Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Solution Center

Free IT eBook

Howtos

Site Search

Message Find

RSS Feeds

Install Guides

Data Recovery

About

Home
Reply to Message Icon Go to Main Page Icon

Subject: Ultimate defender

Original Message
Name: Ark
Date: November 25, 2007 at 20:05:12 Pacific
Subject: Ultimate defender
OS: Windows XP
CPU/Ram: Intel Core 2 duo T7100 1.
Model/Manufacturer: Dell Vostro 1500
Comment:
I have a little icon on my taskbar that looks like a red circle... when i put my mouse over it, it says "Ultimate defender installer" and also I get the security center ballon pop up a lot and says i have trojan and other security risk and that i should click it to resolve them... but when i click it, it goes to the "personal security center" with stuff like ultimate defender and ultimate cleaner. I learned that Ultimate defender was bad... how do i get rid of it and stop it from starting up everytime i open my computer?



Report Offensive Message For Removal

Response Number 1
Name: jabuck
Date: November 25, 2007 at 20:20:33 Pacific
Subject: Ultimate defender
Reply: (edit)
Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.

!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!


Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


Report Offensive Follow Up For Removal

Response Number 2
Name: Rudychetboun
Date: December 7, 2007 at 08:16:37 Pacific
Subject: Ultimate defender
Reply: (edit)
hi i did everything you said to do but when it came to the part of "8. Paste the log in your next reply." i didn't really understand could you help me please

Report Offensive Follow Up For Removal

Response Number 3
Name: jabuck
Date: December 7, 2007 at 14:15:06 Pacific
Subject: Ultimate defender
Reply: (edit)
Once you do step 7, go to this thread, scroll down to the bottom of the page to the comments box, click the inside upper left corner of the box so that your cursor appers> click edit> paste.

Next click "submit follow-up" then click "confirm post".


Report Offensive Follow Up For Removal

Response Number 4
Name: Rudychetboun
Date: December 10, 2007 at 05:44:26 Pacific
Subject: Ultimate defender
Reply: (edit)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:32 AM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinZix\wakeservice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\DOCUME~1\Sophia\APPLIC~1\DOBE~1\wuauboot.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\DOCUME~1\Sophia\LOCALS~1\Temp\sysmon.exe
C:\DOCUME~1\Sophia\LOCALS~1\Temp\sv16.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Sophia\LOCALS~1\Temp\host16.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dells...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ahsan_Manan_Khan_Bhutta * Internet Explorer *
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3899C759-0AE9-1033-1008-050412200001}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [lbp08605] RUNDLL32.EXE w0491569.dll,n 006085ff0000000a0491569
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e33.exe
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Sophia\LOCALS~1\Temp\{2C38BED4-2E15-47A2-BC23-0AFA48AEB250}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [winlogon] C:\DOCUME~1\Sophia\LOCALS~1\Temp\winlogon.exe
O4 - HKLM\..\Run: [Windows Zero Driver] wncmgr.exe
O4 - HKLM\..\Run: [zqtmngpa] rundll32.exe "C:\Program Files\zqtmngpa\zkvufynw.dll",Init
O4 - HKLM\..\Run: [azwzgfor] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\azwzgfor.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [axis love poll lite] C:\Documents and Settings\All Users\Application Data\each new axis love\Junk Dale.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Qqboqfr] C:\Documents and Settings\Sophia\My Documents\?ystem\??erinit.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WinZix Service] C:\Program Files\WinZix\wakeservice.exe
O4 - HKCU\..\Run: [remotestart] C:\DOCUME~1\Sophia\APPLIC~1\BINDTE~1\bore creative.exe
O4 - HKCU\..\Run: [Tair] "C:\DOCUME~1\Sophia\APPLIC~1\DOBE~1\wuauboot.exe" -vt yazb
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Policies\Explorer\Run: [{D899C759-0AE9-1033-1008-050412200001}] "C:\Program Files\Common Files\{D899C759-0AE9-1033-1008-050412200001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6672A39F-52DB-4127-A475-E9ED7F91FB81}: NameServer = 67.69.184.87,67.69.184.236
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\iskhljjb.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://creative.gettyimages.com/en-...
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Sophia/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 13300 bytes


Report Offensive Follow Up For Removal

Response Number 5
Name: jabuck
Date: December 11, 2007 at 03:44:01 Pacific
Subject: Ultimate defender
Reply: (edit)

Temporarily disable any of the following anti-spyware realtime protection programs that you may have Disable Realtime Protection or the fixes will not work. Be sure to turn yout anti-spyware programs back on once the computer is clean.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces and a new Hijack This log.


