[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YY -> (FWSvc) Firewall service [Win32_Own | On_Demand | Stopped] -> 

[Driver Services - Non-Microsoft Only]

YY -> (FOPN) FOPN [File_System | Boot | Stopped] -> %SystemRoot%\System32\Drivers\FOPN.sys
YY -> (musbehco) musbehco [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\%Username%\LOCALS~1\Temp\musbehco.sys

[Registry - Non-Microsoft Only]

< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN ->   [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [fairydom]
YN -> {79FEACFF-FFCE-815E-A900-316290B5B738} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\Ecjfcehc.dll [Microsoft DirectXb]
NY -> {9A687AAC-F227-4138-A626-FE5EFD603479} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\tdomgafw.dll [tdomgafw]
YY -> {E87A380D-C707-4DAE-B847-2D9FAE3CC752} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\wetkadmr.dll [wetkadmr]

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {CE86878F-D099-4FFC-A4DC-E51D192063B1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\yayaYRkK.dll []

< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> fairydom [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ ]

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> yayaYRkK -> %SystemRoot%\system32\yayaYRkK.dll

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://internetsearchservice.com
YN -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://internetsearchservice.com/ie6.html
YN -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://internetsearchservice.com
YN -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://internetsearchservice.com

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://internetsearchservice.com
YN -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://internetsearchservice.com/ie6.html
YN -> HKEY_CURRENT_USER\: Main\\Search Page -> http://internetsearchservice.com
YN -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://internetsearchservice.com

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {100EB1FD-D03E-47FD-81F3-EE91287F9465} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.0.26\ShoppingReport.dll [ShoppingReport]
YY -> {18CB1A7B-94CD-4582-8022-ADA16851E44B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\CenterLock\CenterLock.dll [CenterLock Class]
YN -> {36ADA89D-2440-4DC4-820A-3A05E8630935} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\VIDEO ACTIVEX ACCESS\IESPLG.DLL [Reg Error: Value  does not exist or could not be read.]
YN -> {54160F28-994B-48DD-8D83-1B2F6B9EB054} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [527631 Class]
YY -> {559A0463-48BF-433C-AC59-289E222FB77A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\qvlbodmnfxv.dll [DVA First]
YN -> {7C109800-A5D5-438F-9640-18D17E168B88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetProject\sbmdl.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {CE86878F-D099-4FFC-A4DC-E51D192063B1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\yayaYRkK.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {D9B86731-513C-4C08-82ED-CD0C263AD93F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ddcCSKDv.dll [Reg Error: Value  does not exist or could not be read.]

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.0.26\ShoppingReport.dll [ShopperReports]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\VIDEO ACTIVEX ACCESS\IESBPL.DLL [Protection Bar]
YY -> {6E8E8B03-9F95-4E6D-9EE0-AF2305509D7B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\mkrndofl.dll [mkrndofl]
YN -> {BA52B914-B692-46c4-B683-905236F6F655} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{07AA283A-43D7-4CBE-A064-32A21112D94D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\VIDEO ACTIVEX ACCESS\IESBPL.DLL [Protection Bar]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B3} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\ddcCSKDv -> %SystemRoot%\system32\ddcCSKDv.dll
< BotCheck > -> 

[Files/Folders - Created Within 30 days]

