Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots Of Downloader.generic Trojans And Purityscan Malware


  • Please log in to reply
14 replies to this topic

#1 Chell

Chell

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 31 August 2007 - 04:07 PM

I have several different types of Downloader.General trojan horses and I also have PurityScan malware. I have tried SO MANY different things to remove them. Although several programs (AVG, Ad-Aware, Spybot, etc...) say they are deleting them, they are still there! I am not good with computers or computer terminology, so please be patient with me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:41 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Documents and Settings\Bobby\Application Data\?ppPatch\w?nlogon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B173021E-EEFD-B02F-8DAA-E3ABAE7A5098} - C:\WINDOWS\system32\rtlmez.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKCU\..\Run: [Hjswwao] "C:\Documents and Settings\Bobby\Application Data\?ppPatch\w?nlogon.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154025422828
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...102/mcfscan.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

--
End of file - 7985 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:54 AM

Posted 02 September 2007 - 09:46 AM

Hello Chell and welcome to the BC HijackThis forum. Let's run a different scanner and see what else it shows us.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Desktop Components
      Reg - Disabled MS Config Items
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Chell

Chell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 05 September 2007 - 05:02 PM

Thanks for your help......

WinPFind3 logfile created on: 2007-09-05 16:47:44
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Bobby\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

511.29 Mb Total Physical Memory | 253.48 Mb Available Physical Memory | 49.58% Memory free
1.22 Gb Paging File | 0.80 Gb Available in Paging File | 65.24% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 137.62 Gb Free Space | 92.34% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: SMITH
Current User Name: Bobby
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 2004-09-07 13:47:52 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 2007-08-13 13:18:26 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 04:25:42 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.480 | Size = 416256 bytes | Modified Date = 2007-08-16 08:53:48 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.482 | Size = 353280 bytes | Modified Date = 2007-08-16 08:53:48 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2007-08-13 13:18:30 | Attr = ]
ezprint.exe -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 2005-08-01 07:05:04 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2007-07-28 11:54:44 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 2006-09-25 14:54:22 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 2006-09-25 14:54:24 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
lxcgcoms.exe -> %System32%\lxcgcoms.exe -> [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 2005-07-25 14:25:18 | Attr = ]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 2005-07-21 01:07:22 | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2007-08-04 02:33:14 | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 2007-08-04 07:08:06 | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 2007-07-22 20:15:18 | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,149,0 | Size = 359248 bytes | Modified Date = 2007-07-16 13:29:24 | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 2007-07-18 15:54:42 | Attr = ]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 2007-08-24 05:00:40 | Attr = ]
mwlgui.exe -> %ProgramFiles%\McAfee\MWL\MwlGui.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 1279336 bytes | Modified Date = 2007-07-28 09:32:58 | Attr = ]
mwlsvc.exe -> %ProgramFiles%\McAfee\MWL\MwlSvc.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 910696 bytes | Modified Date = 2007-07-28 09:33:02 | Attr = ]
myspaceim.exe -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.697.0 | Size = 5419008 bytes | Modified Date = 2007-05-29 20:34:50 | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2005-01-12 03:01:32 | Attr = ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6066\SAService.exe -> McAfee, Inc. [Ver = 2.4.0 | Size = 321064 bytes | Modified Date = 2007-04-15 10:04:12 | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 35992 bytes | Modified Date = 2006-07-24 15:28:22 | Attr = ]
soffice.bin -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.bin -> OpenOffice.org [Ver = 1.09.9005 | Size = 2478080 bytes | Modified Date = 2006-02-24 17:41:38 | Attr = ]
soffice.exe -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.exe -> OpenOffice.org [Ver = 1.09.9005 | Size = 2334720 bytes | Modified Date = 2006-02-24 17:41:08 | Attr = ]
w?nlogon.exe -> %UserAppData%\?ppPatch\w?nlogon.exe -> File not found
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 2007-09-04 10:47:26 | Attr = ]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 118784 bytes | Modified Date = 2004-08-16 09:00:00 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 2007-08-13 13:18:26 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2007-08-13 13:18:30 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.482 | Size = 353280 bytes | Modified Date = 2007-08-16 08:53:48 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-02-19 11:21:32 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-04 00:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 2006-09-25 14:54:22 | Attr = ]
(lxcg_device) lxcg_device [Win32_Own | On_Demand | Running] -> %System32%\lxcgcoms.exe -> [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 2005-07-25 14:25:18 | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 2007-08-04 07:08:06 | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 2007-07-22 20:15:18 | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,149,0 | Size = 359248 bytes | Modified Date = 2007-07-16 13:29:24 | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 2007-07-18 15:54:42 | Attr = ]
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 2007-08-24 05:00:40 | Attr = ]
(MWLSvc) McAfee Wireless Network Security Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\MWL\MwlSvc.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 910696 bytes | Modified Date = 2007-07-28 09:33:02 | Attr = ]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6066\SAService.exe -> McAfee, Inc. [Ver = 2.4.0 | Size = 321064 bytes | Modified Date = 2007-04-15 10:04:12 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 04:25:42 | Attr = ]
AlcxMonitor -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 2004-09-07 13:47:52 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.480 | Size = 416256 bytes | Modified Date = 2007-08-16 08:53:48 | Attr = ]
EzPrint -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 2005-08-01 07:05:04 | Attr = ]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 2005-07-12 08:36:32 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 2006-09-25 14:54:24 | Attr = ]
LXCGCATS -> %System32%\spool\drivers\w32x86\3\lxcgtime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 2005-07-20 12:48:38 | Attr = ]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 2005-07-21 01:07:22 | Attr = ]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2007-08-04 02:33:14 | Attr = ]
MWLExe -> %ProgramFiles%\McAfee\MWL\MwlGui.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 1279336 bytes | Modified Date = 2007-07-28 09:32:58 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 2001-07-09 11:50:42 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> File not found
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2005-01-12 03:01:32 | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 35992 bytes | Modified Date = 2006-07-24 15:28:22 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Hjswwao -> %UserAppData%\?ppPatch\w?nlogon.exe -> File not found
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.697.0 | Size = 5419008 bytes | Modified Date = 2007-05-29 20:34:50 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2007-07-28 11:54:44 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 118784 bytes | Modified Date = 2004-08-16 09:00:00 | Attr = ]
< User Startup > -> C:\Documents and Settings\Bobby\Start Menu\Programs\Startup ->
%UserStartup%\OpenOffice.org 2.0.lnk -> %ProgramFiles%\OpenOffice.org 2.0\program\quickstart.exe -> [Ver = | Size = 61440 bytes | Modified Date = 2006-01-25 18:42:22 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 07:29:58 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.msn.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [Reg Data - Value does not exist] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 2007-03-30 10:41:24 | Attr = ]
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} [HKLM] -> %ProgramFiles%\McAfee\MSK\mcapbho.dll [McAfee Phishing Filter] -> [Ver = | Size = 324936 bytes | Modified Date = 2007-08-24 05:00:36 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 01:04:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-07-28 11:54:44 | Attr = ]
{B173021E-EEFD-B02F-8DAA-E3ABAE7A5098} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [McAfee SiteAdvisor] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 2007-03-30 10:41:24 | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1FEBDF6C-E266-40E2-96E1-5233C7F54485} -> (1394 Net Adapter) ->
{316162B2-FCC7-4E1C-BE78-2A545A813FDB} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{964F1340-A101-434B-83B4-49D33B42A9B8} -> (Westell WireSpeed Dual Connect Modem) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
siteadvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 2007-03-30 10:41:24 | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1154025422828 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/...102/mcfscan.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 2007-08-13 12:19:47 | Attr = RH ]
67E.tmp -> %SystemDrive%\67E.tmp -> [Ver = | Size = 284435 bytes | Created Date = 2007-08-11 12:16:43 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-09-01 11:09:53 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536203264 bytes | Created Date = 1601-01-01 06:00:00 | Attr = HS]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-09-01 11:10:03 | Attr = ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 2007-08-16 02:02:40 | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 2007-08-28 15:12:33 | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 2007-08-16 02:02:50 | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 2007-08-16 02:00:34 | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 2007-08-16 02:01:31 | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 2007-08-16 02:01:43 | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 2007-08-16 02:02:45 | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 2007-08-16 02:02:36 | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 2007-08-30 08:43:34 | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Created Date = 2007-08-13 10:57:28 | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