Report Offensive Follow Up For Removal

Response Number 6
Name: Rudychetboun
Date: December 13, 2007 at 14:26:07 Pacific
Subject: Ultimate defender
Reply: (edit)
ComboFix 07-12-12.3 - Sophia 2007-12-13 16:55:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT -6:00]
Running from: C:\Documents and Settings\Sophia\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\qdmzopqx.dll
C:\Documents and Settings\Sophia\Application Data\DOBE~1
C:\Documents and Settings\Sophia\Application Data\DOBE~1\?dobe\
C:\Documents and Settings\Sophia\Application Data\Dxccwrd.dll
C:\Documents and Settings\Sophia\Application Data\Dxcdmns.dll
C:\Documents and Settings\Sophia\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Sophia\Application Data\Dxcuknwrd.dll
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\#SharedObjects\B4CJ755B\iforex.com
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\#SharedObjects\B4CJ755B\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Sophia\g2mdlhlpx.exe
C:\Documents and Settings\Sophia\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Sophia\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Sophia\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\{3899C~1
C:\Program Files\Common Files\{D899C~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0000
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0001
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0002
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0003
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0004
C:\Program Files\deluxecommunications
C:\Program Files\deskbar
C:\Program Files\Jnplflvp
C:\Program Files\Jnplflvp\jdoqiolc.dll
C:\Program Files\Ncfgzqes
C:\Program Files\Ncfgzqes\abpgygok.dll
C:\Program Files\Nulogqcg
C:\Program Files\Nulogqcg\kwarzedv.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\SecCenter
C:\Program Files\zqtmngpa
C:\Program Files\zqtmngpa\zkvufynw.dll
C:\WINDOWS\appatc~1
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cbfttuuo.dll
C:\WINDOWS\system32\cbounyeq.dll
C:\WINDOWS\system32\cbxvtsq.dll
C:\WINDOWS\system32\cbxxxwt.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\hggggge.dll
C:\WINDOWS\system32\ikxfvqtb.dll
C:\WINDOWS\system32\lhmmsecg.dll
C:\WINDOWS\system32\mfitddfy.dll
C:\WINDOWS\system32\thrjdsbs.dll
C:\WINDOWS\system32\tlpmvxtt.dll
C:\WINDOWS\system32\vofokoog.dll
C:\WINDOWS\system32\wcpsvit.exe
C:\WINDOWS\system32\winzdn32.dll
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\xhriyuxh.dll
C:\WINDOWS\system32\xoswpefk.dll
C:\WINDOWS\system32\xxyawwt.dll
C:\WINDOWS\system32\xxyywwx.dll
C:\WINDOWS\system32\ybadd.bak2
C:\WINDOWS\system32\ybadd.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-12 21:13 . 2007-12-12 21:14 <DIR> d-------- C:\WINDOWS\system32\juvprpba
2007-12-11 17:46 . 2007-12-12 09:15 <DIR> d-------- C:\WINDOWS\system32\hlvbfwoq
2007-12-11 10:37 . 2007-12-11 10:37 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-11 10:37 . 2007-12-11 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-11 10:35 . 2007-12-11 10:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-11 10:17 . 2007-12-11 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-10 16:45 . 2007-12-10 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-10 11:14 . 2007-12-11 13:10 <DIR> d-------- C:\divx
2007-12-10 09:47 . 2007-12-13 17:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-10 09:47 . 2007-12-10 09:47 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-10 09:44 . 2007-12-10 10:28 <DIR> d-------- C:\Documents and Settings\Sophia\Application Data\Apple Computer
2007-12-10 09:42 . 2007-12-10 09:42 <DIR> d-------- C:\Program Files\iPod
2007-12-10 09:41 . 2007-12-10 09:43 <DIR> d-------- C:\Program Files\iTunes
2007-12-10 09:37 . 2007-12-10 09:40 <DIR> d-------- C:\Program Files\QuickTime
2007-12-10 09:37 . 2007-12-10 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 09:35 . 2007-12-10 09:35 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-10 09:33 . 2007-12-10 09:33 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-10 09:33 . 2007-12-10 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-10 08:35 . 2007-12-10 08:36 787,804 --ahs---- C:\WINDOWS\system32\byrwvcwt.ini
2007-12-08 00:09 . 2007-12-08 00:09 <DIR> d-------- C:\Program Files\Bindtestbyte
2007-12-07 14:54 . 2007-12-10 10:28 <DIR> d-------- C:\Program Files\Blaze Media Pro
2007-12-07 11:02 . 2007-12-10 08:36 841,488 --ahs---- C:\WINDOWS\system32\kjuuebgj.ini
2007-12-07 10:40 . 2007-12-07 10:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-06 19:05 . 2007-12-06 19:05 <DIR> d-------- C:\Program Files\VideoEdit Mobile ActiveX Control
2007-12-06 12:11 . 2007-12-06 15:10 <DIR> d-------- C:\Program Files\Lonely Cat Games
2007-12-06 10:52 . 2007-12-07 11:00 842,387 --ahs---- C:\WINDOWS\system32\ecmqrpno.ini
2007-12-06 10:19 . 2007-12-10 08:41 10,240 --a------ C:\Program Files\spoolsv.exe
2007-12-06 10:17 . 2007-12-10 17:50 <DIR> d-------- C:\WINDOWS\system32\nuinopsd
2007-12-05 17:56 . 2007-12-06 12:09 <DIR> d-------- C:\Program Files\Smart Movie Converter 3 45
2007-12-05 16:20 . 2007-12-05 16:20 <DIR> d-------- C:\Documents and Settings\Sophia\Application Data\Nokia Multimedia Player
2007-12-05 16:14 . 2007-12-05 16:37 <DIR> d-------- C:\Videos
2007-12-05 15:52 . 2007-12-05 15:52 <DIR> d-------- C:\Program Files\Makayama.com
2007-12-05 15:52 . 2004-03-08 17:00 416,528 --a------ C:\WINDOWS\system32\COMCT332.OCX
2007-12-05 15:52 . 2004-11-01 05:38 57,344 --a------ C:\WINDOWS\system32\XButton.ocx
2007-12-05 09:50 . 2007-12-06 10:41 774,496 --ahs---- C:\WINDOWS\system32\avrmrfbw.ini
2007-12-04 11:19 . 2007-12-04 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2007-12-04 10:41 . 2007-12-05 09:32 792,662 --ahs---- C:\WINDOWS\system32\oydfthuu.ini
2007-12-03 19:33 . 2007-12-03 19:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-03 19:33 . 2007-12-03 19:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-03 19:33 . 2007-12-03 19:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-03 19:33 . 2007-12-03 19:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-03 19:33 . 2007-12-03 19:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2007-12-03 12:04 . 2007-12-04 11:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-03 11:56 . 2007-12-05 09:35 <DIR> d-------- C:\Documents and Settings\Sophia\Application Data\Nokia
2007-12-03 11:48 . 2007-12-03 11:49 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-03 11:48 . 2007-12-04 11:18 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-12-03 11:46 . 2007-12-03 11:46 <DIR> d-------- C:\Program Files\DIFX
2007-12-03 11:45 . 2007-12-04 11:23 <DIR> d-------- C:\Documents and Settings\Sophia\Application Data\PC Suite
2007-12-03 11:43 . 2007-12-03 11:44 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-03 11:41 . 2007-12-03 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-12-03 11:02 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-12-03 11:01 . 2007-12-04 11:18 <DIR> d-------- C:\Program Files\Nokia
2007-12-03 11:01 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-12-03 11:01 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-03 11:01 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-03 11:01 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-12-03 11:01 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-12-03 10:17 . 2007-12-04 10:36 803,257 --ahs---- C:\WINDOWS\system32\ojvbcrjf.ini
2007-12-02 10:10 . 2007-12-03 10:10 792,462 --ahs---- C:\WINDOWS\system32\haspwwwy.ini
