Free Malware Removal Forum

by **dustytrails** » September 3rd, 2008, 12:50 am

We have a problem with our computer. A new identity shows up on our Computers Login Screen. Its called IUSER_ADMIN and it has administrative privileges. When we delete the identity it just returns the next time we boot up. This computer is wireless and gets our signal from a wireless router in our house.

Here is my logfile see attached. Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:10 PM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\noxtcyr.exe
C:\WINDOWS\system32\noytcyr.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\roxtctm.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\sotpeca.exe
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\system32\wsldoekd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: 64.14.244.60 worldcosmetic.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/p ... der_v6.cab
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe (file missing)
O23 - Service: afisicx Event propagation service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)
O23 - Service: noxtcyr Portable Media Serial Service (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: roxtctm Corporation (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing)
O23 - Service: sotpeca Portable Media Serial Service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe (file missing)
O23 - Service: wsldoekd Settings storage service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe

--
End of file - 7127 bytes

by **Bio-Hazard** » September 3rd, 2008, 12:08 pm

Welcome to the MWR forums. My name is Bio-Hazard. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research. Please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues this may or may not solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear.
Absence of symptoms does not mean that everything is clear.
I f you don't know or understand something please don't hesitate to ask.
It is important that you reply to this thread. Do not start a new topic.

Note: I am still in training here at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

Uninstall list

Make an uninstall list using HijackThis. To access the Uninstall Manager you would do the following:

Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

by **Bio-Hazard** » September 3rd, 2008, 3:54 pm

BACKDOOR TROJAN

Your computer has multiple infections, including a BACKDOOR TROJAN. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all youraccount numbers.
From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.

by **Bio-Hazard** » September 6th, 2008, 2:26 pm

Hello!

It has been few days since my last post.

Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!!

Bio-Hazard

by **dustytrails** » September 6th, 2008, 11:39 pm

I downloaded PC Spyware Doctor and it seemed to catch the infection and quarantined the Tojan. It called it Tojan-Downloader.Delf.MFY

I've also found this information on other forums: http://answers.yahoo.com/question/index ... 014AAlvQ6X. However, even after deletion of the IUSER_Admin it does come back. So whatever help you can provide to get rid of this problem is much appreciated.

Also can you let me know what backdoor tojans have infected my computer?

Thank you.

by **dustytrails** » September 6th, 2008, 11:53 pm

Just a point of interest. We did not have this problem until I downloaded Microsoft Service Pack 3. Could Microsoft have had a vulnerability in SP3?

by **dustytrails** » September 7th, 2008, 12:48 am

I just ran Malwarebytes' Anti-Malware 1.26 and it seemed to grab and delete Tojan activity on my computer. here is the Log File:

Malwarebytes' Anti-Malware 1.26
Database version: 1120
Windows 5.1.2600 Service Pack 3

9/6/2008 9:43:14 PM
mbam-log-2008-09-06 (21-43-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 102080
Time elapsed: 21 minute(s), 26 second(s)

Memory Processes Infected: 10
Memory Modules Infected: 0
Registry Keys Infected: 34
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\macidwe.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\tdxdowkc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\macidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\macidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\macidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdxdowkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdxdowkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdxdowkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFinding (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WServing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nobicyt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sobicyt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\macidwe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdxdowkc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\orz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temporary Internet Files\Content.IE5\IEKOWOQO\avp[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> Quarantined and deleted successfully.

by **dustytrails** » September 7th, 2008, 1:09 am

Here is my HijackThis Logfile now...Looks very different after using a couple software services.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:52 PM, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 3987 bytes

by **Bio-Hazard** » September 7th, 2008, 5:59 am

If you want my help PLEASE do not run any other programs on your own. Reason is because it will make my job much harder. I know you want to get rid of the infection quickly but running some tools can do more harm than good.

Also can you let me know what backdoor tojans have infected my computer?

It is a infection called Backdoor:Win32/Refpron.C

We did not have this problem until I downloaded Microsoft Service Pack 3. Could Microsoft have had a vulnerability in SP3?

It is not that simple. I have SP3 and i havent had any problems. It is more than like that infection has come from user interaction, you only need to visit a certain site and thats enough.