Trcl.dll -> %SystemRoot%\Trcl.dll -> [Ver = | Size = 29 bytes | Created Date = 2007-08-13 11:26:53 | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Created Date = 2007-08-22 08:13:06 | Attr = ]
everybodybets.32x32.4.ico -> %System32%\everybodybets.32x32.4.ico -> [Ver = | Size = 4286 bytes | Created Date = 2007-08-25 12:50:42 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-08-31 07:03:35 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 2007-08-31 07:03:36 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-08-31 07:03:35 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 2007-08-31 07:03:35 | Attr = ]
MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 4286 bytes | Created Date = 2007-08-21 07:53:07 | Attr = ]
moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
??stem32 -> %System32%\??stem32 -> [Folder | Created Date = 1746-02-19 10:22:32 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.485 | Size = 821600 bytes | Created Date = 2007-08-13 12:18:31 | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 2007-08-13 12:18:34 | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 2007-08-13 12:18:34 | Attr = ]
AvgArCln.sys -> %System32%\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2007-08-23 17:50:35 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2007-08-13 16:39:50 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2007-08-13 12:18:36 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 19904 bytes | Created Date = 2007-08-13 12:18:36 | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 2007-08-13 12:18:36 | Attr = ]
avg7 -> %AllUsersAppData%\avg7 -> [Folder | Created Date = 2007-08-13 12:18:25 | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 2007-08-13 12:18:25 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Created Date = 2007-08-13 12:18:48 | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 2007-08-13 16:40:00 | Attr = ]
?ppPatch -> %UserAppData%\?ppPatch -> [Folder | Created Date = 1745-10-22 15:36:38 | Attr = ]
avgarkt-setup-1.1.0.42.exe -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe -> [Ver = | Size = 423736 bytes | Created Date = 2007-08-23 17:38:53 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe:Zone.Identifier ->
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1532 bytes | Created Date = 2007-08-13 12:18:37 | Attr = ]
AVG Anti-Rootkit Free.lnk -> %AllUsersDesktop%\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 828 bytes | Created Date = 2007-08-23 17:50:36 | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 2007-08-13 16:39:53 | Attr = ]
spybotsd14.exe -> %AllUsersDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 2007-08-23 08:59:09 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 2007-08-31 07:40:56 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 2007-08-31 07:40:11 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier ->
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 2007-09-05 15:43:45 | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 2007-09-05 15:42:04 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 2007-08-29 18:37:06 | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 2007-09-05 16:43:34 | Attr = RH ]
67E.tmp -> %SystemDrive%\67E.tmp -> [Ver = | Size = 284435 bytes | Modified Date = 2007-08-11 13:16:48 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-09-01 12:10:06 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536203264 bytes | Modified Date = 2007-09-05 16:09:02 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-08-31 09:06:36 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-09-01 12:10:04 | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 2007-08-31 09:36:40 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-09-05 16:09:52 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-08-28 14:33:14 | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 2007-08-16 03:02:42 | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 2007-08-28 16:12:34 | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 2007-08-16 03:02:52 | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 2007-08-16 03:00:36 | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Modified Date = 2007-08-16 03:01:34 | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Modified Date = 2007-08-16 03:01:44 | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 2007-08-16 03:02:46 | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 2007-08-16 03:02:38 | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 2007-08-30 09:43:36 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-09-05 16:09:02 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-08-29 19:38:50 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-08-22 03:05:00 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2007-08-30 09:43:42 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-09-05 07:20:40 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-08-31 08:02:52 | Attr = HS]
McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Modified Date = 2007-08-13 11:57:30 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 2007-08-24 09:34:58 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-09-05 16:42:38 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-08-29 08:00:16 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 2007-08-13 13:18:02 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2007-09-01 12:09:56 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-09-05 16:40:28 | Attr = ]
Trcl.dll -> %SystemRoot%\Trcl.dll -> [Ver = | Size = 29 bytes | Modified Date = 2007-08-13 12:26:54 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-08-16 03:01:14 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2007-08-24 10:10:02 | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 264 bytes | Modified Date = 2007-08-15 01:11:06 | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 356 bytes | Modified Date = 2007-09-01 01:00:10 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-09-05 16:09:04 | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-09-05 07:19:40 | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Modified Date = 2007-08-31 14:57:02 | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 7957 bytes | Modified Date = 2007-09-05 16:10:28 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-08-30 09:43:38 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-09-04 07:14:20 | Attr = ]
everybodybets.32x32.4.ico -> %System32%\everybodybets.32x32.4.ico -> [Ver = | Size = 4286 bytes | Modified Date = 2007-08-25 13:50:44 | Attr = ]
MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 4286 bytes | Modified Date = 2007-08-21 08:53:08 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 2007-09-05 16:10:54 | Attr = ]
??stem32 -> %System32%\??stem32 -> [Folder | Modified Date = 2007-08-15 08:27:12 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.485 | Size = 821600 bytes | Modified Date = 2007-09-04 07:13:46 | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2007-08-13 13:18:36 | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2007-08-13 13:18:36 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 2007-08-13 13:18:38 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 19904 bytes | Modified Date = 2007-08-13 13:18:38 | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2007-08-13 13:18:38 | Attr = ]
avg7 -> %AllUsersAppData%\avg7 -> [Folder | Modified Date = 2007-08-14 08:52:30 | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 2007-08-13 17:39:50 | Attr = ]
SiteAdvisor -> %AllUsersAppData%\SiteAdvisor -> [Folder | Modified Date = 2007-09-05 07:12:54 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Modified Date = 2007-09-05 16:09:50 | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 2007-08-13 17:40:02 | Attr = ]
LimeWire -> %UserAppData%\LimeWire -> [Folder | Modified Date = 2007-08-14 08:06:12 | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 2007-08-13 13:18:04 | Attr = S]
OpenOffice.org2 -> %UserAppData%\OpenOffice.org2 -> [Folder | Modified Date = 2007-09-05 16:09:38 | Attr = ]
?ppPatch -> %UserAppData%\?ppPatch -> [Folder | Modified Date = 2007-08-14 10:04:54 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 12800 bytes | Modified Date = 2007-08-24 17:08:52 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4294684 bytes | Modified Date = 2007-09-04 07:27:28 | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 2007-08-13 13:18:04 | Attr = ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 2007-08-30 07:39:32 | Attr = R ]
avgarkt-setup-1.1.0.42.exe -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe -> [Ver = | Size = 423736 bytes | Modified Date = 2007-08-23 18:38:58 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe:Zone.Identifier ->
gracie cast -> %UserDocuments%\gracie cast -> [Folder | Modified Date = 2007-08-31 07:57:58 | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 2007-08-28 11:14:32 | Attr = R ]
MySpaceIM Pics -> %UserDocuments%\MySpaceIM Pics -> [Folder | Modified Date = 2007-08-31 07:58:06 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1532 bytes | Modified Date = 2007-08-13 13:18:38 | Attr = ]
AVG Anti-Rootkit Free.lnk -> %AllUsersDesktop%\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 828 bytes | Modified Date = 2007-08-23 18:50:38 | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2007-08-13 17:39:54 | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 2007-08-28 11:23:40 | Attr = ]
spybotsd14.exe -> %AllUsersDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 2007-08-23 09:59:38 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2007-08-31 08:40:58 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2007-08-31 08:40:16 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier ->
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2007-08-29 19:06:16 | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 2007-09-05 16:43:46 | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 2007-09-05 16:42:08 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 2007-08-29 19:37:08 | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 2004-09-20 15:20:44 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 2007-03-15 12:22:38 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 2007-03-15 12:19:58 | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 2007-03-15 12:23:16 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.485 | Size = 821600 bytes | Modified Date = 2007-09-04 07:13:46 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Earnhardt.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Urge_Release_1.1.9060.0.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\DVD Shrink 3.2.exe -> DVD Shrink [Ver = 3.2.0.15 | Size = 598086 bytes | Modified Date = 2004-07-26 02:16:20 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2007-08-31 08:40:16 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\iTunesSetup.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:54 AM