NY -> 527631 -> %SystemRoot%\System32\527631
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> apbrrewv.ini -> %SystemRoot%\System32\apbrrewv.ini
NY -> bjgprqqx.ini -> %SystemRoot%\System32\bjgprqqx.ini
NY -> bwqqiwqv.dll -> %SystemRoot%\System32\bwqqiwqv.dll
NY -> cfbnpjvr.dll -> %SystemRoot%\System32\cfbnpjvr.dll
NY -> ctfmona.exe -> %SystemRoot%\System32\ctfmona.exe
NY -> ctfmonb.bmp -> %SystemRoot%\System32\ctfmonb.bmp
NY -> ddcCSKDv.dll -> %SystemRoot%\System32\ddcCSKDv.dll
NY -> ebwxbvdo.ini -> %SystemRoot%\System32\ebwxbvdo.ini
NY -> edxugyeo.dll -> %SystemRoot%\System32\edxugyeo.dll
NY -> hayrrcvq.ini -> %SystemRoot%\System32\hayrrcvq.ini
NY -> hpvhorho.dll -> %SystemRoot%\System32\hpvhorho.dll
NY -> kr_done1de -> %SystemRoot%\System32\kr_done1de
NY -> odvbxwbe.dll -> %SystemRoot%\System32\odvbxwbe.dll
NY -> oeyguxde.ini -> %SystemRoot%\System32\oeyguxde.ini
NY -> ohrohvph.ini -> %SystemRoot%\System32\ohrohvph.ini
NY -> qjtxueow.dll -> %SystemRoot%\System32\qjtxueow.dll
NY -> qvcrryah.dll -> %SystemRoot%\System32\qvcrryah.dll
NY -> rvjpnbfc.ini -> %SystemRoot%\System32\rvjpnbfc.ini
NY -> vDKSCcdd.ini -> %SystemRoot%\System32\vDKSCcdd.ini
NY -> vDKSCcdd.ini2 -> %SystemRoot%\System32\vDKSCcdd.ini2
NY -> vqwiqqwb.ini -> %SystemRoot%\System32\vqwiqqwb.ini
NY -> vwerrbpa.dll -> %SystemRoot%\System32\vwerrbpa.dll
NY -> woeuxtjq.ini -> %SystemRoot%\System32\woeuxtjq.ini
NY -> xqqrpgjb.dll -> %SystemRoot%\System32\xqqrpgjb.dll
NY -> yayaYRkK.dll -> %SystemRoot%\System32\yayaYRkK.dll
NY -> knxsrgte.exe -> %SystemRoot%\knxsrgte.exe
NY -> mkrndofl.dll -> %SystemRoot%\mkrndofl.dll
NY -> privacy_danger -> %SystemRoot%\privacy_danger
NY -> 7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> qvlbodmnfxv.dll -> %SystemRoot%\qvlbodmnfxv.dll
NY -> svorbmke.exe -> %SystemRoot%\svorbmke.exe
NY -> tdomgafw.dll -> %SystemRoot%\tdomgafw.dll
NY -> wetkadmr.dll -> %SystemRoot%\wetkadmr.dll

[Files Created - Additional Folder Scans - Non-Microsoft Only]

NY -> 1 C:\Documents and Settings\%Username%\My Documents\*.tmp files -> C:\Documents and Settings\%Username%\My Documents\*.tmp
NY -> Error Cleaner.url -> %UserProfile%\Desktop\Error Cleaner.url
NY -> Privacy Protector.url -> %UserProfile%\Desktop\Privacy Protector.url
NY -> AntiSpywareMaster -> %ProgramFiles%\AntiSpywareMaster
NY -> AntiSpywareShield -> %ProgramFiles%\AntiSpywareShield
NY -> CenterLock -> %ProgramFiles%\CenterLock
NY -> VirusHeat 4.4 -> %ProgramFiles%\VirusHeat 4.4

[Files/Folders - Modified Within 30 days]

