Hey, how's it going. I have a malware problem and apparently the problem is way over my head. I get constant warnings on my toolbar and it directs me to anti-spyware sites. Also, it locks my task manager and changes my desktop background to a warning that says "Warning: Spyware threat has beeen detected on your PC" (and yes, been is spelled wrong, not a typo) that has a link to an anti-spyware site. I use McAfee and I have run several spyware programs with no luck. Anyway, any help you could provide would be very much appreciated. Thanks, here's the log:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-09 04:07:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-09 04:07:47
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SiteAdvisor\6145\SAService.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {F632550A-A855-4203-983A-0C2362C98401} - C:\WINDOWS\system32\qoMeBqRK.dll (file missing)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BMaf8893fe] Rundll32.exe "C:\WINDOWS\system32\cxvhxoks.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbar...p=ZRxdm678NTUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () -
http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) -
http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/micr...?1207881416890
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) -
http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6145\SAService.exe
--
End of file - 9199 bytes
-- Files created between 2008-05-09 and 2008-06-09 -----------------------------
2008-06-09 03:33:14 0 d-------- C:\Program Files\SpywareBlaster
2008-06-09 03:27:15 23040 --a------ C:\WINDOWS\window.exe
2008-06-09 03:27:15 26880 --a------ C:\WINDOWS\svchost32.exe
2008-06-09 03:27:15 21504 --a------ C:\WINDOWS\quicken.exe
2008-06-09 03:27:14 11264 --a------ C:\WINDOWS\notepad32.exe
2008-06-09 03:27:14 16128 --a------ C:\WINDOWS\msupdate.exe
2008-06-09 03:27:14 26112 --a------ C:\WINDOWS\mssys.exe
2008-06-09 03:27:14 14080 --a------ C:\WINDOWS\msconfd.dll
2008-06-09 03:27:14 19968 --a------ C:\WINDOWS\internet.exe
2008-06-09 03:27:14 15616 --a------ C:\WINDOWS\iexplorer.exe
2008-06-09 03:27:13 15616 --a------ C:\WINDOWS\iedll.exe
2008-06-09 03:27:13 9984 --a------ C:\WINDOWS\editpad.exe
2008-06-09 02:29:42 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-09 02:29:27 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-09 01:49:40 0 d-------- C:\Program Files\Enigma Software Group
2008-06-09 01:38:18 9472 --a------ C:\WINDOWS\systemcritical.exe
2008-06-09 01:31:46 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-09 01:31:46 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-09 01:31:46 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-09 01:31:46 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-09 01:31:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-09 01:31:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-09 01:31:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-09 01:31:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-09 01:31:46 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-09 01:31:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-09 01:31:45 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-09 01:31:45 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-09 01:31:45 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-09 01:31:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-09 01:31:45 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-09 01:31:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-09 01:31:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-09 01:31:45 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-09 01:31:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-09 01:31:44 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-09 01:26:25 21504 --a------ C:\WINDOWS\y.exe
2008-06-09 01:26:24 18944 --a------ C:\WINDOWS\xplugin.dll
2008-06-09 01:26:24 22016 --a------ C:\WINDOWS\x.exe
2008-06-09 01:26:24 23296 --a------ C:\WINDOWS\winmgnt.exe
2008-06-09 01:26:23 20992 --a------ C:\WINDOWS\winajbm.dll
2008-06-09 01:26:23 12032 --a------ C:\WINDOWS\win64.exe
2008-06-09 01:26:23 19968 --a------ C:\WINDOWS\win32e.exe
2008-06-09 01:26:22 28160 --a------ C:\WINDOWS\waol.exe
2008-06-09 01:26:22 19712 --a------ C:\WINDOWS\users32.exe
2008-06-09 01:26:22 9728 --a------ C:\WINDOWS\time.exe
2008-06-09 01:26:21 18176 --a------ C:\WINDOWS\systeem.exe
2008-06-09 01:26:21 24320 --a------ C:\WINDOWS\olehelp.exe
2008-06-09 01:26:20 18944 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-09 01:26:20 13568 --a------ C:\WINDOWS\loader.exe
2008-06-09 01:26:20 18176 --a------ C:\WINDOWS\cpan.dll
2008-06-09 01:26:20 20480 --a------ C:\WINDOWS\clrssn.exe
2008-06-09 01:26:20 23808 --a------ C:\WINDOWS\avpcc.dll
2008-06-09 01:26:19 26112 --a------ C:\WINDOWS\accesss.exe
2008-06-09 01:22:39 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-09 01:08:13 22272 --a------ C:\WINDOWS\rundll16.exe
2008-06-09 00:58:42 0 d-------- C:\Program Files\Spyware Doctor