2007-11-29 16:30 . 2007-11-29 16:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 16:30 . 2007-11-29 16:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 16:30 . 2007-11-29 16:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 16:30 . 2007-11-29 16:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 16:30 . 2007-11-29 16:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 16:28 . 2007-11-29 16:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 16:28 . 2007-11-29 16:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 16:28 . 2007-11-29 16:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 16:28 . 2007-11-29 16:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 15:55 . 2007-11-28 15:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 15:53 . 2007-11-28 15:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 15:53 . 2007-11-28 15:53 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-11-28 15:53 . 2007-11-28 15:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 15:53 . 2007-11-28 15:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 15:53 . 2007-11-28 15:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 15:53 . 2007-11-28 15:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 15:53 . 2007-11-28 15:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 15:52 . 2007-11-28 15:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-28 14:11 . 2007-11-28 14:17 <DIR> d-------- C:\Program Files\CdCoverCreator
2007-11-28 12:25 . 2007-11-28 13:09 <DIR> d-------- C:\Program Files\DVDCoverPrint
2007-11-23 17:39 . 2007-12-08 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\each new axis love
2007-11-23 17:38 . 2007-12-11 11:21 <DIR> d-------- C:\Program Files\WinZix
2007-11-23 17:38 . 2007-12-08 00:10 <DIR> d-------- C:\Documents and Settings\Sophia\Application Data\Bindtestbyte
2007-11-23 16:15 . 2007-11-23 16:15 <DIR> d-------- C:\Program Files\DomPlayer
2007-11-19 05:25 . 2007-10-17 05:24 2,526,800 --a------ C:\WINDOWS\Install_B4Playing.exe
2007-11-19 05:25 . 2007-10-17 05:22 842,148 --a------ C:\WINDOWS\B4Playing Bonus Guide.pdf
2007-11-19 05:25 . 2007-11-18 07:32 112 --a------ C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-14 15:06 . 2007-11-14 15:06 30,728 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-11-14 15:04 . 2007-11-14 15:04 27,656 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-11-14 15:03 . 2007-11-14 15:03 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-11-14 13:39 . 2007-11-14 13:39 <DIR> d-------- C:\WINDOWS\ASTULogTemp
2007-11-14 13:39 . 2007-11-14 14:03 28,023 --a------ C:\WINDOWS\system32\ASTULog.cab
2007-11-14 13:39 . 2007-11-14 14:03 1,047 --a------ C:\WINDOWS\system32\setup.inf
2007-11-14 13:39 . 2007-11-14 14:03 283 --a------ C:\WINDOWS\system32\setup.rpt
2007-11-14 12:53 . 2005-10-20 19:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-11-14 12:53 . 2005-10-20 19:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 17:19 --------- d-----w C:\Program Files\AdwareAlert
2007-12-10 17:09 --------- d-----w C:\Program Files\DivX
2007-11-30 19:19 --------- d-----w C:\Program Files\Picasa2
2007-11-30 19:19 --------- d-----w C:\Program Files\MSN Messenger
2007-11-30 19:17 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-30 19:15 --------- d-----w C:\Program Files\DellSupport
2007-11-30 19:14 --------- d-----w C:\Program Files\AOL 9.0
2007-11-28 19:12 --------- d-----w C:\Program Files\NCH Swift Sound
2007-11-28 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-05 22:43 --------- d-----w C:\Documents and Settings\Guest\Application Data\Gtek
2007-10-29 18:31 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-19 16:28 --------- d-----w C:\Documents and Settings\Sophia\Application Data\DivX
2007-10-13 14:16 --------- d-----w C:\Program Files\Xilisoft
2007-08-02 21:09 104 ----a-w C:\Program Files\My Bluetooth Places.lnk
2007-05-14 14:30 24,192 ----a-w C:\Documents and Settings\Sophia\usbsermptxp.sys
2007-05-14 14:30 22,768 ----a-w C:\Documents and Settings\Sophia\usbsermpt.sys
2007-01-22 19:12 563,712 ----a-w C:\Documents and Settings\Sophia\gotomypc_370.exe
2006-10-28 00:09 922,516,992 ----a-w C:\Program Files\WM Developer Resource Kit.msi
2006-05-24 23:14 563,712 ----a-w C:\Documents and Settings\Sophia\370_gotomypc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0180122E-BD53-4893-B174-AC2FE755559F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CF46468-AC82-9EC5-5B79-008AA7762D88}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D7BE40-7F83-7F7B-D3BB-27A7032CE1C9}]
C:\WINDOWS\system32\ulzrnh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65FF10BB-F36A-68E9-AA35-02257E958C1F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78CAC8A9-4ABB-4086-840E-99C22B9BDB36}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79f827a8-fd3a-4edd-850a-892cdbe56dc4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB68206-5154-47D3-ABC5-611C1658ABA0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC634245-0DF5-4BFC-97CA-A1ABA3ADB29A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCF6A947-6F8F-322B-D25B-39E679F00295}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"Qqboqfr"="C:\Documents and Settings\Sophia\My Documents\?ystem\??erinit.exe" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]
"WinZix Service"="C:\Program Files\WinZix\wakeservice.exe" [2007-10-05 18:21]
"remotestart"="C:\DOCUME~1\Sophia\APPLIC~1\BINDTE~1\bore creative.exe" [2007-12-08 00:09]
"Tair"="C:\DOCUME~1\Sophia\APPLIC~1\DOBE~1\wuauboot.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-11-09 13:16]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 02:03]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 11:06]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-11 08:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-25 13:20]
"p2p networking"="p2pnetworking.exe" []
"lbp08605"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2006-07-21 19:13]
"ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 17:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"axis love poll lite"="C:\Documents and Settings\All Users\Application Data\each new axis love\Junk Dale.exe" [2007-12-13 17:15]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05]
"LanzarL2007"="C:\DOCUME~1\Sophia\LOCALS~1\Temp\{2C38BED4-2E15-47A2-BC23-0AFA48AEB250}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" []
"zqtmngpa"="C:\Program Files\zqtmngpa\zkvufynw.dll" []
"azwzgfor"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\azwzgfor.dll" []
"avp"="C:\WINDOWS\avp.exe" []
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 05:00]
"winlogon"="C:\DOCUME~1\Sophia\LOCALS~1\Temp\winlogon.exe" []
"SC2"="C:\Program Files\SecCenter\scprot4.exe" []
"Printer"="C:\WINDOWS\system32\printer.exe" []
"defender"="C:\\dfndrff_e33.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"p2p networking"="p2pnetworking.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\\WINDOWS\\shell.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 11:13 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxxwt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Controls Folder]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcccdb]
ddcccdb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-13 23:00:08 C:\WINDOWS\Tasks\83C53F439072DA17.job"
- c:\docume~1\sophia\applic~1\bindte~1\peak idle tick.exe
"2007-12-13 17:09:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 17:18:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-13 17:21:09 - machine was rebooted
.
2007-12-12 09:10:52 --- E O F ---