Posted 06 September 2007 - 01:17 AM

Hi Chell. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YN -> w?nlogon.exe -> %UserAppData%\?ppPatch\w?nlogon.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Hjswwao -> %UserAppData%\?ppPatch\w?nlogon.exe
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {B173021E-EEFD-B02F-8DAA-E3ABAE7A5098} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[Files/Folders - Created Within 30 days]
NY -> 67E.tmp -> %SystemDrive%\67E.tmp
NY -> ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico
NY -> everybodybets.32x32.4.ico -> %System32%\everybodybets.32x32.4.ico
NY -> MobileSidewalk.ico -> %System32%\MobileSidewalk.ico
NY -> moveex.exe -> %System32%\moveex.exe
NY -> ??stem32 -> %System32%\??stem32
NY -> ?ppPatch -> %UserAppData%\?ppPatch
[Files/Folders - Modified Within 30 days]
NY -> 67E.tmp -> %SystemDrive%\67E.tmp
NY -> everybodybets.32x32.4.ico -> %System32%\everybodybets.32x32.4.ico
NY -> MobileSidewalk.ico -> %System32%\MobileSidewalk.ico
NY -> ??stem32 -> %System32%\??stem32
NY -> ?ppPatch -> %UserAppData%\?ppPatch
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot into SafeMode (if you are not asked to reboot then reboot manually into SafeMode) by doing the following:

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Chell

Chell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 06 September 2007 - 09:21 AM

Your instructions were wonderful. I had no problems. Hope this is what you need. Thanks again!

WinPFind3 logfile created on: 2007-09-06 09:08:14
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Bobby\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

