Tech Support Forum - View Single Post - system slowdown, cant search the net, toolbar freezes?

Spalmhead · 08-01-2008, 04:32 PM

Hey Angelfire777 still needing some help please, i dont know if it helps but i have a little more info: virus detected - vundo ALT = file"C/widows/system32/ldmibrrl.dll"
and when i shutdown my machine it asks if i want to end programs Uipopuphidden and explorer.exe

Also when i ran dss it said i had never ran hijack this so i did, i'll post the log below dss

thanks

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-08-01 23:15:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:15, on 01/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dss(2).exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0C27285D-EBD3-41CF-AD00-3A57A3806147} - C:\WINDOWS\system32\xvltphwr.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\jllahcwk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AADDB002-CF55-45BD-9D92-46ECB58B2B62} - C:\WINDOWS\system32\urqPFYOH.dll
O2 - BHO: (no name) - {B9D2C89F-AF2A-4BF4-A69C-5C92AA082546} - C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LK9O6JB6\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {C108AE59-C97F-4517-8B74-5590BE3C2A82} - C:\WINDOWS\system32\iifFVOgf.dll
O2 - BHO: {d286c818-64fe-297b-91d4-cdbd65ab002e} - {e200ba56-dbdc-4d19-b792-ef46818c682d} - C:\WINDOWS\system32\fjtogk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [0884006c] rundll32.exe "C:\WINDOWS\system32\naxllxig.dll",b
O4 - HKLM\..\Run: [BM0bb733f0] Rundll32.exe "C:\WINDOWS\system32\mgvvkkeb.dll",s
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - (no file)
O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: Poker.com - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Documents and Settings\Administrator\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU)
O9 - Extra button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - http://static.photobox.co.uk/sg/comm...eUploader4.cab
O20 - Winlogon Notify: iifFVOgf - C:\WINDOWS\SYSTEM32\iifFVOgf.dll
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9879 bytes

-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-08-01 23:18:02 0 d-------- C:\Program Files\Trend Micro
2008-08-01 09:13:13 118784 --a------ C:\WINDOWS\system32\xvltphwr.dll
2008-08-01 09:10:16 80384 --a------ C:\WINDOWS\system32\naxllxig.dll
2008-08-01 09:07:15 95232 --a------ C:\WINDOWS\system32\fjtogk.dll
2008-08-01 09:07:14 95232 --a------ C:\WINDOWS\system32\clxyfrwn.dll
2008-08-01 09:04:15 90112 --a------ C:\WINDOWS\system32\mgvvkkeb.dll
2008-07-31 01

27 118784 --a------ C:\WINDOWS\system32\gbpmsmwn.dll
2008-07-31 01:03:28 118784 --a------ C:\WINDOWS\system32\bsrfehdx.dll
2008-07-31 01:00:21 118784 --a------ C:\WINDOWS\system32\rwtosfhv.dll
2008-07-31 00:57:33 118784 --a------ C:\WINDOWS\system32\eocfciec.dll
2008-07-31 00:57:16 118784 --a------ C:\WINDOWS\system32\lxushkxu.dll
2008-07-31 00:54:30 95744 --a------ C:\WINDOWS\system32\thkulj.dll
2008-07-31 00:54:27 95744 --a------ C:\WINDOWS\system32\ldexrapn.dll
2008-07-31 00:54:06 118784 --a------ C:\WINDOWS\system32\ftywqmca.dll
2008-07-31 00:53:47 118784 --a------ C:\WINDOWS\system32\yxwpsakd.dll
2008-07-31 00:50:47 118784 --a------ C:\WINDOWS\system32\xxirtyqi.dll
2008-07-31 00:47:47 89600 --a------ C:\WINDOWS\system32\mntsctal.dll
2008-07-31 00:41:39 118784 --a------ C:\WINDOWS\system32\kjwmwska.dll
2008-07-31 00:30:29 0 d-------- C:\Program Files\Adobe Media Player
2008-07-30 20:19:51 95744 --a------ C:\WINDOWS\system32\vlyfdw.dll
2008-07-30 20:19:49 95744 --a------ C:\WINDOWS\system32\ehufygnm.dll
2008-07-30 20:16:49 89600 --a------ C:\WINDOWS\system32\fnxdndjr.dll
2008-07-29 20:20:44 95744 --a------ C:\WINDOWS\system32\bzvmyb.dll
2008-07-29 20:20:43 95744 --a------ C:\WINDOWS\system32\icsgcnia.dll
2008-07-29 20:17:43 90624 --a------ C:\WINDOWS\system32\iqppgngd.dll
2008-07-28 21:36:34 118784 --a------ C:\WINDOWS\system32\ygrbbyfo.dll
2008-07-28 21:36:20 95232 --a------ C:\WINDOWS\system32\zmidzx.dll
2008-07-28 21:36:19 95232 --a------ C:\WINDOWS\system32\rjloryxl.dll
2008-07-28 21:25:11 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 20:19:38 118784 --a------ C:\WINDOWS\system32\nyopksus.dll
2008-07-28 20:15:04 0 d-------- C:\Program Files\Panda Security
2008-07-28 20:13:38 91136 --a------ C:\WINDOWS\system32\dsatxapq.dll
2008-07-27 20:23:21 118784 --a------ C:\WINDOWS\system32\tiljaloa.dll
2008-07-27 20:20:15 96256 --a------ C:\WINDOWS\system32\obthqb.dll
2008-07-27 20:20:11 96256 --a------ C:\WINDOWS\system32\abprnxmq.dll
2008-07-27 20:14:12 89088 --a------ C:\WINDOWS\system32\xthrgbey.dll
2008-07-27 02:54:33 118784 --a------ C:\WINDOWS\system32\ntwlktda.dll
2008-07-27 02:50:54 118784 --a------ C:\WINDOWS\system32\icjussmb.dll