Report Offensive Follow Up For Removal

Response Number 7
Name: Rudychetboun
Date: December 13, 2007 at 14:27:43 Pacific
Subject: Ultimate defender
Reply: (edit)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:41 PM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WinZix\wakeservice.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dells...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57D7BE40-7F83-7F7B-D3BB-27A7032CE1C9} - C:\WINDOWS\system32\ulzrnh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [lbp08605] RUNDLL32.EXE w0491569.dll,n 006085ff0000000a0491569
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [axis love poll lite] C:\Documents and Settings\All Users\Application Data\each new axis love\Junk Dale.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Sophia\LOCALS~1\Temp\{2C38BED4-2E15-47A2-BC23-0AFA48AEB250}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [zqtmngpa] rundll32.exe "C:\Program Files\zqtmngpa\zkvufynw.dll",Init
O4 - HKLM\..\Run: [azwzgfor] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\azwzgfor.dll"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
O4 - HKLM\..\Run: [winlogon] C:\DOCUME~1\Sophia\LOCALS~1\Temp\winlogon.exe
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e33.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Qqboqfr] C:\Documents and Settings\Sophia\My Documents\?ystem\??erinit.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WinZix Service] C:\Program Files\WinZix\wakeservice.exe
O4 - HKCU\..\Run: [remotestart] C:\DOCUME~1\Sophia\APPLIC~1\BINDTE~1\bore creative.exe
O4 - HKCU\..\Run: [Tair] "C:\DOCUME~1\Sophia\APPLIC~1\DOBE~1\wuauboot.exe" -vt yazb
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Policies\Explorer\Run: [{D899C759-0AE9-1033-1008-050412200001}] "C:\Program Files\Common Files\{D899C759-0AE9-1033-1008-050412200001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6672A39F-52DB-4127-A475-E9ED7F91FB81}: NameServer = 67.69.184.87,67.69.184.236
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ddcccdb - ddcccdb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://creative.gettyimages.com/en-...
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Sophia/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 14568 bytes


Report Offensive Follow Up For Removal

Response Number 8
Name: jabuck
Date: December 13, 2007 at 18:04:35 Pacific
Subject: Ultimate defender
Reply: (edit)

Temporarily disable any of the following anti-spyware realtime protection programs that you may have Disable Realtime Protection or the fixes will not work. Be sure to turn yout anti-spyware programs back on once the computer is clean.

Download deljob.exe and save it on your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop
Post the contents of the logfile in your next reply.

Please download SDFix by AndyManchesta and save it to your desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Documents and Settings\All Users\Application Data.\qdmzopqx.dll
C:\Documents and Settings\Sophia\Application Data\Dxccwrd.dll
C:\Documents and Settings\Sophia\Application Data\Dxcdmns.dll
C:\Documents and Settings\Sophia\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Sophia\Application Data\Dxcuknwrd.dll
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\#SharedObjects\B4CJ755B\iforex.com
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\#SharedObjects\B4CJ755B\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Sophia\g2mdlhlpx.exe
C:\Documents and Settings\Sophia\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Sophia\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0000
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0001
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0002
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0003
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0004
C:\Program Files\Jnplflvp\jdoqiolc.dll
C:\Program Files\Ncfgzqes\abpgygok.dll
C:\Program Files\Nulogqcg\kwarzedv.dll
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\zqtmngpa\zkvufynw.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cbfttuuo.dll
C:\WINDOWS\system32\cbounyeq.dll
C:\WINDOWS\system32\cbxvtsq.dll
C:\WINDOWS\system32\cbxxxwt.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\hggggge.dll
C:\WINDOWS\system32\ikxfvqtb.dll
C:\WINDOWS\system32\lhmmsecg.dll
C:\WINDOWS\system32\mfitddfy.dll
C:\WINDOWS\system32\thrjdsbs.dll
C:\WINDOWS\system32\tlpmvxtt.dll
C:\WINDOWS\system32\vofokoog.dll
C:\WINDOWS\system32\wcpsvit.exe
C:\WINDOWS\system32\winzdn32.dll
C:\WINDOWS\system32\xhriyuxh.dll
C:\WINDOWS\system32\xoswpefk.dll
C:\WINDOWS\system32\xxyawwt.dll
C:\WINDOWS\system32\xxyywwx.dll
C:\WINDOWS\system32\ybadd.bak2
C:\WINDOWS\system32\ybadd.ini
C:\WINDOWS\system32\juvprpba
C:\WINDOWS\system32\hlvbfwoq
C:\WINDOWS\system32\byrwvcwt.ini
C:\WINDOWS\system32\kjuuebgj.ini
C:\WINDOWS\system32\ecmqrpno.ini
C:\WINDOWS\system32\avrmrfbw.ini
C:\WINDOWS\system32\oydfthuu.ini
C:\WINDOWS\system32\ojvbcrjf.ini
C:\WINDOWS\system32\haspwwwy.ini
C:\WINDOWS\system32\ulzrnh.dll
C:\Documents and Settings\All Users\Application Data\each new axis love\Junk Dale.exe
C:\Documents and Settings\All Users\Application Data\azwzgfor.dll
C:\WINDOWS\shell.exe
C:\WINDOWS\avp.exe
C:\DOCUME~1\Sophia\LOCALS~1\Temp\winlogon.exe
C:\Program Files\SecCenter\scprot4.exe
c:\docume~1\sophia\applic~1\bindte~1\peak idle tick.exe

Folder::
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\appatc~1
C:\Program Files\SecCenter
C:\Program Files\zqtmngpa
C:\Program Files\outerinfo
C:\Program Files\Nulogqcg
C:\Program Files\NcfgzqesC:\Program Files\deluxecommunications
C:\Program Files\deskbar
C:\Program Files\Jnplflvp
C:\Program Files\Common Files\{3899C~1
C:\Program Files\Common Files\{D899C~1
C:\Program Files\Common Files\stem~1
C:\Documents and Settings\Sophia\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Sophia\Application Data\DOBE~1
C:\Documents and Settings\Sophia\Application Data\DOBE~1\?dobe\
C:\Documents and Settings\All Users\Application Data\each new axis love
C:\Program Files\Bindtestbyte

Driver::
Qqboqfr

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0180122E-BD53-4893-B174-AC2FE755559F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CF46468-AC82-9EC5-5B79-008AA7762D88}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D7BE40-7F83-7F7B-D3BB-27A7032CE1C9}]
C:\WINDOWS\system32\ulzrnh.dll
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65FF10BB-F36A-68E9-AA35-02257E958C1F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78CAC8A9-4ABB-4086-840E-99C22B9BDB36}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79f827a8-fd3a-4edd-850a-892cdbe56dc4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB68206-5154-47D3-ABC5-611C1658ABA0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC634245-0DF5-4BFC-97CA-A1ABA3ADB29A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCF6A947-6F8F-322B-D25B-39E679F00295}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"p2p networking"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxxwt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcccdb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Hijack This log and a new Combofix log please.