511.29 Mb Total Physical Memory | 143.88 Mb Available Physical Memory | 28.14% Memory free
1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.20% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 137.67 Gb Free Space | 92.37% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: SMITH
Current User Name: Bobby
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 2004-09-07 13:47:52 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 2007-08-13 13:18:26 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 04:25:42 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.480 | Size = 416256 bytes | Modified Date = 2007-08-16 08:53:48 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.482 | Size = 353280 bytes | Modified Date = 2007-08-16 08:53:48 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2007-08-13 13:18:30 | Attr = ]
avgw.exe -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.454 | Size = 145920 bytes | Modified Date = 2007-08-13 13:18:30 | Attr = ]
ezprint.exe -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 2005-08-01 07:05:04 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2007-07-28 11:54:44 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 2006-09-25 14:54:22 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 2006-09-25 14:54:24 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
lxcgcoms.exe -> %System32%\lxcgcoms.exe -> [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 2005-07-25 14:25:18 | Attr = ]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 2005-07-21 01:07:22 | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2007-08-04 02:33:14 | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 2007-08-04 07:08:06 | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 2007-07-22 20:15:18 | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,149,0 | Size = 359248 bytes | Modified Date = 2007-07-16 13:29:24 | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 2007-07-18 15:54:42 | Attr = ]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 2007-08-24 05:00:40 | Attr = ]
mwlgui.exe -> %ProgramFiles%\McAfee\MWL\MwlGui.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 1279336 bytes | Modified Date = 2007-07-28 09:32:58 | Attr = ]
mwlsvc.exe -> %ProgramFiles%\McAfee\MWL\MwlSvc.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 910696 bytes | Modified Date = 2007-07-28 09:33:02 | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2005-01-12 03:01:32 | Attr = ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6066\SAService.exe -> McAfee, Inc. [Ver = 2.4.0 | Size = 321064 bytes | Modified Date = 2007-04-15 10:04:12 | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 35992 bytes | Modified Date = 2006-07-24 15:28:22 | Attr = ]
soffice.bin -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.bin -> OpenOffice.org [Ver = 1.09.9005 | Size = 2478080 bytes | Modified Date = 2006-02-24 17:41:38 | Attr = ]
soffice.exe -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.exe -> OpenOffice.org [Ver = 1.09.9005 | Size = 2334720 bytes | Modified Date = 2006-02-24 17:41:08 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 2007-09-04 10:47:26 | Attr = ]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 118784 bytes | Modified Date = 2004-08-16 09:00:00 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 2007-08-13 13:18:26 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2007-08-13 13:18:30 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.482 | Size = 353280 bytes | Modified Date = 2007-08-16 08:53:48 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-02-19 11:21:32 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-04 00:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 2006-09-25 14:54:22 | Attr = ]
(lxcg_device) lxcg_device [Win32_Own | On_Demand | Running] -> %System32%\lxcgcoms.exe -> [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 2005-07-25 14:25:18 | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 2007-08-04 07:08:06 | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 2007-07-22 20:15:18 | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,149,0 | Size = 359248 bytes | Modified Date = 2007-07-16 13:29:24 | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 2007-07-18 15:54:42 | Attr = ]
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 2007-08-24 05:00:40 | Attr = ]
(MWLSvc) McAfee Wireless Network Security Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\MWL\MwlSvc.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 910696 bytes | Modified Date = 2007-07-28 09:33:02 | Attr = ]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6066\SAService.exe -> McAfee, Inc. [Ver = 2.4.0 | Size = 321064 bytes | Modified Date = 2007-04-15 10:04:12 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 04:25:42 | Attr = ]
AlcxMonitor -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 2004-09-07 13:47:52 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.480 | Size = 416256 bytes | Modified Date = 2007-08-16 08:53:48 | Attr = ]
EzPrint -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 2005-08-01 07:05:04 | Attr = ]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 2005-07-12 08:36:32 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 2006-09-25 14:54:24 | Attr = ]
LXCGCATS -> %System32%\spool\drivers\w32x86\3\lxcgtime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 2005-07-20 12:48:38 | Attr = ]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 2005-07-21 01:07:22 | Attr = ]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2007-08-04 02:33:14 | Attr = ]
MWLExe -> %ProgramFiles%\McAfee\MWL\MwlGui.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 1279336 bytes | Modified Date = 2007-07-28 09:32:58 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 2001-07-09 11:50:42 | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2005-01-12 03:01:32 | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 35992 bytes | Modified Date = 2006-07-24 15:28:22 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.697.0 | Size = 5419008 bytes | Modified Date = 2007-05-29 20:34:50 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2007-07-28 11:54:44 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 118784 bytes | Modified Date = 2004-08-16 09:00:00 | Attr = ]
< User Startup > -> C:\Documents and Settings\Bobby\Start Menu\Programs\Startup ->
%UserStartup%\OpenOffice.org 2.0.lnk -> %ProgramFiles%\OpenOffice.org 2.0\program\quickstart.exe -> [Ver = | Size = 61440 bytes | Modified Date = 2006-01-25 18:42:22 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 07:29:58 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.msn.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [Reg Data - Value does not exist] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 2007-03-30 10:41:24 | Attr = ]
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} [HKLM] -> %ProgramFiles%\McAfee\MSK\mcapbho.dll [McAfee Phishing Filter] -> [Ver = | Size = 324936 bytes | Modified Date = 2007-08-24 05:00:36 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 01:04:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-07-28 11:54:44 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [McAfee SiteAdvisor] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 2007-03-30 10:41:24 | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1FEBDF6C-E266-40E2-96E1-5233C7F54485} -> (1394 Net Adapter) ->
{316162B2-FCC7-4E1C-BE78-2A545A813FDB} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{964F1340-A101-434B-83B4-49D33B42A9B8} -> (Westell WireSpeed Dual Connect Modem) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
siteadvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 2007-03-30 10:41:24 | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1154025422828 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/...102/mcfscan.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 2007-08-13 12:19:47 | Attr = RH ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-09-01 11:09:53 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536203264 bytes | Created Date = 1601-01-01 06:00:00 | Attr = HS]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-09-01 11:10:03 | Attr = ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 2007-08-16 02:02:40 | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 2007-08-28 15:12:33 | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 2007-08-16 02:02:50 | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 2007-08-16 02:00:34 | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 2007-08-16 02:01:31 | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 2007-08-16 02:01:43 | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 2007-08-16 02:02:45 | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 2007-08-16 02:02:36 | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 2007-08-30 08:43:34 | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Created Date = 2007-08-13 10:57:28 | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
Trcl.dll -> %SystemRoot%\Trcl.dll -> [Ver = | Size = 29 bytes | Created Date = 2007-08-13 11:26:53 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-08-31 07:03:35 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 2007-08-31 07:03:36 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-08-31 07:03:35 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 2007-08-31 07:03:35 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
??stem32 -> %System32%\??stem32 -> [Folder | Created Date = 1746-01-16 12:14:26 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.485 | Size = 821600 bytes | Created Date = 2007-08-13 12:18:31 | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 2007-08-13 12:18:34 | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 2007-08-13 12:18:34 | Attr = ]
