Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java_bytever.aq


  • Please log in to reply
19 replies to this topic

#1 bigstream29

bigstream29

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 22 April 2007 - 03:12 PM

Hi people, i am Andrew. I have a problem with my computer. My computer started acting up and I did a V-COM anti-virus scan (V-COM is a fix-it utility, not an antivirus program). It said i had 21 infected files, which included JAVA-BYTEVER.AQ, JAVA_BYTEVER.S, JAVA_BYTEVER.C, and JAVA_BYTEVER.A. I have used every possbile method to delete these files but none have worked. There is an anti-virus program on my computer (AVG) and it wouldn't even pick up on these "viruses". Also, for some reason I couldn't get the online virus-scan Housecall to finish scanning. Could any of you all give me some advice on how to remove these pesky little bugs from my computer? They sure do slow down your computer.

Here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:30:45 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [ComcastSUPPORT] "C:\Program Files\Support.com\bin\tgkill.exe" /cleaneahtioga /start
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\dxxuycnf.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {561F8E34-B51B-45E8-A23D-50ED9C880FD2} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {AEF851F3-F528-4974-A0E1-33486E2BA39B} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {F8228384-FFF8-4D27-82B5-1791E673C6E5} - http://www.comcast.net (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe" "WMP54Gv4.exe (file missing)

Edited by bigstream29, 22 April 2007 - 03:34 PM.


BC AdBot (Login to Remove)

 


#2 bigstream29

bigstream29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 22 April 2007 - 03:22 PM

Also guys, here's my log of the V-COM anti-virus scan that showed the infections:

Virus Scan Results:

Run: 4/20/2007 8:20:37 PM

Scanned:
Boot Sector
Boot Sector
All files, including those in archives, on all local hard drives

Results:

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-178c71c1.zip\GetAccess.class
Name: JAVA_BYTEVER.AQ
Requested action: Remove potential threat.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-178c71c1.zip\Installer.class
Name: JAVA_BYTEVER.AQ
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-178c71c1.zip\NewSecurityClassLoader.class
Name: JAVA_BYTEVER.S
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-178c71c1.zip\NewURLClassLoader.class
Name: JAVA_BYTEVER.S
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-41b7f3bc.zip\GetAccess.class
Name: JAVA_BYTEVER.AQ
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-41b7f3bc.zip\Installer.class
Name: JAVA_BYTEVER.AQ
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-41b7f3bc.zip\NewSecurityClassLoader.class
Name: JAVA_BYTEVER.S
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-41b7f3bc.zip\NewURLClassLoader.class
Name: JAVA_BYTEVER.S
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-7177e11a.zip\GetAccess.class
Name: JAVA_BYTEVER.AQ
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-7177e11a.zip\Installer.class
Name: JAVA_BYTEVER.AQ
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-7177e11a.zip\NewSecurityClassLoader.class
Name: JAVA_BYTEVER.S
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2338f20e-7177e11a.zip\NewURLClassLoader.class
Name: JAVA_BYTEVER.S
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv449.jar-335d3265-14c8d314.zip\Counter.class
Name: JAVA_BYTEVER.C
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv449.jar-335d3265-14c8d314.zip\Dummy.class
Name: JAVA_BYTEVER.A
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv449.jar-335d3265-14c8d314.zip\Parser.class
Name: JAVA_BYTEVER.A
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv449.jar-335d3265-41b1f94f.zip\Counter.class
Name: JAVA_BYTEVER.C
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv449.jar-335d3265-41b1f94f.zip\Dummy.class
Name: JAVA_BYTEVER.A
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv449.jar-335d3265-41b1f94f.zip\Parser.class
Name: JAVA_BYTEVER.A
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv449.jar-335d3265-533ab651.zip\Counter.class
Name: JAVA_BYTEVER.C
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv449.jar-335d3265-533ab651.zip\Dummy.class
Name: JAVA_BYTEVER.A
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Found potential threat
In File: C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv449.jar-335d3265-533ab651.zip\Parser.class
Name: JAVA_BYTEVER.A
Requested action: Automatically attempt to remove potential threat from infected file.
Results: Removal attempt failed. File still infected. See recommendation below.

Files not scanned:
C:\Documents and Settings\All Users\Application Data\????????
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
C:\Documents and Settings\Compaq_Administrator\NTUSER.DAT
C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
C:\Documents and Settings\LocalService\NTUSER.DAT
C:\Documents and Settings\LocalService\ntuser.dat.LOG
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
C:\Documents and Settings\NetworkService\NTUSER.DAT
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
C:\hiberfil.sys
C:\pagefile.sys
C:\System Volume Information\MountPointManagerRemoteDatabase
C:\WINDOWS\SoftwareDistribution\EventCache\A97B5E82-BC45-4461-9A05-7697CCBD8EC5.bin
C:\WINDOWS\system32\CatRoot2\edb.log
C:\WINDOWS\system32\CatRoot2\tmp.edb
C:\WINDOWS\system32\config\default
C:\WINDOWS\system32\config\default.LOG
C:\WINDOWS\system32\config\SAM
C:\WINDOWS\system32\config\SAM.LOG
C:\WINDOWS\system32\config\SECURITY
C:\WINDOWS\system32\config\SECURITY.LOG
C:\WINDOWS\system32\config\software
C:\WINDOWS\system32\config\software.LOG
C:\WINDOWS\system32\config\system
C:\WINDOWS\system32\config\system.LOG
C:\WINDOWS\Temp\ZLT05a8c.TMP
C:\WINDOWS\Temp\ZLT05a93.TMP

18800 Executables scanned
84 Macros scanned
13581 Files inside archives scanned
30 Files that could not be scanned (files in use, encrypted archives, etc.)
249303 Total files scanned

Recommended action:

Certain potential threats may not be automatically cleaned by this scanner. You may still be able to manually clean these potential threats.

If a potential threat could not be cleaned, please note its name and look it up in our web-based virus encyclopedia at http://www.v-com.com/virusinfo/virupedia.html. The encyclopedia will contain additional information and help guide you through the removal of the potential threat.

Never assume your machine is free of viruses until a complete scan of your system reports no viruses found.

Some files could not be scanned. These files may be encrypted or in use by either Windows or another application.

The scanner cannot scan files that are locked by Windows, but most of these files are at a very low risk of infection. These include files with a .log extension (or no extension at all), virtual memory files (*.swp in Windows 95/98 or pagefile.sys in Windows NT/2000) and System Registry files (user.dat, system.dat, ntuser.dat).

If you would like to scan these files, close all open applications, decrypt any encrypted files, and try again. If you still cannot access the files, use the Virus Rescue Disk to scan them.

In some cases you may need to use the Virus Rescue Disk set. The disk set, including instructions, can be downloaded from http://www.v-com.com/virusinfo/rescue.html. Please use a machine that is not infected with a virus to create the disk set. Please note the Virus Rescue Disk set is only compatible with FAT file systems. Windows NT and operating systems that are installed on NTFS file system are incompatible.

You may wish to boot into Safe Mode and run Deep Scan.

#3 bigstream29

bigstream29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 26 April 2007 - 10:13 PM

Hey guys, i just realized yesterday i forgot to follow your instructions before posting this log. sorry about that. i did do the cleanout but i still think my computer is infected. V-COM is giving the same warning of JAVA_BYTEVER.AQ and others when the anti-virus scans over the Documents and Settings files. Plus, for some strange reason, i keep on getting pop-ups, especially when i start the browser. i have the yahoo built-in pop-up blocker, and previously it worked well. Ever since i caught on the the JAVA trojans, it started acting up. Also, i realized that when i click "internet options" and then the "privacy" tab, the bar is set to zero. Even if i change it and click "apply", when i close out the browser and reopen it, the bar returns to zero. Anyways, here is my new hijackths log after all the scanning and deleting i did:

Logfile of HijackThis v1.99.1
Scan saved at 10:01:25 PM, on 4/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [ComcastSUPPORT] "C:\Program Files\Support.com\bin\tgkill.exe" /cleaneahtioga /start
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\dxxuycnf.dll",setvm
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\ygwciqvt.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {561F8E34-B51B-45E8-A23D-50ED9C880FD2} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {AEF851F3-F528-4974-A0E1-33486E2BA39B} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {F8228384-FFF8-4D27-82B5-1791E673C6E5} - http://www.comcast.net (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe" "WMP54Gv4.exe (file missing)


Thanks guys in advance for the help. Hopefully i could return my computer back to normal.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:16 PM

Posted 30 April 2007 - 05:13 PM

Hello bigstream29 and welcome to the BC HijackThis forum.

I don't think you need to worry about the files that V-COM is finding. The byteverify exploit is very old and not an issue with any java version past about 1.4. It's just a false positive with V-COM. If you want, you can clear the java cache by following the directions here. That will at least stop the annoying alerts.

What you should be concerned with, however, is that it appears there is a vundo infection on this machine. Let's see if we can take care of that.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt back here.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Now, download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 bigstream29

bigstream29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 03 May 2007 - 08:15 PM

Hello Oldtimer, thanks for replying to me. I'm so sorry i did't get back to you sooner. I kinda gave up on my computer for a little while. After a couple of days i tried fixing the computer myself, so i'm assuming there are a few changes on my hijackthis log. I will post a new hijackthis log. Well, i did an online virus scan a couple days ago using Pandaonline, and it said i had a virus on my computer --- along with 20 or so spywares and some "hacker tools". Spybot search and destroy didn't seem to help either. My computer is still getting pop-ups, especially Winantispy, and it's a still slower that previously before. Anyways, i ran Vundofix.exe and it deleted a few .dll files, but it wouldn't run after reboot to remove the remaining infected files. Here are the logs you requested:

This is the vundotxt:


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 6:19:17 PM 5/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\fcccayy.dll
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\kccmyrin.dll
C:\WINDOWS\system32\khfdaya.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\pmnmklk.dll
C:\WINDOWS\system32\tuvwvuu.dll
C:\WINDOWS\system32\tvqicwgy.ini
C:\WINDOWS\system32\ygwciqvt.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fcccayy.dll
C:\WINDOWS\system32\fcccayy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfdaya.dll
C:\WINDOWS\system32\khfdaya.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnmklk.dll
C:\WINDOWS\system32\pmnmklk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvwvuu.dll
C:\WINDOWS\system32\tuvwvuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvqicwgy.ini
C:\WINDOWS\system32\tvqicwgy.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ygwciqvt.dll
C:\WINDOWS\system32\ygwciqvt.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 6:49:18 PM 5/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\bdjjcqap.dll
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\khfdaya.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bdjjcqap.dll
C:\WINDOWS\system32\bdjjcqap.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\gebcd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\khfdaya.dll
C:\WINDOWS\system32\khfdaya.dll Could not be deleted.

Performing Repairs to the registry.
Done!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Now here is the WinPFind3u text:
WinPFind3 logfile created on: 5/3/2007 7:08:32 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

