Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help can't remove malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help can't remove malware

Unread postby jemma_79 » November 10th, 2007, 12:58 pm

please can someone have a look at my hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:05, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10099 bytes

Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware...




hijackthis1.txt ( 9.86k ) : 1
jemma_79
Regular Member
 
Posts: 44
Joined: November 9th, 2007, 6:42 pm
Advertisement
Register to Remove

Re: help can't remove malware

Unread postby random/random » November 11th, 2007, 2:24 pm

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Post back with the smitfraudfix log & a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: help can't remove malware

Unread postby jemma_79 » November 11th, 2007, 5:12 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:30, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10129 bytes
jemma_79
Regular Member
 
Posts: 44
Joined: November 9th, 2007, 6:42 pm

Re: help can't remove malware

Unread postby random/random » November 11th, 2007, 5:20 pm

Please post the smitfraudfix log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: help can't remove malware

Unread postby jemma_79 » November 11th, 2007, 5:21 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:30, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10129 bytes
jemma_79
Regular Member
 
Posts: 44
Joined: November 9th, 2007, 6:42 pm

Re: help can't remove malware

Unread postby random/random » November 11th, 2007, 5:22 pm

You posted another HijackThis log. I need the smitfraudfix log, it can be found at C:\rapport.txt
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: help can't remove malware

Unread postby jemma_79 » November 11th, 2007, 6:15 pm

SmitFraudFix v2.252

Scan done at 20:38:00.73, 11/11/2007
Run from C:\WINDOWS\system\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\bonrep.dll FOUND !
C:\WINDOWS\ipwypktx.dll FOUND !
C:\WINDOWS\kbdctrl.dll FOUND !
C:\WINDOWS\neobus.dll FOUND !
C:\WINDOWS\privacy_danger FOUND !
C:\WINDOWS\qdertu.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\Desktop\FAVORI~1

C:\DOCUME~1\user\Desktop\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\user\Desktop\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\user\Desktop\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 802.11g Wireless PCI Card - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5C1FE956-4C46-4B88-BAEC-4F257DF18246}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5C1FE956-4C46-4B88-BAEC-4F257DF18246}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5C1FE956-4C46-4B88-BAEC-4F257DF18246}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
jemma_79
Regular Member
 
Posts: 44
Joined: November 9th, 2007, 6:42 pm

Re: help can't remove malware

Unread postby random/random » November 11th, 2007, 6:30 pm

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Post the new smitfraudfix log & a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: help can't remove malware

Unread postby jemma_79 » November 11th, 2007, 7:42 pm

can't start in safe mode
jemma_79
Regular Member
 
Posts: 44
Joined: November 9th, 2007, 6:42 pm

Re: help can't remove malware

Unread postby random/random » November 12th, 2007, 5:43 pm

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: help can't remove malware

Unread postby jemma_79 » November 12th, 2007, 8:59 pm

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) Processor 3000+
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 959.23 MiB / 386.7 MiB
Pagefile Memory (total/avail): 2315.38 MiB / 1800.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1943.65 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 129.25 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6V160E0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.