AvgArCln.sys -> %System32%\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2007-08-23 17:50:35 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2007-08-13 16:39:50 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2007-08-13 12:18:36 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 19904 bytes | Created Date = 2007-08-13 12:18:36 | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 2007-08-13 12:18:36 | Attr = ]
avg7 -> %AllUsersAppData%\avg7 -> [Folder | Created Date = 2007-08-13 12:18:25 | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 2007-08-13 12:18:25 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Created Date = 2007-08-13 12:18:48 | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 2007-08-13 16:40:00 | Attr = ]
?ppPatch -> %UserAppData%\?ppPatch -> [Folder | Created Date = 1745-10-30 06:23:07 | Attr = ]
avgarkt-setup-1.1.0.42.exe -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe -> [Ver = | Size = 423736 bytes | Created Date = 2007-08-23 17:38:53 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe:Zone.Identifier ->
bleepingcomputersdirections.rtf -> %UserDocuments%\bleepingcomputersdirections.rtf -> [Ver = | Size = 6571 bytes | Created Date = 2007-09-06 06:33:15 | Attr = ]
DSCI0001.JPG -> %UserDocuments%\DSCI0001.JPG -> [Ver = | Size = 3558591 bytes | Created Date = 2007-09-05 17:49:19 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1532 bytes | Created Date = 2007-08-13 12:18:37 | Attr = ]
AVG Anti-Rootkit Free.lnk -> %AllUsersDesktop%\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 828 bytes | Created Date = 2007-08-23 17:50:36 | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 2007-08-13 16:39:53 | Attr = ]
spybotsd14.exe -> %AllUsersDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 2007-08-23 08:59:09 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 2007-08-31 07:40:56 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 2007-08-31 07:40:11 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier ->
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 2007-09-05 15:43:45 | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 2007-09-05 15:42:04 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 2007-08-29 18:37:06 | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 2007-09-05 16:43:34 | Attr = RH ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-09-01 12:10:06 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536203264 bytes | Modified Date = 2007-09-06 09:01:36 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-08-31 09:06:36 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-09-01 12:10:04 | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 2007-08-31 09:36:40 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-09-05 16:09:52 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-08-28 14:33:14 | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 2007-08-16 03:02:42 | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 2007-08-28 16:12:34 | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 2007-08-16 03:02:52 | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 2007-08-16 03:00:36 | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Modified Date = 2007-08-16 03:01:34 | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Modified Date = 2007-08-16 03:01:44 | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 2007-08-16 03:02:46 | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 2007-08-16 03:02:38 | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 2007-08-30 09:43:36 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-09-06 09:01:36 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-08-29 19:38:50 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-08-22 03:05:00 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2007-08-30 09:43:42 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-09-05 07:20:40 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-08-31 08:02:52 | Attr = HS]
McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Modified Date = 2007-08-13 11:57:30 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 2007-08-24 09:34:58 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-09-06 07:32:36 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-08-29 08:00:16 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 2007-08-13 13:18:02 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2007-09-06 07:37:46 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-09-06 09:07:00 | Attr = ]
Trcl.dll -> %SystemRoot%\Trcl.dll -> [Ver = | Size = 29 bytes | Modified Date = 2007-08-13 12:26:54 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-08-16 03:01:14 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2007-08-24 10:10:02 | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 264 bytes | Modified Date = 2007-08-15 01:11:06 | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 356 bytes | Modified Date = 2007-09-01 01:00:10 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-09-06 09:01:38 | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-09-05 07:19:40 | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 7957 bytes | Modified Date = 2007-09-06 09:03:10 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-08-30 09:43:38 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-09-04 07:14:20 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 2007-09-06 09:03:06 | Attr = ]
??stem32 -> %System32%\??stem32 -> [Folder | Modified Date = 2007-08-15 08:27:12 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.485 | Size = 821600 bytes | Modified Date = 2007-09-04 07:13:46 | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2007-08-13 13:18:36 | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2007-08-13 13:18:36 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 2007-08-13 13:18:38 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 19904 bytes | Modified Date = 2007-08-13 13:18:38 | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2007-08-13 13:18:38 | Attr = ]
avg7 -> %AllUsersAppData%\avg7 -> [Folder | Modified Date = 2007-08-14 08:52:30 | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 2007-08-13 17:39:50 | Attr = ]
SiteAdvisor -> %AllUsersAppData%\SiteAdvisor -> [Folder | Modified Date = 2007-09-06 07:12:28 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Modified Date = 2007-09-06 09:02:22 | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 2007-08-13 17:40:02 | Attr = ]
LimeWire -> %UserAppData%\LimeWire -> [Folder | Modified Date = 2007-08-14 08:06:12 | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 2007-08-13 13:18:04 | Attr = S]
OpenOffice.org2 -> %UserAppData%\OpenOffice.org2 -> [Folder | Modified Date = 2007-09-06 09:03:10 | Attr = ]
?ppPatch -> %UserAppData%\?ppPatch -> [Folder | Modified Date = 2007-08-14 10:04:54 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 12800 bytes | Modified Date = 2007-08-24 17:08:52 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3184656 bytes | Modified Date = 2007-09-06 09:00:36 | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 2007-08-13 13:18:04 | Attr = ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 2007-08-30 07:39:32 | Attr = R ]
avgarkt-setup-1.1.0.42.exe -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe -> [Ver = | Size = 423736 bytes | Modified Date = 2007-08-23 18:38:58 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe:Zone.Identifier ->
bleepingcomputersdirections.rtf -> %UserDocuments%\bleepingcomputersdirections.rtf -> [Ver = | Size = 6571 bytes | Modified Date = 2007-09-06 07:33:18 | Attr = ]
DSCI0001.JPG -> %UserDocuments%\DSCI0001.JPG -> [Ver = | Size = 3558591 bytes | Modified Date = 2007-09-02 05:09:44 | Attr = ]
gracie cast -> %UserDocuments%\gracie cast -> [Folder | Modified Date = 2007-08-31 07:57:58 | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 2007-08-28 11:14:32 | Attr = R ]
MySpaceIM Pics -> %UserDocuments%\MySpaceIM Pics -> [Folder | Modified Date = 2007-08-31 07:58:06 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1532 bytes | Modified Date = 2007-08-13 13:18:38 | Attr = ]
AVG Anti-Rootkit Free.lnk -> %AllUsersDesktop%\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 828 bytes | Modified Date = 2007-08-23 18:50:38 | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2007-08-13 17:39:54 | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 2007-08-28 11:23:40 | Attr = ]
spybotsd14.exe -> %AllUsersDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 2007-08-23 09:59:38 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2007-08-31 08:40:58 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2007-08-31 08:40:16 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier ->
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2007-08-29 19:06:16 | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 2007-09-06 07:37:46 | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 2007-09-05 16:42:08 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 2007-08-29 19:37:08 | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 2004-09-20 15:20:44 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 2007-03-15 12:22:38 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 2007-03-15 12:19:58 | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 2007-03-15 12:23:16 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.485 | Size = 821600 bytes | Modified Date = 2007-09-04 07:13:46 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe:Zone.Identifier ->
WSUD , -> %UserDocuments%\DSCI0001.JPG -> [Ver = | Size = 3558591 bytes | Modified Date = 2007-09-02 05:09:44 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Earnhardt.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Urge_Release_1.1.9060.0.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\DVD Shrink 3.2.exe -> DVD Shrink [Ver = 3.2.0.15 | Size = 598086 bytes | Modified Date = 2004-07-26 02:16:20 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2007-08-31 08:40:16 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\iTunesSetup.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