958.48 Mb Total Physical Memory | 420.39 Mb Available Physical Memory | 43.86% Memory free
2.26 Gb Paging File | 1.73 Gb Available in Paging File | 76.63% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 212.16 Gb Free Space | 94.59% Space Free
Drive D: | 8.56 Gb Total Space | 0.61 Gb Free Space | 7.09% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
arpwrmsg.exe -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/26/2007 10:28:26 PM | Attr = ]
cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> BroadJump, Inc. [Ver = 1, 0, 6, 0 | Size = 483394 bytes | Modified Date = 4/17/2007 10:02:48 AM | Attr = ]
discover.exe -> %ProgramFiles%\DISC\DISCover.exe -> Digital Interactive Systems Corporation [Ver = 3.33.2005.0406 | Size = 1073152 bytes | Modified Date = 4/6/2006 8:51:18 PM | Attr = ]
discstreamhub.exe -> %ProgramFiles%\DISC\DiscStreamHub.exe -> Digital Interactive Systems Corporation, Inc. [Ver = 3.33.2005.406 | Size = 57344 bytes | Modified Date = 4/6/2006 8:50:22 PM | Attr = ]
discupdmgr.exe -> %ProgramFiles%\DISC\DiscUpdMgr.exe -> Digital Interactive Systems Corporation, Inc. [Ver = 3.33.2005.406 | Size = 65536 bytes | Modified Date = 4/6/2006 8:50:22 PM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 4:04:38 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 11:44:24 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/20/2006 11:08:48 PM | Attr = ]
mxtask.exe -> %ProgramFiles%\VCOM\Fix-It\MXTASK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.4 | Size = 233472 bytes | Modified Date = 4/30/2007 9:12:52 PM | Attr = ]
mxtask.exe -> %ProgramFiles%\VCOM\Fix-It\MXTASK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.4 | Size = 233472 bytes | Modified Date = 4/30/2007 9:12:52 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
pcdsmartmonitor.exe -> %ProgramFiles%\PC-Doctor 5 for Windows\PcdSmartMonitor.exe -> [Ver = | Size = 376832 bytes | Modified Date = 5/10/2006 5:44:28 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/30/2006 9:44:22 AM | Attr = ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.2.4 | Size = 16125440 bytes | Modified Date = 2/26/2007 3:03:02 PM | Attr = ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 11/24/2006 6:16:50 PM | Attr = ]
tgcmd.exe -> %ProgramFiles%\Support.com\bin\tgcmd.exe -> Support.com, Inc. [Ver = 5,5,214,0 | Size = 1519616 bytes | Modified Date = 11/28/2001 12:37:20 PM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 3/9/2007 12:01:58 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Adapter\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ]
wmp54gv4.exe -> %ProgramFiles%\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe -> Cisco Linksys Corporation [Ver = 4.4.2.4 | Size = 5751808 bytes | Modified Date = 4/15/2004 8:24:38 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 3/9/2007 12:02:00 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/26/2007 10:28:26 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/9/2004 4:00:00 PM | Attr = ]
(FirebirdServerMAGIXInstance) Firebird Server - MAGIX Instance [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\MAGIX\Common\Database\bin\fbserver.exe -> MAGIX® [Ver = WI-V1.5.2.4734 | Size = 1527900 bytes | Modified Date = 11/17/2005 2:18:52 PM | Attr = ]
(Fix-It Task Manager) Fix-It Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\VCOM\Fix-It\MXTASK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.4 | Size = 233472 bytes | Modified Date = 4/30/2007 9:12:52 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/24/2007 10:45:10 PM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/20/2006 11:08:48 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
(UPnPService) UPnPService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\MAGIX Shared\UPnPService\UPnPService.exe -> [Ver = 1, 0, 0, 2 | Size = 647242 bytes | Modified Date = 11/8/2005 4:25:00 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 3/9/2007 12:01:58 AM | Attr = ]
(WMP54Gv4SVC) WMP54Gv4SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Adapter\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Alcmtr -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 6:43:28 PM | Attr = ]
AlwaysReady Power Message APP -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> BroadJump, Inc. [Ver = 1, 0, 6, 0 | Size = 483394 bytes | Modified Date = 4/17/2007 10:02:48 AM | Attr = ]
ComcastSUPPORT -> %ProgramFiles%\Support.com\bin\tgkill.exe -> [Ver = | Size = 57344 bytes | Modified Date = 11/21/2001 2:49:46 AM | Attr = ]
Fix-It AV -> %ProgramFiles%\VCOM\Fix-It\MEMCHECK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 32768 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
ftutil2 -> %System32%\ftutil2.dll ["rundll32.exe" ftutil2.dll,SetWriteCacheMode] -> Promise Technology, Inc. [Ver = 1.00.0.3 | Size = 106496 bytes | Modified Date = 6/7/2004 9:05:38 AM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]
HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe -> Hewlett-Packard Company [Ver = 3, 0, 0, 0 | Size = 249856 bytes | Modified Date = 2/15/2006 5:34:58 PM | Attr = ]
InfoData -> %System32%\ygwciqvt.DLL [rundll32.exe "C:\WINDOWS\system32\ygwciqvt.dll",realset] -> File not found
InstallProvider -> %LocalSettings%\Temp\miniinst.exe -> File not found
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 6:50:42 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 7311360 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
PCDrSmartMonitor -> %ProgramFiles%\PC-Doctor 5 for Windows\PcdSmartMonitor.exe -> [Ver = | Size = 376832 bytes | Modified Date = 5/10/2006 5:44:28 PM | Attr = ]
RCScheduleCheck -> %ProgramFiles%\VCOM\Recovery Commander\RCSCHED.EXE -> imagine LAN, Inc. [Ver = 2.00.03 | Size = 151552 bytes | Modified Date = 10/21/2003 12:20:50 PM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 6, 0, 54, 0 | Size = 237568 bytes | Modified Date = 7/22/2005 5:14:00 PM | Attr = ]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.2.4 | Size = 16125440 bytes | Modified Date = 2/26/2007 3:03:02 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/30/2006 9:44:22 AM | Attr = ]
WindowsService -> %System32%\blbhrvbd.dll [rundll32.exe "C:\WINDOWS\system32\blbhrvbd.dll",realset] -> [Ver = | Size = 132660 bytes | Modified Date = 5/3/2007 6:50:30 PM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 3/9/2007 12:02:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 11/24/2006 6:16:50 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 2:48:20 AM | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 1:01:50 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{1F737917-06DA-44ED-8156-944619AECE3F} [HKLM] -> %System32%\khfdaya.dll [] -> [Ver = | Size = 26678 bytes | Modified Date = 4/19/2007 10:21:26 PM | Attr = ]
{a5780613-492e-4a2a-a7fd-549610edf6cc} [HKLM] -> %ProgramFiles%\VCOM\Recovery Commander\RCHOOK.DLL [] -> [Ver = 1, 0, 7, 0 | Size = 102400 bytes | Modified Date = 7/8/2003 9:53:38 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
gebcd -> %System32%\gebcd.dll -> [Ver = | Size = 284244 bytes | Modified Date = 5/3/2007 6:50:06 PM | Attr = ]
PFW -> %System32%\UmxWNP.dll -> CA [Ver = 6, 0, 0, 5 | Size = 79368 bytes | Modified Date = 11/17/2006 10:30:12 PM | Attr = ]
< HOSTS File > (10128 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com/ ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKCU: Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKCU: Search Bar -> http://www.yahoo.com/search/ie.html ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.comcast.net/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
trymedia.com [http] -> ->
trymedia.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{1F737917-06DA-44ED-8156-944619AECE3F} [HKLM] -> %System32%\khfdaya.dll [Reg Data - Value does not exist] -> [Ver = | Size = 26678 bytes | Modified Date = 4/19/2007 10:21:26 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ]
{67098D41-F270-4BED-9B69-CC3357F3A100} [HKLM] -> %System32%\mljjj.dll [Reg Data - Value does not exist] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{A75E294E-C047-4D29-B07E-37B792881BEF} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> Hewlett-Packard [Ver = 1.0.0.1 | Size = 208896 bytes | Modified Date = 8/30/2006 10:02:22 AM | Attr = ]
{D651AFF4-9590-424d-BD1E-8E33E090DFB3} [HKLM] -> %System32%\yvgtyyrl.dll [Reg Data - Value does not exist] -> [Ver = | Size = 49204 bytes | Modified Date = 5/3/2007 7:06:18 PM | Attr = ]
{F77132F7-02D1-48D7-A1E1-BA6C7D863B4F} [HKLM] -> %System32%\gebcd.dll [Reg Data - Value does not exist] -> [Ver = | Size = 284244 bytes | Modified Date = 5/3/2007 6:50:06 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789} -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [ButtonText: Internet Connection Help] -> [Ver = | Size = 706 bytes | Modified Date = 8/30/2006 10:00:58 AM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{1456A6E3-7086-4D5A-8FB5-01C3237A9D0A} -> (NVIDIA nForce Networking Controller) ->
{2294AF84-AC10-4FDE-924B-2A75007A9821} -> (Linksys Wireless-G PCI Adapter) ->
{892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
{F71448B3-D1D2-4E99-A226-B4BF76C1423E} -> (1394 Net Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000035 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 4/27/2007 3:42:28 PM | Attr = RH ]
boot.inh -> %SystemDrive%\boot.inh -> [Ver = | Size = 53 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 4/10/2007 8:22:46 PM | Attr = H ]
ntdetect.col -> %SystemDrive%\ntdetect.col -> [Ver = | Size = 53 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 5/3/2007 5:19:17 PM | Attr = ]
$NtUninstallKB914882$ -> %SystemRoot%\$NtUninstallKB914882$ -> [Folder | Created Date = 4/10/2007 8:33:07 PM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Created Date = 4/8/2007 8:41:00 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 4/8/2007 8:44:20 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 4/9/2007 8:04:17 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/11/2007 9:33:56 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/11/2007 9:36:17 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/11/2007 9:38:46 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/11/2007 9:33:45 PM | Attr = H ]
$NtUninstallKB935448$ -> %SystemRoot%\$NtUninstallKB935448$ -> [Folder | Created Date = 4/11/2007 9:38:33 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 4/8/2007 8:43:58 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 4/8/2007 8:42:21 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 4/8/2007 8:43:24 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 4/8/2007 8:41:43 PM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 4/25/2007 7:54:51 PM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 4/14/2007 8:26:41 PM | Attr = ]
HideWin.exe -> %SystemRoot%\HideWin.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.1 | Size = 315392 bytes | Created Date = 4/4/2007 9:52:26 PM | Attr = ]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 4/16/2007 2:18:40 PM | Attr = ]
RCUninstall.EXE -> %SystemRoot%\RCUninstall.EXE -> imagine LAN, Inc. [Ver = 1.00.01 | Size = 45056 bytes | Created Date = 4/30/2007 5:02:11 PM | Attr = ]
RtlExUpd.dll -> %SystemRoot%\RtlExUpd.dll -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 7 | Size = 520192 bytes | Created Date = 4/4/2007 9:52:26 PM | Attr = ]
SkyTel.exe -> %SystemRoot%\SkyTel.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Created Date = 4/4/2007 9:53:06 PM | Attr = ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75512 bytes | Created Date = 4/29/2007 3:36:57 PM | Attr = ]
MP Scheduled Quick Scan.job -> %SystemRoot%\tasks\MP Scheduled Quick Scan.job -> [Ver = | Size = 402 bytes | Created Date = 4/10/2007 8:39:16 PM | Attr = H ]
Scheduled Checkpoint.job -> %SystemRoot%\tasks\Scheduled Checkpoint.job -> [Ver = | Size = 340 bytes | Created Date = 4/30/2007 5:02:41 PM | Attr = ]
SpywareBot Scheduled Scan.job -> %SystemRoot%\tasks\SpywareBot Scheduled Scan.job -> [Ver = | Size = 518 bytes | Created Date = 4/25/2007 6:51:37 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 4/29/2007 1:40:05 PM | Attr = ]
actskn45.ocx -> %System32%\actskn45.ocx -> SoftShape Development [Ver = 4, 50, 0, 0 | Size = 483328 bytes | Created Date = 4/20/2007 2:21:02 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 4/4/2007 6:50:51 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 4/29/2007 1:40:40 PM | Attr = ]
blbhrvbd.dll -> %System32%\blbhrvbd.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/3/2007 5:50:26 PM | Attr = ]
c000pr2.tt -> %System32%\c000pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c001pr2.tt -> %System32%\c001pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c002pr2.tt -> %System32%\c002pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c003pr2.tt -> %System32%\c003pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c004pr2.tt -> %System32%\c004pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c005pr2.tt -> %System32%\c005pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c006pr2.tt -> %System32%\c006pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c007pr2.tt -> %System32%\c007pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c008pr2.tt -> %System32%\c008pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c009pr2.tt -> %System32%\c009pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
ChCfg.exe -> %System32%\ChCfg.exe -> [Ver = | Size = 49152 bytes | Created Date = 4/4/2007 9:53:06 PM | Attr = ]
dbvrhblb.ini -> %System32%\dbvrhblb.ini -> [Ver = | Size = 1485426 bytes | Created Date = 5/3/2007 5:50:30 PM | Attr = HS]
dcbeg.bak1 -> %System32%\dcbeg.bak1 -> [Ver = | Size = 1369859 bytes | Created Date = 5/3/2007 6:06:15 PM | Attr = HS]
dcbeg.ini -> %System32%\dcbeg.ini -> [Ver = | Size = 1371852 bytes | Created Date = 5/3/2007 6:06:05 PM | Attr = HS]
dcbeg.tmp -> %System32%\dcbeg.tmp -> [Ver = | Size = 0 bytes | Created Date = 5/3/2007 6:06:05 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 4/10/2007 8:33:29 PM | Attr = ]
fncyuxxd.ini -> %System32%\fncyuxxd.ini -> [Ver = | Size = 534 bytes | Created Date = 4/20/2007 4:45:11 PM | Attr = HS]
gebcd.dll -> %System32%\gebcd.dll -> [Ver = | Size = 284244 bytes | Created Date = 5/3/2007 5:50:02 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 4/29/2007 1:40:11 PM | Attr = ]
instdump.dmp -> %System32%\instdump.dmp -> [Ver = | Size = 98184 bytes | Created Date = 4/25/2007 7:53:31 PM | Attr = ]
instdump.zip -> %System32%\instdump.zip -> [Ver = | Size = 19248 bytes | Created Date = 4/25/2007 7:53:31 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
khfdaya.dll -> %System32%\khfdaya.dll -> [Ver = | Size = 26678 bytes | Created Date = 4/19/2007 9:21:25 PM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 4/29/2007 3:36:35 PM | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 4/19/2007 10:04:52 PM | Attr = ]
mi2.exe -> %System32%\mi2.exe -> [Ver = | Size = 7439544 bytes | Created Date = 4/20/2007 2:19:39 PM | Attr = ]
MSGINA.CPR -> %System32%\MSGINA.CPR -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
nyjjymyn.ini -> %System32%\nyjjymyn.ini -> [Ver = | Size = 1487012 bytes | Created Date = 5/3/2007 4:55:10 PM | Attr = HS]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 4/29/2007 1:40:10 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 4/29/2007 1:40:11 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49617 bytes | Created Date = 4/29/2007 3:36:22 PM | Attr = ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 4/29/2007 3:35:27 PM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Created Date = 4/29/2007 3:36:22 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 157424 bytes | Created Date = 4/29/2007 3:35:27 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 104176 bytes | Created Date = 4/29/2007 3:36:23 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 276208 bytes | Created Date = 4/29/2007 3:36:23 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 4/29/2007 3:36:35 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 472816 bytes | Created Date = 4/29/2007 3:35:27 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 46832 bytes | Created Date = 4/29/2007 3:36:26 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 100080 bytes | Created Date = 4/29/2007 3:36:24 PM | Attr = ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Created Date = 5/3/2007 5:57:51 PM | Attr = ]
yvgtyyrl.dll -> %System32%\yvgtyyrl.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/3/2007 6:06:16 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 4/29/2007 3:36:32 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 4/29/2007 3:36:32 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 4/16/2007 2:20:00 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 4/29/2007 3:36:24 PM | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 4/29/2007 3:36:25 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 4/29/2007 1:40:40 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Created Date = 4/26/2007 9:28:26 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 4/26/2007 9:28:28 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 4/26/2007 9:28:28 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/26/2007 9:28:29 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 4/26/2007 9:28:29 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 4/26/2007 9:28:29 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 120096 bytes | Created Date = 4/16/2007 2:27:22 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 2684 bytes | Created Date = 4/16/2007 2:27:21 PM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 2336 bytes | Created Date = 4/16/2007 2:27:22 PM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1292 bytes | Created Date = 4/16/2007 2:27:22 PM | Attr = HS]
kmxcfg.u2k0 -> %System32%\drivers\kmxcfg.u2k0 -> [Ver = | Size = 48016 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k1 -> %System32%\drivers\kmxcfg.u2k1 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k2 -> %System32%\drivers\kmxcfg.u2k2 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k3 -> %System32%\drivers\kmxcfg.u2k3 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k4 -> %System32%\drivers\kmxcfg.u2k4 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k5 -> %System32%\drivers\kmxcfg.u2k5 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k6 -> %System32%\drivers\kmxcfg.u2k6 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k7 -> %System32%\drivers\kmxcfg.u2k7 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 4/28/2007 6:21:45 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 4/8/2007 8:41:47 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 4/8/2007 8:41:49 PM | Attr = H ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 5/3/2007 7:06:30 PM | Attr = RH ]
boot.inh -> %SystemDrive%\boot.inh -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/30/2007 8:18:44 PM | Attr = H ]
db1874d4429d6c3068a02444 -> %SystemDrive%\db1874d4429d6c3068a02444 -> [Folder | Modified Date = 4/29/2007 2:48:18 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Modified Date = 5/3/2007 6:59:16 PM | Attr = HS]
ntdetect.col -> %SystemDrive%\ntdetect.col -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/29/2007 4:36:26 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/19/2007 12:54:38 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/30/2007 6:08:22 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/19/2007 10:26:48 PM | Attr = ]
VCOM -> %SystemDrive%\VCOM -> [Folder | Modified Date = 4/30/2007 6:07:30 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 5/3/2007 6:58:10 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/3/2007 7:02:52 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/11/2007 10:38:32 PM | Attr = H ]
$NtUninstallKB914882$ -> %SystemRoot%\$NtUninstallKB914882$ -> [Folder | Modified Date = 4/10/2007 9:33:08 PM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Modified Date = 4/8/2007 9:41:02 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Modified Date = 4/8/2007 9:44:22 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 4/9/2007 9:04:20 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/11/2007 10:33:58 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/11/2007 10:36:18 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/11/2007 10:38:50 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/11/2007 10:33:48 PM | Attr = H ]
$NtUninstallKB935448$ -> %SystemRoot%\$NtUninstallKB935448$ -> [Folder | Modified Date = 4/11/2007 10:38:36 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Modified Date = 4/8/2007 9:44:00 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 4/8/2007 9:42:26 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Modified Date = 4/8/2007 9:43:30 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Modified Date = 4/8/2007 9:41:44 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/29/2007 3:14:24 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/12/2007 5:28:48 PM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 4/28/2007 3:41:56 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/3/2007 6:59:18 PM | Attr = S]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 4/16/2007 4:04:58 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/29/2007 3:15:02 PM | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 4/29/2007 3:15:50 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/12/2007 5:28:10 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/14/2007 9:02:42 PM | Attr = ]
HideWin.exe -> %SystemRoot%\HideWin.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.1 | Size = 315392 bytes | Modified Date = 4/4/2007 10:52:28 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1917 bytes | Modified Date = 4/15/2007 12:52:04 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/29/2007 2:40:46 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/30/2007 8:15:40 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/3/2007 7:07:24 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/12/2007 2:59:48 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/30/2007 6:16:24 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/12/2007 2:53:22 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 4/10/2007 8:05:58 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/3/2007 7:06:20 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/3/2007 6:59:54 PM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1039896 bytes | Modified Date = 4/8/2007 9:42:16 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 4/29/2007 3:23:50 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 4/29/2007 3:23:52 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 231 bytes | Modified Date = 4/14/2007 9:51:18 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/3/2007 7:08:46 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/30/2007 6:02:42 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/3/2007 7:02:46 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1054 bytes | Modified Date = 4/29/2007 3:28:30 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/14/2007 9:30:34 PM | Attr = ]
MP Scheduled Quick Scan.job -> %SystemRoot%\tasks\MP Scheduled Quick Scan.job -> [Ver = | Size = 402 bytes | Modified Date = 4/14/2007 9:01:04 PM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/3/2007 6:59:26 PM | Attr = H ]
Scheduled Checkpoint.job -> %SystemRoot%\tasks\Scheduled Checkpoint.job -> [Ver = | Size = 340 bytes | Modified Date = 5/3/2007 5:56:12 PM | Attr = ]
SpywareBot Scheduled Scan.job -> %SystemRoot%\tasks\SpywareBot Scheduled Scan.job -> [Ver = | Size = 518 bytes | Modified Date = 4/25/2007 7:51:42 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 4/29/2007 3:23:54 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 4/8/2007 9:43:52 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 4/10/2007 8:25:34 PM | Attr = ]
blbhrvbd.dll -> %System32%\blbhrvbd.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/3/2007 6:50:30 PM | Attr = ]
c000pr2.tt -> %System32%\c000pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c001pr2.tt -> %System32%\c001pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c002pr2.tt -> %System32%\c002pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c003pr2.tt -> %System32%\c003pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c004pr2.tt -> %System32%\c004pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c005pr2.tt -> %System32%\c005pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c006pr2.tt -> %System32%\c006pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c007pr2.tt -> %System32%\c007pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c008pr2.tt -> %System32%\c008pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c009pr2.tt -> %System32%\c009pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/30/2007 6:38:34 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 4/29/2007 3:24:42 PM | Attr = ]
dbvrhblb.ini -> %System32%\dbvrhblb.ini -> [Ver = | Size = 1485426 bytes | Modified Date =

