2007-11-28 21:48:32 0 d-------- C:\Program Files\Lavasoft
2007-11-27 22:28:04 0 d-------- C:\quarantine
2007-11-27 22:23:19 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 22:05:48 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 22:05:25 58464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 22:05:24 108480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 22:01:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 22:00:13 0 d-------- C:\Program Files\Network Associates
2007-11-27 22:00:13 0 d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 21:02:44 0 d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 21:00:55 0 dr------- C:\Documents and Settings\ADMIN\Favorites
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Desktop
2007-11-27 21:00:55 0 d--hs---- C:\Documents and Settings\ADMIN\Cookies
2007-11-27 21:00:55 0 dr-h----- C:\Documents and Settings\ADMIN\Application Data
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Sun
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Identities
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Google
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Templates
2007-11-27 21:00:54 0 dr------- C:\Documents and Settings\ADMIN\Start Menu
2007-11-27 21:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\SendTo
2007-11-27 21:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\Recent
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\PrintHood
2007-11-27 21:00:54 1572864 --ah----- C:\Documents and Settings\ADMIN\NTUSER.DAT
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\NetHood
2007-11-27 21:00:54 0 dr------- C:\Documents and Settings\ADMIN\My Documents
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Local Settings
2007-11-26 15:57:39 20944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-24 21:04:07 0 d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 14:02:05 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 13:59:15 0 d-------- C:\Program Files\AIM6
2007-11-15 00:46:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-11-15 00:42:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Sun
2007-11-14 20:02:00 0 d-------- C:\Documents and Settings\trey\Application Data\Sonic
2007-10-18 15:24:42 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-10-15 03:55:37 0 d-------- C:\WINDOWS\zmki
2007-10-07 09:15:03 0 d-------- C:\Documents and Settings\trey\Application Data\MySpace
2007-08-22 14:27:22 0 d-------- C:\Program Files\LimeWire
2007-08-15 23:04:32 75328 --a------ C:\WINDOWS\system32\tqfettwp.exe
2007-08-15 23:02:06 75328 --a------ C:\WINDOWS\system32\aacqcycx.exe <Not Verified; ; DDC>
2007-08-14 23:02:35 75328 --a------ C:\WINDOWS\system32\owoylscl.exe
2007-08-14 23:02:00 75328 --a------ C:\WINDOWS\system32\akqvxueo.exe <Not Verified; ; DDC>
2007-08-14 23:01:53 75328 --a------ C:\WINDOWS\system32\hoctphvc.exe <Not Verified; ; DDC>
2007-08-13 23:01:19 75328 --a------ C:\WINDOWS\system32\uyepujpo.exe <Not Verified; ; DDC>
2007-08-03 20:22:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-08-03 20:18:50 0 d-------- C:\WINDOWS\system32\LogFiles
2007-08-03 20:18:50 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-28 21:20:24 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-07-28 21:18:50 0 d-------- C:\Program Files\Nick Arcade
2007-07-13 00:24:14 0 d-------- C:\0857d8cea1cd281987

-- Find3M Report ---------------------------------------------------------------

2007-12-05 21:19:46 0 d-a------ C:\Program Files\Common Files
2007-12-03 04:01:05 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-28 22:50:25 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-28 21:40:45 0 d-------- C:\Program Files\BFG
2007-11-24 14:04:00 0 d-------- C:\Program Files\Viewpoint
2007-11-24 14:00:05 0 d-------- C:\Program Files\Common Files\AOL
2007-10-22 12:03:54 7728 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-22 12:03:53 152 -r-hs---- C:\WINDOWS\system32\C4A95FEE05.sys
2007-10-10 18:57:40 0 d-------- C:\Program Files\McAfee
2007-10-06 19:52:54 0 d-------- C:\Program Files\MySpace
2007-09-25 09:32:20 0 d-------- C:\Program Files\Yahoo!
2007-05-08 15:03:04 1275392 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 01:02 AM]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [07/22/2005 01:03 PM]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 11:06 AM]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 09:00 PM]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 04:50 AM]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 10:48 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/19/2007 07:16 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl]
opnkkkl.dll

-- End of Deckard's System Scanner: finished at 2007-08-07 08:49:09 ------------

taylorwn · 2007/12/08

Shavon's HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:01 AM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AIM6\aim6.exe
C:\HJT\HijackThis.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\shavon\MYDOCU~1\ECURIT~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Nrsbg] "C:\Documents and Settings\shavon\Application Data\s?stem32\?ttrib.exe "
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\shavon\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\shavon\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe "
O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe "
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - Winlogon Notify: opnkkkl - opnkkkl.dll (file missing)
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\dirtojuxo.html

--
End of file - 10018 bytes

Log in or Sign up

[Me Too] XP Pro Hacked: Lost Admin rights on User Account!

taylorwn Inactive Thread Starter

PeteC SuperGeek Staff

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

Share This Page

Log in or Sign up

[Me Too] XP Pro Hacked: Lost Admin rights on User Account!

taylorwn Inactive Thread Starter

PeteC SuperGeek Staff

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

Share This Page

Useful Searches