2008-07-27 02:48:06 118784 --a------ C:\WINDOWS\system32\cndwnjuq.dll
2008-07-27 02:47:19 118784 --a------ C:\WINDOWS\system32\keeosxyl.dll
2008-07-27 02:44:30 118784 --a------ C:\WINDOWS\system32\ltasohwf.dll
2008-07-27 02:43:46 118784 --a------ C:\WINDOWS\system32\ctaenode.dll
2008-07-27 02:42:40 118784 --a------ C:\WINDOWS\system32\tuuyxjow.dll
2008-07-27 02:42:29 89600 --a------ C:\WINDOWS\system32\blrmkmet.dll
2008-07-27 02:41:33 58368 --a------ C:\WINDOWS\system32\cbXNEVLE.dll
2008-07-27 02:41:26 643631 --ahs---- C:\WINDOWS\system32\HOYFPqru.ini2
2008-07-27 02:41:23 246272 --a------ C:\WINDOWS\system32\urqPFYOH.dll
2008-07-27 02:41:10 58368 --a------ C:\WINDOWS\system32\vtUmKEXP.dll
2008-07-27 02:36:12 58368 --a------ C:\WINDOWS\system32\iifFVOgf.dll
2008-07-27 01:57:30 0 d-------- C:\Program Files\PartyPoker
2008-07-24 22:44:58 0 d-------- C:\Program Files\Celeb Poker
2008-07-24 10:39:36 0 d-------- C:\Program Files\free-downloads.net
2008-07-24 10:39:08 0 d-------- C:\Program Files\Alcohol Soft
2008-07-23 19:34:03 0 d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-23 19:33:55 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-23 19:30:50 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-23 19:30:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-07-23 18:03:24 119808 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-07-23 18:03:24 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>
2008-07-23 03:35:45 0 d-------- C:\Program Files\Common Files\NSV
2008-07-21 00:36:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-21 00:36:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-07-17 04:03:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-17 02:40:37 0 d-------- C:\Program Files\Windows Media Connect 2
2008-07-17 02:37:28 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-17 02:37:28 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-13 13:41:12 0 d-------- C:\Program Files\Winamp
2008-07-13 13:41:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
2008-07-11 03:16:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-07-11 02:39:14 68 --a------ C:\WINDOWS\GPlrLanc.dat
2008-07-11 02:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Metaboli Player
2008-07-11 02:39:11 0 d-------- C:\Remote Programs
2008-07-11 02:38:50 53314 -----n--- C:\WINDOWS\ExentInfo.exe <Not Verified; Exent Technologies Ltd.; EXETender™ Client>
2008-07-11 02:38:47 0 d-------- C:\Program Files\Metaboli Player
2008-07-11 01:51:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Oberon Media
2008-07-11 01:51:30 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 01:51:20 0 d-------- C:\Program Files\Oberon Media
2008-07-11 01:51:15 0 d-------- C:\Program Files\FREE Games Extras
2008-07-11 01:51:15 0 d-------- C:\Program Files\Common Files\Oberon Media
2008-07-08 01:02:51 0 d-------- C:\WINDOWS\Sun
2008-07-07 19:42:23 0 d-------- C:\Program Files\LEGO Games
2008-07-07 16:55:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\stickies
2008-07-07 16:55:45 0 d-------- C:\Program Files\Stickies
2008-07-07 01:48:02 107520 --a------ C:\WINDOWS\system32\UnCasino5.exe <Not Verified; ; UnCasino Application>
2008-07-07 01:36:29 93184 --a------ C:\WINDOWS\system32\UnPoker.exe <Not Verified; ; UnCasino Application>
2008-07-07 00:57:29 0 d-------- C:\Program Files\Poker.com
2008-07-06 23:01:08 0 d-------- C:\Program Files\PokerStars
2008-07-06 22:33:23 0 d-------- C:\Program Files\CarbonPoker
2008-07-06 21:54:31 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-06 21:45:10 0 d-------- C:\Program Files\Littlewoods Poker
2008-07-06 20:30:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-07-06 19:46:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-07-06 18:12:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-05 23:39:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microgaming
2008-07-05 23:38:16 0 d-------- C:\Microgaming
2008-07-05 23:08:24 0 d-------- C:\Poker
2008-07-05 19:10:49 0 d-------- C:\Program Files\MSXML 4.0
2008-07-05 18:54:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Winferno
2008-07-05 18:42:05 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-07-05 18:40:28 0 d--h----- C:\Program Files\Zero G Registry
2008-07-05 18:38:52 0 d--h----- C:\Documents and Settings\Administrator\InstallAnywhere
2008-07-05 18:34:26 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-07-05 18:34:18 0 d-------- C:\Program Files\Real
2008-07-05 18:34:18 0 d-------- C:\Program Files\Common Files\Real
2008-07-05 18:32:08 0 d-------- C:\Program Files\7-Zip
2008-07-05 18:32:07 0 d-------- C:\Program Files\Free Offers from Freeze.com
2008-07-05 18:31:46 0 d-------- C:\Program Files\Yahoo!