NY -> 527631 -> %SystemRoot%\System32\527631
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> apbrrewv.ini -> %SystemRoot%\System32\apbrrewv.ini
NY -> bjgprqqx.ini -> %SystemRoot%\System32\bjgprqqx.ini
NY -> blackster.scr -> %SystemRoot%\System32\blackster.scr
NY -> bwqqiwqv.dll -> %SystemRoot%\System32\bwqqiwqv.dll
NY -> cfbnpjvr.dll -> %SystemRoot%\System32\cfbnpjvr.dll
NY -> ctfmona.exe -> %SystemRoot%\System32\ctfmona.exe
NY -> ctfmonb.bmp -> %SystemRoot%\System32\ctfmonb.bmp
NY -> ddcCSKDv.dll -> %SystemRoot%\System32\ddcCSKDv.dll
NY -> ebwxbvdo.ini -> %SystemRoot%\System32\ebwxbvdo.ini
NY -> edxugyeo.dll -> %SystemRoot%\System32\edxugyeo.dll
NY -> hayrrcvq.ini -> %SystemRoot%\System32\hayrrcvq.ini
NY -> hpvhorho.dll -> %SystemRoot%\System32\hpvhorho.dll
NY -> kr_done1de -> %SystemRoot%\System32\kr_done1de
NY -> odvbxwbe.dll -> %SystemRoot%\System32\odvbxwbe.dll
NY -> oeyguxde.ini -> %SystemRoot%\System32\oeyguxde.ini
NY -> ohrohvph.ini -> %SystemRoot%\System32\ohrohvph.ini
NY -> qdsba.dll -> %SystemRoot%\System32\qdsba.dll
NY -> qjtxueow.dll -> %SystemRoot%\System32\qjtxueow.dll
NY -> qvcrryah.dll -> %SystemRoot%\System32\qvcrryah.dll
NY -> rvjpnbfc.ini -> %SystemRoot%\System32\rvjpnbfc.ini
NY -> vDKSCcdd.ini -> %SystemRoot%\System32\vDKSCcdd.ini
NY -> vDKSCcdd.ini2 -> %SystemRoot%\System32\vDKSCcdd.ini2
NY -> vqwiqqwb.ini -> %SystemRoot%\System32\vqwiqqwb.ini
NY -> vwerrbpa.dll -> %SystemRoot%\System32\vwerrbpa.dll
NY -> woeuxtjq.ini -> %SystemRoot%\System32\woeuxtjq.ini
NY -> xqqrpgjb.dll -> %SystemRoot%\System32\xqqrpgjb.dll
NY -> yayaYRkK.dll -> %SystemRoot%\System32\yayaYRkK.dll
NY -> 7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> knxsrgte.exe -> %SystemRoot%\knxsrgte.exe
NY -> mkrndofl.dll -> %SystemRoot%\mkrndofl.dll
NY -> privacy_danger -> %SystemRoot%\privacy_danger
NY -> qvlbodmnfxv.dll -> %SystemRoot%\qvlbodmnfxv.dll
NY -> svorbmke.exe -> %SystemRoot%\svorbmke.exe
NY -> tdomgafw.dll -> %SystemRoot%\tdomgafw.dll
NY -> wetkadmr.dll -> %SystemRoot%\wetkadmr.dll
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> ZAN4.exe -> C:\Documents and Settings\%Username%\Local Settings\Temp\ZAN4.exe
NY -> C:\Documents and Settings\%Username%\Local Settings\Temp\nsw7.tmp\ -> C:\Documents and Settings\%Username%\Local Settings\Temp\nsw7.tmp\
NY -> C:\Documents and Settings\%Username%\Local Settings\Temp\nsz3.tmp\ -> C:\Documents and Settings\%Username%\Local Settings\Temp\nsz3.tmp\

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

NY -> @Alternate Data Stream - 102 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D
NY -> @Alternate Data Stream - 182 bytes -> %AllUsersProfile%\Application Data\TEMP:AA6DEB48
NY -> @Alternate Data Stream - 125 bytes -> %AllUsersProfile%\Application Data\TEMP:ECF5194F
NY -> TmpRecentIcons -> %AppData%\TmpRecentIcons
NY -> 1 C:\Documents and Settings\%Username%\My Documents\*.tmp files -> C:\Documents and Settings\%Username%\My Documents\*.tmp
NY -> AntiSpywareMaster.lnk -> %UserProfile%\Desktop\AntiSpywareMaster.lnk
NY -> Error Cleaner.url -> %UserProfile%\Desktop\Error Cleaner.url
NY -> Privacy Protector.url -> %UserProfile%\Desktop\Privacy Protector.url

[Extra Files]

%ProgramFiles%\ShoppingReport\
%ProgramFiles%\VIDEO ACTIVEX ACCESS\
%ProgramFiles%\NetProject\
[Empty Temp Folders]
[Start Explorer]

[Driver Services - Non-Microsoft Only]