Report Offensive Follow Up For Removal

Response Number 9
Name: Rudychetboun
Date: December 14, 2007 at 08:10:33 Pacific
Subject: Ultimate defender
Reply: (edit)

File(s) moved to C:\deljob

83C53F439072DA17.job

Files remaining after cleaning

AppleSoftwareUpdate.job

App data folders

Volume in drive C has no label.
Volume Serial Number is D899-C759

Directory of C:\Documents and Settings\Sophia\Application Data

12/13/2007 05:07 PM <DIR> .
12/13/2007 05:07 PM <DIR> ..
10/01/2007 03:46 PM <DIR> Adobe
09/28/2007 10:06 AM <DIR> AdobeUM
10/19/2006 10:39 AM <DIR> AOL
12/10/2007 10:28 AM <DIR> APPLEC~1 Apple Computer
12/08/2007 12:10 AM <DIR> BINDTE~1 Bindtestbyte
09/17/2007 09:18 AM <DIR> CONVER~1 ConvertTemp
03/30/2006 11:02 AM <DIR> CORELP~1 Corel Photo Album
10/19/2007 10:28 AM <DIR> DivX
06/14/2006 05:06 PM <DIR> Google
04/09/2007 08:54 AM <DIR> Gtek
04/21/2006 12:32 PM <DIR> Help
11/01/2007 02:02 PM <DIR> IDENTI~1 Identities
05/14/2007 02:51 PM <DIR> INSTAL~1 InstallShield
04/06/2006 07:50 AM <DIR> LEADER~1 Leadertech
12/05/2007 04:31 PM <DIR> MACROM~1 Macromedia
11/14/2007 01:35 PM <DIR> MICROS~1 Microsoft
03/28/2006 12:16 PM <DIR> Mozilla
10/19/2006 10:22 AM <DIR> MSNINS~1 MSNInstaller
10/10/2007 12:38 PM <DIR> NCHSWI~1 NCH Swift Sound
12/05/2007 09:35 AM <DIR> Nokia
12/05/2007 04:20 PM <DIR> NOKIAM~1 Nokia Multimedia Player
12/04/2007 11:23 AM <DIR> PCSUIT~1 PC Suite
04/25/2006 01:30 PM <DIR> Real
11/23/2006 08:38 AM <DIR> Samsung
04/06/2006 07:50 AM <DIR> Sonic
02/28/2006 12:12 PM <DIR> Sun
10/20/2006 02:15 PM <DIR> Symantec
04/16/2007 01:06 PM <DIR> TEMPOR~1 Temporary
10/02/2007 10:51 AM <DIR> TRANSR~1 TransRender
10/11/2007 07:37 AM <DIR> VIEWPO~1 Viewpoint
02/28/2006 12:16 PM <DIR> YOU'VE~1 You've Got Pictures Screensaver
0 File(s) 0 bytes
33 Dir(s) 105,510,797,312 bytes free
Volume in drive C has no label.
Volume Serial Number is D899-C759

Directory of C:\Documents and Settings\All Users\Application Data

12/13/2007 05:03 PM <DIR> .
12/13/2007 05:03 PM <DIR> ..
10/01/2007 03:36 PM <DIR> Adobe
10/19/2006 10:39 AM <DIR> AOL
12/10/2007 09:33 AM <DIR> Apple
12/10/2007 09:41 AM <DIR> APPLEC~1 Apple Computer
05/14/2007 03:02 PM <DIR> BVRPSO~1 BVRP Software
12/08/2007 12:10 AM <DIR> EACHNE~1 each new axis love
12/10/2007 04:45 PM <DIR> ESET
02/28/2006 12:21 PM <DIR> GTek
12/03/2007 11:41 AM <DIR> INSTAL~2 Installations
02/28/2006 12:23 PM <DIR> INSTAL~1 InstallShield
12/11/2007 10:37 AM <DIR> Lavasoft
12/04/2007 11:10 AM <DIR> MICROS~1 Microsoft
11/28/2007 01:12 PM <DIR> NCHSWI~1 NCH Swift Sound
12/04/2007 11:19 AM <DIR> Nokia
12/04/2007 11:07 AM <DIR> PCSUIT~1 PC Suite
01/10/2007 02:48 PM <DIR> QUICKT~1 QuickTime
08/11/2004 05:25 PM <DIR> SBSI
02/28/2006 12:15 PM <DIR> Sonic
12/11/2007 03:52 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
10/27/2006 04:22 PM <DIR> Symantec
10/11/2007 07:37 AM <DIR> VIEWPO~1 Viewpoint
12/12/2006 10:55 AM <DIR> WINDOW~1 Windows Genuine Advantage
0 File(s) 0 bytes
24 Dir(s) 105,510,793,216 bytes free



Report Offensive Follow Up For Removal

Response Number 10
Name: Rudychetboun
Date: December 14, 2007 at 08:38:42 Pacific
Subject: Ultimate defender
Reply: (edit)

SDFix: Version 1.118

Run by Sophia on Fri 12/14/2007 at 11:20 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\spoolsv.exe - Deleted
C:\t.rar - Deleted


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.


Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 11:27:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff145c9]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0013eff145c9]