2008-07-05 18:31:44 0 d-------- C:\Program Files\ShoppingReport
2008-07-05 18:31:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\ShoppingReport
2008-07-05 17:40:55 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-05 17:36:20 0 d-------- C:\WINDOWS\system32\Adobe
2008-07-05 16:17:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-05 16:10:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-05 16:09:15 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-05 16:09:14 0 d-------- C:\Program Files\NOS
2008-07-05 14:45:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-05 14:14:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\TigerPlayer
2008-07-05 14:14:21 0 d-------- C:\WINDOWS\RegisteredPackages
2008-07-05 14:14:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-05 14:13:57 0 d-------- C:\Program Files\MpcStar
2008-07-05 11:46:11 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-05 11:21:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-07-05 10:34:53 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-05 10:32:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-05 10:32:20 0 d-------- C:\Program Files\Google
2008-07-05 10:31:52 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-07-05 10:31:51 0 d-------- C:\Downloads
2008-07-05 10:31:07 0 d-------- C:\Program Files\BitComet
2008-07-05 09:55:24 0 d-------- C:\Program Files\Absolute Poker
2008-07-05 09:55:02 0 d-------- C:\Program Files\_uninstallation_info
2008-07-05 09:54:44 0 d--hs---- C:\Documents and Settings\Administrator\UserData
2008-07-05 09:50:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-05 09:50:18 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-05 09:48:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-05 09:48:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-07-04 16:49:29 0 d--h----- C:\WINDOWS\PIF
2008-07-04 16:48:16 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-04 16:31:42 0 d-------- C:\Program Files\Common Files\Authentium
2008-07-04 16:31:34 0 d-------- C:\Program Files\Raxco
2008-07-04 16:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-04 16:31:27 0 d-------- C:\Program Files\CA
2008-07-04 16:31:25 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-04 16:25:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Virgin Broadband
2008-07-04 16:25:23 0 d-------- C:\Program Files\Virgin Broadband
2008-07-04 16:25:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-07-04 16:24:56 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-04 16:24:55 0 d-------- C:\Program Files\Virgin Media Broadband
2008-07-04 16:24:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-07-03 23:28:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-07-03 22:02:48 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll
2008-07-03 22:02:41 0 d-------- C:\Program Files\Virgin Broadband Wireless
2008-07-01 23

15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sports Interactive
2008-07-01 21:38:07 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-01 21:21:16 0 d-------- C:\Program Files\Sports Interactive
2008-07-01 18:44:24 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-01 18:43:12 17149 --a------ C:\WINDOWS\system32\DNINDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-01 18:43:11 147456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-07-01 18:43:11 651264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-01 18:43:11 94208 --a------ C:\WINDOWS\system32\DNIN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-01 18:43:11 192512 -ra------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2008-07-01 17:00:44 0 d--hs---- C:\WINDOWS\Installer
2008-07-01 17:00:43 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-01 17:00:40 0 dr------- C:\Program Files
2008-07-01 17:00:40 0 d-------- C:\Program Files\Common Files
2008-07-01 17:00:40 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-01 17:00:13 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-01 17:00:13 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-01 17:00:13 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-01 17:00:13 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-01 17:00:13 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-01 17:00:13 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-01 17:00:13 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-01 17:00:13 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-01 17:00:13 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-01 17:00:13 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-01 17:00:13 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-01 17:00:13 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-01 17:00:13 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-01 17:00:13 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-01 17:00:13 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-01 17:00:13 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-01 16:59:59 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-01 16:59:59 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-01 16:59:54 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-01 16:59:54 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-01 16:59:53 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-01 16:59:53 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-01 16:59:31 0 d--hs---- C:\System Volume Information
2008-07-01 16:59:31 0 d-------- C:\Documents and Settings
2008-07-01 16:52:56 0 d-------- C:\WINDOWS
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\WinSxS
2008-07-01 16:52:56 0 dr------- C:\WINDOWS\Web
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\twain_32
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\wins
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\wbem
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\usmt
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\spool
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\Setup
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\ras
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\oobe
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\npp
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\mui
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\IME
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\ias
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\export
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\drivers
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-01 16:52:56 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\config
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\3076
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\2052
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1054
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1042
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1041
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1037
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1033
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1031
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1028
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1025
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\security