#6 bigstream29

bigstream29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 03 May 2007 - 08:21 PM

wow, that's a long post. Here's the rest of it:

dcbeg.bak1 -> %System32%\dcbeg.bak1 -> [Ver = | Size = 1369859 bytes | Modified Date = 5/3/2007 7:06:16 PM | Attr = HS]
dcbeg.ini -> %System32%\dcbeg.ini -> [Ver = | Size = 1371852 bytes | Modified Date = 5/3/2007 7:08:46 PM | Attr = HS]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/12/2007 2:53:22 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4/29/2007 3:26:16 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 4/14/2007 9:30:20 PM | Attr = ]
fncyuxxd.ini -> %System32%\fncyuxxd.ini -> [Ver = | Size = 534 bytes | Modified Date = 4/23/2007 6:31:58 PM | Attr = HS]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 240736 bytes | Modified Date = 4/13/2007 10:01:20 PM | Attr = ]
gebcd.dll -> %System32%\gebcd.dll -> [Ver = | Size = 284244 bytes | Modified Date = 5/3/2007 6:50:06 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 4/29/2007 2:40:12 PM | Attr = ]
instdump.dmp -> %System32%\instdump.dmp -> [Ver = | Size = 98184 bytes | Modified Date = 4/25/2007 8:53:32 PM | Attr = ]
instdump.zip -> %System32%\instdump.zip -> [Ver = | Size = 19248 bytes | Modified Date = 4/25/2007 8:53:38 PM | Attr = ]
khfdaya.dll -> %System32%\khfdaya.dll -> [Ver = | Size = 26678 bytes | Modified Date = 4/19/2007 10:21:26 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 4/8/2007 9:41:48 PM | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 4/29/2007 7:58:20 PM | Attr = ]
mcs.rma -> %System32%\mcs.rma -> [Ver = | Size = 870128 bytes | Modified Date = 4/15/2007 10:32:34 PM | Attr = ]
mi2.exe -> %System32%\mi2.exe -> [Ver = | Size = 7439544 bytes | Modified Date = 4/20/2007 3:20:06 PM | Attr = ]
MSGINA.CPR -> %System32%\MSGINA.CPR -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 4/8/2007 9:43:52 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 4/30/2007 6:08:54 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 43531 bytes | Modified Date = 5/3/2007 7:00:20 PM | Attr = ]
nyjjymyn.ini -> %System32%\nyjjymyn.ini -> [Ver = | Size = 1487012 bytes | Modified Date = 5/3/2007 5:56:24 PM | Attr = HS]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 4/29/2007 2:40:12 PM | Attr = ]
pcdhdm.cpl -> %System32%\pcdhdm.cpl -> [Ver = | Size = 38400 bytes | Modified Date = 5/3/2007 7:00:42 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 64064 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 405640 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 460184 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4/29/2007 12:46:50 PM | Attr = ]
RTCOM -> %System32%\RTCOM -> [Folder | Modified Date = 4/4/2007 10:53:08 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 4/29/2007 2:40:14 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49617 bytes | Modified Date = 5/3/2007 7:00:06 PM | Attr = ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Modified Date = 5/3/2007 6:57:52 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 4/29/2007 3:27:58 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 5/3/2007 7:00:00 PM | Attr = ]
yvgtyyrl.dll -> %System32%\yvgtyyrl.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/3/2007 7:06:18 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 5/3/2007 5:54:40 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 4/29/2007 4:37:04 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 4/27/2007 4:37:26 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 4/28/2007 8:41:38 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 120096 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 2684 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 2336 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1292 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
kmxcfg.u2k0 -> %System32%\drivers\kmxcfg.u2k0 -> [Ver = | Size = 48016 bytes | Modified Date = 5/3/2007 6:58:42 PM | Attr = ]
kmxcfg.u2k1 -> %System32%\drivers\kmxcfg.u2k1 -> [Ver = | Size = 64 bytes | Modified Date = 5/3/2007 6:58:42 PM | Attr = ]
kmxcfg.u2k2 -> %System32%\drivers\kmxcfg.u2k2 -> [Ver = | Size = 64 bytes | Modified Date = 5/3/2007 6:58:42 PM | Attr = ]
kmxcfg.u2k3 -> %System32%\drivers\kmxcfg.u2k3 -> [Ver = | Size = 64 bytes | Modified Date = 5/3/2007 6:58:42 PM | Attr = ]
kmxcfg.u2k4 -> %System32%\drivers\kmxcfg.u2k4 -> [Ver = | Size = 64 bytes | Modified Date = 5/3/2007 6:58:42 PM | Attr = ]
kmxcfg.u2k5 -> %System32%\drivers\kmxcfg.u2k5 -> [Ver = | Size = 64 bytes | Modified Date = 5/3/2007 6:58:42 PM | Attr = ]
kmxcfg.u2k6 -> %System32%\drivers\kmxcfg.u2k6 -> [Ver = | Size = 64 bytes | Modified Date = 5/3/2007 6:58:42 PM | Attr = ]
kmxcfg.u2k7 -> %System32%\drivers\kmxcfg.u2k7 -> [Ver = | Size = 64 bytes | Modified Date = 5/3/2007 6:58:42 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 4/8/2007 9:42:34 PM | Attr = ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 10128 bytes | Modified Date = 4/10/2007 5:18:46 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 4/8/2007 9:41:50 PM | Attr = H ]

[File String Scan - Non-Microsoft Only]
UPX! , -> %System32%\blbhrvbd.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/3/2007 6:50:30 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/9/2004 4:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\khfdaya.dll -> [Ver = | Size = 26678 bytes | Modified Date = 4/19/2007 10:21:26 PM | Attr = ]
Thawte Consulting , -> %System32%\mi2.exe -> [Ver = | Size = 7439544 bytes | Modified Date = 4/20/2007 3:20:06 PM | Attr = ]
PEC2 , -> %System32%\ODBCJET.HLP -> [Ver = | Size = 163384 bytes | Modified Date = 7/11/1997 1:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.34a | Size = 63144 bytes | Modified Date = 3/9/2006 4:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.34a | Size = 114856 bytes | Modified Date = 3/9/2006 4:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 67240 bytes | Modified Date = 3/9/2006 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 62632 bytes | Modified Date = 3/9/2006 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 115880 bytes | Modified Date = 3/9/2006 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\syschkvc.dll -> Yummy Interactive Inc. [Ver = 1, 2, 0, 8 | Size = 56656 bytes | Modified Date = 1/18/2006 1:18:18 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/9/2004 4:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\yvgtyyrl.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/3/2007 7:06:18 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 4/27/2007 4:37:26 PM | Attr = ]
abetterinternet.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 10128 bytes | Modified Date = 4/29/2007 12:31:24 PM | Attr = ]
abetterinternet.com , -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 10128 bytes | Modified Date = 4/10/2007 5:18:46 PM | Attr = ]

< End of report >


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Just so that you might need it, i will post my current hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:17:32 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [ComcastSUPPORT] "C:\Program Files\Support.com\bin\tgkill.exe" /cleaneahtioga /start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\ygwciqvt.dll",realset
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [InstallProvider] "C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\miniinst.exe" -nag
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\blbhrvbd.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {561F8E34-B51B-45E8-A23D-50ED9C880FD2} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {AEF851F3-F528-4974-A0E1-33486E2BA39B} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {F8228384-FFF8-4D27-82B5-1791E673C6E5} - http://www.comcast.net (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe" "WMP54Gv4.exe (file missing)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I did get some new "threats" that showed up in V-COM, but it might be false positives.Hope you can find the problem men. thanks a lot.

Edited by bigstream29, 03 May 2007 - 08:31 PM.


#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:16 PM

Posted 03 May 2007 - 09:25 PM

Hi bigstream29. Ok, to start, please print these directions so they will be available to you. We will be rebooting into Safe Mode so this page will not be available.

Next, Please follow the steps below in order:

Step #1

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> InfoData -> %System32%\ygwciqvt.DLL [rundll32.exe "C:\WINDOWS\system32\ygwciqvt.dll",realset]
YN -> InstallProvider -> %LocalSettings%\Temp\miniinst.exe
YY -> WindowsService -> %System32%\blbhrvbd.dll [rundll32.exe "C:\WINDOWS\system32\blbhrvbd.dll",realset]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {1F737917-06DA-44ED-8156-944619AECE3F} [HKLM] -> %System32%\khfdaya.dll []
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> gebcd -> %System32%\gebcd.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {1F737917-06DA-44ED-8156-944619AECE3F} [HKLM] -> %System32%\khfdaya.dll [Reg Data - Value does not exist]
YN -> {67098D41-F270-4BED-9B69-CC3357F3A100} [HKLM] -> %System32%\mljjj.dll [Reg Data - Value does not exist]
YN -> {A75E294E-C047-4D29-B07E-37B792881BEF} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {D651AFF4-9590-424d-BD1E-8E33E090DFB3} [HKLM] -> %System32%\yvgtyyrl.dll [Reg Data - Value does not exist]
YN -> {F77132F7-02D1-48D7-A1E1-BA6C7D863B4F} [HKLM] -> %System32%\gebcd.dll [Reg Data - Value does not exist]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[Files/Folders - Created Within 30 days]
NY -> blbhrvbd.dll -> %System32%\blbhrvbd.dll
NY -> dbvrhblb.ini -> %System32%\dbvrhblb.ini
NY -> dcbeg.bak1 -> %System32%\dcbeg.bak1
NY -> dcbeg.ini -> %System32%\dcbeg.ini
NY -> dcbeg.tmp -> %System32%\dcbeg.tmp
NY -> fncyuxxd.ini -> %System32%\fncyuxxd.ini
NY -> gebcd.dll -> %System32%\gebcd.dll
NY -> khfdaya.dll -> %System32%\khfdaya.dll
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mi2.exe -> %System32%\mi2.exe
NY -> nyjjymyn.ini -> %System32%\nyjjymyn.ini
NY -> yvgtyyrl.dll -> %System32%\yvgtyyrl.dll
[Files/Folders - Modified Within 30 days]
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
NY -> blbhrvbd.dll -> %System32%\blbhrvbd.dll
NY -> dbvrhblb.ini -> %System32%\dbvrhblb.ini
NY -> dcbeg.bak1 -> %System32%\dcbeg.bak1
NY -> dcbeg.ini -> %System32%\dcbeg.ini
NY -> fncyuxxd.ini -> %System32%\fncyuxxd.ini
NY -> gebcd.dll -> %System32%\gebcd.dll
NY -> khfdaya.dll -> %System32%\khfdaya.dll
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mi2.exe -> %System32%\mi2.exe
NY -> nyjjymyn.ini -> %System32%\nyjjymyn.ini
NY -> yvgtyyrl.dll -> %System32%\yvgtyyrl.dll
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %System32%\khfdaya.dll
NY -> Thawte Consulting , -> %System32%\mi2.exe
NY -> UPX! , UPX0 , -> %System32%\yvgtyyrl.dll
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time You will be asked to reboot when the fix is done. Choose Yes and reboot into Safe Mode as shown below.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 bigstream29

bigstream29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 04 May 2007 - 09:52 PM

Hey Oldtimer,for some reason i can't get Wi PFind3U to finish fixing the problems. You said that the fix should take only a short time, but i waited like 10 minutes and the program froze. The screen turned white and i had to close it out using CTR-ALT-DELETE. I retried it a couple of times but it wouldn't work. The AVG Anti-Spyware download was successful though. I didn't run the scan yet, as you requested. AVG did identify a spyware immediately and i clicked to ignore it. I don't know if u want me to go ahead and put the computer in safe-boot and run the AVG scan.

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:16 PM

Posted 05 May 2007 - 06:43 AM

Yes, go ahead and boot into Safe Mode and try the WinPFind3 fix. Whether it works or not, run the AVG scan. The machine is pretty heavily infected. After the AVG scan, boot normally and run a new WinPFind3 scan and post it back here along with the report from AVG.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 bigstream29

bigstream29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 05 May 2007 - 10:40 PM

Ok Oldtimer, i was able to get WinPFind3 working last night. I inserted the fix, and it seemed all went well. i put the computer into safemode and ran the avg scan. i think it picked up like 40 or so spywares (great it's off my computer now). i haven't receive any pop-ups (so far) when i open Internet Explorer. Also, previously when i open "internet options" and then the privacy tab, the bar usually sets to zero. When i reset it to default, close off IE7 --- then reopen it --- it usually sets itself back to zero. today for the first time in a while, the bar stayed at medium setting. (apparently a spyware was causing these pop-ups). However, i'm still skeptical that my computer is completely cleaned of malware and infections. Here are the three reports that you requested:

This is the updated WinPFind3u report:

WinPFind3 logfile created on: 5/5/2007 10:16:23 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

