Logfile of HijackThis v1.99.1
Scan saved at 8:29:57 AM, on 8/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\PC Guardian\EP Hard Disk\User\DISrv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Guardian\EP Hard Disk\User\PCGProt.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\SLClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PC Guardian\EP Hard Disk\User\LaunchEPHD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\System32\wfxqhv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Documents and Settings\ABray\Application Data\a?sembly\w?wexec.exe
C:\DOCUME~1\ABray\MYDOCU~1\TSKS~1\dllhost.exe
C:\Program Files\Cirond\Cirond Winc\Winc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\ABray\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.netzero.ne...s/sp?r=al&cf=sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\System32\xeymi.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MyWiki toolbar - {e22e8d11-0f3e-4d46-8fc1-7264b4d5ea01} - C:\Program Files\MyWiki\tbMyW1.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPHD User] "C:\Program Files\PC Guardian\EP Hard Disk\User\LaunchEPHD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LapLink Scheduler] C:\Program Files\Common Files\LapLink\Scheduler\llsched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\System32\wfxqhv.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [xrefc27a] RUNDLL32.EXE w1547363.dll,n 001fc279000000031547363
O4 - HKLM\..\Run: [w54763df.dll] RUNDLL32.EXE w54763df.dll,I2 001fc279054763df
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [Ylpqwgwa] C:\Documents and Settings\ABray\Application Data\a?sembly\w?wexec.exe
O4 - HKCU\..\Run: [iouz] C:\PROGRA~1\COMMON~1\iouz\iouzm.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Ltap] "C:\DOCUME~1\ABray\MYDOCU~1\TSKS~1\dllhost.exe" -vt ndrv
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinmpez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cirond Winc.lnk = C:\Program Files\Cirond\Cirond Winc\Winc.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://my.netzero.net/s/sp?r=al&cf=sp
O15 - Trusted Zone: *.mdmgr.net
O15 - Trusted Zone: *.webmd.net
O15 - Trusted Zone: *.webmdps.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1139970307654
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139970297249
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {C130F0B3-CD97-4DFC-B052-2BD17A7B82F5} (Yahoo! Photos Print-at-Home Tool Class) - http://us.dl1.yimg.c...printathome.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4262072-BAB4-4CA9-9581-CEF306DC8616}: Domain = mmrd.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mmrd.com,hs.mdmgr.net,atl.healtheon.com,envoy.net,healtheon.com,mdmgr.net,mdmgrse.com,mmnsonline.com,na.webmd.net,webmd.com,webmd.net,webmdps.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mmrd.com,hs.mdmgr.net,atl.healtheon.com,envoy.net,healtheon.com,mdmgr.net,mdmgrse.com,mmnsonline.com,na.webmd.net,webmd.com,webmd.net,webmdps.net
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\System32\xeymi.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\ping.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\2236_28.dll (file missing)
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi25757.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EphdXlatService - Unknown owner - C:\Program Files\PC Guardian\EP Hard Disk\User\DISrv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCG Protect - PC Guardian - C:\Program Files\PC Guardian\EP Hard Disk\User\PCGProt.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\System32\SLClient.exe
ARGH. Apparantly I overwrote one of the FSecure Scan logs. I swear I am not normally this absentminded. Then again, maybe I am. sigh. Here are the two fsecure logs that I have.