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Resources
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\repair
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Provisioning
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\PeerNet
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\pchealth
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\mui
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\msapps
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\msagent
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Media
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\java
2008-07-01 16:52:56 0 d--h----- C:\WINDOWS\inf
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\ime
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Help
2008-07-01 16:52:56 0 dr--s---- C:\WINDOWS\Fonts
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\ehome
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Driver Cache
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\dell
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Debug
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Cursors
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Config
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\AppPatch
2008-07-01 16:52:56 0 d-------- C:\WINDOWS\addins
2008-07-01 16:28:45 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-01 16:28:13 0 d-------- C:\Program Files\Java
2008-07-01 16:28:11 0 d-------- C:\Program Files\Common Files\Java
2008-07-01 16:28:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-01 16:24:43 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-07-01 16:24:43 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-07-01 16:24:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 16:24:43 0 d-------- C:\Program Files\Analog Devices
2008-07-01 16:24:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-01 16:23:51 0 d-------- C:\drvrtmp
2008-07-01 16:21:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-01 16:21:25 0 d-------- C:\WINDOWS\Drivers
2008-07-01 16:20:09 0 d-------- C:\NVIDIA
2008-07-01 16:19:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-01 16:19:01 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-01 16:19:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-01 16:19:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-01 16:19:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-01 16:19:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-01 16:19:01 4456448 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-01 16:19:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-01 16:19:01 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-01 16:19:01 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-01 16:19:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-01 16:19:01 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-01 16:19:01 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-01 16:19:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-01 16:18:54 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-01 16:18:51 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-01 16:18:51 0 d-------- C:\WINDOWS\Prefetch
2008-07-01 16:18:50 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-01 16:18:50 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-01 16:18:50 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-07-01 16:18:50 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-01 16:18:50 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-01 16:16:07 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-01 16:16:07 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-01 16:16:07 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-07-01 16:16:07 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-01 16:16:07 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-01 16:12:56 0 d-------- C:\WINDOWS\system32\xircom
2008-07-01 16:12:56 0 d-------- C:\Program Files\microsoft frontpage
2008-07-01 16:12:44 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-01 16:12:44 0 d-------- C:\DELL
2008-07-01 16:12:38 0 -rahs---- C:\MSDOS.SYS
2008-07-01 16:12:38 0 -rahs---- C:\IO.SYS
2008-07-01 16:12:38 0 --a------ C:\CONFIG.SYS
2008-07-01 16:12:38 0 --a------ C:\AUTOEXEC.BAT
2008-07-01 16:11:35 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-01 16:11:25 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-01 16:11:25 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-01 16:11:14 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-01 16:10:57 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-01 16:10:24 0 d---s---- C:\WINDOWS\Tasks
2008-07-01 16:10:23 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-01 16:10:19 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-01 16:10:19 0 d-------- C:\WINDOWS\srchasst
2008-07-01 16:10:12 0 d-------- C:\Program Files\Movie Maker
2008-07-01 16:10:04 0 d-------- C:\WINDOWS\system32\Restore
2008-07-01 16:09:26 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-01 16:09:14 0 d-------- C:\WINDOWS\Registration
2008-07-01 16:09:08 0 d-------- C:\Program Files\Online Services
2008-07-01 16:09:02 0 d-------- C:\Program Files\Messenger
2008-07-01 16:08:58 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-01 16:08:21 0 d-------- C:\Program Files\Windows NT
2008-07-01 16:08:18 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-01 16:08:16 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-07-01 17:00:13 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C27285D-EBD3-41CF-AD00-3A57A3806147}]
01/08/2008 09:13 118784 --a------ C:\WINDOWS\system32\xvltphwr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
11/06/2008 22:33 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
C:\WINDOWS\system32\jllahcwk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AADDB002-CF55-45BD-9D92-46ECB58B2B62}]
27/07/2008 02:41 246272 --a------ C:\WINDOWS\system32\urqPFYOH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9D2C89F-AF2A-4BF4-A69C-5C92AA082546}]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LK9O6JB6\3077ahntdksr[1].dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]
27/07/2008 02:36 58368 --a------ C:\WINDOWS\system32\iifFVOgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e200ba56-dbdc-4d19-b792-ef46818c682d}]
01/08/2008 09:07 95232 --a------ C:\WINDOWS\system32\fjtogk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/02/2004 11:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/02/2004 11:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 14:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 14:10]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [16/05/2006 11:58]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 18:49]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [05/07/2008 14:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [12/06/2008 02:38]
"NapsterShell"="C:\Program Files\Napster\napster.exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [09/07/2008 22:33]
"0884006c"="C:\WINDOWS\system32\naxllxig.dll" [01/08/2008 09:10]
"BM0bb733f0"="C:\WINDOWS\system32\mgvvkkeb.dll" [01/08/2008 09:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [03/06/2008 04:42]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [05/07/2008 11:22]