958.48 Mb Total Physical Memory | 321.39 Mb Available Physical Memory | 33.53% Memory free
2.26 Gb Paging File | 1.73 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 211.98 Gb Free Space | 94.51% Space Free
Drive D: | 8.56 Gb Total Space | 0.61 Gb Free Space | 7.09% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
arpwrmsg.exe -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/26/2007 10:28:26 PM | Attr = ]
cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> BroadJump, Inc. [Ver = 1, 0, 6, 0 | Size = 483394 bytes | Modified Date = 4/17/2007 10:02:48 AM | Attr = ]
discover.exe -> %ProgramFiles%\DISC\DISCover.exe -> Digital Interactive Systems Corporation [Ver = 3.33.2005.0406 | Size = 1073152 bytes | Modified Date = 4/6/2006 8:51:18 PM | Attr = ]
discstreamhub.exe -> %ProgramFiles%\DISC\DiscStreamHub.exe -> Digital Interactive Systems Corporation, Inc. [Ver = 3.33.2005.406 | Size = 57344 bytes | Modified Date = 4/6/2006 8:50:22 PM | Attr = ]
discupdmgr.exe -> %ProgramFiles%\DISC\DiscUpdMgr.exe -> Digital Interactive Systems Corporation, Inc. [Ver = 3.33.2005.406 | Size = 65536 bytes | Modified Date = 4/6/2006 8:50:22 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 4:04:38 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 11:44:24 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/20/2006 11:08:48 PM | Attr = ]
mxtask.exe -> %ProgramFiles%\VCOM\Fix-It\MXTASK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.4 | Size = 233472 bytes | Modified Date = 4/30/2007 9:12:52 PM | Attr = ]
mxtask.exe -> %ProgramFiles%\VCOM\Fix-It\MXTASK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.4 | Size = 233472 bytes | Modified Date = 4/30/2007 9:12:52 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
pcdsmartmonitor.exe -> %ProgramFiles%\PC-Doctor 5 for Windows\PcdSmartMonitor.exe -> [Ver = | Size = 376832 bytes | Modified Date = 5/10/2006 5:44:28 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/30/2006 9:44:22 AM | Attr = ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.2.4 | Size = 16125440 bytes | Modified Date = 2/26/2007 3:03:02 PM | Attr = ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 11/24/2006 6:16:50 PM | Attr = ]
tgcmd.exe -> %ProgramFiles%\Support.com\bin\tgcmd.exe -> Support.com, Inc. [Ver = 5,5,214,0 | Size = 1519616 bytes | Modified Date = 11/28/2001 12:37:20 PM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 3/9/2007 12:01:58 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Adapter\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ]
wmp54gv4.exe -> %ProgramFiles%\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe -> Cisco Linksys Corporation [Ver = 4.4.2.4 | Size = 5751808 bytes | Modified Date = 4/15/2004 8:24:38 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 3/9/2007 12:02:00 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/26/2007 10:28:26 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/9/2004 4:00:00 PM | Attr = ]
(FirebirdServerMAGIXInstance) Firebird Server - MAGIX Instance [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\MAGIX\Common\Database\bin\fbserver.exe -> MAGIX® [Ver = WI-V1.5.2.4734 | Size = 1527900 bytes | Modified Date = 11/17/2005 2:18:52 PM | Attr = ]
(Fix-It Task Manager) Fix-It Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\VCOM\Fix-It\MXTASK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.4 | Size = 233472 bytes | Modified Date = 4/30/2007 9:12:52 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/24/2007 10:45:10 PM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/20/2006 11:08:48 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
(UPnPService) UPnPService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\MAGIX Shared\UPnPService\UPnPService.exe -> [Ver = 1, 0, 0, 2 | Size = 647242 bytes | Modified Date = 11/8/2005 4:25:00 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 3/9/2007 12:01:58 AM | Attr = ]
(WMP54Gv4SVC) WMP54Gv4SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Adapter\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
Alcmtr -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 6:43:28 PM | Attr = ]
AlwaysReady Power Message APP -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/26/2007 10:28:24 PM | Attr = ]
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> BroadJump, Inc. [Ver = 1, 0, 6, 0 | Size = 483394 bytes | Modified Date = 4/17/2007 10:02:48 AM | Attr = ]
ComcastSUPPORT -> %ProgramFiles%\Support.com\bin\tgkill.exe -> [Ver = | Size = 57344 bytes | Modified Date = 11/21/2001 2:49:46 AM | Attr = ]
Fix-It AV -> %ProgramFiles%\VCOM\Fix-It\MEMCHECK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 32768 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
ftutil2 -> %System32%\ftutil2.dll ["rundll32.exe" ftutil2.dll,SetWriteCacheMode] -> Promise Technology, Inc. [Ver = 1.00.0.3 | Size = 106496 bytes | Modified Date = 6/7/2004 9:05:38 AM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]
HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe -> Hewlett-Packard Company [Ver = 3, 0, 0, 0 | Size = 249856 bytes | Modified Date = 2/15/2006 5:34:58 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 6:50:42 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 7311360 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
PCDrSmartMonitor -> %ProgramFiles%\PC-Doctor 5 for Windows\PcdSmartMonitor.exe -> [Ver = | Size = 376832 bytes | Modified Date = 5/10/2006 5:44:28 PM | Attr = ]
RCScheduleCheck -> %ProgramFiles%\VCOM\Recovery Commander\RCSCHED.EXE -> imagine LAN, Inc. [Ver = 2.00.03 | Size = 151552 bytes | Modified Date = 10/21/2003 12:20:50 PM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 6, 0, 54, 0 | Size = 237568 bytes | Modified Date = 7/22/2005 5:14:00 PM | Attr = ]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.2.4 | Size = 16125440 bytes | Modified Date = 2/26/2007 3:03:02 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/30/2006 9:44:22 AM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 3/9/2007 12:02:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 11/24/2006 6:16:50 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 2:48:20 AM | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 1:01:50 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
{a5780613-492e-4a2a-a7fd-549610edf6cc} [HKLM] -> %ProgramFiles%\VCOM\Recovery Commander\RCHOOK.DLL [] -> [Ver = 1, 0, 7, 0 | Size = 102400 bytes | Modified Date = 7/8/2003 9:53:38 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
PFW -> %System32%\UmxWNP.dll -> CA [Ver = 6, 0, 0, 5 | Size = 79368 bytes | Modified Date = 11/17/2006 10:30:12 PM | Attr = ]
< HOSTS File > (10128 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com/ ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKCU: Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKCU: Search Bar -> http://www.yahoo.com/search/ie.html ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.comcast.net/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
trymedia.com [http] -> ->
trymedia.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> Hewlett-Packard [Ver = 1.0.0.1 | Size = 208896 bytes | Modified Date = 8/30/2006 10:02:22 AM | Attr = ]
{F8EEFD4E-E1E0-41D5-B165-16AA18360166} [HKLM] -> %System32%\gebcd.dll [Reg Data - Value does not exist] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789} -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [ButtonText: Internet Connection Help] -> [Ver = | Size = 706 bytes | Modified Date = 8/30/2006 10:00:58 AM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{1456A6E3-7086-4D5A-8FB5-01C3237A9D0A} -> (NVIDIA nForce Networking Controller) ->
{2294AF84-AC10-4FDE-924B-2A75007A9821} -> (Linksys Wireless-G PCI Adapter) ->
{892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
{F71448B3-D1D2-4E99-A226-B4BF76C1423E} -> (1394 Net Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000035 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 4/27/2007 3:42:28 PM | Attr = RH ]
boot.inh -> %SystemDrive%\boot.inh -> [Ver = | Size = 53 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 4/10/2007 8:22:46 PM | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
ntdetect.col -> %SystemDrive%\ntdetect.col -> [Ver = | Size = 53 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 5/3/2007 5:19:17 PM | Attr = ]
$NtUninstallKB914882$ -> %SystemRoot%\$NtUninstallKB914882$ -> [Folder | Created Date = 4/10/2007 8:33:07 PM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Created Date = 4/8/2007 8:41:00 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 4/8/2007 8:44:20 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 4/9/2007 8:04:17 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/11/2007 9:33:56 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/11/2007 9:36:17 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/11/2007 9:38:46 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/11/2007 9:33:45 PM | Attr = H ]
$NtUninstallKB935448$ -> %SystemRoot%\$NtUninstallKB935448$ -> [Folder | Created Date = 4/11/2007 9:38:33 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 4/8/2007 8:43:58 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 4/8/2007 8:42:21 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 4/8/2007 8:43:24 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 4/8/2007 8:41:43 PM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 4/25/2007 7:54:51 PM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 4/14/2007 8:26:41 PM | Attr = ]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 4/16/2007 2:18:40 PM | Attr = ]
RCUninstall.EXE -> %SystemRoot%\RCUninstall.EXE -> imagine LAN, Inc. [Ver = 1.00.01 | Size = 45056 bytes | Created Date = 4/30/2007 5:02:11 PM | Attr = ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75512 bytes | Created Date = 4/29/2007 3:36:57 PM | Attr = ]
MP Scheduled Quick Scan.job -> %SystemRoot%\tasks\MP Scheduled Quick Scan.job -> [Ver = | Size = 402 bytes | Created Date = 4/10/2007 8:39:16 PM | Attr = H ]
Scheduled Checkpoint.job -> %SystemRoot%\tasks\Scheduled Checkpoint.job -> [Ver = | Size = 342 bytes | Created Date = 4/30/2007 5:02:41 PM | Attr = ]
SpywareBot Scheduled Scan.job -> %SystemRoot%\tasks\SpywareBot Scheduled Scan.job -> [Ver = | Size = 518 bytes | Created Date = 4/25/2007 6:51:37 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 4/29/2007 1:40:05 PM | Attr = ]
actskn45.ocx -> %System32%\actskn45.ocx -> SoftShape Development [Ver = 4, 50, 0, 0 | Size = 483328 bytes | Created Date = 4/20/2007 2:21:02 PM | Attr = ]
aersekhy.dll -> %System32%\aersekhy.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/4/2007 8:04:58 PM | Attr = ]
ajtfesnf.dll -> %System32%\ajtfesnf.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/4/2007 7:43:40 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 4/29/2007 1:40:40 PM | Attr = ]
c000pr2.tt -> %System32%\c000pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c001pr2.tt -> %System32%\c001pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c002pr2.tt -> %System32%\c002pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c003pr2.tt -> %System32%\c003pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c004pr2.tt -> %System32%\c004pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c005pr2.tt -> %System32%\c005pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c006pr2.tt -> %System32%\c006pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c007pr2.tt -> %System32%\c007pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c008pr2.tt -> %System32%\c008pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c009pr2.tt -> %System32%\c009pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
crmyxlfx.dll -> %System32%\crmyxlfx.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/4/2007 8:02:38 PM | Attr = ]
dbvnncjv.ini -> %System32%\dbvnncjv.ini -> [Ver = | Size = 1466832 bytes | Created Date = 5/4/2007 8:02:32 PM | Attr = HS]
dcbeg.bak2 -> %System32%\dcbeg.bak2 -> [Ver = | Size = 1489513 bytes | Created Date = 5/4/2007 6:06:27 PM | Attr = HS]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 4/10/2007 8:33:29 PM | Attr = ]
fnseftja.ini -> %System32%\fnseftja.ini -> [Ver = | Size = 1466919 bytes | Created Date = 5/4/2007 7:43:42 PM | Attr = HS]
fyebeggp.dll -> %System32%\fyebeggp.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/4/2007 8:00:11 PM | Attr = ]
gumywfnf.dll -> %System32%\gumywfnf.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/4/2007 7:41:53 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 4/29/2007 1:40:11 PM | Attr = ]
iiktdwks.dll -> %System32%\iiktdwks.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/4/2007 8:15:11 PM | Attr = ]
ijvhrqrs.ini -> %System32%\ijvhrqrs.ini -> [Ver = | Size = 344 bytes | Created Date = 5/4/2007 8:08:05 PM | Attr = HS]
instdump.dmp -> %System32%\instdump.dmp -> [Ver = | Size = 98184 bytes | Created Date = 4/25/2007 7:53:31 PM | Attr = ]
instdump.zip -> %System32%\instdump.zip -> [Ver = | Size = 19248 bytes | Created Date = 4/25/2007 7:53:31 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
ktlohads.dll -> %System32%\ktlohads.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/4/2007 8:17:45 PM | Attr = ]
lgahxtsv.dll -> %System32%\lgahxtsv.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/4/2007 7:41:43 PM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 4/29/2007 3:36:35 PM | Attr = ]
ljsrtnbu.ini -> %System32%\ljsrtnbu.ini -> [Ver = | Size = 344 bytes | Created Date = 5/4/2007 7:37:36 PM | Attr = HS]
lrfhwmvr.dll -> %System32%\lrfhwmvr.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/4/2007 8:00:19 PM | Attr = ]
MSGINA.CPR -> %System32%\MSGINA.CPR -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
neavaqkn.ini -> %System32%\neavaqkn.ini -> [Ver = | Size = 1466850 bytes | Created Date = 5/4/2007 8:05:23 PM | Attr = HS]
nkqavaen.dll -> %System32%\nkqavaen.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/4/2007 8:05:21 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 4/29/2007 1:40:10 PM | Attr = ]
pcvrwlyx.ini -> %System32%\pcvrwlyx.ini -> [Ver = | Size = 294 bytes | Created Date = 5/4/2007 8:04:52 PM | Attr = HS]
pwxujqmq.dll -> %System32%\pwxujqmq.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/4/2007 8:17:36 PM | Attr = ]
pyuisfug.dll -> %System32%\pyuisfug.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/4/2007 8:05:12 PM | Attr = ]
qmqjuxwp.ini -> %System32%\qmqjuxwp.ini -> [Ver = | Size = 344 bytes | Created Date = 5/4/2007 8:17:39 PM | Attr = HS]
rvmwhfrl.ini -> %System32%\rvmwhfrl.ini -> [Ver = | Size = 1466832 bytes | Created Date = 5/4/2007 8:00:24 PM | Attr = HS]
srqrhvji.dll -> %System32%\srqrhvji.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/4/2007 8:08:03 PM | Attr = ]
tuqgsvkx.ini -> %System32%\tuqgsvkx.ini -> [Ver = | Size = 344 bytes | Created Date = 5/4/2007 8:15:05 PM | Attr = HS]
txgondnx.dll -> %System32%\txgondnx.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/4/2007 7:43:32 PM | Attr = ]
ubntrsjl.dll -> %System32%\ubntrsjl.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/4/2007 7:37:32 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 4/29/2007 1:40:11 PM | Attr = ]
vjcnnvbd.dll -> %System32%\vjcnnvbd.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/4/2007 8:02:29 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49617 bytes | Created Date = 4/29/2007 3:36:22 PM | Attr = ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 4/29/2007 3:35:27 PM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Created Date = 4/29/2007 3:36:22 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 157424 bytes | Created Date = 4/29/2007 3:35:27 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 104176 bytes | Created Date = 4/29/2007 3:36:23 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 276208 bytes | Created Date = 4/29/2007 3:36:23 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 4/29/2007 3:36:35 PM | Attr = ]
vstxhagl.ini -> %System32%\vstxhagl.ini -> [Ver = | Size = 294 bytes | Created Date = 5/4/2007 7:41:45 PM | Attr = HS]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 472816 bytes | Created Date = 4/29/2007 3:35:27 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 46832 bytes | Created Date = 4/29/2007 3:36:26 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 100080 bytes | Created Date = 4/29/2007 3:36:24 PM | Attr = ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Created Date = 5/3/2007 5:57:51 PM | Attr = ]
wrbmlihi.dll -> %System32%\wrbmlihi.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/4/2007 7:37:04 PM | Attr = ]
xjkxcepe.dll -> %System32%\xjkxcepe.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/4/2007 8:07:54 PM | Attr = ]
xkvsgqut.dll -> %System32%\xkvsgqut.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/4/2007 8:15:02 PM | Attr = ]
xylwrvcp.dll -> %System32%\xylwrvcp.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/4/2007 8:04:49 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 4/29/2007 3:36:32 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 4/29/2007 3:36:32 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 4/16/2007 2:20:00 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 4/29/2007 3:36:24 PM | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 4/29/2007 3:36:25 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 4/29/2007 1:40:40 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Created Date = 4/26/2007 9:28:26 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 4/26/2007 9:28:28 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 4/26/2007 9:28:28 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/4/2007 7:26:57 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/26/2007 9:28:29 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 4/26/2007 9:28:29 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 4/26/2007 9:28:29 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 120096 bytes | Created Date = 4/16/2007 2:27:22 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 2684 bytes | Created Date = 4/16/2007 2:27:21 PM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 2336 bytes | Created Date = 4/16/2007 2:27:22 PM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1292 bytes | Created Date = 4/16/2007 2:27:22 PM | Attr = HS]
kmxcfg.u2k0 -> %System32%\drivers\kmxcfg.u2k0 -> [Ver = | Size = 48016 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k1 -> %System32%\drivers\kmxcfg.u2k1 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k2 -> %System32%\drivers\kmxcfg.u2k2 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k3 -> %System32%\drivers\kmxcfg.u2k3 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k4 -> %System32%\drivers\kmxcfg.u2k4 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k5 -> %System32%\drivers\kmxcfg.u2k5 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k6 -> %System32%\drivers\kmxcfg.u2k6 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k7 -> %System32%\drivers\kmxcfg.u2k7 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 4/28/2007 6:21:45 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 4/8/2007 8:41:47 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 4/8/2007 8:41:49 PM | Attr = H ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 5/4/2007 6:11:32 PM | Attr = RH ]
boot.inh -> %SystemDrive%\boot.inh -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/30/2007 8:18:44 PM | Attr = H ]
db1874d4429d6c3068a02444 -> %SystemDrive%\db1874d4429d6c3068a02444 -> [Folder | Modified Date = 4/29/2007 2:48:18 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Modified Date = 5/5/2007 9:01:58 PM | Attr = HS]
ntdetect.col -> %SystemDrive%\ntdetect.col -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/29/2007 4:36:26 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/19/2007 12:54:38 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/30/2007 6:08:22 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/19/2007 10:26:48 PM | Attr = ]
VCOM -> %SystemDrive%\VCOM -> [Folder | Modified Date = 4/30/2007 6:07:30 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 5/4/2007 7:40:08 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/5/2007 10:12:10 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/11/2007 10:38:32 PM | Attr = H ]
$NtUninstallKB914882$ -> %SystemRoot%\$NtUninstallKB914882$ -> [Folder | Modified Date = 4/10/2007 9:33:08 PM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Modified Date = 4/8/2007 9:41:02 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Modified Date = 4/8/2007 9:44:22 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 4/9/2007 9:04:20 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/11/2007 10:33:58 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/11/2007 10:36:18 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/11/2007 10:38:50 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/11/2007 10:33:48 PM | Attr = H ]
$NtUninstallKB935448$ -> %SystemRoot%\$NtUninstallKB935448$ -> [Folder | Modified Date = 4/11/2007 10:38:36 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Modified Date = 4/8/2007 9:44:00 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 4/8/2007 9:42:26 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Modified Date = 4/8/2007 9:43:30 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Modified Date = 4/8/2007 9:41:44 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/29/2007 3:14:24 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/12/2007 5:28:48 PM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 4/28/2007 3:41:56 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/5/2007 9:02:00 PM | Attr = S]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 4/16/2007 4:04:58 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/29/2007 3:15:02 PM | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 4/29/2007 3:15:50 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/12/2007 5:28:10 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/14/2007 9:02:42 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/29/2007 2:40:46 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/30/2007 8:15:40 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/5/2007 10:14:38 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/12/2007 2:59:48 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/30/2007 6:16:24 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/12/2007 2:53:22 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 4/10/2007 8:05:58 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/3/2007 7:34:14 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/5/2007 9:02:44 PM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1039896 bytes | Modified Date = 4/8/2007 9:42:16 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 4/29/2007 3:23:50 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 4/29/2007 3:23:52 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 231 bytes | Modified Date = 4/14/2007 9:51:18 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/5/2007 9:03:24 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/30/2007 6:02:42 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/5/2007 9:06:30 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1054 bytes | Modified Date = 4/29/2007 3:28:30 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/14/2007 9:30:34 PM | Attr = ]
MP Scheduled Quick Scan.job -> %SystemRoot%\tasks\MP Scheduled Quick Scan.job -> [Ver = | Size = 402 bytes | Modified Date = 4/14/2007 9:01:04 PM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/5/2007 9:02:06 PM | Attr = H ]
Scheduled Checkpoint.job -> %SystemRoot%\tasks\Scheduled Checkpoint.job -> [Ver = | Size = 342 bytes | Modified Date = 5/5/2007 9:04:24 PM | Attr = ]
SpywareBot Scheduled Scan.job -> %SystemRoot%\tasks\SpywareBot Scheduled Scan.job -> [Ver = | Size = 518 bytes | Modified Date = 4/25/2007 7:51:42 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 4/29/2007 3:23:54 PM | Attr = ]
aersekhy.dll -> %System32%\aersekhy.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:05:00 PM | Attr = ]
ajtfesnf.dll -> %System32%\ajtfesnf.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 8:43:42 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 4/8/2007 9:43:52 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 4/10/2007 8:25:34 PM | Attr = ]
c000pr2.tt -> %System32%\c000pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c001pr2.tt -> %System32%\c001pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c002pr2.tt -> %System32%\c002pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c003pr2.tt -> %System32%\c003pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c004pr2.tt -> %System32%\c004pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c005pr2.tt -> %System32%\c005pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c006pr2.tt -> %System32%\c006pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c007pr2.tt -> %System32%\c007pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c008pr2.tt -> %System32%\c008pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c009pr2.tt -> %System32%\c009pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/4/2007 9:06:14 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 4/29/2007 3:24:42 PM | Attr = ]
crmyxlfx.dll -> %System32%\crmyxlfx.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:02:40 PM | Attr = ]
dbvnncjv.ini -> %System32%\dbvnncjv.ini -> [Ver = | Size = 1466832 bytes | Modified Date = 5/4/2007 9:03:14 PM | Attr = HS]
dcbeg.bak2 -> %System32%\dcbeg.bak2 -> [Ver = | Size = 1489513 bytes | Modified Date = 5/4/2007 8:41:44 PM | Attr = HS]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/12/2007 2:53:22 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/4/2007 8:26:58 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 4/14/2007 9:30:20 PM | Attr = ]
fnseftja.ini -> %System32%\fnseftja.ini -> [Ver = | Size = 1466919 bytes | Modified Date = 5/4/2007 8:52:46 PM | Attr = HS]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 240736 bytes | Modified Date = 4/13/2007 10:01:20 PM | Attr = ]
fyebeggp.dll -> %System32%\fyebeggp.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:00:14 PM | Attr = ]
gumywfnf.dll -> %System32%\gumywfnf.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 8:41:54 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 4/29/2007 2:40:12 PM | Attr = ]
iiktdwks.dll -> %System32%\iiktdwks.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:15:14 PM | Attr = ]
ijvhrqrs.ini -> %System32%\ijvhrqrs.ini -> [Ver = | Size = 344 bytes | Modified Date = 5/4/2007 9:08:48 PM | Attr = HS]
instdump.dmp -> %System32%\instdump.dmp -> [Ver = | Size = 98184 bytes | Modified Date = 4/25/2007 8:53:32 PM | Attr = ]
instdump.zip -> %System32%\instdump.zip -> [Ver = | Size = 19248 bytes | Modified Date = 4/25/2007 8:53:3