FW: Trend Micro Personal Firewall v5.0 (Trend Micro Inc.)
AV: Trend Micro Internet Security v16.00.1449 ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1180556939\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1180556939\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1180556939\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1180556939\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1180968173\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1180968173\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1180968173\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1180968173\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\ekvakuh-easac.exe"="C:\\WINDOWS\\system32\\ekvakuh-easac.exe:*:Enabled:Windows Internet Access"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\HOME2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=HOME2
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2X-Office 7.72 --> C:\Program Files\A4Tech\Mouse\Uninst32.exe
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{5380B111-5047-413D-A6E5-70D69391D08E}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
EnglishHarbourCasino --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3F1BAF0-ABA2-11D5-B8F7-00010323AB2C}\Setup.exe" -l0x9 -uninst
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27F650A9-6FAB-41C8-8621-92FF0118B0C4}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPR240 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESPR240\USE_G\DOCUNINS.EXE
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hardwood Spades --> C:\Program Files\Hardwood Spades\Spades.exe -Uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\25VYQZKR\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iKeyWorks 7.72 --> C:\Program Files\A4Tech\Keyboard\Uninst32.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Ultra soft --> C:\Documents and Settings\user\Application Data\ultra\uninstall.bat
VideoCAM Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{862546CA-19C6-4D42-A6EB-352820682FA3}\Setup.exe" -l0x9
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}
Windows Live Messenger --> MsiExec.exe /X{33F8EAD4-B6EC-498B-B487-696B973D1C0C}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wireless LAN Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07DEC7A1-F8D2-4DBB-900B-A2F9302647BB}\Setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type3746 / Success
Event Submitted/Written: 11/12/2007 10:24:05 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3730 / Success
Event Submitted/Written: 11/12/2007 08:15:20 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3726 / Warning
Event Submitted/Written: 11/12/2007 01:26:19 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3716 / Warning
Event Submitted/Written: 11/12/2007 00:04:45 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3715 / Warning
Event Submitted/Written: 11/12/2007 00:02:36 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type158 / Error
Event Submitted/Written: 11/12/2007 11:17:20 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type129 / Error
Event Submitted/Written: 11/12/2007 10:58:32 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The NtmlSvc service terminated with the following error:
%%126

Event Record #/Type100 / Error
Event Submitted/Written: 11/12/2007 10:47:20 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The NtmlSvc service terminated with the following error:
%%126

Event Record #/Type75 / Error
Event Submitted/Written: 11/12/2007 10:32:01 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The NtmlSvc service terminated with the following error:
%%126

Event Record #/Type70 / Warning
Event Submitted/Written: 11/12/2007 10:31:59 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{5C1FE956-4C46-4B88-BAEC-4F257DF18246}.



-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------

Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9932 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>

S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>


-- Find3M Report ---------------------------------------------------------------

2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9932 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>

S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>


-- Find3M Report ---------------------------------------------------------------

2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe



-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe



-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------

Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9932 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>

S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>


-- Find3M Report ---------------------------------------------------------------

2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9932 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>

S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>


-- Find3M Report ---------------------------------------------------------------

2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe



-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe



-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------

Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9932 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>

S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>


-- Find3M Report ---------------------------------------------------------------

2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9932 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>

S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>


-- Find3M Report ---------------------------------------------------------------

2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe



-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe



-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------

Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9932 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>

S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>


-- Find3M Report ---------------------------------------------------------------

2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9932 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>

S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>


-- Find3M Report ---------------------------------------------------------------

2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe



-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe



-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9932 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>

S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>


-- Find3M Report ---------------------------------------------------------------

2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Deckard's System Scanner v20071014.68
Run by user on 2007-11-12 23:10:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2007-11-12 23:14:13 UTC - RP375 - Deckard's System Scanner Restore Point
102: 2007-11-08 02:38:08 UTC - RP374 - Restore Operation
101: 2007-11-07 22:35:04 UTC - RP373 - Installed Trend Micro Internet Security
100: 2007-11-07 22:27:23 UTC - RP372 - Removed Ad-Aware 2007
99: 2007-11-07 14:32:34 UTC - RP371 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-08-09 08:20:02 UTC - RP273 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:11, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9932 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>

S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>
S3 Intels51 (Intel(R) 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tiwlnsvc (TI Wlan Service) - c:\program files\wireless lan utility\tiwlnsvc.exe

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; ; Windows Live>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38D79619&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38D79619&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&1E6AA3F3&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 20:47:05 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-10-12 and 2007-11-12 -----------------------------