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\01\10-{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}-v1-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\11\11-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v11-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10488 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\11\11-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v11-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1176 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\12\12-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v12-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8994 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\12\12-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v12-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1000 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\13\38-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v13-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10506 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\13\38-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v13-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1184 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\14\13-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v14-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9426 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\14\13-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v14-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1024 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\14\14-{72D878DD-0145-43DA-BB0E-CE07CA89AA0C}-v14-{72D878DD-0145-43DA-BB0E-CE07CA89AA0C}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 240 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\15\14-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v15-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9192 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\15\14-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v15-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1016 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\15\15-{72D878DD-0145-43DA-BB0E-CE07CA89AA0C}-v15-{72D878DD-0145-43DA-BB0E-CE07CA89AA0C}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 232 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\16\26-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v16-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9984 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\16\26-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v16-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1128 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\16\42-{72D878DD-0145-43DA-BB0E-CE07CA89AA0C}-v16-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3684 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\16\42-{72D878DD-0145-43DA-BB0E-CE07CA89AA0C}-v16-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 400 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\17\17-{72D878DD-0145-43DA-BB0E-CE07CA89AA0C}-v17-{72D878DD-0145-43DA-BB0E-CE07CA89AA0C}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 224 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\17\19-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v17-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11100 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\17\19-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v17-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1208 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\18\32-{72D878DD-0145-43DA-BB0E-CE07CA89AA0C}-v18-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 240 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\18\39-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v18-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10236 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\18\39-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v18-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1120 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\19\20-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v19-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10506 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\19\20-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v19-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1152 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\20\18-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v20-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10128 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\20\18-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v20-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1160 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\21\27-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v21-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9858 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\21\27-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v21-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1080 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\22\28-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v22-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9750 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\22\28-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v22-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1112 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\23\29-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v23-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10074 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\en3rgie_69@hotmail.com\SharingMetadata\moa.012@hotmail.fr\DFSR\Staging\CS{6AF433B2-C71F-EE94-05E6-E91CE459A4F9}\23\29-{57F674CC-7BCA-4FB6-8093-760906CB16EA}-v23-{E02A31A0-22F2-41DA-9945-0341AC26D195}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1112 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\odelisse00@hotmail.com\SharingMetadata\nyc4uandme@hotmail.com\DFSR\Staging\CS{695D9DE9-3808-7632-1BC8-8413221373D0}\01\11-{695D9DE9-3808-7632-1BC8-8413221373D0}-v1-{78FA165A-E0CB-455A-AF3F-6177C9126356}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Messenger\odelisse00@hotmail.com\SharingMetadata\sntproductions@hotmail.com\DFSR\Staging\CS{4664A4D1-6D86-79FC-561B-E78D8DBDBD41}\01\10-{4664A4D1-6D86-79FC-561B-E78D8DBDBD41}-v1-{78FA165A-E0CB-455A-AF3F-6177C9126356}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 35


Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 8 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Thu 8 Apr 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Thu 8 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Wed 15 Aug 2007 5,388,088 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 4 Dec 2007 56 ..SHR --- "C:\WINDOWS\system32\9824271BD0.sys"
Tue 4 Dec 2007 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 9 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 28 Apr 2006 24,576 A..H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0005.tmp"
Fri 28 Sep 2007 26,624 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0050.tmp"
Mon 1 Oct 2007 29,184 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0240.tmp"
Mon 1 Oct 2007 30,720 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0433.tmp"
Mon 1 Oct 2007 35,840 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0508.tmp"
Mon 1 Oct 2007 29,184 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0581.tmp"
Fri 28 Sep 2007 27,648 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0627.tmp"
Mon 1 Oct 2007 31,232 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0785.tmp"
Fri 28 Apr 2006 24,576 A..H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0808.tmp"
Fri 28 Sep 2007 27,648 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0827.tmp"
Mon 1 Oct 2007 29,184 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0847.tmp"
Mon 1 Oct 2007 29,184 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL0868.tmp"
Fri 28 Sep 2007 25,088 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1004.tmp"
Mon 1 Oct 2007 35,840 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1011.tmp"
Mon 1 Oct 2007 31,744 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1123.tmp"
Mon 1 Oct 2007 32,256 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1175.tmp"
Mon 1 Oct 2007 30,720 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1201.tmp"
Mon 1 Oct 2007 32,256 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1273.tmp"
Fri 28 Sep 2007 26,624 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1356.tmp"
Fri 28 Sep 2007 26,624 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1489.tmp"
Mon 1 Oct 2007 30,720 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1504.tmp"
Mon 1 Oct 2007 36,352 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1540.tmp"
Fri 28 Sep 2007 25,600 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1541.tmp"
Mon 1 Oct 2007 32,256 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1640.tmp"
Mon 1 Oct 2007 30,720 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1673.tmp"
Fri 28 Sep 2007 27,648 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1779.tmp"
Wed 17 Jan 2007 46,080 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1841.tmp"
Mon 1 Oct 2007 31,744 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1921.tmp"
Mon 1 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL1922.tmp"
Fri 28 Sep 2007 28,672 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL2092.tmp"
Fri 28 Sep 2007 26,624 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL2198.tmp"
Mon 1 Oct 2007 29,184 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL2446.tmp"
Fri 28 Sep 2007 24,576 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL2485.tmp"
Mon 1 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL2658.tmp"
Fri 28 Sep 2007 25,600 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL2778.tmp"
Mon 1 Oct 2007 32,256 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL2877.tmp"
Wed 17 Jan 2007 46,080 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL3035.tmp"
Fri 28 Sep 2007 28,160 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL3162.tmp"
Mon 1 Oct 2007 30,720 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL3171.tmp"
Fri 28 Sep 2007 25,600 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL3363.tmp"
Mon 1 Oct 2007 29,696 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL3422.tmp"
Wed 17 Jan 2007 46,080 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL3568.tmp"
Mon 1 Oct 2007 32,256 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL4066.tmp"
Mon 1 Oct 2007 33,792 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL4073.tmp"
Mon 1 Oct 2007 29,184 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL4074.tmp"
Mon 1 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Sophia\Desktop\~WRL4075.tmp"
Wed 17 May 2006 735,744 A..H. --- "C:\Documents and Settings\Sophia\My Documents\~WRL2090.tmp"
Wed 17 May 2006 730,112 A..H. --- "C:\Documents and Settings\Sophia\My Documents\~WRL2615.tmp"
Wed 17 May 2006 730,624 A..H. --- "C:\Documents and Settings\Sophia\My Documents\~WRL2657.tmp"
Wed 17 May 2006 730,112 A..H. --- "C:\Documents and Settings\Sophia\My Documents\~WRL3367.tmp"
Wed 17 May 2006 730,624 A..H. --- "C:\Documents and Settings\Sophia\My Documents\~WRL3764.tmp"
Tue 21 Nov 2006 70,656 ..SHR --- "C:\Program Files\Makayama.com\Media Studio for Nokia\Setup.exe"
Tue 12 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 29 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\564b04e92fc8ec04ae348b95987245f2\BIT99.tmp"
Mon 29 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b636582f273e0b4cae6f62415c52d81\BIT9A.tmp"
Mon 29 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT98.tmp"
Thu 23 Mar 2006 24,064 A..H. --- "C:\Documents and Settings\Sophia\Application Data\Microsoft\Word\~WRL0004.tmp"
Thu 23 Mar 2006 24,064 A..H. --- "C:\Documents and Settings\Sophia\Application Data\Microsoft\Word\~WRL0896.tmp"
Tue 25 Apr 2006 26,624 A..H. --- "C:\Documents and Settings\Sophia\Application Data\Microsoft\Word\~WRL1561.tmp"
Tue 1 Aug 2006 67,584 A..H. --- "C:\Documents and Settings\Sophia\Application Data\Microsoft\Word\~WRL1587.tmp"
Tue 25 Apr 2006 29,184 A..H. --- "C:\Documents and Settings\Sophia\Application Data\Microsoft\Word\~WRL3162.tmp"
Tue 25 Apr 2006 24,064 A..H. --- "C:\Documents and Settings\Sophia\Application Data\Microsoft\Word\~WRL4010.tmp"
Tue 9 May 2006 4,348 A..H. --- "C:\Documents and Settings\Sophia\Desktop\New Folder\License Backup\drmv1key.bak"
Mon 4 Dec 2006 20 A..H. --- "C:\Documents and Settings\Sophia\Desktop\New Folder\License Backup\drmv1lic.bak"
Tue 9 May 2006 400 A.SH. --- "C:\Documents and Settings\Sophia\Desktop\New Folder\License Backup\drmv2key.bak"
Tue 25 Apr 2006 27,136 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Marketing\~WRL1044.tmp"
Tue 25 Apr 2006 27,136 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Marketing\~WRL2465.tmp"
Tue 25 Apr 2006 27,136 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Marketing\~WRL3781.tmp"
Tue 25 Apr 2006 29,184 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Marketing\~WRL3892.tmp"
Thu 2 Aug 2007 113,664 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Meeting Minutes\~WRL0099.tmp"
Thu 2 Aug 2007 110,592 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Meeting Minutes\~WRL0468.tmp"
Thu 2 Aug 2007 111,104 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Meeting Minutes\~WRL0478.tmp"
Thu 2 Aug 2007 111,104 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Meeting Minutes\~WRL0960.tmp"
Thu 2 Aug 2007 110,592 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Meeting Minutes\~WRL1559.tmp"
Thu 2 Aug 2007 111,104 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Meeting Minutes\~WRL2267.tmp"
Thu 2 Aug 2007 114,176 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Meeting Minutes\~WRL2339.tmp"
Thu 2 Aug 2007 114,176 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Meeting Minutes\~WRL2999.tmp"
Wed 17 May 2006 3,312,745 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Michel\marketing_Michel\~WRL3339.tmp"
Tue 1 Aug 2006 67,584 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Marketing\Lettre Promo\~WRL0086.tmp"
Thu 10 Aug 2006 70,656 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Administration\Marketing\Lettre Promo\~WRL0249.tmp"
Tue 14 Nov 2006 25,088 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Rafie\AGM 2006\AGM Email Invitation\~WRL0227.tmp"
Tue 14 Nov 2006 24,576 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Rafie\AGM 2006\AGM Email Invitation\~WRL0302.tmp"
Tue 14 Nov 2006 24,064 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Rafie\AGM 2006\AGM Email Invitation\~WRL0696.tmp"
Tue 14 Nov 2006 31,744 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Rafie\AGM 2006\AGM Email Invitation\~WRL2337.tmp"
Tue 14 Nov 2006 25,088 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Rafie\AGM 2006\AGM Email Invitation\~WRL2690.tmp"
Tue 14 Nov 2006 25,600 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Rafie\AGM 2006\AGM Email Invitation\~WRL3310.tmp"
Tue 14 Nov 2006 24,064 A..H. --- "C:\Documents and Settings\Sophia\Desktop\Word Document\Rafie\AGM 2006\AGM Email Invitation\~WRL4061.tmp"
Mon 5 Nov 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 5 Nov 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 5 Nov 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 5 Nov 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Mon 9 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sophia\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 9 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sophia\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sophia\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 16 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sophia\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Mon 23 Apr 2007 8 A..H. --- "C:\Documents and Settings\Visitors\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 23 Apr 2007 8 A..H. --- "C:\Documents and Settings\Visitors\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 23 Apr 2007 8 A..H. --- "C:\Documents and Settings\Visitors\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 23 Apr 2007 8 A..H. --- "C:\Documents and Settings\Visitors\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!