In your first HikackThis log you had AVG 7 installed but i cant see it running at the moment. Are you still using it? If not follow the instructions below to install a antivirus program:

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

Avira AntiVir Personal- Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.

random's system information tool (RSIT)

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

RSIT Logs, log.txt (<<will be maximized) and info.txt (<<will be minimized)
How are things running now ?

by **dustytrails** » September 8th, 2008, 12:33 am

Hi Biohazard,

I tried running RSIT but it stalls out on "registry dump". I tested it on another computer I have in the house and it only took 10 seconds but on this computer it stalls. I thought it might be the new anti-virus/firewall software I installed but this doesn't seem to be the case as my other computer has the same anti-virus software on it and RSIT worked fine. Any idea what might be stalling it?

I blew off AVG since it did not prevent this Tojan from installing. I've got PC Tools Spyware Doctor with Anti-Virus running now.

Thank you.

Dustytrails

by **Bio-Hazard** » September 8th, 2008, 10:21 am

Hello!

Sorry to hear about the trouble you had. Developer is aware of that problem. Can you please run this program instead.

OTScanIt

Download OTScanIt to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Open the OTScanIt folder and double-click on OTScanIt to start the program.
- In the Files Created Within group click 30 days
- In the Files Modified Within group select 30 days
- In the File String Search group select Non-Microsoft
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post the resulting log here.

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

OtScanIt log
New HijackThis log

by **Elrond** » September 8th, 2008, 1:06 pm

Please do not post in a topic that belongs to somebody else except if you are a helper.
Start your own topic.
Even if you think that you have the same problem only an expert can tell and even in that case it could well be that your problem needs a different treatment than the one you are looking at.
Helpers need to concentrate on the problem at hand and it becomes very difficult to follow what is going on when there is more than one computer involved.

by **dustytrails** » September 9th, 2008, 1:48 am

Hi Bio Harzard,

Here is the Otscanit Log.