"Performance Center"="C:\Program Files\Ascentive\Performance Center\APCMain.exe" []
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22/12/2007 08:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\Stickies\stickies.exe [16/01/2008 22:39:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= C:\WINDOWS\system32\iifFVOgf.dll [27/07/2008 02:36 58368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifFVOgf]
iifFVOgf.dll 27/07/2008 02:36 58368 C:\WINDOWS\system32\iifFVOgf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqPFYOH

-- End of Deckard's System Scanner: finished at 2008-08-01 23:21:41 ------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:35, on 01/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dss(2).exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [0884006c] rundll32.exe "C:\WINDOWS\system32\naxllxig.dll",b
O4 - HKLM\..\Run: [BM0bb733f0] Rundll32.exe "C:\WINDOWS\system32\mgvvkkeb.dll",s
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - (no file)
O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: Poker.com - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Documents and Settings\Administrator\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU)
O9 - Extra button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - http://static.photobox.co.uk/sg/comm...eUploader4.cab
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8456 bytes

08-01-2008, 04:32 PM	#3 (permalink)
Spalmhead Registered User Join Date: Jan 2007 Posts: 18 OS: Windows XP	Re: system slowdown, cant search the net, toolbar freezes? Hey Angelfire777 still needing some help please, i dont know if it helps but i have a little more info: virus detected - vundo ALT = file"C/widows/system32/ldmibrrl.dll" and when i shutdown my machine it asks if i want to end programs Uipopuphidden and explorer.exe Also when i ran dss it said i had never ran hijack this so i did, i'll post the log below dss thanks Deckard's System Scanner v20071014.68 Run by Administrator on 2008-08-01 23:15:58 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:18:15, on 01/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Virgin Broadband\PCguard\Rps.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Stickies\stickies.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\dss(2).exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {0C27285D-EBD3-41CF-AD00-3A57A3806147} - C:\WINDOWS\system32\xvltphwr.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\jllahcwk.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AADDB002-CF55-45BD-9D92-46ECB58B2B62} - C:\WINDOWS\system32\urqPFYOH.dll O2 - BHO: (no name) - {B9D2C89F-AF2A-4BF4-A69C-5C92AA082546} - C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LK9O6JB6\3077ahntdksr[1].dll (file missing) O2 - BHO: (no name) - {C108AE59-C97F-4517-8B74-5590BE3C2A82} - C:\WINDOWS\system32\iifFVOgf.dll O2 - BHO: {d286c818-64fe-297b-91d4-cdbd65ab002e} - {e200ba56-dbdc-4d19-b792-ef46818c682d} - C:\WINDOWS\system32\fjtogk.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [0884006c] rundll32.exe "C:\WINDOWS\system32\naxllxig.dll",b O4 - HKLM\..\Run: [BM0bb733f0] Rundll32.exe "C:\WINDOWS\system32\mgvvkkeb.dll",s O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - (no file) O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - (no file) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra button: Poker.com - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Documents and Settings\Administrator\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU) O9 - Extra button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU) O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU) O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - http://static.photobox.co.uk/sg/comm...eUploader4.cab O20 - Winlogon Notify: iifFVOgf - C:\WINDOWS\SYSTEM32\iifFVOgf.dll O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 9879 bytes -- Files created between 2008-07-01 and 2008-08-01 ----------------------------- 2008-08-01 23:18:02 0 d-------- C:\Program Files\Trend Micro 2008-08-01 09:13:13 118784 --a------ C:\WINDOWS\system32\xvltphwr.dll 2008-08-01 09:10:16 80384 --a------ C:\WINDOWS\system32\naxllxig.dll 2008-08-01 09:07:15 95232 --a------ C:\WINDOWS\system32\fjtogk.dll 2008-08-01 09:07:14 95232 --a------ C:\WINDOWS\system32\clxyfrwn.dll 2008-08-01 09:04:15 90112 --a------ C:\WINDOWS\system32\mgvvkkeb.dll 2008-07-31 0127 118784 --a------ C:\WINDOWS\system32\gbpmsmwn.dll 2008-07-31 01:03:28 118784 --a------ C:\WINDOWS\system32\bsrfehdx.dll 2008-07-31 01:00:21 118784 --a------ C:\WINDOWS\system32\rwtosfhv.dll 2008-07-31 00:57:33 118784 --a------ C:\WINDOWS\system32\eocfciec.dll 2008-07-31 00:57:16 118784 --a------ C:\WINDOWS\system32\lxushkxu.dll 2008-07-31 00:54:30 95744 --a------ C:\WINDOWS\system32\thkulj.dll 2008-07-31 00:54:27 95744 --a------ C:\WINDOWS\system32\ldexrapn.dll 2008-07-31 00:54:06 118784 --a------ C:\WINDOWS\system32\ftywqmca.dll 2008-07-31 00:53:47 118784 --a------ C:\WINDOWS\system32\yxwpsakd.dll 2008-07-31 00:50:47 118784 --a------ C:\WINDOWS\system32\xxirtyqi.dll 2008-07-31 00:47:47 89600 --a------ C:\WINDOWS\system32\mntsctal.dll 2008-07-31 00:41:39 118784 --a------ C:\WINDOWS\system32\kjwmwska.dll 2008-07-31 00:30:29 0 d-------- C:\Program Files\Adobe Media Player 2008-07-30 20:19:51 95744 --a------ C:\WINDOWS\system32\vlyfdw.dll 2008-07-30 20:19:49 95744 --a------ C:\WINDOWS\system32\ehufygnm.dll 2008-07-30 20:16:49 89600 --a------ C:\WINDOWS\system32\fnxdndjr.dll 2008-07-29 20:20:44 95744 --a------ C:\WINDOWS\system32\bzvmyb.dll 2008-07-29 20:20:43 95744 --a------ C:\WINDOWS\system32\icsgcnia.dll 2008-07-29 20:17:43 90624 --a------ C:\WINDOWS\system32\iqppgngd.dll 2008-07-28 21:36:34 118784 --a------ C:\WINDOWS\system32\ygrbbyfo.dll 2008-07-28 21:36:20 95232 --a------ C:\WINDOWS\system32\zmidzx.dll 2008-07-28 21:36:19 95232 --a------ C:\WINDOWS\system32\rjloryxl.dll 2008-07-28 21:25:11 0 d-------- C:\Program Files\SpywareBlaster 2008-07-28 20:19:38 118784 --a------ C:\WINDOWS\system32\nyopksus.dll 2008-07-28 20:15:04 0 d-------- C:\Program Files\Panda Security 2008-07-28 20:13:38 91136 --a------ C:\WINDOWS\system32\dsatxapq.dll 2008-07-27 20:23:21 118784 --a------ C:\WINDOWS\system32\tiljaloa.dll 2008-07-27 20:20:15 96256 --a------ C:\WINDOWS\system32\obthqb.dll 2008-07-27 20:20:11 96256 --a------ C:\WINDOWS\system32\abprnxmq.dll 2008-07-27 20:14:12 89088 --a------ C:\WINDOWS\system32\xthrgbey.dll 2008-07-27 02:54:33 118784 --a------ C:\WINDOWS\system32\ntwlktda.dll 2008-07-27 02:50:54 118784 --a------ C:\WINDOWS\system32\icjussmb.dll 2008-07-27 02:48:06 118784 --a------ C:\WINDOWS\system32\cndwnjuq.dll 2008-07-27 02:47:19 118784 --a------ C:\WINDOWS\system32\keeosxyl.dll 2008-07-27 02:44:30 118784 --a------ C:\WINDOWS\system32\ltasohwf.dll 2008-07-27 02:43:46 118784 --a------ C:\WINDOWS\system32\ctaenode.dll 2008-07-27 02:42:40 118784 --a------ C:\WINDOWS\system32\tuuyxjow.dll 2008-07-27 02:42:29 89600 --a------ C:\WINDOWS\system32\blrmkmet.dll 2008-07-27 02:41:33 58368 --a------ C:\WINDOWS\system32\cbXNEVLE.dll 2008-07-27 02:41:26 643631 --ahs---- C:\WINDOWS\system32\HOYFPqru.ini2 2008-07-27 02:41:23 246272 --a------ C:\WINDOWS\system32\urqPFYOH.dll 2008-07-27 