2008-06-08 23:54:48 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-06-08 21:56:54 880 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-08 21:56:06 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-08 21:56:05 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-08 21:56:05 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-08 21:56:05 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-08 21:56:04 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-08 21:56:04 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-08 21:22:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-08 21:21:51 0 d-------- C:\Program Files\SiteAdvisor
2008-06-08 21:21:51 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-06-08 21:21:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-08 21:19:37 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-06-08 21:15:21 0 d-------- C:\Program Files\McAfee.com
2008-06-08 21:15:05 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-08 21:14:55 0 d-------- C:\Program Files\McAfee
2008-06-08 21:08:58 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-08 21:08:48 100864 --a------ C:\WINDOWS\system32\cxvhxoks.dll
2008-06-08 21:08:00 0 d-------- C:\WINDOWS\system32\5076
2008-06-08 21:07:55 55808 --a------ C:\WINDOWS\portsv.exe
2008-06-05 09:00:27 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-04 21:21:15 116224 --a------ C:\WINDOWS\system32\tvuuioqx.dll
2008-06-04 21:20:21 0 d-------- C:\Program Files\?icrosoft
2008-06-04 21:15:15 131584 --a------ C:\WINDOWS\system32\lopopuju.dll
2008-06-04 21:13:07 125952 --a------ C:\WINDOWS\system32\nvfweblw.dll
2008-06-04 16:11:21 22528 --a------ C:\WINDOWS\svcinit.exe
2008-06-04 16:11:21 13056 --a------ C:\WINDOWS\sistem.exe
2008-06-04 16:11:20 20480 --a------ C:\WINDOWS\searchword.dll
2008-06-04 16:11:20 12288 --a------ C:\WINDOWS\qttasks.exe
2008-06-04 16:11:19 30208 --a------ C:\WINDOWS\mswsc20.dll
2008-06-04 16:11:19 24064 --a------ C:\WINDOWS\mswsc10.dll
2008-06-04 16:11:18 11008 --a------ C:\WINDOWS\msspi.dll
2008-06-04 16:11:18 15872 --a------ C:\WINDOWS\inetinf.exe
2008-06-04 16:11:18 9472 --a------ C:\WINDOWS\helpcvs.exe
2008-06-04 16:11:17 20992 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-04 16:11:17 21504 --a------ C:\WINDOWS\funny.exe
2008-06-04 16:11:17 21504 --a------ C:\WINDOWS\funniest.exe
2008-06-04 16:11:17 26368 --a------ C:\WINDOWS\explorer32.exe
2008-06-04 16:11:17 11520 --a------ C:\WINDOWS\explore.exe
2008-06-04 16:11:16 32256 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-04 16:11:16 10752 --a------ C:\WINDOWS\directx32.exe
2008-06-04 16:11:16 9472 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-04 16:11:16 29184 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-04 16:09:54 401972 --a------ C:\WINDOWS\system32\g3.exe
2008-06-04 11:41:41 738847 --ahs---- C:\WINDOWS\system32\KRqBeMoq.ini2
2008-06-04 11:37:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-04 11:37:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-04 11:37:10 860 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-06-04 11:37:05 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-04 11:37:02 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-06-04 11:36:59 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-06-04 11:36:54 87513 --a------ C:\WINDOWS\system32\iftuyszv.exe <Not Verified; Microsoft; XML Media>
2008-06-04 11:36:54 87513 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-06-04 11:36:53 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-06-04 11:36:38 86144 --a------ C:\WINDOWS\system32\drivers\hidirr.sys
2008-06-04 11:36:36 0 d-------- C:\WINDOWS\system32\fIE
2008-06-04 11:36:35 0 d-------- C:\WINDOWS\system32\Vco1
2008-06-04 11:36:35 0 d-------- C:\WINDOWS\system32\sTMP
2008-06-04 11:36:35 0 d-------- C:\WINDOWS\system32\Dev3
2008-06-04 11:36:35 0 d-------- C:\WINDOWS\system32\a053
2008-06-04 11:36:35 0 d-------- C:\WINDOWS\system32\6026c
2008-06-04 11:36:29 0 d-------- C:\WINDOWS\system32\vntiho01
-- Find3M Report ---------------------------------------------------------------
2008-06-09 02:29:27 0 d-------- C:\Program Files\Common Files
2008-06-08 21:13:46 0 d-------- C:\Program Files\Symantec
2008-06-08 21:13:44 0 d-------- C:\Program Files\Norton AntiVirus
2008-06-05 09:11:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-04 21:20:24 0 d-------- C:\Program Files\?icrosoft
2008-05-13 14:05:25 0 d-------- C:\Program Files\World of Warcraft
2008-04-14 23:02:34 0 d-------- C:\Program Files\Messenger
2008-04-11 16:55:16 0 d-------- C:\Program Files\Quicken
2008-04-11 16:44:39 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-11 16:33:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-04-11 16:30:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-10 22:19:15 0 d-------- C:\Program Files\Movie Maker
2008-04-10 22:18:52 0 d-------- C:\Program Files\Windows NT
2008-04-10 21:28:12 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-10 21:27:17 3884 --a------ C:\WINDOWS\viassary-hp.reg
2008-04-10 21:17:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-09 08:27:50 0 d-------- C:\Program Files\ATI
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F632550A-A855-4203-983A-0C2362C98401}]
C:\WINDOWS\system32\qoMeBqRK.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6145\SiteAdv.exe" [06/21/2007 03:06 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"BMaf8893fe"="C:\WINDOWS\system32\cxvhxoks.dll" [06/08/2008 09:08 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMeBqRK
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-06-09 04:08:50 ------------