Code: Select all

OTScanIt logfile created on: 9/8/2008 10:46:22 PM
OTScanIt by OldTimer - Version 1.0.19.0     Folder = C:\Documents and Settings\Ericka MacKenzie\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
447.48 Mb Total Physical Memory | 115.17 Mb Available Physical Memory | 25.74% Memory free
1.03 Gb Paging File | 0.52 Gb Available in Paging File | 50.68% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.84 Gb Total Space | 60.70 Gb Free Space | 84.50% Space Free | Partition Type: NTFS
Drive D: | 72.31 Gb Total Space | 72.31 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 306.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERICKA
Current User Name: Ericka MacKenzie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 6/13/2008 3:29:14 PM | Attr =    ]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 6.0.0.19 | Size = 1077640 bytes | Modified Date = 8/25/2008 11:36:34 AM | Attr =    ]
eragent.exe -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRAgent.exe -> Acer Inc. [Ver = 1.0.0.16 | Size = 413696 bytes | Modified Date = 6/1/2006 2:40:54 PM | Attr =    ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 6.0.0.13 | Size = 1168264 bytes | Modified Date = 8/25/2008 11:36:36 AM | Attr =    ]
zdwlan.exe -> %ProgramFiles%\Acer WLAN 11g USB Dongle\ZDWlan.exe -> X-Micro Technology Corp. [Ver = 2, 21, 0, 0 | Size = 745472 bytes | Modified Date = 11/16/2005 8:25:14 PM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 9/1/2008 2:06:37 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 6/13/2008 3:29:14 PM | Attr =    ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 6.0.0.19 | Size = 1077640 bytes | Modified Date = 8/25/2008 11:36:34 AM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> PC Tools [Ver = 6.0.0.13 | Size = 1168264 bytes | Modified Date = 8/25/2008 11:36:36 AM | Attr =    ]
LaunchApp -> %SystemRoot%\Alaunch.exe [Alaunch] -> Acer Inc. [Ver = 2.2.0.2 | Size = 524288 bytes | Modified Date = 3/14/2006 12:13:06 AM | Attr =    ]
MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\IMSCINST.EXE [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] ->  [Ver =  | Size = 59392 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =    ]
SiSPower -> %SystemRoot%\system32\SiSPower.dll [Rundll32.exe SiSPower.dll,ModeAgent] -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3680 | Size = 49152 bytes | Modified Date = 7/13/2005 2:55:30 AM | Attr =    ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 43 | Size = 90112 bytes | Modified Date = 8/16/2005 2:39:00 PM | Attr =    ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 5:45:08 PM | Attr = R  ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Acer WLAN 11g USB Dongle.lnk -> %ProgramFiles%\Acer WLAN 11g USB Dongle\ZDWlan.exe -> X-Micro Technology Corp. [Ver = 2, 21, 0, 0 | Size = 745472 bytes | Modified Date = 11/16/2005 8:25:14 PM | Attr =    ]
< Ericka MacKenzie Startup Folder > -> C:\Documents and Settings\Ericka MacKenzie\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 5:12:19 PM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 5:12:38 PM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 5:12:24 PM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 5:12:41 PM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 11:40:46 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 50 bytes | Modified Date = 10/19/2005 9:17:16 PM | Attr =    ]
AUTORUN.INF [[autorun] | open=aocsetup.exe /autorun | icon=age2x.ico |  | shell\setup=Install Age of Empires II - The Conquerors Expansion | shell\setup\command=aocsetup.exe /autorun |  | shell\zone=Install MSN Gaming Zone | shell\zone\command=goodies\mszone\zonea660.exe |  | shell\adobe=Install Adobe Acrobat Reader | shell\adobe\command=goodies\ar405eng.exe |  | shell\log=Log Machine Configuration | shell\log\command=goodies\machine\machine.exe -l |  | shell\machine=View Machine Configuration | shell\machine\command=goodies\machine\machine.exe |  | ] -> E:\AUTORUN.INF [ CDFS ] ->  [Ver =  | Size = 524 bytes | Modified Date = 6/1/2000 1:39:56 AM | Attr = R  ]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1       localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.ca/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{A5E85E03-FF34-483F-BA75-C3310148C535} ->    (D-Link AirPlus Xtreme G DWL-G132 Wireless USB Adapter(rev.A)) -> 
{FFE18C69-057F-41C8-8522-9990CC9226E0} ->    (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
Protocol_Catalog9\Catalog_Entries\000000000001 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 92, 0 | Size = 190344 bytes | Modified Date = 6/2/2008 3:20:00 PM | Attr =    ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> My Little Pony -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\My Little Pony -> My Little Pony -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> My Little Pony -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\My Little Pony -> My Little Pony -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> My Little Pony -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\My Little Pony -> My Little Pony -> 