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(cel90xbe) cel90xbe [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Mark!\LOCALS~1\Temp\cel90xbe.sys -> File not found

BHO's [HKEY_LOCAL_MACHINE]  -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{76B035A2-C2DD-49F3-8AAC-A82427128354} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmkhe.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 317440 bytes | Modified Date = 2008-02-21 19:14:53 | Attr =    ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{837BA7CE-022C-4606-AB43-AE47323B173E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{D85530E8-D39D-49D0-9F36-300D594556D2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{E7535E8D-6A47-4A76-BCDF-133A3E6248CD} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmnno.dll [Reg Error: Value  does not exist or could not be read.] -> File not found

[Files/Folders - Created Within 30 days]

ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-03-02 18:23:25 | Attr =    ]
1 C:\*.tmp files -> C:\*.tmp ->
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2008-03-02 18:19:31 | Attr =    ]
Temp -> %SystemDrive%\Temp ->  [Folder | Created Date = 2008-02-17 13:42:59 | Attr =    ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2008-02-20 19:45:45 | Attr =    ]
coh.cache -> %SystemRoot%\System32\coh.cache ->  [Ver =  | Size = 16 bytes | Modified Date = 2008-02-18 21:18:00 | Attr =    ]
ehkmp.ini -> %SystemRoot%\System32\ehkmp.ini ->  [Ver =  | Size = 1452 bytes | Modified Date = 2008-03-02 20:04:12 | Attr =  HS]
ehkmp.ini2 -> %SystemRoot%\System32\ehkmp.ini2 ->  [Ver =  | Size = 1452 bytes | Modified Date = 2008-03-02 20:04:13 | Attr =  HS]
ez2 -> %SystemRoot%\System32\ez2 ->  [Folder | Created Date = 2008-02-17 13:43:47 | Attr =    ]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
kfjcfvuv.ini -> %SystemRoot%\System32\kfjcfvuv.ini ->  [Ver =  | Size = 1248707 bytes | Modified Date = 2008-02-20 07:59:58 | Attr =  HS]
nGpxx01 -> %SystemRoot%\System32\nGpxx01 ->  [Folder | Created Date = 2008-02-17 13:42:59 | Attr =    ]
pmkhe.dll -> %SystemRoot%\System32\pmkhe.dll ->  [Ver =  | Size = 317440 bytes | Modified Date = 2008-02-21 19:14:53 | Attr =    ]
pu1 -> %SystemRoot%\System32\pu1 ->  [Folder | Created Date = 2008-02-17 13:43:47 | Attr =    ]
sed.exe -> %SystemRoot%\System32\sed.exe ->  [Ver =  | Size = 98816 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =    ]
zx8 -> %SystemRoot%\System32\zx8 ->  [Folder | Created Date = 2008-02-17 13:43:47 | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 2008-03-02 18:20:26 | Attr =    ]
8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files/Folders - Modified Within 30 days]

ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-03-02 18:26:44 | Attr =    ]
1 C:\*.tmp files -> C:\*.tmp ->
ehkmp.ini -> %SystemRoot%\System32\ehkmp.ini ->  [Ver =  | Size = 1452 bytes | Modified Date = 2008-03-02 20:04:12 | Attr =  HS]
ehkmp.ini2 -> %SystemRoot%\System32\ehkmp.ini2 ->  [Ver =  | Size = 1452 bytes | Modified Date = 2008-03-02 20:04:13 | Attr =  HS]
ez2 -> %SystemRoot%\System32\ez2 ->  [Folder | Modified Date = 2008-02-17 17:50:50 | Attr =    ]
kfjcfvuv.ini -> %SystemRoot%\System32\kfjcfvuv.ini ->  [Ver =  | Size = 1248707 bytes | Modified Date = 2008-02-20 07:59:58 | Attr =  HS]
nGpxx01 -> %SystemRoot%\System32\nGpxx01 ->  [Folder | Modified Date = 2008-02-19 20:27:46 | Attr =    ]
pmkhe.dll -> %SystemRoot%\System32\pmkhe.dll ->  [Ver =  | Size = 317440 bytes | Modified Date = 2008-02-21 19:14:53 | Attr =    ]
pu1 -> %SystemRoot%\System32\pu1 ->  [Folder | Modified Date = 2008-02-17 13:43:47 | Attr =   
zx8 -> %SystemRoot%\System32\zx8 ->  [Folder | Modified Date = 2008-02-17 13:43:47 | Attr =    ]
xvthqlhu.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\xvthqlhu.exe ->  [Ver =  | Size = 42108 bytes | Modified Date = 2008