2007-11-12 23:00:49 0 d-------- C:\WINDOWS\privacy_danger
2007-11-11 20:38:09 3702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23:08 0 d-------- C:\WINDOWS\system\SmitfraudFix <SMITFR~1>
2007-11-11 20:22:44 1043074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10:47 0 d-------- C:\Program Files\SmitfraudFix <SMITFR~1>
2007-11-11 19:37:15 25600 --a------ C:\WINDOWS\system\WS2Fix.exe
2007-11-11 19:37:15 289144 --a------ C:\WINDOWS\system\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-11 19:37:15 167936 --a------ C:\WINDOWS\system\unzip.exe
2007-11-11 19:37:15 40960 --a------ C:\WINDOWS\system\swsc.exe
2007-11-11 19:37:15 135168 --a------ C:\WINDOWS\system\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-11-11 19:37:14 288417 --a------ C:\WINDOWS\system\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-11 19:37:14 20480 --a------ C:\WINDOWS\system\SmiUpdate.exe <Not Verified; S-Software; SmiUpdate>
2007-11-11 19:37:14 1497667 --a------ C:\WINDOWS\system\SmitfraudFix.cmd
2007-11-11 19:37:14 16384 --a------ C:\WINDOWS\system\restart.exe <Not Verified; WareSoft Software; restart>
2007-11-11 19:37:14 24576 --a------ C:\WINDOWS\system\Reboot.exe <Not Verified; Option; Explicit Software>
2007-11-11 19:37:14 53248 --a------ C:\WINDOWS\system\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-11 19:37:14 77824 --a------ C:\WINDOWS\system\HostsChk.exe <Not Verified; S!Ri.URZ; Hosts Check>
2007-11-11 19:37:14 82432 --a------ C:\WINDOWS\system\GenericRenosFix.exe <Not Verified; S!Ri; >
2007-11-11 19:37:14 1536 --a------ C:\WINDOWS\system\exit.exe
2007-11-11 19:37:14 0 d-------- C:\SmitfraudFix <SMITFR~1>
2007-11-11 19:19:07 0 --a------ C:\Documents and Settings\user\Application Data\ouxtikeah.dll
2007-11-08 02:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36:25 0 d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-08 02:36:13 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-08 02:36:05 0 d-------- C:\WINDOWS\system32\runtime
2007-11-07 22:36:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48:41 0 d-------- C:\Program Files\Trend Micro
2007-11-05 22:32:46 289280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32:45 112128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32:45 277504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32:45 286720 --a------ C:\WINDOWS\ipwypktx.dll <Not Verified; ; ipwypktx>
2007-11-05 22:32:45 79872 --a------ C:\WINDOWS\bonrep.dll <Not Verified; ; bonrep Module>