< End of report >





---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 08:56 2007-09-06

+ Scan result:



C:\Documents and Settings\Bobby\Cookies\bobby@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Bobby\Cookies\bobby@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.


::Report end





Explorer killed successfully
[Processes - Non-Microsoft Only]
Process w?nlogon.exe killed successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Hjswwao deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B173021E-EEFD-B02F-8DAA-E3ABAE7A5098} deleted successfully.
[Files/Folders - Created Within 30 days]
C:\67E.tmp moved successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico moved successfully.
C:\WINDOWS\SYSTEM32\everybodybets.32x32.4.ico moved successfully.
C:\WINDOWS\SYSTEM32\MobileSidewalk.ico moved successfully.
C:\WINDOWS\SYSTEM32\moveex.exe moved successfully.
File C:\WINDOWS\SYSTEM32\??stem32 not found!
File C:\Documents and Settings\Bobby\Application Data\?ppPatch not found!
[Files/Folders - Modified Within 30 days]
File C:\67E.tmp not found!
File C:\WINDOWS\SYSTEM32\everybodybets.32x32.4.ico not found!
File C:\WINDOWS\SYSTEM32\MobileSidewalk.ico not found!
File C:\WINDOWS\SYSTEM32\??stem32 not found!
File C:\Documents and Settings\Bobby\Application Data\?ppPatch not found!
[Empty Temp Folders]
C:\DOCUME~1\Bobby\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Bobby\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 09-06-2007 07:37:45

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:54 AM

Posted 07 September 2007 - 09:44 AM

Hi Chell. That looks better. There are a couple of folders that we will need to remove manually because they have some odd characters in them and WinPFind could not remove them (I'm working on a fix for that).

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following folders and delete them :

Note: Where you see a question mark in the folder path below look for a folder with a non-alphabetic character in that position. For example, if there is a folder in the Applicaiton Data folder named AppPatch, it is legitimate. If there is another folder with a strange character in the first position then that is the bad folder and should be deleted. The same for a ??stem32 folder inside the C:\WINDOWS\SYSTEM32\ folder. If in doubt, ask before deleting.
C:\WINDOWS\SYSTEM32\??stem32
C:\Documents and Settings\Bobby\Application Data\?ppPatch

Note: If you receive any error messages while trying to delete any of the above folders then reboot into Safe Mode and try to delete them again. See the instructions below on how to boot into Safe Mode.
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
One last note. It appears that both AVG Anti-Virus and McAfee Anti-Virus are installed. This is not considered a good situation. Running 2 anti-virus applications simultaneously can cause the 2 programs to conflict with one another when dealing with a threat. I would recommend keeping one of them and removing the other. If you have a current license for NcAfee then go ahead and remove AVG. If your license for McAfee has expired and you do not want to renew it then remove McAfee and keep the free AVG application. If you decide to remove McAfee then let me know and I can give you some free options for firewalls also.

When you have completed the above run a new scan with WinPFind3u and post the log back here so I can review it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Chell

Chell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 08 September 2007 - 04:30 PM

Uhhhh.....how do I find those folders to delete? I know, I'm an idiot. Are those the only 2 I need to delete?

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:54 AM

Posted 09 September 2007 - 12:18 PM

Hi Chell. Use Windows Explorer or My Computer. Follow the instructions for making hidden and system files/folders visible. Then navigate to the c:\windows\system32\ folder and look for the folder named ??stem32. The first 2 characters will be non-standard (most probably Cryllic). Right-click on that folder and select Delete from the pop-up menu.

Next, navigate to the C:\Documents and Settings\Bobby\Application Data\ folder. Look for the folder named ?ppPatch. Again, the first charachter will be a non-standard character. Right-click on that folder and select Delete.

Those are the only 2 folders that need to be deleted. Then continue with the rest of the instructions.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 Chell

Chell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 10 September 2007 - 05:06 PM

I found a folder named "Sysem32" and "AppPatch" but my computer won't let me delete them. It is telling me that those files are needed for windows to run properly. I'm so dang frustrated!!!!!!!!!!!

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:54 AM

Posted 11 September 2007 - 12:49 PM

Hi Chell. With the 2 folders to delete, they should not have characters that are normal in the places where the ?? are showing.

For the C:\WINDOWS\SYSTEM32\??stem32 folder, while in Windows Explorer, in the left-hand pane go to C:\WINDOWS\SYSTEM32\ and then look in the right-hand pane for a folder named ??stem32. The first 2 characters will not be normal letters or numbers. That is the folder to delete. Right-click on it and choose Delete.

The same for C:\Documents and Settings\Bobby\Application Data\?ppPatch. In the left-hand pane go to C:\Documents and Settings\Bobby\Application Data\ and in the right-hand pane look for a folder named ?ppPatch. Again, the first letter of the folder will be a character that is not a normal letter or number. Right-click on that folder and choose Delete.

If you find the 2 strange folders and the system will not allow you to delete them then boot to Safe Mode and try deleting them from there. To boot to Safe mode do the following:

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
After that, reboot normally and run a new WinPFind3u scan and post the results back here so I can review it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 Chell

Chell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 11 September 2007 - 03:24 PM

I do not see these folders anywhere......... Sorry!

#12 Chell

Chell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 13 September 2007 - 04:58 PM

What should I do? Haven't gotten a reply...... PLEASE DON'T GIVE UP ON ME!