Scanning Report
Friday, August 04, 2006 19:30:40 - 00:34:46
Computer name: GNVAL-ABRAY
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
--------------------------------------------------------------------------------
Result: 12 malware found
Adware.DollarRevenue (spyware)
System
Adware.Suggestor (spyware)
System
Java/OpenConnection.AA (virus)
C:\DOCUMENTS AND SETTINGS\ABRAY\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\JAVAPI\V1.0\JAR\COUNT.JAR-160DD9AE-2A2FFAF9.ZIP
C:\DOCUMENTS AND SETTINGS\ABRAY\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\JAVAPI\V1.0\JAR\COUNT.JAR-29FBDB81-76736AB9.ZIP
C:\DOCUMENTS AND SETTINGS\ABRAY\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\JAVAPI\V1.0\JAR\COUNT.JAR-516AC74A-32DEE197.ZIP
C:\DOCUMENTS AND SETTINGS\ABRAY\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\JAVAPI\V1.0\JAR\COUNT.JAR-6E9EEDE5-21280D3D.ZIP
Possible Browser Hijack attempt (spyware)
System
Tracking Cookie (spyware)
System (Disinfected)
System
W32/Smalldrp.GOJ (virus)
C:\WINDOWS\PF78.EXE
WebHancer (spyware)
System
Windows (spyware)
System
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 92853
System: 5890
Not scanned: 16
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 11
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL
C:\WINDOWS\$NTUNINSTALLKB837001$\DAO360.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB826939$\ACCWIZ.EXE
C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL
C:\DOCUMENTS AND SETTINGS\ABRAY\LOCAL SETTINGS\TEMP\ME_7NZWLHEEFUTERLK
C:\DOCUMENTS AND SETTINGS\ABRAY\LOCAL SETTINGS\TEMP\ME_EY4V4EVUP7SANNJ
C:\DOCUMENTS AND SETTINGS\ABRAY\LOCAL SETTINGS\TEMP\ME_KQFFGISSRULEE0P
C:\DOCUMENTS AND SETTINGS\ABRAY\LOCAL SETTINGS\TEMP\ME_NW7R1ESOLBJTHLD
C:\DOCUMENTS AND SETTINGS\ABRAY\LOCAL SETTINGS\TEMP\ME_VJACIUXMTL0CXD9
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-08-04
F-Secure Libra: 2.4.1, 2006-08-02
F-Secure Orion: 1.2.37, 2006-08-04
F-Secure Pegasus: 1.19.0, 2006-06-04
F-Secure Draco: 1.0.35, 2006-08-03
F-Secure Blacklight: 1.0.31, 0000-00-00
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics
Scanning Report
Saturday, August 05, 2006 00:43:49 - 08:22:41
Computer name: GNVAL-ABRAY
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
--------------------------------------------------------------------------------
Result: 13 malware found
Adware.DollarRevenue (spyware)
System (Disinfected)
Adware.Suggestor (spyware)
System (Disinfected)
Java/OpenConnection.AA (virus)
C:\DOCUMENTS AND SETTINGS\ABRAY\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\JAVAPI\V1.0\JAR\COUNT.JAR-160DD9AE-2A2FFAF9.ZIP
C:\DOCUMENTS AND SETTINGS\ABRAY\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\JAVAPI\V1.0\JAR\COUNT.JAR-29FBDB81-76736AB9.ZIP
C:\DOCUMENTS AND SETTINGS\ABRAY\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\JAVAPI\V1.0\JAR\COUNT.JAR-516AC74A-32DEE197.ZIP
C:\DOCUMENTS AND SETTINGS\ABRAY\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\JAVAPI\V1.0\JAR\COUNT.JAR-6E9EEDE5-21280D3D.ZIP
Possible Browser Hijack attempt (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System (Disinfected)
System
System
W32/Smalldrp.GOJ (virus)
C:\WINDOWS\PF78.EXE
WebHancer (spyware)
System (Disinfected)
Windows (spyware)
System (Disinfected)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 93146
System: 5809
Not scanned: 16
Actions:
Disinfected: 6
Renamed: 0
Deleted: 0
None: 7
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL
C:\WINDOWS\$NTUNINSTALLKB837001$\DAO360.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB826939$\ACCWIZ.EXE
C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL
C:\DOCUMENTS AND SETTINGS\ABRAY\LOCAL SETTINGS\TEMP\ME_9FYSY6NNITBDYZL
C:\DOCUMENTS AND SETTINGS\ABRAY\LOCAL SETTINGS\TEMP\ME_RPZAFBTFBNGS4JC
C:\DOCUMENTS AND SETTINGS\ABRAY\LOCAL SETTINGS\TEMP\ME_T0XQIHRTOU8NKK5
C:\DOCUMENTS AND SETTINGS\ABRAY\LOCAL SETTINGS\TEMP\ME_TCSCMJN3NVLWXEK
C:\DOCUMENTS AND SETTINGS\ABRAY\LOCAL SETTINGS\TEMP\ME_XC4EKECFDB2MRRZ
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-08-04
F-Secure Libra: 2.4.1, 2006-08-02
F-Secure Orion: 1.2.37, 2006-08-04
F-Secure Pegasus: 1.19.0, 2006-06-04
F-Secure Draco: 1.0.35, 2006-08-03
F-Secure Blacklight: 1.0.31, 0000-00-00
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics
.