Report Offensive Follow Up For Removal

Response Number 11
Name: Rudychetboun
Date: December 14, 2007 at 09:26:48 Pacific
Subject: Ultimate defender
Reply: (edit)
ComboFix 07-12-12.3 - Sophia 2007-12-14 11:45:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.106 [GMT -6:00]
Running from: C:\Documents and Settings\Sophia\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sophia\Desktop\CFScript.txt
* Created a new restore point

FILE
c:\docume~1\sophia\applic~1\bindte~1\peak idle tick.exe
C:\DOCUME~1\Sophia\LOCALS~1\Temp\winlogon.exe
C:\Documents and Settings\All Users\Application Data.\qdmzopqx.dll
C:\Documents and Settings\All Users\Application Data\azwzgfor.dll
C:\Documents and Settings\All Users\Application Data\each new axis love\Junk Dale.exe
C:\Documents and Settings\Sophia\Application Data\Dxccwrd.dll
C:\Documents and Settings\Sophia\Application Data\Dxcdmns.dll
C:\Documents and Settings\Sophia\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Sophia\Application Data\Dxcuknwrd.dll
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\#SharedObjects\B4CJ755B\iforex.com
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\#SharedObjects\B4CJ755B\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Sophia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Sophia\g2mdlhlpx.exe
C:\Documents and Settings\Sophia\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Sophia\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0000
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0001
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0002
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0003
C:\Program Files\Common Files\stem~1\STEM~1\ctxad-498.0004
C:\Program Files\Jnplflvp\jdoqiolc.dll
C:\Program Files\Ncfgzqes\abpgygok.dll
C:\Program Files\Nulogqcg\kwarzedv.dll
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\zqtmngpa\zkvufynw.dll
C:\WINDOWS\avp.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\avrmrfbw.ini
C:\WINDOWS\system32\byrwvcwt.ini
C:\WINDOWS\system32\cbfttuuo.dll
C:\WINDOWS\system32\cbounyeq.dll
C:\WINDOWS\system32\cbxvtsq.dll
C:\WINDOWS\system32\cbxxxwt.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\ecmqrpno.ini
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\haspwwwy.ini
C:\WINDOWS\system32\hggggge.dll
C:\WINDOWS\system32\hlvbfwoq
C:\WINDOWS\system32\ikxfvqtb.dll
C:\WINDOWS\system32\juvprpba
C:\WINDOWS\system32\kjuuebgj.ini
C:\WINDOWS\system32\lhmmsecg.dll
C:\WINDOWS\system32\mfitddfy.dll
C:\WINDOWS\system32\ojvbcrjf.ini
C:\WINDOWS\system32\oydfthuu.ini
C:\WINDOWS\system32\thrjdsbs.dll
C:\WINDOWS\system32\tlpmvxtt.dll
C:\WINDOWS\system32\ulzrnh.dll
C:\WINDOWS\system32\vofokoog.dll
C:\WINDOWS\system32\wcpsvit.exe
C:\WINDOWS\system32\winzdn32.dll
C:\WINDOWS\system32\xhriyuxh.dll
C:\WINDOWS\system32\xoswpefk.dll
C:\WINDOWS\system32\xxyawwt.dll
C:\WINDOWS\system32\xxyywwx.dll
C:\WINDOWS\system32\ybadd.bak2
C:\WINDOWS\system32\ybadd.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\sophia\applic~1\bindte~1\peak idle tick.exe
C:\Documents and Settings\All Users\Application Data\each new axis love\Junk Dale.exe
C:\Program Files\Bindtestbyte
C:\WINDOWS\system32\avrmrfbw.ini
C:\WINDOWS\system32\byrwvcwt.ini
C:\WINDOWS\system32\ecmqrpno.ini
C:\WINDOWS\system32\haspwwwy.ini
C:\WINDOWS\system32\kjuuebgj.ini
C:\WINDOWS\system32\ojvbcrjf.ini
C:\WINDOWS\system32\oydfthuu.ini
C:\Documents and Settings\All Users\Application Data\each new axis love