-- Find3M Report ---------------------------------------------------------------

2007-11-12 22:58:19 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-11 23:05:01 30489 --a------ C:\Documents and Settings\user\Application Data\tmp3.tmp
2007-11-08 02:36:25 0 d-------- C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36:25 0 d-------- C:\Program Files\FunWebProducts
2007-11-08 02:36:23 0 d-------- C:\Program Files\Google
2007-11-08 02:36:16 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:35:02 0 d-------- C:\Program Files\Common Files\AOL
2007-11-07 23:13:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-07 19:55:04 67777 --a------ C:\Program Files\log malware.txt
2007-11-07 16:23:47 0 d-------- C:\Documents and Settings\user\Application Data\LimeWire
2007-11-07 14:29:25 0 d-------- C:\Program Files\Common Files
2007-10-29 13:30:09 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53:54 0 d-------- C:\Program Files\Windows Live
2007-10-29 10:49:54 0 d-------- C:\Program Files\Hardwood Spades
2007-10-29 10:26:32 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-28 22:08:56 0 d-------- C:\Program Files\Common Files\Real
2007-10-28 20:44:52 0 d-------- C:\Documents and Settings\user\Application Data\Google
2007-10-23 21:19:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-24 11:27:05 6970 --a------ C:\WINDOWS\system32\EPPICResdb0000
2007-09-24 11:27:05 121 --a------ C:\WINDOWS\system32\EPPICResdb
2007-09-18 18:52:47 0 d-------- C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:52:41 0 d-------- C:\Program Files\Silver Creek Installer
2007-09-18 18:52:41 0 d-------- C:\Program Files\Hardwood Backgammon
2007-09-18 18:52:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 18:52:29 0 d-------- C:\Program Files\Trymedia
2007-09-18 18:51:50 0 d-------- C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 18:48:56 0 d-------- C:\Program Files\KYE
2007-09-18 18:48:55 0 d-------- C:\Program Files\Common Files\snpstd
2007-09-18 15:43:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57:14 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(194).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(193).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(192).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(191).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(190).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(189).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(188).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(187).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(186).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(185).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(184).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(183).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(182).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(181).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(180).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(179).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(178).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(177).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(176).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(175).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(174).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(173).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(172).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(171).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(170).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(169).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(168).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(167).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(166).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(165).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(164).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(163).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(162).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(161).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(160).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(159).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(158).exe
2007-09-16 13:25:16 30489 -ra------ C:\WINDOWS\system32\ekvakuh-easac(157).exe
2007-09-16 13:25:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 12:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(48).exe
2007-09-16 09:01:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(49).exe
2007-09-15 22:40:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(50).exe
2007-09-15 20:47:20 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(51).exe
2007-09-15 17:48:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(52).exe
2007-09-15 13:38:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(53).exe
2007-09-15 09:08:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(54).exe
2007-09-14 23:13:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(55).exe
2007-09-14 22:27:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(56).exe
2007-09-14 15:51:19 0 d-------- C:\Program Files\Yahoo!
2007-09-14 15:45:19 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(57).exe
2007-09-14 13:08:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(58).exe
2007-09-14 12:36:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(59).exe
2007-09-14 12:23:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(60).exe
2007-09-14 09:51:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(61).exe
2007-09-14 08:01:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(62).exe
2007-09-13 19:23:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(63).exe
2007-09-13 17:24:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(64).exe
2007-09-13 15:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(65).exe
2007-09-13 11:25:51 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(66).exe
2007-09-13 09:56:31 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(67).exe
2007-09-13 07:39:21 0 d-------- C:\Program Files\SEUCDaS
2007-09-13 07:18:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(68).exe
2007-09-13 01:19:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(69).exe
2007-09-13 01:05:58 0 d-------- C:\Program Files\InterActual
2007-09-12 21:28:36 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(70).exe
2007-09-12 20:20:35 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(71).exe
2007-09-12 18:48:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(72).exe
2007-09-12 18:25:39 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(73).exe
2007-09-12 17:44:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(74).exe
2007-09-12 16:28:12 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(75).exe
2007-09-12 13:02:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(76).exe
2007-09-12 12:23:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(77).exe
2007-09-12 12:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(78).exe
2007-09-12 12:21:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(79).exe
2007-09-11 21:20:58 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(80).exe
2007-09-11 21:11:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(81).exe
2007-09-11 21:08:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(82).exe
2007-09-11 21:04:15 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(83).exe
2007-09-11 21:00:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(84).exe
2007-09-11 20:59:45 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(85).exe
2007-09-11 19:23:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(86).exe
2007-09-11 19:22:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(87).exe
2007-09-11 19:16:03 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(88).exe
2007-09-11 19:11:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(89).exe
2007-09-11 13:01:55 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(90).exe
2007-09-11 09:29:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(91).exe
2007-09-11 08:30:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(92).exe
2007-09-11 07:45:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(93).exe
2007-09-10 21:57:25 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(94).exe
2007-09-10 20:38:57 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(95).exe
2007-09-10 19:31:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(96).exe
2007-09-10 18:41:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(97).exe
2007-09-10 17:03:01 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(98).exe
2007-09-10 11:27:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(99).exe
2007-09-09 22:42:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(100).exe
2007-09-08 23:40:49 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(101).exe
2007-09-08 22:07:56 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(102).exe
2007-09-08 14:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(103).exe
2007-09-08 10:23:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(104).exe
2007-09-07 19:39:07 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(105).exe
2007-09-07 13:26:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(106).exe
2007-09-07 12:28:33 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(107).exe
2007-09-07 12:10:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(108).exe
2007-09-07 09:13:48 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(109).exe
2007-09-07 07:53:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(110).exe
2007-09-06 23:49:26 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(111).exe
2007-09-06 07:23:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(112).exe
2007-09-05 20:19:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(113).exe
2007-09-05 15:32:30 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(114).exe
2007-09-05 09:43:37 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(115).exe
2007-09-05 07:47:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(116).exe
2007-09-05 02:13:00 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(117).exe
2007-09-04 20:55:21 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(118).exe
2007-09-04 10:22:34 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(119).exe
2007-09-04 07:21:54 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(120).exe
2007-09-04 07:10:38 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(121).exe
2007-09-03 22:19:04 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(122).exe
2007-09-03 18:47:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(123).exe
2007-09-03 17:51:10 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(124).exe
2007-09-03 12:56:27 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(125).exe
2007-09-03 11:50:59 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(126).exe
2007-09-03 08:31:02 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(127).exe
2007-09-03 07:00:22 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(128).exe
2007-09-02 21:31:41 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(129).exe
2007-09-02 20:44:13 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(130).exe
2007-09-02 18:55:53 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(131).exe
2007-09-02 18:15:16 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(132).exe
2007-09-02 15:07:17 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(133).exe
2007-09-02 11:57:46 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(134).exe
2007-09-02 02:00:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(135).exe
2007-09-01 21:27:52 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(147).exe
2007-09-01 19:25:08 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(148).exe
2007-09-01 18:57:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(149).exe
2007-09-01 16:08:40 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(150).exe
2007-09-01 14:58:05 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(151).exe
2007-09-01 12:54:23 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(152).exe
2007-09-01 10:11:29 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(153).exe
2007-09-01 03:00:50 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(154).exe
2007-08-31 21:01:43 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(155).exe
2007-08-31 14:41:24 30489 --a------ C:\WINDOWS\system32\ekvakuh-easac(156).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
05/11/2007 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/07/2006 05:19]
"nwiz"="nwiz.exe" [12/07/2006 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/07/2006 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [22/03/2007 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [25/04/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [07/09/2006 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [07/09/2006 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28/10/2007 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [28/09/2007 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe



-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [05/11/2007 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [05/11/2007 09:04 277504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 28/02/2006 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe



-- End of Deckard's System Scanner: finished at 2007-11-13 00:02:40 ------------
jemma_79
Regular Member
 
Posts: 44
Joined: November 9th, 2007, 6:42 pm

Re: help can't remove malware

Unread postby jemma_79 » November 14th, 2007, 11:09 am

i have copied and pasted the reports from deckards system report what do i do now please
jemma_79
Regular Member
 
Posts: 44
Joined: November 9th, 2007, 6:42 pm

Re: help can't remove malware

Unread postby random/random » November 14th, 2007, 5:31 pm

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: help can't remove malware

Unread postby jemma_79 » November 15th, 2007, 3:36 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:34:38, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\system32\ekvakuh-easac.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5} - C:\WINDOWS\bonrep.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a8637465bb4ac20b.spaces.live ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://fortunelounge.microgaming.com/g ... lashAX.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://smiley.oberon-media.com/online/o ... der_v6.cab
O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\atpakib-deas.dll
O21 - SSODL: kbdctrl - {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll
O21 - SSODL: neobus - {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9841 bytes
ComboFix 07-11-08.1 - user 2007-11-15 1:13:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.477 [GMT 0:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Application Data\FunWebProducts
C:\Documents and Settings\user\Application Data\FunWebProducts\Data\user\avatar.dat
C:\Documents and Settings\user\Application Data\FunWebProducts\Data\user\register.dat
C:\Documents and Settings\user\Application Data\FunWebProducts\Data\user\wffavs.dat
C:\Documents and Settings\user\Desktop\Favorites\Error Cleaner.url
C:\Documents and Settings\user\Desktop\Favorites\Privacy Protector.url
C:\Documents and Settings\user\Desktop\Favorites\Spyware&Malware Protection.url
C:\Program Files\autorun.inf
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\0025D5AB.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\0047332C.urr
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\WINDOWS\dat.txt
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\xlibgfl254.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_LDRSVC
-------\LEGACY_NTMLSVC
-------\LEGACY_NWSAPAGENT
-------\ldrsvc
-------\nm
-------\NtmlSvc
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.