#13 Chell

Chell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 14 September 2007 - 04:34 PM

:thumbsup:

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:54 AM

Posted 16 September 2007 - 12:06 PM

Hi Chell. The folders might already have been removed by one of the other scans. Run a new WinPFind3u report and let's see what is there or not there.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 Chell

Chell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 18 September 2007 - 09:12 PM

WinPFind3 logfile created on: 2007-09-18 09:09:08
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Bobby\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

511.29 Mb Total Physical Memory | 184.31 Mb Available Physical Memory | 36.05% Memory free
1.22 Gb Paging File | 0.86 Gb Available in Paging File | 70.32% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 137.23 Gb Free Space | 92.07% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: SMITH
Current User Name: Bobby
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 2004-09-07 13:47:52 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 2007-08-13 13:18:26 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 04:25:42 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.487 | Size = 421888 bytes | Modified Date = 2007-09-13 08:52:38 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.482 | Size = 353280 bytes | Modified Date = 2007-08-16 08:53:48 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2007-08-13 13:18:30 | Attr = ]
ezprint.exe -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 2005-08-01 07:05:04 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2007-07-28 11:54:44 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 2006-09-25 14:54:22 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 2006-09-25 14:54:24 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
lxcgcoms.exe -> %System32%\lxcgcoms.exe -> [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 2005-07-25 14:25:18 | Attr = ]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 2005-07-21 01:07:22 | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2007-08-04 02:33:14 | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 2007-08-04 07:08:06 | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 2007-07-22 20:15:18 | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 2007-08-15 12:36:04 | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 2007-07-18 15:54:42 | Attr = ]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 2007-08-24 05:00:40 | Attr = ]
mwlgui.exe -> %ProgramFiles%\McAfee\MWL\MwlGui.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 1279336 bytes | Modified Date = 2007-07-28 09:32:58 | Attr = ]
mwlsvc.exe -> %ProgramFiles%\McAfee\MWL\MwlSvc.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 910696 bytes | Modified Date = 2007-07-28 09:33:02 | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2005-01-12 03:01:32 | Attr = ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6172\SAService.exe -> [Ver = | Size = 341280 bytes | Modified Date = 2007-09-07 07:30:00 | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.exe -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 35992 bytes | Modified Date = 2006-07-24 15:28:22 | Attr = ]
soffice.bin -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.bin -> OpenOffice.org [Ver = 1.09.9005 | Size = 2478080 bytes | Modified Date = 2006-02-24 17:41:38 | Attr = ]
soffice.exe -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.exe -> OpenOffice.org [Ver = 1.09.9005 | Size = 2334720 bytes | Modified Date = 2006-02-24 17:41:08 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 2007-09-04 10:47:26 | Attr = ]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 118784 bytes | Modified Date = 2004-08-16 09:00:00 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 2007-08-13 13:18:26 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2007-08-13 13:18:30 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.482 | Size = 353280 bytes | Modified Date = 2007-08-16 08:53:48 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-02-19 11:21:32 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-04 00:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 2006-09-25 14:54:22 | Attr = ]
(lxcg_device) lxcg_device [Win32_Own | On_Demand | Running] -> %System32%\lxcgcoms.exe -> [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 2005-07-25 14:25:18 | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 2007-08-04 07:08:06 | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 2007-07-22 20:15:18 | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 2007-08-15 12:36:04 | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 2007-07-18 15:54:42 | Attr = ]
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 2007-08-24 05:00:40 | Attr = ]
(MWLSvc) McAfee Wireless Network Security Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\MWL\MwlSvc.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 910696 bytes | Modified Date = 2007-07-28 09:33:02 | Attr = ]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6172\SAService.exe -> [Ver = | Size = 341280 bytes | Modified Date = 2007-09-07 07:30:00 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 04:25:42 | Attr = ]
AlcxMonitor -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 2004-09-07 13:47:52 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.487 | Size = 421888 bytes | Modified Date = 2007-09-13 08:52:38 | Attr = ]
EzPrint -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 2005-08-01 07:05:04 | Attr = ]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 2005-07-12 08:36:32 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 2006-09-25 14:54:24 | Attr = ]
LXCGCATS -> %System32%\spool\drivers\w32x86\3\lxcgtime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 2005-07-20 12:48:38 | Attr = ]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 2005-07-21 01:07:22 | Attr = ]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2007-08-04 02:33:14 | Attr = ]
MWLExe -> %ProgramFiles%\McAfee\MWL\MwlGui.exe -> McAfee, Inc. [Ver = 3,0,126,0 | Size = 1279336 bytes | Modified Date = 2007-07-28 09:32:58 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 2001-07-09 11:50:42 | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2005-01-12 03:01:32 | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.exe -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 35992 bytes | Modified Date = 2006-07-24 15:28:22 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.697.0 | Size = 5419008 bytes | Modified Date = 2007-05-29 20:34:50 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2007-07-28 11:54:44 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 118784 bytes | Modified Date = 2004-08-16 09:00:00 | Attr = ]
< User Startup > -> C:\Documents and Settings\Bobby\Start Menu\Programs\Startup ->
%UserStartup%\OpenOffice.org 2.0.lnk -> %ProgramFiles%\OpenOffice.org 2.0\program\quickstart.exe -> [Ver = | Size = 61440 bytes | Modified Date = 2006-01-25 18:42:22 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 07:29:58 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.msn.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll [Reg Data - Value does not exist] -> [Ver = | Size = 910624 bytes | Modified Date = 2007-08-13 13:05:04 | Attr = ]
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} [HKLM] -> %ProgramFiles%\McAfee\MSK\mcapbho.dll [McAfee Phishing Filter] -> [Ver = | Size = 324936 bytes | Modified Date = 2007-08-24 05:00:36 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 01:04:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-07-28 11:54:44 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 910624 bytes | Modified Date = 2007-08-13 13:05:04 | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1FEBDF6C-E266-40E2-96E1-5233C7F54485} -> (1394 Net Adapter) ->
{316162B2-FCC7-4E1C-BE78-2A545A813FDB} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{964F1340-A101-434B-83B4-49D33B42A9B8} -> (Westell WireSpeed Dual Connect Modem) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
siteadvisor -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll -> [Ver = | Size = 910624 bytes | Modified Date = 2007-08-13 13:05:04 | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1154025422828 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/...102/mcfscan.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-09-01 11:09:53 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536203264 bytes | Created Date = 1601-01-01 06:00:00 | Attr = HS]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-09-01 11:10:03 | Attr = ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 2007-08-28 15:12:33 | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 2007-08-30 08:43:34 | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
