Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Sempron(tm) Processor 3000+
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 959.23 MiB / 386.7 MiB
Pagefile Memory (total/avail): 2315.38 MiB / 1800.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1943.65 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 129.25 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
\\.\PHYSICALDRIVE0 - Maxtor 6V160E0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FW: Trend Micro Personal Firewall v5.0 (Trend Micro Inc.)
AV: Trend Micro Internet Security v16.00.1449 ()
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1180556939\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1180556939\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1180556939\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1180556939\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1180968173\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1180968173\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1180968173\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1180968173\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\ekvakuh-easac.exe"="C:\\WINDOWS\\system32\\ekvakuh-easac.exe:*:Enabled:Windows Internet Access"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\HOME2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=HOME2
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
user
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2X-Office 7.72 --> C:\Program Files\A4Tech\Mouse\Uninst32.exe
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{5380B111-5047-413D-A6E5-70D69391D08E}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
EnglishHarbourCasino --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3F1BAF0-ABA2-11D5-B8F7-00010323AB2C}\Setup.exe" -l0x9 -uninst
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27F650A9-6FAB-41C8-8621-92FF0118B0C4}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPR240 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESPR240\USE_G\DOCUNINS.EXE
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hardwood Spades --> C:\Program Files\Hardwood Spades\Spades.exe -Uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\25VYQZKR\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iKeyWorks 7.72 --> C:\Program Files\A4Tech\Keyboard\Uninst32.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Ultra soft --> C:\Documents and Settings\user\Application Data\ultra\uninstall.bat
VideoCAM Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{862546CA-19C6-4D42-A6EB-352820682FA3}\Setup.exe" -l0x9
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}
Windows Live Messenger --> MsiExec.exe /X{33F8EAD4-B6EC-498B-B487-696B973D1C0C}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wireless LAN Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07DEC7A1-F8D2-4DBB-900B-A2F9302647BB}\Setup.exe" -l0x9
-- Application Event Log -------------------------------------------------------
Event Record #/Type3746 / Success
Event Submitted/Written: 11/12/2007 10:24:05 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type3730 / Success
Event Submitted/Written: 11/12/2007 08:15:20 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type3726 / Warning
Event Submitted/Written: 11/12/2007 01:26:19 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type3716 / Warning
Event Submitted/Written: 11/12/2007 00:04:45 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type3715 / Warning
Event Submitted/Written: 11/12/2007 00:02:36 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type158 / Error
Event Submitted/Written: 11/12/2007 11:17:20 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Event Record #/Type129 / Error
Event Submitted/Written: 11/12/2007 10:58:32 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The NtmlSvc service terminated with the following error:
%%126
Event Record #/Type100 / Error
Event Submitted/Written: 11/12/2007 10:47:20 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The NtmlSvc service terminated with the following error:
%%126
Event Record #/Type75 / Error
Event Submitted/Written: 11/12/2007 10:32:01 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The NtmlSvc service terminated with the following error:
%%126
Event Record #/Type70 / Warning
Event Submitted/Written: 11/12/2007 10:31:59 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{5C1FE956-4C46-4B88-BAEC-4F257DF18246}.
-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB
ee://aol/imAppO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://www.king.com/ctl/kingcomie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} -
https://fortunelounge.microgaming.com/g ... lashAX.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/bingame/hsol/defaul ... uncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://smiley.oberon-media.com/online/o ... der_v6.cabO20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9932 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD
-- Scheduled Tasks -------------------------------------------------------------
2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-10-12 and 2007-11-12 -----------------------------
2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>
-- Find3M Report ---------------------------------------------------------------
2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB
ee://aol/imAppO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://www.king.com/ctl/kingcomie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} -
https://fortunelounge.microgaming.com/g ... lashAX.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/bingame/hsol/defaul ... uncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://smiley.oberon-media.com/online/o ... der_v6.cabO20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9932 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD
-- Scheduled Tasks -------------------------------------------------------------
2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-10-12 and 2007-11-12 -----------------------------
2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>
-- Find3M Report ---------------------------------------------------------------
2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB
ee://aol/imAppO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://www.king.com/ctl/kingcomie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} -
https://fortunelounge.microgaming.com/g ... lashAX.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/bingame/hsol/defaul ... uncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://smiley.oberon-media.com/online/o ... der_v6.cabO20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9932 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD
-- Scheduled Tasks -------------------------------------------------------------
2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-10-12 and 2007-11-12 -----------------------------
2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>
-- Find3M Report ---------------------------------------------------------------
2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB
ee://aol/imAppO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://www.king.com/ctl/kingcomie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} -
https://fortunelounge.microgaming.com/g ... lashAX.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/bingame/hsol/defaul ... uncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://smiley.oberon-media.com/online/o ... der_v6.cabO20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9932 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD
-- Scheduled Tasks -------------------------------------------------------------
2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-10-12 and 2007-11-12 -----------------------------
2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>
-- Find3M Report ---------------------------------------------------------------
2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB
ee://aol/imAppO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://www.king.com/ctl/kingcomie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} -
https://fortunelounge.microgaming.com/g ... lashAX.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/bingame/hsol/defaul ... uncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://smiley.oberon-media.com/online/o ... der_v6.cabO20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9932 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD
-- Scheduled Tasks -------------------------------------------------------------
2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-10-12 and 2007-11-12 -----------------------------
2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>
-- Find3M Report ---------------------------------------------------------------
2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB
ee://aol/imAppO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://www.king.com/ctl/kingcomie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} -
https://fortunelounge.microgaming.com/g ... lashAX.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/bingame/hsol/defaul ... uncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://smiley.oberon-media.com/online/o ... der_v6.cabO20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9932 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD
-- Scheduled Tasks -------------------------------------------------------------
2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-10-12 and 2007-11-12 -----------------------------
2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>
-- Find3M Report ---------------------------------------------------------------
2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB
ee://aol/imAppO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://www.king.com/ctl/kingcomie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} -
https://fortunelounge.microgaming.com/g ... lashAX.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/bingame/hsol/defaul ... uncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://smiley.oberon-media.com/online/o ... der_v6.cabO20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9932 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD
-- Scheduled Tasks -------------------------------------------------------------
2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-10-12 and 2007-11-12 -----------------------------
2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>
-- Find3M Report ---------------------------------------------------------------
2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB
ee://aol/imAppO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://www.king.com/ctl/kingcomie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} -
https://fortunelounge.microgaming.com/g ... lashAX.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/bingame/hsol/defaul ... uncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://smiley.oberon-media.com/online/o ... der_v6.cabO20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9932 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD
-- Scheduled Tasks -------------------------------------------------------------
2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-10-12 and 2007-11-12 -----------------------------
2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>
-- Find3M Report ---------------------------------------------------------------
2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB
ee://aol/imAppO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://www.king.com/ctl/kingcomie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} -
https://fortunelounge.microgaming.com/g ... lashAX.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/bingame/hsol/defaul ... uncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://smiley.oberon-media.com/online/o ... der_v6.cabO20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9932 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD
-- Scheduled Tasks -------------------------------------------------------------
2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-10-12 and 2007-11-12 -----------------------------
2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>
-- Find3M Report ---------------------------------------------------------------
2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB
ee://aol/imAppO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://www.king.com/ctl/kingcomie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} -
https://fortunelounge.microgaming.com/g ... lashAX.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/bingame/hsol/defaul ... uncher.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://smiley.oberon-media.com/online/o ... der_v6.cabO20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9932 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD
-- Scheduled Tasks -------------------------------------------------------------
2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-10-12 and 2007-11-12 -----------------------------
2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>
-- Find3M Report ---------------------------------------------------------------
2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------