.
((((((((((((((((((((((((( Files Created from 2007-11-14 to 2007-12-14 )))))))))))))))))))))))))))))))
.

2007-12-14 11:19 . 2007-12-14 11:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-14 11:13 . 2007-12-14 11:13 <DIR> d-------- C:\deljob
2007-12-12 21:13 . 2007-12-12 21:14 <DIR> d-------- C:\WINDOWS\system32\juvprpba
2007-12-11 17:46 . 2007-12-12 09:15 <DIR> d-------- C:\WINDOWS\system32\hlvbfwoq
2007-12-11 10:37 . 2007-12-11 10:37 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-11 10:37 . 2007-12-11 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-11 10:35 . 2007-12-11 10:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-11 10:17 . 2007-12-11 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-10 16:45 . 2007-12-10 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-10 11:14 . 2007-12-11 13:10 <DIR> d-------- C:\divx
2007-12-10 09:47 . 2007-12-14 11:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-10 09:47 . 2007-12-10 09:47 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-10 09:44 . 2007-12-10 10:28 <DIR> d-------- C:\Documents and Settings\Sophia\Application Data\Apple Computer
2007-12-10 09:42 . 2007-12-10 09:42 <DIR> d-------- C:\Program Files\iPod
2007-12-10 09:41 . 2007-12-10 09:43 <DIR> d-------- C:\Program Files\iTunes
2007-12-10 09:37 . 2007-12-10 09:40 <DIR> d-------- C:\Program Files\QuickTime
2007-12-10 09:37 . 2007-12-10 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 09:35 . 2007-12-10 09:35 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-10 09:33 . 2007-12-10 09:33 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-10 09:33 . 2007-12-10 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-07 14:54 . 2007-12-10 10:28 <DIR> d-------- C:\Program Files\Blaze Media Pro
2007-12-07 10:40 . 2007-12-07 10:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-06 19:05 . 2007-12-06 19:05 <DIR> d-------- C:\Program Files\VideoEdit Mobile ActiveX Control
2007-12-06 12:11 . 2007-12-06 15:10 <DIR> d-------- C:\Program Files\Lonely Cat Games
2007-12-06 10:17 . 2007-12-10 17:50 <DIR> d-------- C:\WINDOWS\system32\nuinopsd
2007-12-05 17:56 . 2007-12-06 12:09 <DIR> d-------- C:\Program Files\Smart Movie Converter 3 45
2007-12-05 16:20 . 2007-12-05 16:20 <DIR> d-------- C:\Documents and Settings\Sophia\Application Data\Nokia Multimedia Player
2007-12-05 16:14 . 2007-12-05 16:37 <DIR> d-------- C:\Videos
2007-12-05 15:52 . 2007-12-05 15:52 <DIR> d-------- C:\Program Files\Makayama.com
2007-12-05 15:52 . 2004-03-08 17:00 416,528 --a------ C:\WINDOWS\system32\COMCT332.OCX
2007-12-05 15:52 . 2004-11-01 05:38 57,344 --a------ C:\WINDOWS\system32\XButton.ocx
2007-12-04 11:19 . 2007-12-04 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2007-12-03 19:33 . 2007-12-03 19:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-03 19:33 . 2007-12-03 19:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-03 19:33 . 2007-12-03 19:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-03 19:33 . 2007-12-03 19:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-03 19:33 . 2007-12-03 19:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2007-12-03 12:04 . 2007-12-04 11:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-03 11:56 . 2007-12-05 09:35 <DIR> d-------- C:\Documents and Settings\Sophia\Application Data\Nokia
2007-12-03 11:48 . 2007-12-03 11:49 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-03 11:48 . 2007-12-04 11:18 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-12-03 11:46 . 2007-12-03 11:46 <DIR> d-------- C:\Program Files\DIFX
2007-12-03 11:45 . 2007-12-04 11:23 <DIR> d-------- C:\Documents and Settings\Sophia\Application Data\PC Suite
2007-12-03 11:43 . 2007-12-03 11:44 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-03 11:41 . 2007-12-03 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-12-03 11:02 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-12-03 11:01 . 2007-12-04 11:18 <DIR> d-------- C:\Program Files\Nokia
2007-12-03 11:01 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-12-03 11:01 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-03 11:01 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-03 11:01 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-12-03 11:01 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-11-29 16:30 . 2007-11-29 16:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 16:30 . 2007-11-29 16:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 16:30 . 2007-11-29 16:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 16:30 . 2007-11-29 16:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 16:30 . 2007-11-29 16:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 16:28 . 2007-11-29 16:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 16:28 . 2007-11-29 16:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 16:28 . 2007-11-29 16:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 16:28 . 2007-11-29 16:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 15:55 . 2007-11-28 15:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 15:53 . 2007-11-28 15:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 15:53 . 2007-11-28 15:53 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-11-28 15:53 . 2007-11-28 15:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 15:53 . 2007-11-28 15:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 15:53 . 2007-11-28 15:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 15:53 . 2007-11-28 15:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 15:53 . 2007-11-28 15:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 15:52 . 2007-11-28 15:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-28 14:11 . 2007-11-28 14:17 <DIR> d-------- C:\Program Files\CdCoverCreator
2007-11-28 12:25 . 2007-11-28 13:09 <DIR> d-------- C:\Program Files\DVDCoverPrint
2007-1