[Kill Explorer]
[Unregister Dlls]

[Driver Services - Non-Microsoft Only]
YY -> (cel90xbe) cel90xbe [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Mark!\LOCALS~1\Temp\cel90xbe.sys

[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {76B035A2-C2DD-49F3-8AAC-A82427128354} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmkhe.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {837BA7CE-022C-4606-AB43-AE47323B173E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {D85530E8-D39D-49D0-9F36-300D594556D2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {E7535E8D-6A47-4A76-BCDF-133A3E6248CD} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmnno.dll [Reg Error: Value  does not exist or could not be read.]

[Files/Folders - Created Within 30 days]
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> coh.cache -> %SystemRoot%\System32\coh.cache
NY -> ehkmp.ini -> %SystemRoot%\System32\ehkmp.ini
NY -> ehkmp.ini2 -> %SystemRoot%\System32\ehkmp.ini2
NY -> ez2 -> %SystemRoot%\System32\ez2
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> kfjcfvuv.ini -> %SystemRoot%\System32\kfjcfvuv.ini
NY -> nGpxx01 -> %SystemRoot%\System32\nGpxx01
NY -> pmkhe.dll -> %SystemRoot%\System32\pmkhe.dll
NY -> pu1 -> %SystemRoot%\System32\pu1
NY -> zx8 -> %SystemRoot%\System32\zx8
NY -> 8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp

[Files/Folders - Modified Within 30 days]

NY -> ComboFix -> %SystemDrive%\ComboFix
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> coh.cache -> %SystemRoot%\System32\coh.cache
NY -> ehkmp.ini -> %SystemRoot%\System32\ehkmp.ini
NY -> ehkmp.ini2 -> %SystemRoot%\System32\ehkmp.ini2
NY -> ez2 -> %SystemRoot%\System32\ez2
NY -> kfjcfvuv.ini -> %SystemRoot%\System32\kfjcfvuv.ini
NY -> nGpxx01 -> %SystemRoot%\System32\nGpxx01
NY -> pmkhe.dll -> %SystemRoot%\System32\pmkhe.dll
NY -> pu1 -> %SystemRoot%\System32\pu1
NY -> zx8 -> %SystemRoot%\System32\zx8
NY -> 8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> xvthqlhu.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\xvthqlhu.exe
[Empty Temp Folders]
[Start Explorer]

[Kill Explorer]
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7964AB85-3D86-43DA-B1A6-D062722F92A1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmkhe.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {A06260FB-B9F6-42E7-94DE-3A652E6E2D7E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Start Explorer]

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7964AB85-3D86-43DA-B1A6-D062722F92A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7964AB85-3D86-43DA-B1A6-D062722F92A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A06260FB-B9F6-42E7-94DE-3A652E6E2D7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A06260FB-B9F6-42E7-94DE-3A652E6E2D7E}\ not found.
Explorer started successfully
< End of fix log >

[Extra Registry Entries]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\C\  ->

[Reboot]

[Registry - Non-Microsoft Only]
Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
errorkiller -> %ProgramFiles%\ErrorKiller\ErrorKiller.exe ["C:\Program Files\errorkiller\errorkiller.exe" -boot] ->  [Ver = 2, 6, 1, 9 | Size = 6381568 bytes | Modified Date = 19/4/2006 09:30:06 | Attr =    ]