everybodybets.32x32.4.ico -> %System32%\everybodybets.32x32.4.ico -> [Ver = | Size = 4286 bytes | Created Date = 2007-09-10 04:23:29 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-08-31 07:03:35 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 2007-08-31 07:03:36 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-08-31 07:03:35 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 2007-08-31 07:03:35 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-09-01 11:09:55 | Attr = ]
AvgArCln.sys -> %System32%\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2007-08-23 17:50:35 | Attr = ]
avgarkt-setup-1.1.0.42.exe -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe -> [Ver = | Size = 423736 bytes | Created Date = 2007-08-23 17:38:53 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe:Zone.Identifier ->
bleepingcomputersdirections.rtf -> %UserDocuments%\bleepingcomputersdirections.rtf -> [Ver = | Size = 6571 bytes | Created Date = 2007-09-06 06:33:15 | Attr = ]
DSCI0001.JPG -> %UserDocuments%\DSCI0001.JPG -> [Ver = | Size = 3558591 bytes | Created Date = 2007-09-05 17:49:19 | Attr = ]
AVG Anti-Rootkit Free.lnk -> %AllUsersDesktop%\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 828 bytes | Created Date = 2007-08-23 17:50:36 | Attr = ]
spybotsd14.exe -> %AllUsersDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 2007-08-23 08:59:09 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 2007-08-31 07:40:56 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 2007-08-31 07:40:11 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier ->
The Latest from Lavasoft - Ad-Aware 2007 - Lavasoft.url -> %UserDesktop%\The Latest from Lavasoft - Ad-Aware 2007 - Lavasoft.url -> [Ver = | Size = 158 bytes | Created Date = 2007-09-12 06:22:09 | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 2007-09-05 15:43:45 | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 2007-09-05 15:42:04 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 2007-08-29 18:37:06 | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 2007-09-11 08:27:20 | Attr = RH ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-09-01 12:10:06 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536203264 bytes | Modified Date = 2007-09-13 04:48:50 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-09-10 05:01:08 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-09-01 12:10:04 | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 2007-08-31 09:36:40 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-09-13 04:54:52 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-08-28 14:33:14 | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 2007-08-28 16:12:34 | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 2007-08-30 09:43:36 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-09-13 04:48:52 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-08-29 19:38:50 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-08-22 03:05:00 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2007-08-30 09:43:42 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-09-12 15:08:12 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-08-31 08:02:52 | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 2007-08-24 09:34:58 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-09-18 09:08:52 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-08-29 08:00:16 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2007-09-10 05:23:30 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-09-18 08:50:00 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2007-09-14 10:10:02 | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 264 bytes | Modified Date = 2007-09-15 01:07:54 | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 356 bytes | Modified Date = 2007-09-01 01:00:10 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-09-13 04:48:54 | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-09-10 04:26:22 | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 8591 bytes | Modified Date = 2007-09-17 02:57:40 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-08-30 09:43:38 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-09-04 07:14:20 | Attr = ]
everybodybets.32x32.4.ico -> %System32%\everybodybets.32x32.4.ico -> [Ver = | Size = 4286 bytes | Modified Date = 2007-09-10 05:23:30 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 2007-09-13 04:55:00 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.485 | Size = 821600 bytes | Modified Date = 2007-09-04 07:13:46 | Attr = ]
SiteAdvisor -> %AllUsersAppData%\SiteAdvisor -> [Folder | Modified Date = 2007-09-07 07:30:04 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Modified Date = 2007-09-18 08:00:06 | Attr = ]
OpenOffice.org2 -> %UserAppData%\OpenOffice.org2 -> [Folder | Modified Date = 2007-09-13 04:55:40 | Attr = ]
SiteAdvisor -> %UserAppData%\SiteAdvisor -> [Folder | Modified Date = 2007-09-18 08:02:30 | Attr = ]
?ppPatch -> %UserAppData%\?ppPatch -> [Folder | Modified Date = 2007-09-10 06:12:18 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 12800 bytes | Modified Date = 2007-08-24 17:08:52 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3762526 bytes | Modified Date = 2007-09-06 11:47:12 | Attr = H ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 2007-08-30 07:39:32 | Attr = R ]
avgarkt-setup-1.1.0.42.exe -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe -> [Ver = | Size = 423736 bytes | Modified Date = 2007-08-23 18:38:58 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe:Zone.Identifier ->
bleepingcomputersdirections.rtf -> %UserDocuments%\bleepingcomputersdirections.rtf -> [Ver = | Size = 6571 bytes | Modified Date = 2007-09-06 07:33:18 | Attr = ]
DSCI0001.JPG -> %UserDocuments%\DSCI0001.JPG -> [Ver = | Size = 3558591 bytes | Modified Date = 2007-09-02 05:09:44 | Attr = ]
gracie cast -> %UserDocuments%\gracie cast -> [Folder | Modified Date = 2007-08-31 07:57:58 | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 2007-08-28 11:14:32 | Attr = R ]
MySpaceIM Pics -> %UserDocuments%\MySpaceIM Pics -> [Folder | Modified Date = 2007-08-31 07:58:06 | Attr = ]
AVG Anti-Rootkit Free.lnk -> %AllUsersDesktop%\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 828 bytes | Modified Date = 2007-08-23 18:50:38 | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 2007-08-28 11:23:40 | Attr = ]
spybotsd14.exe -> %AllUsersDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 2007-08-23 09:59:38 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2007-08-31 08:40:58 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2007-08-31 08:40:16 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier ->
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2007-08-29 19:06:16 | Attr = ]
The Latest from Lavasoft - Ad-Aware 2007 - Lavasoft.url -> %UserDesktop%\The Latest from Lavasoft - Ad-Aware 2007 - Lavasoft.url -> [Ver = | Size = 158 bytes | Modified Date = 2007-09-12 07:22:10 | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 2007-09-06 07:37:46 | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 2007-09-05 16:42:08 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 2007-08-29 19:37:08 | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 2004-09-20 15:20:44 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 2007-03-15 12:22:38 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 2007-03-15 12:19:58 | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 2007-03-15 12:23:16 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.485 | Size = 821600 bytes | Modified Date = 2007-09-04 07:13:46 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\avgarkt-setup-1.1.0.42.exe:Zone.Identifier ->
WSUD , -> %UserDocuments%\DSCI0001.JPG -> [Ver = | Size = 3558591 bytes | Modified Date = 2007-09-02 05:09:44 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Earnhardt.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Urge_Release_1.1.9060.0.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\DVD Shrink 3.2.exe -> DVD Shrink [Ver = 3.2.0.15 | Size = 598086 bytes | Modified Date = 2004-07-26 02:16:20 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2007-08-31 08:40:16 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\iTunesSetup.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users