Edited by bigstream29, 05 May 2007 - 11:05 PM.


#11 bigstream29

bigstream29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 05 May 2007 - 10:43 PM

WinPFind3u continued...


ktlohads.dll -> %System32%\ktlohads.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:17:48 PM | Attr = ]
lgahxtsv.dll -> %System32%\lgahxtsv.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 8:41:46 PM | Attr = ]
ljsrtnbu.ini -> %System32%\ljsrtnbu.ini -> [Ver = | Size = 344 bytes | Modified Date = 5/4/2007 8:38:28 PM | Attr = HS]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 4/8/2007 9:41:48 PM | Attr = ]
lrfhwmvr.dll -> %System32%\lrfhwmvr.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:00:24 PM | Attr = ]
mcs.rma -> %System32%\mcs.rma -> [Ver = | Size = 870128 bytes | Modified Date = 4/15/2007 10:32:34 PM | Attr = ]
MSGINA.CPR -> %System32%\MSGINA.CPR -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
neavaqkn.ini -> %System32%\neavaqkn.ini -> [Ver = | Size = 1466850 bytes | Modified Date = 5/4/2007 9:06:10 PM | Attr = HS]
nkqavaen.dll -> %System32%\nkqavaen.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:05:24 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 4/8/2007 9:43:52 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 4/30/2007 6:08:54 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 43531 bytes | Modified Date = 5/5/2007 9:03:08 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 4/29/2007 2:40:12 PM | Attr = ]
pcdhdm.cpl -> %System32%\pcdhdm.cpl -> [Ver = | Size = 38400 bytes | Modified Date = 5/5/2007 9:04:10 PM | Attr = ]
pcvrwlyx.ini -> %System32%\pcvrwlyx.ini -> [Ver = | Size = 294 bytes | Modified Date = 5/4/2007 9:04:54 PM | Attr = HS]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 64064 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 405640 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 460184 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
pwxujqmq.dll -> %System32%\pwxujqmq.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:17:40 PM | Attr = ]
pyuisfug.dll -> %System32%\pyuisfug.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:05:14 PM | Attr = ]
qmqjuxwp.ini -> %System32%\qmqjuxwp.ini -> [Ver = | Size = 344 bytes | Modified Date = 5/4/2007 9:17:54 PM | Attr = HS]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4/29/2007 12:46:50 PM | Attr = ]
rvmwhfrl.ini -> %System32%\rvmwhfrl.ini -> [Ver = | Size = 1466832 bytes | Modified Date = 5/4/2007 9:00:38 PM | Attr = HS]
srqrhvji.dll -> %System32%\srqrhvji.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:08:06 PM | Attr = ]
tuqgsvkx.ini -> %System32%\tuqgsvkx.ini -> [Ver = | Size = 344 bytes | Modified Date = 5/4/2007 9:15:48 PM | Attr = HS]
txgondnx.dll -> %System32%\txgondnx.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 8:43:34 PM | Attr = ]
ubntrsjl.dll -> %System32%\ubntrsjl.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 8:37:34 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 4/29/2007 2:40:14 PM | Attr = ]
vjcnnvbd.dll -> %System32%\vjcnnvbd.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:02:32 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49617 bytes | Modified Date = 5/5/2007 9:03:04 PM | Attr = ]
vstxhagl.ini -> %System32%\vstxhagl.ini -> [Ver = | Size = 294 bytes | Modified Date = 5/4/2007 8:41:48 PM | Attr = HS]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Modified Date = 5/3/2007 6:57:52 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 4/29/2007 3:27:58 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 5/5/2007 9:03:12 PM | Attr = ]
wrbmlihi.dll -> %System32%\wrbmlihi.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 8:37:06 PM | Attr = ]
xjkxcepe.dll -> %System32%\xjkxcepe.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:07:56 PM | Attr = ]
xkvsgqut.dll -> %System32%\xkvsgqut.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:15:06 PM | Attr = ]
xylwrvcp.dll -> %System32%\xylwrvcp.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:04:52 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 5/3/2007 5:54:40 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 4/29/2007 4:37:04 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 4/27/2007 4:37:26 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 4/28/2007 8:41:38 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 120096 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 2684 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 2336 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1292 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
kmxcfg.u2k0 -> %System32%\drivers\kmxcfg.u2k0 -> [Ver = | Size = 48016 bytes | Modified Date = 5/4/2007 11:42:46 PM | Attr = ]
kmxcfg.u2k1 -> %System32%\drivers\kmxcfg.u2k1 -> [Ver = | Size = 64 bytes | Modified Date = 5/4/2007 11:42:46 PM | Attr = ]
kmxcfg.u2k2 -> %System32%\drivers\kmxcfg.u2k2 -> [Ver = | Size = 64 bytes | Modified Date = 5/4/2007 11:42:46 PM | Attr = ]
kmxcfg.u2k3 -> %System32%\drivers\kmxcfg.u2k3 -> [Ver = | Size = 64 bytes | Modified Date = 5/4/2007 11:42:46 PM | Attr = ]
kmxcfg.u2k4 -> %System32%\drivers\kmxcfg.u2k4 -> [Ver = | Size = 64 bytes | Modified Date = 5/4/2007 11:42:46 PM | Attr = ]
kmxcfg.u2k5 -> %System32%\drivers\kmxcfg.u2k5 -> [Ver = | Size = 64 bytes | Modified Date = 5/4/2007 11:42:46 PM | Attr = ]
kmxcfg.u2k6 -> %System32%\drivers\kmxcfg.u2k6 -> [Ver = | Size = 64 bytes | Modified Date = 5/4/2007 11:42:46 PM | Attr = ]
kmxcfg.u2k7 -> %System32%\drivers\kmxcfg.u2k7 -> [Ver = | Size = 64 bytes | Modified Date = 5/4/2007 11:42:46 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 4/8/2007 9:42:34 PM | Attr = ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 10128 bytes | Modified Date = 4/10/2007 5:18:46 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 4/8/2007 9:41:50 PM | Attr = H ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %System32%\aersekhy.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:05:00 PM | Attr = ]
UPX! , -> %System32%\ajtfesnf.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 8:43:42 PM | Attr = ]
UPX! , UPX0 , -> %System32%\crmyxlfx.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:02:40 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/9/2004 4:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\fyebeggp.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:00:14 PM | Attr = ]
UPX! , UPX0 , -> %System32%\gumywfnf.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 8:41:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\iiktdwks.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:15:14 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ktlohads.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:17:48 PM | Attr = ]
UPX! , -> %System32%\lgahxtsv.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 8:41:46 PM | Attr = ]
UPX! , -> %System32%\lrfhwmvr.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:00:24 PM | Attr = ]
UPX! , -> %System32%\nkqavaen.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:05:24 PM | Attr = ]
PEC2 , -> %System32%\ODBCJET.HLP -> [Ver = | Size = 163384 bytes | Modified Date = 7/11/1997 1:00:00 AM | Attr = ]
UPX! , -> %System32%\pwxujqmq.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:17:40 PM | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.34a | Size = 63144 bytes | Modified Date = 3/9/2006 4:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.34a | Size = 114856 bytes | Modified Date = 3/9/2006 4:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 67240 bytes | Modified Date = 3/9/2006 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 62632 bytes | Modified Date = 3/9/2006 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 115880 bytes | Modified Date = 3/9/2006 6:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\pyuisfug.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:05:14 PM | Attr = ]
UPX! , -> %System32%\srqrhvji.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:08:06 PM | Attr = ]
Thawte Consulting , -> %System32%\syschkvc.dll -> Yummy Interactive Inc. [Ver = 1, 2, 0, 8 | Size = 56656 bytes | Modified Date = 1/18/2006 1:18:18 PM | Attr = ]
UPX! , UPX0 , -> %System32%\txgondnx.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 8:43:34 PM | Attr = ]
UPX! , -> %System32%\ubntrsjl.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 8:37:34 PM | Attr = ]
UPX! , -> %System32%\vjcnnvbd.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:02:32 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/9/2004 4:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\wrbmlihi.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 8:37:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\xjkxcepe.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/4/2007 9:07:56 PM | Attr = ]
UPX! , -> %System32%\xkvsgqut.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:15:06 PM | Attr = ]
UPX! , -> %System32%\xylwrvcp.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/4/2007 9:04:52 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 4/27/2007 4:37:26 PM | Attr = ]
abetterinternet.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 10128 bytes | Modified Date = 4/29/2007 12:31:24 PM | Attr = ]
abetterinternet.com , -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 10128 bytes | Modified Date = 4/10/2007 5:18:46 PM | Attr = ]

< End of report >


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Now here's the avg antispy report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:32:12 PM 5/4/2007

+ Scan result:



C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0002337.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0002339.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0002340.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP7\A0002521.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fcccayy.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\khfdaya.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\pmnmklk.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\tuvwvuu.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@track.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.22:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.24:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.11:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.12:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.7:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.8:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.9:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\0nc127hx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@site.skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Edited by bigstream29, 05 May 2007 - 10:50 PM.