Run [HKEY_CURRENT_USER\]  -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - 
AdwareScanner -> %ProgramFiles%\Win Fixer 2006\Download\jgrcthup\UpSalesPatch6.exe [C:\PROGRA~1\WINFIX~2\Download\jgrcthup\UPSALE~1.EXE] ->  [Ver = 1, 0, 3, 0 | Size = 1863680 bytes | Modified Date = 28/10/2006 08:42:30 | Attr =    ]
jamtray ->  [C:/Program Files/Jaman Player/jamtray.exe] -> File not found
ysoljqdp -> %UserProfile%\Local Settings\Application Data\ysoljqdp.exe [c:\documents and settings\rob prince\local settings\application data\ysoljqdp.exe ysoljqdp] ->  [Ver =  | Size = 352256 bytes | Modified Date = 27/4/2008 08:54:08 | Attr =    ]

[Kill Explorer]

[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> ysoljqdp.exe -> %UserProfile%\Local Settings\Application Data\ysoljqdp.exe

[Registry - Non-Microsoft Only]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

YY -> AdwareScanner -> %ProgramFiles%\Win Fixer 2006\Download\jgrcthup\UpSalesPatch6.exe [C:\PROGRA~1\WINFIX~2\Download\jgrcthup\UPSALE~1.EXE]
YN -> jamtray -> [C:/Program Files/Jaman Player/jamtray.exe]
YY -> ysoljqdp -> %UserProfile%\Local Settings\Application Data\ysoljqdp.exe [c:\documents and settings\rob prince\local settings\application data\ysoljqdp.exe ysoljqdp]

< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

YN -> DelayShred -> %ProgramFiles%\McAfee\McAfee Shared Components\Shredder 5\SHRED32.EXE ["C:\Program Files\McAfee\McAfee Shared Components\Shredder 5\SHRED32.EXE" /q D:\Recycler\S-1-5-~2\Dc2\Prefetch\WUAUCL~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\WSCRIP~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\WMPLAY~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\WMIPRV~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\WMIADA~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\WINWOR~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\USERIN~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\TESTEX~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\SYSOCM~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\SVCHOS~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\STARTE~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\SETUPE~4.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\SETUPE~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\SETUPE~3.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\SETUPE~2.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\SET20T~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\SDNOTI~1.SH! D:\Recycler\S-1-5-~2\Dc2\Prefetch\SCHEDU~1.SH! D:\Recycler\S-1-

[Files/Folders - Modified Within 30 days]
NY -> 6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

[Extra Files]
%ProgramFiles%\Win Fixer 2006\
[Empty Temp Folders]
[Start Explorer]

[Processes - Non-Microsoft Only]
Process ysoljqdp.exe killed successfully.
C:\Documents and Settings\Rob Prince\Local Settings\Application Data\ysoljqdp.exe moved successfully.

[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdwareScan ner deleted successfully.
C:\Program Files\Win Fixer 2006\Download\jgrcthup\UpSalesPatch6.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\jamtray deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ysoljqdp deleted successfully.
File C:\Documents and Settings\Rob Prince\Local Settings\Application Data\ysoljqdp.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\DelayS hred deleted successfully.

[Files/Folders - Modified Within 30 days]
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.

[Extra Files]
ProgramFiles%\Win Fixer\
Folder C:\Program Files\Win Fixer 2006\ not found.

[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Rob Prince\Local Settings\Temp\~DF275D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rob Prince\Local Settings\Temp\~DF812D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rob Prince\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.11.8 fix logfile created on 04302008_114001

Files moved on Reboot...
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
C:\Documents and Settings\Rob Prince\Local Settings\Temp\~DF275D.tmp moved successfully.
C:\Documents and Settings\Rob Prince\Local Settings\Temp\~DF812D.tmp moved successfully.
File move failed. C:\Documents and Settings\Rob Prince\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