[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 469291008 bytes | Created Date = 9/6/2008 10:01:37 PM | Attr =  HS]
rsit -> %SystemDrive%\rsit ->  [Folder | Created Date = 9/7/2008 7:57:40 PM | Attr =    ]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1045 built by: WinDDK | Size = 40840 bytes | Created Date = 9/2/2008 9:58:29 PM | Attr =    ]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1030 | Size = 66952 bytes | Created Date = 9/2/2008 9:58:29 PM | Attr =    ]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1034 | Size = 81288 bytes | Created Date = 9/2/2008 9:58:29 PM | Attr =    ]
kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 9/2/2008 9:58:29 PM | Attr =    ]
pctfw2.sys -> %SystemRoot%\System32\drivers\pctfw2.sys -> PC Tools [Ver = 4, 0, 0, 43 | Size = 160792 bytes | Created Date = 9/2/2008 9:58:39 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 8/11/2008 12:21:53 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 8/11/2008 12:21:53 PM | Attr =  H ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Created Date = 9/6/2008 8:59:45 PM | Attr =  H ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 9/2/2008 11:17:23 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 469291008 bytes | Modified Date = 9/8/2008 10:32:53 PM | Attr =  HS]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1045 built by: WinDDK | Size = 40840 bytes | Modified Date = 8/25/2008 11:36:28 AM | Attr =    ]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1030 | Size = 66952 bytes | Modified Date = 8/25/2008 11:36:28 AM | Attr =    ]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1034 | Size = 81288 bytes | Modified Date = 8/25/2008 11:36:30 AM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 52776 bytes | Modified Date = 9/2/2008 9:59:52 PM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 341162 bytes | Modified Date = 9/2/2008 9:59:52 PM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 400136 bytes | Modified Date = 9/2/2008 9:59:51 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 9/8/2008 10:34:52 PM | Attr =    ]
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 9/8/2008 10:32:54 PM | Attr =   S]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 8/11/2008 12:21:53 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 8/11/2008 12:21:53 PM | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 9/2/2008 11:17:23 PM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 491 bytes | Modified Date = 9/2/2008 11:17:23 PM | Attr =    ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 9/8/2008 10:36:16 PM | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/8/2008 10:32:58 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 9/22/2006 10:54:10 PM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5487 bytes | Modified Date = 9/6/2008 8:58:00 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 9/6/2008 8:58:00 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 3/4/2007 2:37:13 PM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11146 bytes | Modified Date = 3/4/2007 2:34:48 PM | Attr =    ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\temp ->  [Folder | Modified Date = 9/8/2008 10:45:49 PM | Attr =    ]
mta101588.dll -> C:\WINDOWS\temp\mta101588.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta101679.dll -> C:\WINDOWS\temp\mta101679.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta102144.dll -> C:\WINDOWS\temp\mta102144.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta102496.dll -> C:\WINDOWS\temp\mta102496.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta103043.dll -> C:\WINDOWS\temp\mta103043.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta105258.dll -> C:\WINDOWS\temp\mta105258.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta105660.dll -> C:\WINDOWS\temp\mta105660.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta105687.dll -> C:\WINDOWS\temp\mta105687.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta106443.dll -> C:\WINDOWS\temp\mta106443.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta107207.dll -> C:\WINDOWS\temp\mta107207.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta110229.dll -> C:\WINDOWS\temp\mta110229.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta111039.dll -> C:\WINDOWS\temp\mta111039.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta111908.dll -> C:\WINDOWS\temp\mta111908.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta112127.dll -> C:\WINDOWS\temp\mta112127.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta112560.dll -> C:\WINDOWS\temp\mta112560.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta113684.dll -> C:\WINDOWS\temp\mta113684.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta116965.dll -> C:\WINDOWS\temp\mta116965.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta117908.dll -> C:\WINDOWS\temp\mta117908.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta120205.dll -> C:\WINDOWS\temp\mta120205.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta121149.dll -> C:\WINDOWS\temp\mta121149.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta121708.dll -> C:\WINDOWS\temp\mta121708.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta125095.dll -> C:\WINDOWS\temp\mta125095.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta125571.dll -> C:\WINDOWS\temp\mta125571.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta16328.dll -> C:\WINDOWS\temp\mta16328.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta17489.dll -> C:\WINDOWS\temp\mta17489.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta19691.dll -> C:\WINDOWS\temp\mta19691.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta20369.dll -> C:\WINDOWS\temp\mta20369.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta20613.dll -> C:\WINDOWS\temp\mta20613.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta21191.dll -> C:\WINDOWS\temp\mta21191.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta22979.dll -> C:\WINDOWS\temp\mta22979.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta24669.dll -> C:\WINDOWS\temp\mta24669.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta24784.dll -> C:\WINDOWS\temp\mta24784.