02:41:10 58368 --a------ C:\WINDOWS\system32\vtUmKEXP.dll 2008-07-27 02:36:12 58368 --a------ C:\WINDOWS\system32\iifFVOgf.dll 2008-07-27 01:57:30 0 d-------- C:\Program Files\PartyPoker 2008-07-24 22:44:58 0 d-------- C:\Program Files\Celeb Poker 2008-07-24 10:39:36 0 d-------- C:\Program Files\free-downloads.net 2008-07-24 10:39:08 0 d-------- C:\Program Files\Alcohol Soft 2008-07-23 19:34:03 0 d-------- C:\Program Files\DAEMON Tools Toolbar 2008-07-23 19:33:55 0 d-------- C:\Program Files\DAEMON Tools Lite 2008-07-23 19:30:50 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-23 19:30:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools 2008-07-23 18:03:24 119808 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2008-07-23 18:03:24 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester> 2008-07-23 03:35:45 0 d-------- C:\Program Files\Common Files\NSV 2008-07-21 00:36:09 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-21 00:36:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-07-17 04:03:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-07-17 02:40:37 0 d-------- C:\Program Files\Windows Media Connect 2 2008-07-17 02:37:28 0 d-------- C:\WINDOWS\system32\LogFiles 2008-07-17 02:37:28 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-07-13 13:41:12 0 d-------- C:\Program Files\Winamp 2008-07-13 13:41:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Winamp 2008-07-11 03:16:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-07-11 02:39:14 68 --a------ C:\WINDOWS\GPlrLanc.dat 2008-07-11 02:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Metaboli Player 2008-07-11 02:39:11 0 d-------- C:\Remote Programs 2008-07-11 02:38:50 53314 -----n--- C:\WINDOWS\ExentInfo.exe <Not Verified; Exent Technologies Ltd.; EXETender™ Client> 2008-07-11 02:38:47 0 d-------- C:\Program Files\Metaboli Player 2008-07-11 01:51:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Oberon Media 2008-07-11 01:51:30 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-11 01:51:20 0 d-------- C:\Program Files\Oberon Media 2008-07-11 01:51:15 0 d-------- C:\Program Files\FREE Games Extras 2008-07-11 01:51:15 0 d-------- C:\Program Files\Common Files\Oberon Media 2008-07-08 01:02:51 0 d-------- C:\WINDOWS\Sun 2008-07-07 19:42:23 0 d-------- C:\Program Files\LEGO Games 2008-07-07 16:55:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\stickies 2008-07-07 16:55:45 0 d-------- C:\Program Files\Stickies 2008-07-07 01:48:02 107520 --a------ C:\WINDOWS\system32\UnCasino5.exe <Not Verified; ; UnCasino Application> 2008-07-07 01:36:29 93184 --a------ C:\WINDOWS\system32\UnPoker.exe <Not Verified; ; UnCasino Application> 2008-07-07 00:57:29 0 d-------- C:\Program Files\Poker.com 2008-07-06 23:01:08 0 d-------- C:\Program Files\PokerStars 2008-07-06 22:33:23 0 d-------- C:\Program Files\CarbonPoker 2008-07-06 21:54:31 0 d-------- C:\WINDOWS\system32\appmgmt 2008-07-06 21:45:10 0 d-------- C:\Program Files\Littlewoods Poker 2008-07-06 20:30:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Roxio 2008-07-06 19:46:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster 2008-07-06 18:12:01 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-05 23:39:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microgaming 2008-07-05 23:38:16 0 d-------- C:\Microgaming 2008-07-05 23:08:24 0 d-------- C:\Poker 2008-07-05 19:10:49 0 d-------- C:\Program Files\MSXML 4.0 2008-07-05 18:54:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Winferno 2008-07-05 18:42:05 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM 2008-07-05 18:40:28 0 d--h----- C:\Program Files\Zero G Registry 2008-07-05 18:38:52 0 d--h----- C:\Documents and Settings\Administrator\InstallAnywhere 2008-07-05 18:34:26 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial> 2008-07-05 18:34:18 0 d-------- C:\Program Files\Real 2008-07-05 18:34:18 0 d-------- C:\Program Files\Common Files\Real 2008-07-05 18:32:08 0 d-------- C:\Program Files\7-Zip 2008-07-05 18:32:07 0 d-------- C:\Program Files\Free Offers from Freeze.com 2008-07-05 18:31:46 0 d-------- C:\Program Files\Yahoo! 2008-07-05 18:31:44 0 d-------- C:\Program Files\ShoppingReport 2008-07-05 18:31:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\ShoppingReport 2008-07-05 17:40:55 0 d-------- C:\WINDOWS\system32\PreInstall 2008-07-05 17:36:20 0 d-------- C:\WINDOWS\system32\Adobe 2008-07-05 16:17:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-07-05 16:10:59 0 d-------- C:\Program Files\Common Files\Adobe 2008-07-05 16:09:15 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-07-05 16:09:14 0 d-------- C:\Program Files\NOS 2008-07-05 14:45:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real 2008-07-05 14:14:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\TigerPlayer 2008-07-05 14:14:21 0 d-------- C:\WINDOWS\RegisteredPackages 2008-07-05 14:14:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-05 14:13:57 0 d-------- C:\Program Files\MpcStar 2008-07-05 11:46:11 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-07-05 11:21:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google 2008-07-05 10:34:53 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-07-05 10:32:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Google 2008-07-05 10:32:20 0 d-------- C:\Program Files\Google 2008-07-05 10:31:52 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper> 2008-07-05 10:31:51 0 d-------- C:\Downloads 2008-07-05 10:31:07 0 d-------- C:\Program Files\BitComet 2008-07-05 09:55:24 0 d-------- C:\Program Files\Absolute Poker 2008-07-05 09:55:02 0 d-------- C:\Program Files\_uninstallation_info 2008-07-05 09:54:44 0 d--hs---- C:\Documents and Settings\Administrator\UserData 2008-07-05 09:50:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-07-05 09:50:18 0 d-------- C:\Program Files\Common Files\Adobe AIR 2008-07-05 09:48:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-07-05 09:48:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-07-04 16:49:29 0 d--h----- C:\WINDOWS\PIF 2008-07-04 16:48:16 0 dr------- C:\Documents and Settings\LocalService\My Documents 2008-07-04 16:31:42 0 d-------- C:\Program Files\Common Files\Authentium 2008-07-04 16:31:34 0 d-------- C:\Program Files\Raxco 2008-07-04 16:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2008-07-04 16:31:27 0 d-------- C:\Program Files\CA 2008-07-04 16:31:25 0 d-------- C:\Program Files\Common Files\Scanner 2008-07-04 16:25:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Virgin Broadband 2008-07-04 16:25:23 0 d-------- C:\Program Files\Virgin Broadband 2008-07-04 16:25:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband 2008-07-04 16:24:56 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-07-04 16:24:55 0 d-------- C:\Program Files\Virgin Media Broadband 2008-07-04 16:24:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield 2008-07-03 23:28:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2 2008-07-03 22:02:48 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll 2008-07-03 22:02:41 0 d-------- C:\Program Files\Virgin Broadband Wireless 2008-07-01 2315 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sports Interactive 2008-07-01 21:38:07 0 