2007-11-15 00:19 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 23:08 <DIR> d-------- C:\Deckard
2007-11-11 20:38 3,702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23 <DIR> d-------- C:\WINDOWS\system\SmitfraudFix
2007-11-11 20:22 1,043,074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10 <DIR> d-------- C:\Program Files\SmitfraudFix
2007-11-11 19:37 <DIR> d-------- C:\SmitfraudFix
2007-11-08 02:36 <DIR> d-------- C:\WINDOWS\system32\runtime
2007-11-08 02:36 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-07 22:37 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-11-07 22:37 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-11-07 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-05 22:32 289,280 --a------ C:\WINDOWS\kbdctrl.dll
2007-11-05 22:32 286,720 --a------ C:\WINDOWS\ipwypktx.dll
2007-11-05 22:32 277,504 --a------ C:\WINDOWS\neobus.dll
2007-11-05 22:32 112,128 --a------ C:\WINDOWS\qdertu.exe
2007-11-05 22:32 79,872 --a------ C:\WINDOWS\bonrep.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-09 13:46 401,720 ----a-w C:\Program Files\hijack.exe
2007-11-08 02:36 --------- d-----w C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36 --------- d-----w C:\Program Files\Google
2007-11-08 02:36 --------- d-----w C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-08 02:35 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-07 23:13 --------- d-----w C:\Program Files\MSN Messenger
2007-11-07 19:55 67,777 ----a-w C:\Program Files\log malware.txt
2007-11-07 16:23 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2007-10-29 10:53 --------- d-----w C:\Program Files\Windows Live
2007-10-29 10:49 --------- d-----w C:\Program Files\Hardwood Spades
2007-10-29 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-28 22:08 --------- d-----w C:\Program Files\Common Files\Real
2007-09-28 08:42 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-28 08:42 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-28 08:42 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-28 08:42 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-28 08:42 138,512 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-28 08:42 1,126,328 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-18 18:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-18 18:52 --------- d-----w C:\Program Files\Trymedia
2007-09-18 18:52 --------- d-----w C:\Program Files\Silver Creek Installer
2007-09-18 18:52 --------- d-----w C:\Program Files\Hardwood Backgammon
2007-09-18 18:52 --------- d-----w C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-18 18:51 --------- d-----w C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:48 --------- d-----w C:\Program Files\KYE
2007-09-18 18:48 --------- d-----w C:\Program Files\Common Files\snpstd
2007-07-17 01:51 123,461 ----a-w C:\Program Files\Common Files\Hewlett-Packard.zip
2007-07-05 00:27 1,708,148 ----a-w C:\Documents and Settings\All Users\Documents.zip
2007-06-06 02:21 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-05-08 11:08 31,248 ----a-w C:\Program Files\tmpreflt.sys
2007-05-08 11:08 252,128 ----a-w C:\Program Files\Tmfilter.sys
2007-05-08 11:08 197,648 ----a-w C:\Program Files\tmxpflt.sys
2007-05-08 11:08 1,051,456 ----a-w C:\Program Files\VsapiNT.sys
2007-03-23 12:57 132 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
2004-06-22 08:04 94,438 ------w C:\Program Files\hposcu08.inf
2004-06-22 08:04 9,777 ------w C:\Program Files\hpzipr13.inf
2004-06-22 08:04 9,773 ------w C:\Program Files\hpousc08.inf
2004-06-22 08:04 70,656 ------w C:\Program Files\msvcirt.dll
2004-06-22 08:04 7,579 ------w C:\Program Files\hpound08.inf
2004-06-22 08:04 66,431 ------w C:\Program Files\hpoprl04.dat
2004-06-22 08:04 65,420 ------w C:\Program Files\hpoprl05.dat
2004-06-22 08:04 65 ------w C:\Program Files\dxprl.dat
2004-06-22 08:04 6,704 ------w C:\Program Files\hpounp08.inf