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta25841.dll -> C:\WINDOWS\temp\mta25841.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta27465.dll -> C:\WINDOWS\temp\mta27465.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta29512.dll -> C:\WINDOWS\temp\mta29512.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta29964.dll -> C:\WINDOWS\temp\mta29964.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta30890.dll -> C:\WINDOWS\temp\mta30890.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta33809.dll -> C:\WINDOWS\temp\mta33809.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta35168.dll -> C:\WINDOWS\temp\mta35168.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta35611.dll -> C:\WINDOWS\temp\mta35611.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta36385.dll -> C:\WINDOWS\temp\mta36385.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta38304.dll -> C:\WINDOWS\temp\mta38304.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta44386.dll -> C:\WINDOWS\temp\mta44386.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta44400.dll -> C:\WINDOWS\temp\mta44400.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta44521.dll -> C:\WINDOWS\temp\mta44521.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta44733.dll -> C:\WINDOWS\temp\mta44733.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta44834.dll -> C:\WINDOWS\temp\mta44834.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta45023.dll -> C:\WINDOWS\temp\mta45023.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta45156.dll -> C:\WINDOWS\temp\mta45156.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta45987.dll -> C:\WINDOWS\temp\mta45987.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta46560.dll -> C:\WINDOWS\temp\mta46560.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta46873.dll -> C:\WINDOWS\temp\mta46873.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta47473.dll -> C:\WINDOWS\temp\mta47473.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta48053.dll -> C:\WINDOWS\temp\mta48053.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta49694.dll -> C:\WINDOWS\temp\mta49694.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta51385.dll -> C:\WINDOWS\temp\mta51385.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta51741.dll -> C:\WINDOWS\temp\mta51741.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta51879.dll -> C:\WINDOWS\temp\mta51879.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta52051.dll -> C:\WINDOWS\temp\mta52051.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta53982.dll -> C:\WINDOWS\temp\mta53982.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta54145.dll -> C:\WINDOWS\temp\mta54145.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta54643.dll -> C:\WINDOWS\temp\mta54643.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta58182.dll -> C:\WINDOWS\temp\mta58182.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta58530.dll -> C:\WINDOWS\temp\mta58530.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta59794.dll -> C:\WINDOWS\temp\mta59794.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta60422.dll -> C:\WINDOWS\temp\mta60422.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta61574.dll -> C:\WINDOWS\temp\mta61574.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta62086.dll -> C:\WINDOWS\temp\mta62086.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta62562.dll -> C:\WINDOWS\temp\mta62562.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta63122.dll -> C:\WINDOWS\temp\mta63122.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta63625.dll -> C:\WINDOWS\temp\mta63625.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta64461.dll -> C:\WINDOWS\temp\mta64461.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta66078.dll -> C:\WINDOWS\temp\mta66078.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta67404.dll -> C:\WINDOWS\temp\mta67404.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta68344.dll -> C:\WINDOWS\temp\mta68344.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta69124.dll -> C:\WINDOWS\temp\mta69124.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta70107.dll -> C:\WINDOWS\temp\mta70107.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta70459.dll -> C:\WINDOWS\temp\mta70459.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta70617.dll -> C:\WINDOWS\temp\mta70617.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta75145.dll -> C:\WINDOWS\temp\mta75145.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta77343.dll -> C:\WINDOWS\temp\mta77343.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta77375.dll -> C:\WINDOWS\temp\mta77375.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta79847.dll -> C:\WINDOWS\temp\mta79847.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta81901.dll -> C:\WINDOWS\temp\mta81901.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta83360.dll -> C:\WINDOWS\temp\mta83360.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta84885.dll -> C:\WINDOWS\temp\mta84885.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta85126.dll -> C:\WINDOWS\temp\mta85126.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta86024.dll -> C:\WINDOWS\temp\mta86024.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta90311.dll -> C:\WINDOWS\temp\mta90311.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta90351.dll -> C:\WINDOWS\temp\mta90351.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta93785.dll -> C:\WINDOWS\temp\mta93785.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta94070.dll -> C:\WINDOWS\temp\mta94070.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mta98986.dll -> C:\WINDOWS\temp\mta98986.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw103001.dll -> C:\WINDOWS\temp\mtaw103001.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw104420.dll -> C:\WINDOWS\temp\mtaw104420.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw106945.dll -> C:\WINDOWS\temp\mtaw106945.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw108486.dll -> C:\WINDOWS\temp\mtaw108486.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw117017.dll -> C:\WINDOWS\temp\mtaw117017.