[Kill Explorer]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ysoljqdp.dat -> %UserProfile%\Local Settings\Application Data\ysoljqdp.dat
NY -> ysoljqdp_nav.dat -> %UserProfile%\Local Settings\Application Data\ysoljqdp_nav.dat
NY -> ysoljqdp_navps.dat -> %UserProfile%\Local Settings\Application Data\ysoljqdp_navps.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> ysoljqdp.dat -> %UserProfile%\Local Settings\Application Data\ysoljqdp.dat
NY -> ysoljqdp_nav.dat -> %UserProfile%\Local Settings\Application Data\ysoljqdp_nav.dat
NY -> ysoljqdp_navps.dat -> %UserProfile%\Local Settings\Application Data\ysoljqdp_navps.dat
[Extra Files]
%programfiles%\win fixer 2006
[Start Explorer]

[Registry - Non-Microsoft Only]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ~EmptyValue -> []

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> OM_Monitor -> %ProgramFiles%\OLYMPUS\OLYMPUS Master\Monitor.exe [C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart]

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {8C7B9D5F-1DBF-4E19-A976-7C3CDAC0BD44} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cbXOFurQ.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {CF137C2D-3D7A-4995-A0FD-769958DA783C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hgGxXpon.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {F69DDDE8-03C5-491D-B92D-BF9EA56533A0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger]
YN -> CmdMapping\\{FB5F1911-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger]

[Files/Folders - Created Within 30 days]
NY -> abcefddk.ini -> %SystemRoot%\System32\abcefddk.ini
NY -> hyhevfuf.ini -> %SystemRoot%\System32\hyhevfuf.ini
NY -> mwedqrci.ini -> %SystemRoot%\System32\mwedqrci.ini
NY -> nopXxGgh.ini -> %SystemRoot%\System32\nopXxGgh.ini
NY -> nopXxGgh.ini2 -> %SystemRoot%\System32\nopXxGgh.ini2
NY -> oacxvufk.ini -> %SystemRoot%\System32\oacxvufk.ini
NY -> QqqAyyay.ini -> %SystemRoot%\System32\QqqAyyay.ini
NY -> QqqAyyay.ini2 -> %SystemRoot%\System32\QqqAyyay.ini2
NY -> QruFOXbc.ini -> %SystemRoot%\System32\QruFOXbc.ini
NY -> QruFOXbc.ini2 -> %SystemRoot%\System32\QruFOXbc.ini2
NY -> thorbchq.ini -> %SystemRoot%\System32\thorbchq.ini
NY -> wDeOonnn.ini -> %SystemRoot%\System32\wDeOonnn.ini
NY -> wDeOonnn.ini2 -> %SystemRoot%\System32\wDeOonnn.ini2
NY -> BM47b7c618.xml -> %SystemRoot%\BM47b7c618.xml

[Files/Folders - Modified Within 30 days]
NY -> abcefddk.ini -> %SystemRoot%\System32\abcefddk.ini
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> mwedqrci.ini -> %SystemRoot%\System32\mwedqrci.ini
NY -> nopXxGgh.ini -> %SystemRoot%\System32\nopXxGgh.ini
NY -> nopXxGgh.ini2 -> %SystemRoot%\System32\nopXxGgh.ini2
NY -> oacxvufk.ini -> %SystemRoot%\System32\oacxvufk.ini
NY -> QqqAyyay.ini -> %SystemRoot%\System32\QqqAyyay.ini
NY -> QqqAyyay.ini2 -> %SystemRoot%\System32\QqqAyyay.ini2
NY -> QruFOXbc.ini -> %SystemRoot%\System32\QruFOXbc.ini
NY -> QruFOXbc.ini2 -> %SystemRoot%\System32\QruFOXbc.ini2
NY -> thorbchq.ini -> %SystemRoot%\System32\thorbchq.ini
NY -> wDeOonnn.ini -> %SystemRoot%\System32\wDeOonnn.ini
NY -> wDeOonnn.ini2 -> %SystemRoot%\System32\wDeOonnn.ini2
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> BM47b7c618.xml -> %SystemRoot%\BM47b7c618.xml
NY -> hppsapp.INI -> %SystemRoot%\hppsapp.INI
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> 2942 C:\Documents and Settings\Thomas\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Thomas\Local Settings\Temp\*.tmp
[Empty Temp Folders]
[Start Explorer]