#12 bigstream29

bigstream29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 05 May 2007 - 11:03 PM

And finally, the .log text from WinPFind3u:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\InfoData not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\InstallProvider not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WindowsService not found.
File C:\WINDOWS\SYSTEM32\blbhrvbd.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1F737917-06DA-44ED-8156-944619AECE3F} not found.
File C:\WINDOWS\SYSTEM32\khfdaya.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebcd not found.
File C:\WINDOWS\SYSTEM32\gebcd.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F737917-06DA-44ED-8156-944619AECE3F} not found.
File C:\WINDOWS\SYSTEM32\khfdaya.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67098D41-F270-4BED-9B69-CC3357F3A100} not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF} not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D651AFF4-9590-424d-BD1E-8E33E090DFB3} not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F77132F7-02D1-48D7-A1E1-BA6C7D863B4F} not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\SYSTEM32\blbhrvbd.dll not found!
File C:\WINDOWS\SYSTEM32\dbvrhblb.ini not found!
File C:\WINDOWS\SYSTEM32\dcbeg.bak1 not found!
File C:\WINDOWS\SYSTEM32\dcbeg.ini not found!
File C:\WINDOWS\SYSTEM32\dcbeg.tmp not found!
File C:\WINDOWS\SYSTEM32\fncyuxxd.ini not found!
File C:\WINDOWS\SYSTEM32\gebcd.dll not found!
File C:\WINDOWS\SYSTEM32\khfdaya.dll not found!
File C:\WINDOWS\SYSTEM32\mcrh.tmp not found!
File C:\WINDOWS\SYSTEM32\mi2.exe not found!
File C:\WINDOWS\SYSTEM32\nyjjymyn.ini not found!
File C:\WINDOWS\SYSTEM32\yvgtyyrl.dll not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\imsins.BAK not found!
File C:\WINDOWS\SYSTEM32\blbhrvbd.dll not found!
File C:\WINDOWS\SYSTEM32\dbvrhblb.ini not found!
File C:\WINDOWS\SYSTEM32\dcbeg.bak1 not found!
File C:\WINDOWS\SYSTEM32\dcbeg.ini not found!
File C:\WINDOWS\SYSTEM32\fncyuxxd.ini not found!
File C:\WINDOWS\SYSTEM32\gebcd.dll not found!
File C:\WINDOWS\SYSTEM32\khfdaya.dll not found!
File C:\WINDOWS\SYSTEM32\mcrh.tmp not found!
File C:\WINDOWS\SYSTEM32\mi2.exe not found!
File C:\WINDOWS\SYSTEM32\nyjjymyn.ini not found!
File C:\WINDOWS\SYSTEM32\yvgtyyrl.dll not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\SYSTEM32\khfdaya.dll not found!
File C:\WINDOWS\SYSTEM32\mi2.exe not found!
File C:\WINDOWS\SYSTEM32\yvgtyyrl.dll not found!
[Empty Temp Folders]
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 05/04/2007 22:16:40


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

So far, the computer does seem to runner faster after the AVG anti-spyware scan. I did an AVG anti-virus scan today and surprisingly it didn't find any threats to the computer.

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:16 PM

Posted 06 May 2007 - 07:47 AM

Hi bigstream29. It looks like we have a little cleanup yet with some left-over files. Let's try WinPFind3 and AVG AS again and if they come back after that we'll have to pull some other tools out of the bag.

Next, Please follow the steps below in order:

Step #1

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {F8EEFD4E-E1E0-41D5-B165-16AA18360166} [HKLM] -> %System32%\gebcd.dll [Reg Data - Value does not exist]
[Files/Folders - Created Within 30 days]
NY -> aersekhy.dll -> %System32%\aersekhy.dll
NY -> ajtfesnf.dll -> %System32%\ajtfesnf.dll
NY -> crmyxlfx.dll -> %System32%\crmyxlfx.dll
NY -> dbvnncjv.ini -> %System32%\dbvnncjv.ini
NY -> dcbeg.bak2 -> %System32%\dcbeg.bak2
NY -> fnseftja.ini -> %System32%\fnseftja.ini
NY -> fyebeggp.dll -> %System32%\fyebeggp.dll
NY -> gumywfnf.dll -> %System32%\gumywfnf.dll
NY -> iiktdwks.dll -> %System32%\iiktdwks.dll
NY -> ijvhrqrs.ini -> %System32%\ijvhrqrs.ini
NY -> ktlohads.dll -> %System32%\ktlohads.dll
NY -> lgahxtsv.dll -> %System32%\lgahxtsv.dll
NY -> ljsrtnbu.ini -> %System32%\ljsrtnbu.ini
NY -> lrfhwmvr.dll -> %System32%\lrfhwmvr.dll
NY -> neavaqkn.ini -> %System32%\neavaqkn.ini
NY -> nkqavaen.dll -> %System32%\nkqavaen.dll
NY -> pwxujqmq.dll -> %System32%\pwxujqmq.dll
NY -> pyuisfug.dll -> %System32%\pyuisfug.dll
NY -> qmqjuxwp.ini -> %System32%\qmqjuxwp.ini
NY -> rvmwhfrl.ini -> %System32%\rvmwhfrl.ini
NY -> srqrhvji.dll -> %System32%\srqrhvji.dll
NY -> tuqgsvkx.ini -> %System32%\tuqgsvkx.ini
NY -> txgondnx.dll -> %System32%\txgondnx.dll
NY -> ubntrsjl.dll -> %System32%\ubntrsjl.dll
NY -> vjcnnvbd.dll -> %System32%\vjcnnvbd.dll
NY -> vstxhagl.ini -> %System32%\vstxhagl.ini
NY -> wrbmlihi.dll -> %System32%\wrbmlihi.dll
NY -> xjkxcepe.dll -> %System32%\xjkxcepe.dll
NY -> xkvsgqut.dll -> %System32%\xkvsgqut.dll
NY -> xylwrvcp.dll -> %System32%\xylwrvcp.dll
[Files/Folders - Modified Within 30 days]
NY -> aersekhy.dll -> %System32%\aersekhy.dll
NY -> ajtfesnf.dll -> %System32%\ajtfesnf.dll
NY -> crmyxlfx.dll -> %System32%\crmyxlfx.dll
NY -> dbvnncjv.ini -> %System32%\dbvnncjv.ini
NY -> dcbeg.bak2 -> %System32%\dcbeg.bak2
NY -> fnseftja.ini -> %System32%\fnseftja.ini
NY -> fyebeggp.dll -> %System32%\fyebeggp.dll
NY -> gumywfnf.dll -> %System32%\gumywfnf.dll
NY -> iiktdwks.dll -> %System32%\iiktdwks.dll
NY -> ijvhrqrs.ini -> %System32%\ijvhrqrs.ini
NY -> ktlohads.dll -> %System32%\ktlohads.dll
NY -> lgahxtsv.dll -> %System32%\lgahxtsv.dll
NY -> ljsrtnbu.ini -> %System32%\ljsrtnbu.ini
NY -> lrfhwmvr.dll -> %System32%\lrfhwmvr.dll
NY -> neavaqkn.ini -> %System32%\neavaqkn.ini
NY -> nkqavaen.dll -> %System32%\nkqavaen.dll
NY -> pcvrwlyx.ini -> %System32%\pcvrwlyx.ini
NY -> pwxujqmq.dll -> %System32%\pwxujqmq.dll
NY -> pyuisfug.dll -> %System32%\pyuisfug.dll
NY -> qmqjuxwp.ini -> %System32%\qmqjuxwp.ini
NY -> rvmwhfrl.ini -> %System32%\rvmwhfrl.ini
NY -> srqrhvji.dll -> %System32%\srqrhvji.dll
NY -> tuqgsvkx.ini -> %System32%\tuqgsvkx.ini
NY -> txgondnx.dll -> %System32%\txgondnx.dll
NY -> ubntrsjl.dll -> %System32%\ubntrsjl.dll
NY -> vjcnnvbd.dll -> %System32%\vjcnnvbd.dll
NY -> vstxhagl.ini -> %System32%\vstxhagl.ini
NY -> wrbmlihi.dll -> %System32%\wrbmlihi.dll
NY -> xjkxcepe.dll -> %System32%\xjkxcepe.dll
NY -> xkvsgqut.dll -> %System32%\xkvsgqut.dll
NY -> xylwrvcp.dll -> %System32%\xylwrvcp.dll
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %System32%\aersekhy.dll
NY -> UPX! , -> %System32%\ajtfesnf.dll
NY -> UPX! , UPX0 , -> %System32%\crmyxlfx.dll
NY -> UPX! , UPX0 , -> %System32%\fyebeggp.dll
NY -> UPX! , UPX0 , -> %System32%\gumywfnf.dll
NY -> UPX! , UPX0 , -> %System32%\iiktdwks.dll
NY -> UPX! , UPX0 , -> %System32%\ktlohads.dll
NY -> UPX! , -> %System32%\lgahxtsv.dll
NY -> UPX! , -> %System32%\lrfhwmvr.dll
NY -> UPX! , -> %System32%\nkqavaen.dll
NY -> UPX! , -> %System32%\pwxujqmq.dll
NY -> UPX! , UPX0 , -> %System32%\pyuisfug.dll
NY -> UPX! , -> %System32%\srqrhvji.dll
NY -> UPX! , UPX0 , -> %System32%\txgondnx.dll
NY -> UPX! , -> %System32%\ubntrsjl.dll
NY -> UPX! , -> %System32%\vjcnnvbd.dll
NY -> UPX! , UPX0 , -> %System32%\wrbmlihi.dll
NY -> UPX! , UPX0 , -> %System32%\xjkxcepe.dll
NY -> UPX! , -> %System32%\xkvsgqut.dll
NY -> UPX! , -> %System32%\xylwrvcp.dll
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time You will be asked to reboot. Choose Yes and reboot into Safe Mode as shown below. If not, then reboot manually into Safe Mode.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #2

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 bigstream29

bigstream29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 06 May 2007 - 06:08 PM

Hello Oldtimer, i re-did the three scans that you wanted. The avg anti-spyware found 13 objects, some of which appeared to be the same ones in the last scan. I'm not sure if these are the "left-overs" you were talking about. Anyways, my computer ran a little bit faster after the scan, but opening IE7 still takes a somewhat lengthy time. It could be the Zonealarm firewall that's slowing down the Internet. Also, I've noticed that before the trojans and infections got in my computer, my harddrive used up approx. 14 gigs of space. Now it uses 12 gigs after all the cleaning out on my system. Judging by this, i would expect my computer to run faster. So, i'm presuming there are more objects than spywares that are slowing down my computer (maybe frag. files, etc.???). And finally, just to let you know, when i started my computer AVG wouldn't open up for some reason. The program said some error had occurred. I had to uninstall the program and download it again to get it cranking.

Here is the WinPFind3u report:

WinPFind3 logfile created on: 5/6/2007 1:33:25 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