d-------- C:\WINDOWS\Downloaded Installations 2008-07-01 21:21:16 0 d-------- C:\Program Files\Sports Interactive 2008-07-01 18:44:24 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3> 2008-07-01 18:43:12 17149 --a------ C:\WINDOWS\system32\DNINDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2008-07-01 18:43:11 147456 --a------ C:\WINDOWS\system32\ssleay32.dll 2008-07-01 18:43:11 651264 --a------ C:\WINDOWS\system32\libeay32.dll 2008-07-01 18:43:11 94208 --a------ C:\WINDOWS\system32\DNIN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2008-07-01 18:43:11 192512 -ra------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application> 2008-07-01 17:00:44 0 d--hs---- C:\WINDOWS\Installer 2008-07-01 17:00:43 0 d-------- C:\Program Files\Common Files\ODBC 2008-07-01 17:00:40 0 dr------- C:\Program Files 2008-07-01 17:00:40 0 d-------- C:\Program Files\Common Files 2008-07-01 17:00:40 0 d-------- C:\Program Files\Common Files\SpeechEngines 2008-07-01 17:00:13 0 d--h----- C:\Documents and Settings\Default User\Templates 2008-07-01 17:00:13 0 dr------- C:\Documents and Settings\Default User\Start Menu 2008-07-01 17:00:13 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2008-07-01 17:00:13 0 d--h----- C:\Documents and Settings\Default User\Recent 2008-07-01 17:00:13 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2008-07-01 17:00:13 0 d--h----- C:\Documents and Settings\Default User\NetHood 2008-07-01 17:00:13 0 d-------- C:\Documents and Settings\Default User\My Documents 2008-07-01 17:00:13 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2008-07-01 17:00:13 0 d-------- C:\Documents and Settings\Default User\Favorites 2008-07-01 17:00:13 0 d-------- C:\Documents and Settings\Default User\Desktop 2008-07-01 17:00:13 0 d---s---- C:\Documents and Settings\Default User\Cookies 2008-07-01 17:00:13 0 d--h----- C:\Documents and Settings\All Users\Templates 2008-07-01 17:00:13 0 dr------- C:\Documents and Settings\All Users\Start Menu 2008-07-01 17:00:13 0 d-------- C:\Documents and Settings\All Users\Favorites 2008-07-01 17:00:13 0 dr------- C:\Documents and Settings\All Users\Documents 2008-07-01 17:00:13 0 d-------- C:\Documents and Settings\All Users\Desktop 2008-07-01 16:59:59 0 d-------- C:\WINDOWS\system32\CatRoot2 2008-07-01 16:59:59 0 d-------- C:\WINDOWS\system32\CatRoot 2008-07-01 16:59:54 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2008-07-01 16:59:54 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2008-07-01 16:59:53 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2008-07-01 16:59:53 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-07-01 16:59:31 0 d--hs---- C:\System Volume Information 2008-07-01 16:59:31 0 d-------- C:\Documents and Settings 2008-07-01 16:52:56 0 d-------- C:\WINDOWS 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\WinSxS 2008-07-01 16:52:56 0 dr------- C:\WINDOWS\Web 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\twain_32 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\wins 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\wbem 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\usmt 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\spool 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\ShellExt 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\Setup 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\ras 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\oobe 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\npp 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\mui 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\inetsrv 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\IME 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\icsxml 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\ias 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\export 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\drivers 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\drivers\etc 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\drivers\disdn 2008-07-01 16:52:56 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\dhcp 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\config 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\3com_dmi 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\3076 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\2052 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1054 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1042 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1041 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1037 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1033 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1031 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1028 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system32\1025 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\system 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\security 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Resources 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\repair 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Provisioning 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\PeerNet 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\pchealth 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\mui 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\msapps 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\msagent 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Media 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\java 2008-07-01 16:52:56 0 d--h----- C:\WINDOWS\inf 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\ime 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Help 2008-07-01 16:52:56 0 dr--s---- C:\WINDOWS\Fonts 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\ehome 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Driver Cache 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\dell 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Debug 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Cursors 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Connection Wizard 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\Config 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\AppPatch 2008-07-01 16:52:56 0 d-------- C:\WINDOWS\addins 2008-07-01 16:28:45 0 d-------- C:\Program Files\OpenOffice.org 2.4 2008-07-01 16:28:13 0 d-------- C:\Program Files\Java 2008-07-01 16:28:11 0 d-------- C:\Program Files\Common Files\Java 2008-07-01 16:28:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2008-07-01 16:24:43 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp> 2008-07-01 16:24:43 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp> 2008-07-01 16:24:43 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-01 16:24:43 0 d-------- C:\Program Files\Analog Devices 2008-07-01 16:24:38 0 d-------- C:\Program Files\Common Files\InstallShield 2008-07-01 16:23:51 0 d-------- C:\drvrtmp 2008-07-01 16:21:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-07-01 16:21:25 0 d-------- C:\WINDOWS\Drivers 2008-07-01 16:20:09 0 d-------- C:\NVIDIA 2008-07-01 16:19:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2008-07-01 16:19:01 