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw118835.dll -> C:\WINDOWS\temp\mtaw118835.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw128363.dll -> C:\WINDOWS\temp\mtaw128363.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw15465.dll -> C:\WINDOWS\temp\mtaw15465.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw24660.dll -> C:\WINDOWS\temp\mtaw24660.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw26063.dll -> C:\WINDOWS\temp\mtaw26063.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw27905.dll -> C:\WINDOWS\temp\mtaw27905.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw31078.dll -> C:\WINDOWS\temp\mtaw31078.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw32487.dll -> C:\WINDOWS\temp\mtaw32487.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw39014.dll -> C:\WINDOWS\temp\mtaw39014.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw39605.dll -> C:\WINDOWS\temp\mtaw39605.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw41172.dll -> C:\WINDOWS\temp\mtaw41172.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw43704.dll -> C:\WINDOWS\temp\mtaw43704.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw48336.dll -> C:\WINDOWS\temp\mtaw48336.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw49879.dll -> C:\WINDOWS\temp\mtaw49879.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw50721.dll -> C:\WINDOWS\temp\mtaw50721.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw52075.dll -> C:\WINDOWS\temp\mtaw52075.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw52226.dll -> C:\WINDOWS\temp\mtaw52226.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw55057.dll -> C:\WINDOWS\temp\mtaw55057.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw60149.dll -> C:\WINDOWS\temp\mtaw60149.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw60310.dll -> C:\WINDOWS\temp\mtaw60310.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw62641.dll -> C:\WINDOWS\temp\mtaw62641.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw66885.dll -> C:\WINDOWS\temp\mtaw66885.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw68213.dll -> C:\WINDOWS\temp\mtaw68213.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw70534.dll -> C:\WINDOWS\temp\mtaw70534.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw71571.dll -> C:\WINDOWS\temp\mtaw71571.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw71703.dll -> C:\WINDOWS\temp\mtaw71703.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw80024.dll -> C:\WINDOWS\temp\mtaw80024.dll -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 1159680 bytes | Modified Date = 4/22/2008 9:16:29 PM | Attr =    ]
mtaw80154.dll -> C:\WINDOWS\temp\mtaw80154.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw83113.dll -> C:\WINDOWS\temp\mtaw83113.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw93898.dll -> C:\WINDOWS\temp\mtaw93898.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
mtaw93986.dll -> C:\WINDOWS\temp\mtaw93986.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/23/2008 9:57:40 AM | Attr =    ]
10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\temp ->  [Folder | Modified Date = 9/8/2008 10:45:49 PM | Attr =    ]
Perflib_Perfdata_1cc.dat -> C:\WINDOWS\temp\Perflib_Perfdata_1cc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 9/2/2008 2:22:29 PM | Attr =    ]
10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\temp\Cookies ->  [Folder | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
index.dat -> C:\WINDOWS\temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 9/2/2008 11:23:07 PM | Attr =  HS]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 9/2/2008 11:23:07 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
index.dat -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 9/2/2008 11:23:07 PM | Attr =  HS]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 145 bytes | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/7/2008 9:06:07 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JOCY21BL\ -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\JOCY21BL ->  [Folder | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\JOCY21BL\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K7ZFMLE5\ -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\K7ZFMLE5 ->  [Folder | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\K7ZFMLE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O7HXAY3A\ -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\O7HXAY3A ->  [Folder | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\O7HXAY3A\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UUZM0ILU\ -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\UUZM0ILU ->  [Folder | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\UUZM0ILU\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/7/2008 9:06:08 PM | Attr =  HS]

< End of report >

by **dustytrails** » September 9th, 2008, 1:50 am

Hi Bio Hazard,

As requested here is the latest Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:42 PM, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ericka MacKenzie\Desktop\OTScanIt\OTScanIt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 4098 bytes

by **Bio-Hazard** » September 9th, 2008, 9:09 am

No Antivirus

Using PC Tools Spyware Doctor with Anti-Virus is not enough. You should really install a proper antivirus program.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

Avira AntiVir Personal- Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.

Once you have installed one of them proceed to do a full scan with it.

FixPolicies

Download FixPolicies.exe, a self-extracting ZIP archive, and save it to your Desktop.
You can get it from here:: http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe

Double-click FixPolicies.exe.
Click the "Install" button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
A black box will briefly appear and then close.

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

A fresh HijackThis Log ( after all the above has been done)

Free Malware Removal Forum

Strange Identity showing up at Login

Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Re: Strange Identity showing up at Login

Who is online