958.48 Mb Total Physical Memory | 386.18 Mb Available Physical Memory | 40.29% Memory free
2.26 Gb Paging File | 1.73 Gb Available in Paging File | 76.70% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 211.87 Gb Free Space | 94.46% Space Free
Drive D: | 8.56 Gb Total Space | 0.61 Gb Free Space | 7.09% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
arpwrmsg.exe -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 5/6/2007 11:50:38 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 5/6/2007 11:50:38 AM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 5/6/2007 11:50:38 AM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 5/6/2007 11:50:40 AM | Attr = ]
cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> BroadJump, Inc. [Ver = 1, 0, 6, 0 | Size = 483394 bytes | Modified Date = 4/17/2007 10:02:48 AM | Attr = ]
discover.exe -> %ProgramFiles%\DISC\DISCover.exe -> Digital Interactive Systems Corporation [Ver = 3.33.2005.0406 | Size = 1073152 bytes | Modified Date = 4/6/2006 8:51:18 PM | Attr = ]
discstreamhub.exe -> %ProgramFiles%\DISC\DiscStreamHub.exe -> Digital Interactive Systems Corporation, Inc. [Ver = 3.33.2005.406 | Size = 57344 bytes | Modified Date = 4/6/2006 8:50:22 PM | Attr = ]
discupdmgr.exe -> %ProgramFiles%\DISC\DiscUpdMgr.exe -> Digital Interactive Systems Corporation, Inc. [Ver = 3.33.2005.406 | Size = 65536 bytes | Modified Date = 4/6/2006 8:50:22 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 4:04:38 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 11:44:24 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/20/2006 11:08:48 PM | Attr = ]
mxtask.exe -> %ProgramFiles%\VCOM\Fix-It\MXTASK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.4 | Size = 233472 bytes | Modified Date = 4/30/2007 9:12:52 PM | Attr = ]
mxtask.exe -> %ProgramFiles%\VCOM\Fix-It\MXTASK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.4 | Size = 233472 bytes | Modified Date = 4/30/2007 9:12:52 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
pcdsmartmonitor.exe -> %ProgramFiles%\PC-Doctor 5 for Windows\PcdSmartMonitor.exe -> [Ver = | Size = 376832 bytes | Modified Date = 5/10/2006 5:44:28 PM | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 2:48:20 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/30/2006 9:44:22 AM | Attr = ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.2.4 | Size = 16125440 bytes | Modified Date = 2/26/2007 3:03:02 PM | Attr = ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 11/24/2006 6:16:50 PM | Attr = ]
tgcmd.exe -> %ProgramFiles%\Support.com\bin\tgcmd.exe -> Support.com, Inc. [Ver = 5,5,214,0 | Size = 1519616 bytes | Modified Date = 11/28/2001 12:37:20 PM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 3/9/2007 12:01:58 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Adapter\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ]
wmp54gv4.exe -> %ProgramFiles%\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe -> Cisco Linksys Corporation [Ver = 4.4.2.4 | Size = 5751808 bytes | Modified Date = 4/15/2004 8:24:38 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 3/9/2007 12:02:00 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 5/6/2007 11:50:38 AM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 5/6/2007 11:50:40 AM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 5/6/2007 11:50:38 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/9/2004 4:00:00 PM | Attr = ]
(FirebirdServerMAGIXInstance) Firebird Server - MAGIX Instance [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\MAGIX\Common\Database\bin\fbserver.exe -> MAGIX® [Ver = WI-V1.5.2.4734 | Size = 1527900 bytes | Modified Date = 11/17/2005 2:18:52 PM | Attr = ]
(Fix-It Task Manager) Fix-It Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\VCOM\Fix-It\MXTASK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.4 | Size = 233472 bytes | Modified Date = 4/30/2007 9:12:52 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/24/2007 10:45:10 PM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/20/2006 11:08:48 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
(UPnPService) UPnPService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\MAGIX Shared\UPnPService\UPnPService.exe -> [Ver = 1, 0, 0, 2 | Size = 647242 bytes | Modified Date = 11/8/2005 4:25:00 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 3/9/2007 12:01:58 AM | Attr = ]
(WMP54Gv4SVC) WMP54Gv4SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Adapter\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
Alcmtr -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 6:43:28 PM | Attr = ]
AlwaysReady Power Message APP -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/2/2005 6:19:16 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 5/6/2007 11:50:38 AM | Attr = ]
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> BroadJump, Inc. [Ver = 1, 0, 6, 0 | Size = 483394 bytes | Modified Date = 4/17/2007 10:02:48 AM | Attr = ]
ComcastSUPPORT -> %ProgramFiles%\Support.com\bin\tgkill.exe -> [Ver = | Size = 57344 bytes | Modified Date = 11/21/2001 2:49:46 AM | Attr = ]
Fix-It AV -> %ProgramFiles%\VCOM\Fix-It\MEMCHECK.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 32768 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
ftutil2 -> %System32%\ftutil2.dll ["rundll32.exe" ftutil2.dll,SetWriteCacheMode] -> Promise Technology, Inc. [Ver = 1.00.0.3 | Size = 106496 bytes | Modified Date = 6/7/2004 9:05:38 AM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]
HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe -> Hewlett-Packard Company [Ver = 3, 0, 0, 0 | Size = 249856 bytes | Modified Date = 2/15/2006 5:34:58 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 6:50:42 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 7311360 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 5/9/2006 10:50:00 AM | Attr = ]
PCDrSmartMonitor -> %ProgramFiles%\PC-Doctor 5 for Windows\PcdSmartMonitor.exe -> [Ver = | Size = 376832 bytes | Modified Date = 5/10/2006 5:44:28 PM | Attr = ]
RCScheduleCheck -> %ProgramFiles%\VCOM\Recovery Commander\RCSCHED.EXE -> imagine LAN, Inc. [Ver = 2.00.03 | Size = 151552 bytes | Modified Date = 10/21/2003 12:20:50 PM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 6, 0, 54, 0 | Size = 237568 bytes | Modified Date = 7/22/2005 5:14:00 PM | Attr = ]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.2.4 | Size = 16125440 bytes | Modified Date = 2/26/2007 3:03:02 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/30/2006 9:44:22 AM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 3/9/2007 12:02:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 11/24/2006 6:16:50 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 2:48:20 AM | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 1:01:50 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
{a5780613-492e-4a2a-a7fd-549610edf6cc} [HKLM] -> %ProgramFiles%\VCOM\Recovery Commander\RCHOOK.DLL [] -> [Ver = 1, 0, 7, 0 | Size = 102400 bytes | Modified Date = 7/8/2003 9:53:38 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
PFW -> %System32%\UmxWNP.dll -> CA [Ver = 6, 0, 0, 5 | Size = 79368 bytes | Modified Date = 11/17/2006 10:30:12 PM | Attr = ]
< HOSTS File > (10128 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com/ ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKCU: Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKCU: Search Bar -> http://www.yahoo.com/search/ie.html ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.comcast.net/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
trymedia.com [http] -> ->
trymedia.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> Hewlett-Packard [Ver = 1.0.0.1 | Size = 208896 bytes | Modified Date = 8/30/2006 10:02:22 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789} -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [ButtonText: Internet Connection Help] -> [Ver = | Size = 706 bytes | Modified Date = 8/30/2006 10:00:58 AM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{1456A6E3-7086-4D5A-8FB5-01C3237A9D0A} -> (NVIDIA nForce Networking Controller) ->
{2294AF84-AC10-4FDE-924B-2A75007A9821} -> (Linksys Wireless-G PCI Adapter) ->
{892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
{F71448B3-D1D2-4E99-A226-B4BF76C1423E} -> (1394 Net Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000035 -> %ProgramFiles%\VCOM\Fix-It\MxAVlsp.dll -> Avanquest Publishing USA, Inc. [Ver = 6.0.3.1 | Size = 53248 bytes | Modified Date = 4/30/2007 9:12:46 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
boot.inh -> %SystemDrive%\boot.inh -> [Ver = | Size = 53 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 4/10/2007 8:22:46 PM | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
ntdetect.col -> %SystemDrive%\ntdetect.col -> [Ver = | Size = 53 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 5/3/2007 5:19:17 PM | Attr = ]
$NtUninstallKB914882$ -> %SystemRoot%\$NtUninstallKB914882$ -> [Folder | Created Date = 4/10/2007 8:33:07 PM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Created Date = 4/8/2007 8:41:00 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 4/8/2007 8:44:20 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 4/9/2007 8:04:17 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/11/2007 9:33:56 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/11/2007 9:36:17 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/11/2007 9:38:46 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/11/2007 9:33:45 PM | Attr = H ]
$NtUninstallKB935448$ -> %SystemRoot%\$NtUninstallKB935448$ -> [Folder | Created Date = 4/11/2007 9:38:33 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 4/8/2007 8:43:58 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 4/8/2007 8:42:21 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 4/8/2007 8:43:24 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 4/8/2007 8:41:43 PM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 4/25/2007 7:54:51 PM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 4/14/2007 8:26:41 PM | Attr = ]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 4/16/2007 2:18:40 PM | Attr = ]
RCUninstall.EXE -> %SystemRoot%\RCUninstall.EXE -> imagine LAN, Inc. [Ver = 1.00.01 | Size = 45056 bytes | Created Date = 4/30/2007 5:02:11 PM | Attr = ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75512 bytes | Created Date = 4/29/2007 3:36:57 PM | Attr = ]
MP Scheduled Quick Scan.job -> %SystemRoot%\tasks\MP Scheduled Quick Scan.job -> [Ver = | Size = 402 bytes | Created Date = 4/10/2007 8:39:16 PM | Attr = H ]
Scheduled Checkpoint.job -> %SystemRoot%\tasks\Scheduled Checkpoint.job -> [Ver = | Size = 342 bytes | Created Date = 4/30/2007 5:02:41 PM | Attr = ]
SpywareBot Scheduled Scan.job -> %SystemRoot%\tasks\SpywareBot Scheduled Scan.job -> [Ver = | Size = 518 bytes | Created Date = 4/25/2007 6:51:37 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 4/29/2007 1:40:05 PM | Attr = ]
actskn45.ocx -> %System32%\actskn45.ocx -> SoftShape Development [Ver = 4, 50, 0, 0 | Size = 483328 bytes | Created Date = 4/20/2007 2:21:02 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 4/29/2007 1:40:40 PM | Attr = ]
c000pr2.tt -> %System32%\c000pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c001pr2.tt -> %System32%\c001pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c002pr2.tt -> %System32%\c002pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c003pr2.tt -> %System32%\c003pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c004pr2.tt -> %System32%\c004pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c005pr2.tt -> %System32%\c005pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c006pr2.tt -> %System32%\c006pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c007pr2.tt -> %System32%\c007pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c008pr2.tt -> %System32%\c008pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
c009pr2.tt -> %System32%\c009pr2.tt -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 5/6/2007 12:00:50 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 4/10/2007 8:33:29 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 4/29/2007 1:40:11 PM | Attr = ]
instdump.dmp -> %System32%\instdump.dmp -> [Ver = | Size = 98184 bytes | Created Date = 4/25/2007 7:53:31 PM | Attr = ]
instdump.zip -> %System32%\instdump.zip -> [Ver = | Size = 19248 bytes | Created Date = 4/25/2007 7:53:31 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 4/28/2007 6:10:48 PM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 4/29/2007 3:36:35 PM | Attr = ]
MSGINA.CPR -> %System32%\MSGINA.CPR -> [Ver = | Size = 12 bytes | Created Date = 4/30/2007 5:02:10 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 4/29/2007 1:40:10 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 4/29/2007 1:40:11 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49617 bytes | Created Date = 4/29/2007 3:36:22 PM | Attr = ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 4/29/2007 3:35:27 PM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Created Date = 4/29/2007 3:36:22 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 157424 bytes | Created Date = 4/29/2007 3:35:27 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 104176 bytes | Created Date = 4/29/2007 3:36:23 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 276208 bytes | Created Date = 4/29/2007 3:36:23 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 4/29/2007 3:36:35 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 472816 bytes | Created Date = 4/29/2007 3:35:27 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 46832 bytes | Created Date = 4/29/2007 3:36:26 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 100080 bytes | Created Date = 4/29/2007 3:36:24 PM | Attr = ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Created Date = 5/3/2007 5:57:51 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 4/29/2007 3:36:32 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 4/29/2007 3:36:32 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 4/16/2007 2:20:00 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 4/29/2007 3:36:24 PM | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 4/29/2007 3:36:25 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 4/29/2007 1:40:40 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Created Date = 4/26/2007 9:28:26 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 5/6/2007 10:50:42 AM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 4/26/2007 9:28:28 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/4/2007 7:26:57 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/6/2007 10:50:43 AM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 5/6/2007 10:50:42 AM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 5/6/2007 10:50:42 AM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 120096 bytes | Created Date = 4/16/2007 2:27:22 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 2684 bytes | Created Date = 4/16/2007 2:27:21 PM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 2336 bytes | Created Date = 4/16/2007 2:27:22 PM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1292 bytes | Created Date = 4/16/2007 2:27:22 PM | Attr = HS]
kmxcfg.u2k0 -> %System32%\drivers\kmxcfg.u2k0 -> [Ver = | Size = 48016 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k1 -> %System32%\drivers\kmxcfg.u2k1 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k2 -> %System32%\drivers\kmxcfg.u2k2 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k3 -> %System32%\drivers\kmxcfg.u2k3 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k4 -> %System32%\drivers\kmxcfg.u2k4 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k5 -> %System32%\drivers\kmxcfg.u2k5 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k6 -> %System32%\drivers\kmxcfg.u2k6 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
kmxcfg.u2k7 -> %System32%\drivers\kmxcfg.u2k7 -> [Ver = | Size = 64 bytes | Created Date = 4/15/2007 6:23:49 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 4/28/2007 6:21:45 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 4/8/2007 8:41:47 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 4/8/2007 8:41:49 PM | Attr = H ]

[Files/Folders - Modified Within 30 days]
boot.inh -> %SystemDrive%\boot.inh -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/30/2007 8:18:44 PM | Attr = H ]
db1874d4429d6c3068a02444 -> %SystemDrive%\db1874d4429d6c3068a02444 -> [Folder | Modified Date = 4/29/2007 2:48:18 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Modified Date = 5/6/2007 1:26:46 PM | Attr = HS]
ntdetect.col -> %SystemDrive%\ntdetect.col -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/29/2007 4:36:26 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/19/2007 12:54:38 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/30/2007 6:08:22 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/19/2007 10:26:48 PM | Attr = ]
VCOM -> %SystemDrive%\VCOM -> [Folder | Modified Date = 4/30/2007 6:07:30 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 5/4/2007 7:40:08 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/6/2007 1:31:48 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/11/2007 10:38:32 PM | Attr = H ]
$NtUninstallKB914882$ -> %SystemRoot%\$NtUninstallKB914882$ -> [Folder | Modified Date = 4/10/2007 9:33:08 PM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Modified Date = 4/8/2007 9:41:02 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Modified Date = 4/8/2007 9:44:22 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 4/9/2007 9:04:20 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/11/2007 10:33:58 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/11/2007 10:36:18 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/11/2007 10:38:50 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/11/2007 10:33:48 PM | Attr = H ]
$NtUninstallKB935448$ -> %SystemRoot%\$NtUninstallKB935448$ -> [Folder | Modified Date = 4/11/2007 10:38:36 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Modified Date = 4/8/2007 9:44:00 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 4/8/2007 9:42:26 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Modified Date = 4/8/2007 9:43:30 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Modified Date = 4/8/2007 9:41:44 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/29/2007 3:14:24 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/12/2007 5:28:48 PM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 4/28/2007 3:41:56 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/6/2007 1:26:48 PM | Attr = S]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 4/16/2007 4:04:58 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/29/2007 3:15:02 PM | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 4/29/2007 3:15:50 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/12/2007 5:28:10 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/14/2007 9:02:42 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/29/2007 2:40:46 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/30/2007 8:15:40 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/6/2007 1:32:54 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/12/2007 2:59:48 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5/6/2007 11:27:34 AM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/12/2007 2:53:22 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 4/10/2007 8:05:58 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/3/2007 7:34:14 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/6/2007 1:27:30 PM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1039896 bytes | Modified Date = 4/8/2007 9:42:16 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 4/29/2007 3:23:50 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 5/6/2007 11:50:14 AM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 231 bytes | Modified Date = 4/14/2007 9:51:18 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/6/2007 1:28:14 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/30/2007 6:02:42 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/6/2007 1:28:56 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1054 bytes | Modified Date = 4/29/2007 3:28:30 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/14/2007 9:30:34 PM | Attr = ]
MP Scheduled Quick Scan.job -> %SystemRoot%\tasks\MP Scheduled Quick Scan.job -> [Ver = | Size = 402 bytes | Modified Date = 4/14/2007 9:01:04 PM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/6/2007 1:26:54 PM | Attr = H ]
Scheduled Checkpoint.job -> %SystemRoot%\tasks\Scheduled Checkpoint.job -> [Ver = | Size = 342 bytes | Modified Date = 5/5/2007 9:04:24 PM | Attr = ]
SpywareBot Scheduled Scan.job -> %SystemRoot%\tasks\SpywareBot Scheduled Scan.job -> [Ver = | Size = 518 bytes | Modified Date = 4/25/2007 7:51:42 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 4/29/2007 3:23:54 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 4/8/2007 9:43:52 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 4/10/2007 8:25:34 PM | Attr = ]
c000pr2.tt -> %System32%\c000pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c001pr2.tt -> %System32%\c001pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c002pr2.tt -> %System32%\c002pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c003pr2.tt -> %System32%\c003pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c004pr2.tt -> %System32%\c004pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c005pr2.tt -> %System32%\c005pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c006pr2.tt -> %System32%\c006pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c007pr2.tt -> %System32%\c007pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c008pr2.tt -> %System32%\c008pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c009pr2.tt -> %System32%\c009pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/6/2007 11:31:46 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 4/29/2007 3:24:42 PM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 5/6/2007 1:00:52 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/12/2007 2:53:22 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/6/2007 11:50:44 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 4/14/2007 9:30:20 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 240736 bytes | Modified Date = 4/13/2007 10:01:20 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 4/29/2007 2:40:12 PM | Attr = ]
instdump.dmp -> %System32%\instdump.dmp -> [Ver = | Size = 98184 bytes | Modified Date = 4/25/2007 8:53:32 PM | Attr = ]
instdump.zip -> %System32%\instdump.zip -> [Ver = | Size = 19248 bytes | Modified Date = 4/25/2007 8:53:38 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 4/8/2007 9:41:48 PM | Attr = ]
mcs.rma -> %System32%\mcs.rma -> [Ver = | Size = 870128 bytes | Modified Date = 4/15/2007 10:32:34 PM | Attr = ]
MSGINA.CPR -> %System32%\MSGINA.CPR -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 4/8/2007 9:43:52 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 4/30/2007 6:08:54 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 43531 bytes | Modified Date = 5/6/2007 1:27:56 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 4/29/2007 2:40:12 PM | Attr = ]
pcdhdm.cpl -> %System32%\pcdhdm.cpl -> [Ver = | Size = 38400 bytes | Modified Date = 5/6/2007 1:28:20 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 64064 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 405640 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 460184 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4/29/2007 12:46:50 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 4/29/2007 2:40:14 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49617 bytes | Modified Date = 5/6/2007 1:27:50 PM | Attr = ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Modified Date = 5/3/2007 6:57:52 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 4/29/2007 3:27:58 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 5/6/2007 1:27:58 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 5/3/2007 5:54:40 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 4/29/2007 4:37:04 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 4/27/2007 4:37:26 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 5/6/2007 11:50:44 AM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 5/6/2007 11:50:44 AM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 5/6/2007 11:50:44 AM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 5/6/2007 11:50:44 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 4/28/2007 8:41:38 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 120096 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 2684 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 2336 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1292 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
kmxcfg.u2k0 -> %System32%\drivers\kmxcfg.u2k0 -> [Ver = | Size = 48016 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k1 -> %System32%\drivers\kmxcfg.u2k1 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k2 -> %System32%\drivers\kmxcfg.u2k2 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k3 -> %System32%\drivers\kmxcfg.u2k3 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k4 -> %System32%\drivers\kmxcfg.u2k4 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k5 -> %System32%\drivers\kmxcfg.u2k5 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k6 -> %System32%\drivers\kmxcfg.u2k6 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k7 -> %System32%\drivers\kmxcfg.u2k7 -> [Ver

#15 bigstream29

bigstream29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 06 May 2007 - 06:11 PM

WinPFind3u continued...

tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 4/28/2007 6:21:45 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 4/8/2007 8:41:47 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 4/8/2007 8:41:49 PM | Attr = H ]