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-07-01 16:19:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-07-01 16:19:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-07-01 16:19:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-07-01 16:19:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-07-01 16:19:01 4456448 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-07-01 16:19:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-07-01 16:19:01 0 dr------- C:\Documents and Settings\Administrator\My Documents 2008-07-01 16:19:01 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-07-01 16:19:01 0 dr------- C:\Documents and Settings\Administrator\Favorites 2008-07-01 16:19:01 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-07-01 16:19:01 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2008-07-01 16:19:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-07-01 16:18:54 0 d-------- C:\WINDOWS\SoftwareDistribution 2008-07-01 16:18:51 0 d---s---- C:\WINDOWS\system32\Microsoft 2008-07-01 16:18:51 0 d-------- C:\WINDOWS\Prefetch 2008-07-01 16:18:50 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2008-07-01 16:18:50 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2008-07-01 16:18:50 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2008-07-01 16:18:50 0 d-------- C:\Documents and Settings\LocalService\Application Data 2008-07-01 16:18:50 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2008-07-01 16:16:07 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2008-07-01 16:16:07 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2008-07-01 16:16:07 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies 2008-07-01 16:16:07 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2008-07-01 16:16:07 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2008-07-01 16:12:56 0 d-------- C:\WINDOWS\system32\xircom 2008-07-01 16:12:56 0 d-------- C:\Program Files\microsoft frontpage 2008-07-01 16:12:44 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT 2008-07-01 16:12:44 0 d-------- C:\DELL 2008-07-01 16:12:38 0 -rahs---- C:\MSDOS.SYS 2008-07-01 16:12:38 0 -rahs---- C:\IO.SYS 2008-07-01 16:12:38 0 --a------ C:\CONFIG.SYS 2008-07-01 16:12:38 0 --a------ C:\AUTOEXEC.BAT 2008-07-01 16:11:35 0 d--hs---- C:\Documents and Settings\All Users\DRM 2008-07-01 16:11:25 0 dr------- C:\WINDOWS\Offline Web Pages 2008-07-01 16:11:25 0 d---s---- C:\WINDOWS\Downloaded Program Files 2008-07-01 16:11:14 0 d--h----- C:\Program Files\WindowsUpdate 2008-07-01 16:10:57 0 d-------- C:\WINDOWS\system32\DirectX 2008-07-01 16:10:24 0 d---s---- C:\WINDOWS\Tasks 2008-07-01 16:10:23 0 d-------- C:\Program Files\Common Files\MSSoap 2008-07-01 16:10:19 0 d-------- C:\WINDOWS\system32\Macromed 2008-07-01 16:10:19 0 d-------- C:\WINDOWS\srchasst 2008-07-01 16:10:12 0 d-------- C:\Program Files\Movie Maker 2008-07-01 16:10:04 0 d-------- C:\WINDOWS\system32\Restore 2008-07-01 16:09:26 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-07-01 16:09:14 0 d-------- C:\WINDOWS\Registration 2008-07-01 16:09:08 0 d-------- C:\Program Files\Online Services 2008-07-01 16:09:02 0 d-------- C:\Program Files\Messenger 2008-07-01 16:08:58 0 d-------- C:\Program Files\MSN Gaming Zone 2008-07-01 16:08:21 0 d-------- C:\Program Files\Windows NT 2008-07-01 16:08:18 0 d-------- C:\WINDOWS\system32\MsDtc 2008-07-01 16:08:16 0 d-------- C:\WINDOWS\system32\Com -- Find3M Report --------------------------------------------------------------- 2008-07-01 17:00:13 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C27285D-EBD3-41CF-AD00-3A57A3806147}] 01/08/2008 09:13 118784 --a------ C:\WINDOWS\system32\xvltphwr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] 11/06/2008 22:33 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}] C:\WINDOWS\system32\jllahcwk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AADDB002-CF55-45BD-9D92-46ECB58B2B62}] 27/07/2008 02:41 246272 --a------ C:\WINDOWS\system32\urqPFYOH.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9D2C89F-AF2A-4BF4-A69C-5C92AA082546}] C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LK9O6JB6\3077ahntdksr[1].dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}] 27/07/2008 02:36 58368 --a------ C:\WINDOWS\system32\iifFVOgf.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e200ba56-dbdc-4d19-b792-ef46818c682d}] 01/08/2008 09:07 95232 --a------ C:\WINDOWS\system32\fjtogk.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/02/2004 11:55] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/02/2004 11:51] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42] "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 14:10] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 14:10] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [16/05/2006 11:58] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 18:49] "QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [05/07/2008 14:14] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [12/06/2008 02:38] "NapsterShell"="C:\Program Files\Napster\napster.exe" [] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [09/07/2008 22:33] "0884006c"="C:\WINDOWS\system32\naxllxig.dll" [01/08/2008 09:10] "BM0bb733f0"="C:\WINDOWS\system32\mgvvkkeb.dll" [01/08/2008 09:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [03/06/2008 04:42] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [05/07/2008 11:22] "Performance Center"="C:\Program Files\Ascentive\Performance Center\APCMain.exe" [] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22/12/2007 08:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Stickies.lnk - C:\Program Files\Stickies\stickies.exe [16/01/2008 22:39:45] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= C:\WINDOWS\system32\iifFVOgf.dll [27/07/2008 02:36 58368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifFVOgf] iifFVOgf.dll 27/07/2008 02:36 58368 C:\WINDOWS\system32\iifFVOgf.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqPFYOH -- End of Deckard's System Scanner: finished at 2008-08-01 23:21:41 ------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:18:35, on 01/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Virgin Broadband\PCguard\Rps.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Stickies\stickies.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\dss(2).exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [0884006c] rundll32.exe "C:\WINDOWS\system32\naxllxig.dll",b O4 - HKLM\..\Run: [BM0bb733f0] Rundll32.exe "C:\WINDOWS\system32\mgvvkkeb.dll",s O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - (no file) O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - (no file) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra button: Poker.com - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Documents and Settings\Administrator\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU) O9 - Extra button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - http://www.littlewoodscasino.com (file missing) (HKCU) O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU) O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - http://static.photobox.co.uk/sg/comm...eUploader4.cab O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 8456 bytes