2004-06-22 08:04 53,670 ------w C:\Program Files\hposcu08.cat
2004-06-22 08:04 52,349 ------w C:\Program Files\hpzius13.cat
2004-06-22 08:04 52,349 ------w C:\Program Files\HPZius12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzist13.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzist12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzipr13.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\HPZipr12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzid413.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\HPZid412.cat
2004-06-22 08:04 51,026 ------w C:\Program Files\HPOunp08.cat
2004-06-22 08:04 50,615 ------w C:\Program Files\hpzid412.inf
2004-06-22 08:04 5,538 ------w C:\Program Files\hpzist12.inf
2004-06-22 08:04 49,212 ------w C:\Program Files\hpzjvp01.dll
2004-06-22 08:04 458,752 ------w C:\Program Files\tls704d.dll
2004-06-22 08:04 447,400 ------w C:\Program Files\hpoprn08.cat
2004-06-22 08:04 442,425 ------w C:\Program Files\hpzjpp01.dll
2004-06-22 08:04 4,779 ------w C:\Program Files\hpoglu08.inf
2004-06-22 08:04 4,768 ------w C:\Program Files\hpoprl01.dat
2004-06-22 08:04 4,144 ------w C:\Program Files\hpousb08.inf
2004-06-22 08:04 4,132 ------w C:\Program Files\hpzist13.inf
2004-06-22 08:04 4,014 ------w C:\Program Files\hpoprl08.dat
2004-06-22 08:04 399 ------w C:\Program Files\hpzprl01.dat
2004-06-22 08:04 314 ------w C:\Program Files\hpqprl01.dat
2004-06-22 08:04 3,448 ------w C:\Program Files\hpohub08.inf
2004-06-22 08:04 297 ------w C:\Program Files\Readme.html
2004-06-22 08:04 290,873 ------w C:\Program Files\hpzjut01.dll
2004-06-22 08:04 28,722 ------w C:\Program Files\hpzjlog.dll
2004-06-22 08:04 270,336 ------w C:\Program Files\hpzglu10.exe
2004-06-22 08:04 270,336 ------w C:\Program Files\hpzc3212.dll
2004-06-22 08:04 26,768 ------w C:\Program Files\usbhub.sys
2004-06-22 08:04 254,005 ------w C:\Program Files\msvcrt.dll
2004-06-22 08:04 22,636 ------w C:\Program Files\hpzid413.inf
2004-06-22 08:04 22,608 ------w C:\Program Files\usbprint.sys
2004-06-22 08:04 205 ------w C:\Program Files\hpzprl02.dat
2004-06-22 08:04 200,704 ------w C:\Program Files\hpzpnp10.dll
2004-06-22 08:04 20,168 ------w C:\Program Files\hpzius12.inf
2004-06-22 08:04 2,542 ------w C:\Program Files\hpoprl02.dat
2004-06-22 08:04 19,578 ------w C:\Program Files\hpoprl03.dat
2004-06-22 08:04 176,128 ------w C:\Program Files\hpzscr10.dll
2004-06-22 08:04 17,176 ------w C:\Program Files\hpomdl04.dat
2004-06-22 08:04 16,416 ------w C:\Program Files\HPZUCI12.DLL
2004-06-22 08:04 14,845 ------w C:\Program Files\hpoapd01.dat
2004-06-22 08:04 14,815 ------w C:\Program Files\hpzius13.inf
2004-06-22 08:04 137,124 ------w C:\Program Files\hpoprn08.inf
2004-06-22 08:04 12,922 ------w C:\Program Files\hpzipr12.inf
2004-06-22 08:04 12,288 ------w C:\Program Files\usbmon.dll
2004-06-22 08:04 1,980 ------w C:\Program Files\hpoprl07.dat
2004-06-22 08:04 1,479 ------w C:\Program Files\license.txt
2004-06-22 08:04 1,391 ------w C:\Program Files\readme.txt
2004-06-22 08:04 1,073,152 ------w C:\Program Files\Setup.exe
2004-03-17 17:13 1,028,368 ----a-w C:\Program Files\vbrun60sp6.exe
2007-05-28 20:41:22 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052120070528\index.dat
2007-05-28 20:41:22 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052820070529\index.dat
2007-05-29 20:49:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052920070530\index.dat
2007-05-30 19:12:14 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053020070531\index.dat
2007-05-31 19:38:44 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053120070601\index.dat
2007-06-02 18:05:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007060220070603\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
2007-11-05 09:04 286720 --a------ C:\WINDOWS\ipwypktx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5}"= C:\WINDOWS\bonrep.dll [2007-11-05 09:04 79872]