[Files/Folders - Modified Within 30 days]
boot.inh -> %SystemDrive%\boot.inh -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/30/2007 8:18:44 PM | Attr = H ]
db1874d4429d6c3068a02444 -> %SystemDrive%\db1874d4429d6c3068a02444 -> [Folder | Modified Date = 4/29/2007 2:48:18 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Modified Date = 5/6/2007 1:26:46 PM | Attr = HS]
ntdetect.col -> %SystemDrive%\ntdetect.col -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/29/2007 4:36:26 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/19/2007 12:54:38 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/30/2007 6:08:22 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/19/2007 10:26:48 PM | Attr = ]
VCOM -> %SystemDrive%\VCOM -> [Folder | Modified Date = 4/30/2007 6:07:30 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 5/4/2007 7:40:08 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/6/2007 1:31:48 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/11/2007 10:38:32 PM | Attr = H ]
$NtUninstallKB914882$ -> %SystemRoot%\$NtUninstallKB914882$ -> [Folder | Modified Date = 4/10/2007 9:33:08 PM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Modified Date = 4/8/2007 9:41:02 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Modified Date = 4/8/2007 9:44:22 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 4/9/2007 9:04:20 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/11/2007 10:33:58 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/11/2007 10:36:18 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/11/2007 10:38:50 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/11/2007 10:33:48 PM | Attr = H ]
$NtUninstallKB935448$ -> %SystemRoot%\$NtUninstallKB935448$ -> [Folder | Modified Date = 4/11/2007 10:38:36 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Modified Date = 4/8/2007 9:44:00 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 4/8/2007 9:42:26 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Modified Date = 4/8/2007 9:43:30 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Modified Date = 4/8/2007 9:41:44 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/29/2007 3:14:24 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/12/2007 5:28:48 PM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 4/28/2007 3:41:56 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/6/2007 1:26:48 PM | Attr = S]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 4/16/2007 4:04:58 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/29/2007 3:15:02 PM | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 4/29/2007 3:15:50 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/12/2007 5:28:10 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/14/2007 9:02:42 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/29/2007 2:40:46 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/30/2007 8:15:40 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/6/2007 1:32:54 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/12/2007 2:59:48 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5/6/2007 11:27:34 AM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/12/2007 2:53:22 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 4/10/2007 8:05:58 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/3/2007 7:34:14 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/6/2007 1:27:30 PM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1039896 bytes | Modified Date = 4/8/2007 9:42:16 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 4/29/2007 3:23:50 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 5/6/2007 11:50:14 AM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 231 bytes | Modified Date = 4/14/2007 9:51:18 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/6/2007 1:28:14 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/30/2007 6:02:42 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/6/2007 1:28:56 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1054 bytes | Modified Date = 4/29/2007 3:28:30 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/14/2007 9:30:34 PM | Attr = ]
MP Scheduled Quick Scan.job -> %SystemRoot%\tasks\MP Scheduled Quick Scan.job -> [Ver = | Size = 402 bytes | Modified Date = 4/14/2007 9:01:04 PM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/6/2007 1:26:54 PM | Attr = H ]
Scheduled Checkpoint.job -> %SystemRoot%\tasks\Scheduled Checkpoint.job -> [Ver = | Size = 342 bytes | Modified Date = 5/5/2007 9:04:24 PM | Attr = ]
SpywareBot Scheduled Scan.job -> %SystemRoot%\tasks\SpywareBot Scheduled Scan.job -> [Ver = | Size = 518 bytes | Modified Date = 4/25/2007 7:51:42 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 4/29/2007 3:23:54 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 4/8/2007 9:43:52 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 4/10/2007 8:25:34 PM | Attr = ]
c000pr2.tt -> %System32%\c000pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c001pr2.tt -> %System32%\c001pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c002pr2.tt -> %System32%\c002pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c003pr2.tt -> %System32%\c003pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c004pr2.tt -> %System32%\c004pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c005pr2.tt -> %System32%\c005pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c006pr2.tt -> %System32%\c006pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c007pr2.tt -> %System32%\c007pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c008pr2.tt -> %System32%\c008pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
c009pr2.tt -> %System32%\c009pr2.tt -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/6/2007 11:31:46 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 4/29/2007 3:24:42 PM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 5/6/2007 1:00:52 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/12/2007 2:53:22 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/6/2007 11:50:44 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 4/14/2007 9:30:20 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 240736 bytes | Modified Date = 4/13/2007 10:01:20 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 4/29/2007 2:40:12 PM | Attr = ]
instdump.dmp -> %System32%\instdump.dmp -> [Ver = | Size = 98184 bytes | Modified Date = 4/25/2007 8:53:32 PM | Attr = ]
instdump.zip -> %System32%\instdump.zip -> [Ver = | Size = 19248 bytes | Modified Date = 4/25/2007 8:53:38 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 4/8/2007 9:41:48 PM | Attr = ]
mcs.rma -> %System32%\mcs.rma -> [Ver = | Size = 870128 bytes | Modified Date = 4/15/2007 10:32:34 PM | Attr = ]
MSGINA.CPR -> %System32%\MSGINA.CPR -> [Ver = | Size = 12 bytes | Modified Date = 4/30/2007 6:02:12 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 4/8/2007 9:43:52 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 4/30/2007 6:08:54 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 43531 bytes | Modified Date = 5/6/2007 1:27:56 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 4/29/2007 2:40:12 PM | Attr = ]
pcdhdm.cpl -> %System32%\pcdhdm.cpl -> [Ver = | Size = 38400 bytes | Modified Date = 5/6/2007 1:28:20 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 64064 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 405640 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 460184 bytes | Modified Date = 4/11/2007 10:37:52 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4/29/2007 12:46:50 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 4/29/2007 2:40:14 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49617 bytes | Modified Date = 5/6/2007 1:27:50 PM | Attr = ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Modified Date = 5/3/2007 6:57:52 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 4/29/2007 3:27:58 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 5/6/2007 1:27:58 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 5/3/2007 5:54:40 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 4/29/2007 4:37:04 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 4/27/2007 4:37:26 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 5/6/2007 11:50:44 AM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 4/26/2007 10:28:30 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 5/6/2007 11:50:44 AM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 5/6/2007 11:50:44 AM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 5/6/2007 11:50:44 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 4/28/2007 8:41:38 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 120096 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 2684 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 2336 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1292 bytes | Modified Date = 4/16/2007 3:58:06 PM | Attr = HS]
kmxcfg.u2k0 -> %System32%\drivers\kmxcfg.u2k0 -> [Ver = | Size = 48016 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k1 -> %System32%\drivers\kmxcfg.u2k1 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k2 -> %System32%\drivers\kmxcfg.u2k2 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k3 -> %System32%\drivers\kmxcfg.u2k3 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k4 -> %System32%\drivers\kmxcfg.u2k4 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k5 -> %System32%\drivers\kmxcfg.u2k5 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k6 -> %System32%\drivers\kmxcfg.u2k6 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
kmxcfg.u2k7 -> %System32%\drivers\kmxcfg.u2k7 -> [Ver = | Size = 64 bytes | Modified Date = 5/6/2007 11:56:48 AM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 4/8/2007 9:42:34 PM | Attr = ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 10128 bytes | Modified Date = 4/10/2007 5:18:46 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 4/8/2007 9:41:50 PM | Attr = H ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/9/2004 4:00:00 PM | Attr = ]
PEC2 , -> %System32%\ODBCJET.HLP -> [Ver = | Size = 163384 bytes | Modified Date = 7/11/1997 1:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.34a | Size = 63144 bytes | Modified Date = 3/9/2006 4:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.34a | Size = 114856 bytes | Modified Date = 3/9/2006 4:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 67240 bytes | Modified Date = 3/9/2006 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 62632 bytes | Modified Date = 3/9/2006 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 115880 bytes | Modified Date = 3/9/2006 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\syschkvc.dll -> Yummy Interactive Inc. [Ver = 1, 2, 0, 8 | Size = 56656 bytes | Modified Date = 1/18/2006 1:18:18 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/9/2004 4:00:00 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 4/27/2007 4:37:26 PM | Attr = ]
abetterinternet.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 10128 bytes | Modified Date = 4/29/2007 12:31:24 PM | Attr = ]
abetterinternet.com , -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 10128 bytes | Modified Date = 4/10/2007 5:18:46 PM | Attr = ]

< End of report >



[b]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Now here's the AVG anti-spyware report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:25:06 PM 5/6/2007

+ Scan result:



C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

[b]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[b]

And finally, here is the .log text from WinPFind3u:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8EEFD4E-E1E0-41D5-B165-16AA18360166} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8EEFD4E-E1E0-41D5-B165-16AA18360166} deleted successfully.
[Files/Folders - Created Within 30 days]
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\aersekhy.dll
C:\WINDOWS\SYSTEM32\aersekhy.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\aersekhy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ajtfesnf.dll
C:\WINDOWS\SYSTEM32\ajtfesnf.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\ajtfesnf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\crmyxlfx.dll
C:\WINDOWS\SYSTEM32\crmyxlfx.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\crmyxlfx.dll moved successfully.
C:\WINDOWS\SYSTEM32\dbvnncjv.ini moved successfully.
C:\WINDOWS\SYSTEM32\dcbeg.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\fnseftja.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\fyebeggp.dll
C:\WINDOWS\SYSTEM32\fyebeggp.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\fyebeggp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\gumywfnf.dll
C:\WINDOWS\SYSTEM32\gumywfnf.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\gumywfnf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\iiktdwks.dll
C:\WINDOWS\SYSTEM32\iiktdwks.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\iiktdwks.dll moved successfully.
C:\WINDOWS\SYSTEM32\ijvhrqrs.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ktlohads.dll
C:\WINDOWS\SYSTEM32\ktlohads.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\ktlohads.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\lgahxtsv.dll
C:\WINDOWS\SYSTEM32\lgahxtsv.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\lgahxtsv.dll moved successfully.
C:\WINDOWS\SYSTEM32\ljsrtnbu.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\lrfhwmvr.dll
C:\WINDOWS\SYSTEM32\lrfhwmvr.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\lrfhwmvr.dll moved successfully.
C:\WINDOWS\SYSTEM32\neavaqkn.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\nkqavaen.dll
C:\WINDOWS\SYSTEM32\nkqavaen.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\nkqavaen.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\pwxujqmq.dll
C:\WINDOWS\SYSTEM32\pwxujqmq.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\pwxujqmq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\pyuisfug.dll
C:\WINDOWS\SYSTEM32\pyuisfug.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\pyuisfug.dll moved successfully.
C:\WINDOWS\SYSTEM32\qmqjuxwp.ini moved successfully.
C:\WINDOWS\SYSTEM32\rvmwhfrl.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\srqrhvji.dll
C:\WINDOWS\SYSTEM32\srqrhvji.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\srqrhvji.dll moved successfully.
C:\WINDOWS\SYSTEM32\tuqgsvkx.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\txgondnx.dll
C:\WINDOWS\SYSTEM32\txgondnx.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\txgondnx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ubntrsjl.dll
C:\WINDOWS\SYSTEM32\ubntrsjl.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\ubntrsjl.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\vjcnnvbd.dll
C:\WINDOWS\SYSTEM32\vjcnnvbd.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\vjcnnvbd.dll moved successfully.
C:\WINDOWS\SYSTEM32\vstxhagl.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\wrbmlihi.dll
C:\WINDOWS\SYSTEM32\wrbmlihi.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\wrbmlihi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\xjkxcepe.dll
C:\WINDOWS\SYSTEM32\xjkxcepe.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\xjkxcepe.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\xkvsgqut.dll
C:\WINDOWS\SYSTEM32\xkvsgqut.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\xkvsgqut.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\xylwrvcp.dll
C:\WINDOWS\SYSTEM32\xylwrvcp.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\xylwrvcp.dll moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\SYSTEM32\aersekhy.dll not found!
File C:\WINDOWS\SYSTEM32\ajtfesnf.dll not found!
File C:\WINDOWS\SYSTEM32\crmyxlfx.dll not found!
File C:\WINDOWS\SYSTEM32\dbvnncjv.ini not found!
File C:\WINDOWS\SYSTEM32\dcbeg.bak2 not found!
File C:\WINDOWS\SYSTEM32\fnseftja.ini not found!
File C:\WINDOWS\SYSTEM32\fyebeggp.dll not found!
File C:\WINDOWS\SYSTEM32\gumywfnf.dll not found!
File C:\WINDOWS\SYSTEM32\iiktdwks.dll not found!
File C:\WINDOWS\SYSTEM32\ijvhrqrs.ini not found!
File C:\WINDOWS\SYSTEM32\ktlohads.dll not found!
File C:\WINDOWS\SYSTEM32\lgahxtsv.dll not found!
File C:\WINDOWS\SYSTEM32\ljsrtnbu.ini not found!
File C:\WINDOWS\SYSTEM32\lrfhwmvr.dll not found!
File C:\WINDOWS\SYSTEM32\neavaqkn.ini not found!
File C:\WINDOWS\SYSTEM32\nkqavaen.dll not found!
C:\WINDOWS\SYSTEM32\pcvrwlyx.ini moved successfully.
File C:\WINDOWS\SYSTEM32\pwxujqmq.dll not found!
File C:\WINDOWS\SYSTEM32\pyuisfug.dll not found!
File C:\WINDOWS\SYSTEM32\qmqjuxwp.ini not found!
File C:\WINDOWS\SYSTEM32\rvmwhfrl.ini not found!
File C:\WINDOWS\SYSTEM32\srqrhvji.dll not found!
File C:\WINDOWS\SYSTEM32\tuqgsvkx.ini not found!
File C:\WINDOWS\SYSTEM32\txgondnx.dll not found!
File C:\WINDOWS\SYSTEM32\ubntrsjl.dll not found!
File C:\WINDOWS\SYSTEM32\vjcnnvbd.dll not found!
File C:\WINDOWS\SYSTEM32\vstxhagl.ini not found!
File C:\WINDOWS\SYSTEM32\wrbmlihi.dll not found!
File C:\WINDOWS\SYSTEM32\xjkxcepe.dll not found!
File C:\WINDOWS\SYSTEM32\xkvsgqut.dll not found!
File C:\WINDOWS\SYSTEM32\xylwrvcp.dll not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\SYSTEM32\aersekhy.dll not found!
File C:\WINDOWS\SYSTEM32\ajtfesnf.dll not found!
File C:\WINDOWS\SYSTEM32\crmyxlfx.dll not found!
File C:\WINDOWS\SYSTEM32\fyebeggp.dll not found!
File C:\WINDOWS\SYSTEM32\gumywfnf.dll not found!
File C:\WINDOWS\SYSTEM32\iiktdwks.dll not found!
File C:\WINDOWS\SYSTEM32\ktlohads.dll not found!
File C:\WINDOWS\SYSTEM32\lgahxtsv.dll not found!
File C:\WINDOWS\SYSTEM32\lrfhwmvr.dll not found!
File C:\WINDOWS\SYSTEM32\nkqavaen.dll not found!
File C:\WINDOWS\SYSTEM32\pwxujqmq.dll not found!
File C:\WINDOWS\SYSTEM32\pyuisfug.dll not found!
File C:\WINDOWS\SYSTEM32\srqrhvji.dll not found!
File C:\WINDOWS\SYSTEM32\txgondnx.dll not found!
File C:\WINDOWS\SYSTEM32\ubntrsjl.dll not found!
File C:\WINDOWS\SYSTEM32\vjcnnvbd.dll not found!
File C:\WINDOWS\SYSTEM32\wrbmlihi.dll not found!
File C:\WINDOWS\SYSTEM32\xjkxcepe.dll not found!
File C:\WINDOWS\SYSTEM32\xkvsgqut.dll not found!
File C:\WINDOWS\SYSTEM32\xylwrvcp.dll not found!
[Empty Temp Folders]
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 05/06/2007 11:56:04

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I know this can be tedious figuring out what's causing my computer to slow down. Once again, thanks to all the help from BleepingComputer and you. Hopefully we can get to the bottom of this problem and fix it.

Edited by bigstream29, 06 May 2007 - 06:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users