[HKEY_CLASSES_ROOT\CLSID\{6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5}]
[HKEY_CLASSES_ROOT\bonrep.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{F3EEF4B8-F62A-471A-8565-48BDF3BFE163}]
[HKEY_CLASSES_ROOT\bonrep.ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 05:19]
"nwiz"="nwiz.exe" [2006-07-12 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [2007-03-22 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-22 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-09-07 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-28 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-28 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"= {233FA1C6-9248-4FE5-81E2-105199E71E73} - C:\WINDOWS\kbdctrl.dll [2007-11-05 09:04 289280]
"neobus"= {3A65EF87-130E-4140-838D-AE4743161B08} - C:\WINDOWS\neobus.dll [2007-11-05 09:04 277504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 2006-02-28 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

R3 TNET1130;802.11 WLAN;C:\WINDOWS\system32\DRIVERS\TNET1130.sys
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-15 01:47:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 02:35:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-15 2:36:47 - machine was rebooted
.
--- E O F ---
jemma_79
Regular Member
 
Posts: 44
Joined: November 9th, 2007, 6:42 pm

Re: help can't remove malware

Unread postby random/random » November 15th, 2007, 1:38 pm

Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")

  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    Code: Select all
    DirLook::
    C:\WINDOWS\system32\runtime
    FileLook::
    C:\WINDOWS\system32\atpakib-deas.dll
    File::
    C:\WINDOWS\kbdctrl.dll
    C:\WINDOWS\ipwypktx.dll
    C:\WINDOWS\neobus.dll
    C:\WINDOWS\qdertu.exe
    C:\WINDOWS\bonrep.dll
    C:\WINDOWS\system32\ahroxun-edat.exe
    C:\WINDOWS\system32\udsacoot.exe
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5}]
    [-HKEY_CLASSES_ROOT\bonrep.ToolBar.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{F3EEF4B8-F62A-471A-8565-48BDF3BFE163}]
    [-HKEY_CLASSES_ROOT\bonrep.ToolBar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "kbdctrl"=-
    "neobus"=-
    [-HKEY_CLASSES_ROOT\CLSID\{233FA1C6-9248-4FE5-81E2-105199E71E73}]
    [-HKEY_CLASSES_ROOT\CLSID\{3A65EF87-130E-4140-838D-AE4743161B08}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
    
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as CFscript.txt
  • Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
    Image
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware