Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help-can't Remove Infection


  • Please log in to reply
18 replies to this topic

#1 florie

florie

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 28 May 2007 - 09:59 PM

PC is at a crawl. Spybot keeps finding Smitfraud, deletes it but it keeps returning. I've tried AVG, Trend Micro, McAfee and several Smitfraud removal tools. Nothing has worked. Here's my Hijack This log. Any help greatly appreciated! Florie

Logfile of HijackThis v1.99.1
Scan saved at 1:28:13 PM, on 5/28/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: Invalid switch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7EA534EB-7C77-41C7-A41D-E7C2C40312E2} - blank (file missing)
O2 - BHO: (no name) - {87475942-7C7D-C40B-A0A3-FED78DFE1A5A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Atomic Time Synchronizer] "C:\Program Files\a-TimeSync\crack\timesync.exe" /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\itjigbey.dll",realset
O4 - HKLM\..\Run: [McAfee Privacy Service] C:\Program Files\McAfee\MPS\mps.exe -r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O20 - Winlogon Notify: CLSID - C:\WINDOWS\
O20 - Winlogon Notify: nwprovau - C:\WINDOWS\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: opnki - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


Moved from 2000/2003 forum. ~acklan~

Edited by acklan, 28 May 2007 - 10:48 PM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 29 May 2007 - 08:38 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum florie :thumbsup:

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option #1 Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy and paste the content of that report into your next reply.

IMPORTANT:
Do NOT run any other options until you are asked to do so!

***************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

***************************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 florie

florie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 29 May 2007 - 10:49 PM

Hello RichieUK and thank you so much for your assistance.

When I ran SmitfraudFix I received a blue screen crash with this error:
Unexpected Kernel Mode Trap

When I ran VundoFix it ran but at the end I received this error:
Cannot import C:\VundoFix.reg: Error opening the file. There may be a disk or file system error.

When I ran Combofix, despite the fact I am running Win 2K SP4 I received this error:
Incompatible OS.
Combofix only work for Windows 2000 and XP

Here's the VundoFix log file:
VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 9:38:11 PM 5/29/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\itjigbey.dll
C:\WINDOWS\SYSTEM32\yebgijti.ini

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\itjigbey.dll
C:\WINDOWS\SYSTEM32\itjigbey.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yebgijti.ini
C:\WINDOWS\SYSTEM32\yebgijti.ini Has been deleted!

Performing Repairs to the registry.
Done!

And here's the current Hijack log (BTW, I can only run HijackThis in

Safe Mode. If I run it in normal mode I get a blue screen crash with

that Unexpected Kernel Mode Trap error.)
Logfile of HijackThis v1.99.1
Scan saved at 11:21:38 PM, on 5/29/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: Invalid switch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7EA534EB-7C77-41C7-A41D-E7C2C40312E2} - blank (file missing)
O2 - BHO: (no name) - {87475942-7C7D-C40B-A0A3-FED78DFE1A5A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Atomic Time Synchronizer] "C:\Program Files\a-TimeSync\crack\timesync.exe" /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [McAfee Privacy Service] C:\Program Files\McAfee\MPS\mps.exe -r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O20 - Winlogon Notify: CLSID - C:\WINDOWS\
O20 - Winlogon Notify: nwprovau - C:\WINDOWS\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: opnki - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 30 May 2007 - 04:21 AM

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.

Go to:
C:\WINDOWS\System32\drivers\etc\HOSTS.
1) Right-click on the HOSTS file
2) Click Properties
3) You will see a window open,at the bottom of the window to the right of Attributes,check the box that says 'Read-only'.
4) Click Apply/OK.

**************************

download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R3 - Default URLSearchHook is missing
O1 - Hosts: Invalid switch
O2 - BHO: (no name) - {7EA534EB-7C77-41C7-A41D-E7C2C40312E2} - blank (file missing)
O2 - BHO: (no name) - {87475942-7C7D-C40B-A0A3-FED78DFE1A5A} - (no file)
O20 - Winlogon Notify: CLSID - C:\WINDOWS\
O20 - Winlogon Notify: opnki - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Exit Hijackthis.

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Also post a new Hijackthis log please.
Posted Image
Posted Image

#5 florie

florie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 31 May 2007 - 01:30 AM

When I ran HostsXpert as soon as I pressed the "Restore " button the PC went to blue screen with the "Unexpected Kernel Mode Trap" error message.

I did make the HijackThis change you indicated and then ran Dr Web. Here's the Dr Web log:
mps.exe;c:\program files\mcafee\mps;Probably BACKDOOR.Trojan;Incurable.Moved.;
Process.exe;C:\WINDOWS\SYSTEM32;Tool.Prockill;Incurable.Moved.;
nsv3F.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Incurable.Moved.;
nsn15.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Incurable.Moved.;
nsz5.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Incurable.Moved.;
nse5.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Incurable.Moved.;
nsb11.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Administrator\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Administrator\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
itjigbey.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

After doing this I tried HostsXpert again but had the same result.

And, here's the latest HijackThis log from the Safe Mode; still, if I run it in normal mode I get the same blue screen error as above.
Logfile of HijackThis v1.99.1
Scan saved at 2:03:35 AM, on 5/31/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Atomic Time Synchronizer] "C:\Program Files\a-TimeSync\crack\timesync.exe" /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\PROGRA~1\McAfee\MPS\mps.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 31 May 2007 - 06:47 AM

Click on Start/Run,type CMD then press Ok.
At the Command Prompt copy and paste the following commands pressing Enter after each one:

SC STOP AVP

SC STOP ccPwdSvc

SC STOP ccSetMgr

SC DELETE AVP

SC DELETE ccPwdSvc

SC DELETE ccSetMgr


Then type EXIT then press Enter.

Restart your pc.

******************

Now try running Vundofix and Smitfraudfix again.

******************

If you're still getting the "Unexpected Kernel Mode Trap" error,try uninstalling/reinstalling Mcafee via Start/Control Panel/Add or Remove Programs.

Let me know how you get on.
Posted Image
Posted Image

#7 florie

florie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 31 May 2007 - 08:44 PM

Doesn't work. Followed the instructions. Got to the Command Prompt. Entered the first one "SC STOP AVP" and received the following error message:
" 'SC' is not recognized as an internal or external command, operable program or batch file. "

Many thanks for all of your help thus far, Florie

#8 florie

florie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 01 June 2007 - 01:57 AM

.......further. Researched SC and found it is part of Win2K Resource Kit. Downloaded it, followed your instructionsand then got the blue screen when I ran Smitfraudfix so I uninstalled McAfee.

Smitfraudfix was then able to run. Ran Smitfraudfix Clean in safe mode as it recommended and ran Vundofix (Vundofix found nothing). Rebooted, ran Spybot and it found 1 instance of Smitfraud, 1 instance of Statcounter and 5 instances of AdRevolver. Had Spybot remove them, rebooted and ran Spybot again. Nothing found this time. Do you think this means they're really gone? Should I reinstall McAfee. I have AVG and Trend Micro currently running (AVG is the free version and Trend Micro is on a 30 day trial). Florie

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 01 June 2007 - 02:07 AM

Restart your pc,post a new Hijackthis please Florie.
Posted Image
Posted Image

#10 florie

florie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 01 June 2007 - 09:47 AM

Here it is:
Logfile of HijackThis v1.99.1
Scan saved at 10:10:09 AM, on 6/1/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\a-TimeSync\crack\timesync.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: Invalid switch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Atomic Time Synchronizer] "C:\Program Files\a-TimeSync\crack\timesync.exe" /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\PROGRA~1\McAfee\MPS\mps.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 01 June 2007 - 10:11 AM

If you're now able to run the following,can you do that next:

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.

Go to:
C:\WINDOWS\System32\drivers\etc\HOSTS.
1) Right-click on the HOSTS file
2) Click Properties
3) You will see a window open,at the bottom of the window to the right of Attributes,check the box that says 'Read-only'.
4) Click Apply/OK.

*********************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.
Posted Image
Posted Image

#12 florie

florie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 01 June 2007 - 01:05 PM

I was able to follow your instructions regarding the HOSTS file this time with no problem. However, Combofix still gave me the 'Incompatible OS. Works only with Win 2000 and XP' message. Here's the latest HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:53:43 PM, on 6/1/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\a-TimeSync\crack\timesync.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Atomic Time Synchronizer] "C:\Program Files\a-TimeSync\crack\timesync.exe" /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\PROGRA~1\McAfee\MPS\mps.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 02 June 2007 - 03:15 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

******************************

Download Winpfind V2.0.2 and extract the contents to your desktop:
http://download.bleepingcomputer.com/oldtimer/winpfind.exe
Open the WinPFind folder and double click on Winpfind.exe
Leave the configuation settings as they are and click on 'Run Scan'.
The scan will take some time to complete so please be patient.
Once complete close the program.
Open the WinPFind folder,then copy and paste the entire content of winpfind.txt into your next reply.
*NOTE*
It may take more than one reply to post the whole winpfind.txt.

Also let me know how your pc is running now.
Posted Image
Posted Image

#14 florie

florie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 02 June 2007 - 09:55 AM

The PC takes an inordinate amount of time to go through the boot process but once up is running much better. Sometime later after after yesterday's message when I said Spybot no longer found Smitfraud, a Trend Micro window popped up saying it found Smitfraud. I had it cleaned and have seen nothing since. Here's the latest log you requested:
WinPFind logfile created on: 6/2/2007 9:18:01 AM
WinPFind by OldTimer - v2.0.3 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind\

Windows OS and Versions

Product Name: Microsoft Windows 2000 Service Pack 4 | Version: 5.0.2195
Internet Explorer Version: 6.0.2800.1106

Memory/Drive Info

255.48 Mb Total Physical Memory | 89.73 Mb Available Physical Memory | 35.12% Memory free
616.27 Mb Paging File | 408.11 Mb Available in Paging File | 66.22% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.59 Gb Total Space | 1.23 Gb Free Space | 6.63% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: SONYVAIO
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal

Running Processes (Non-Microsoft)

C:\Documents and Settings\Administrator\Desktop\WinPFind\WinPFind.exe (OldTimer Tools)
C:\Program Files\a-TimeSync\timesync.exe (atsync.com)
C:\Program Files\Data Caching\FLASHKSK.EXE ( )
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AIRPLUS.exe (D-Link)
C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe (Atheros)
C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe (D-Link)
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)
C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corp.)
C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
C:\Program Files\PowerPanel\Program\PcfMgr.exe (Phoenix Technologies Ltd.)
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe (Sony Corporation)
C:\Program Files\Unlocker\UnlockerAssistant.exe ()

Win32 Services (Non-Microsoft)

(ACS) Atheros Configuration Service [Win32_Own | Auto | Running]
= C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe (Atheros)

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\SYSTEM32\dmadmin.exe (VERITAS Software Corp.)

(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

(MaxBackServiceInt) MaxBackServiceInt [Win32_Own | Auto | Running]
= C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()

(MPS9) McAfee Privacy Service [Win32_Own | Auto | Stopped]
= C:\PROGRA~1\McAfee\MPS\mps.exe (File not found)

(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped]
= C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

Registry Items (Non-Microsoft)

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Atomic Time Synchronizer = C:\Program Files\a-TimeSync\timesync.exe (atsync.com)
AVG7_CC = C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
DataCaching = C:\Program Files\Data Caching\FLASHKSK.EXE ( )
InvisibleBrowsing = (File not found)
JOGSERV2.EXE = C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe (Sony Corporation)
mxomssmenu = C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corp.)
PC Pitstop Optimize Scheduler = C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
pdfw = C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe (Bastea, Inc.)
PWRISOVM.EXE = C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
RegistryMechanic = (File not found)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
= C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
= C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus G Wireless Utility.lnk
= C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AIRPLUS.exe (D-Link)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
= C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerPanel.lnk
= C:\Program Files\PowerPanel\Program\PcfMgr.exe (Phoenix Technologies Ltd.)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
= C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe (D-Link)

< User Startup Folder = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup >
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe (Trend Micro Incorporated)

>>>>> MsConfig Disabled Items <<<<<

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = AVG Anti-Spyware 7.5 ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) )
{C286466C-2574-4905-87E1-DA7752209908} = 
{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} = Eudora's Shell Extension ( HKLM = C:\EUDORA\EuShlExt.dll (Qualcomm Inc.) )


>>>>> Winlogon Keys <<<<<


>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 698 bytes | Modified Date: 6/1/2007 1:50:04 PM)
127.0.0.1 localhost

>>>>> Desktop Components <<<<<

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
Default_Search_URL = http://www.google.com/ie
Local Page = C:\windows\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Search_URL = http://www.google.com/ie
SearchAssistant = http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Local Page = C:\windows\system32\blank.htm
Search Bar = http://www.google.com/ie
Search Page = http://www.google.com
Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
SearchAssistant = http://www.google.com/ie


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- Adobe PDF Reader Link Helper ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
- Google Toolbar Helper ( HKLM = c:\program files\Google\googletoolbar2.dll (Google Inc.) )

>>>>> HKLM Internet Explorer Bars <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

>>>>> HKCU Internet Explorer Bars <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

>>>>> HKLM Internet Explorer ToolBars <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar2.dll (Google Inc.) )
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio ( HKLM = C:\WINDOWS\SYSTEM32\msdxm.ocx () )

>>>>> HKCU Internet Explorer ToolBars <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar2.dll (Google Inc.) )
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio ( HKLM = C:\WINDOWS\SYSTEM32\msdxm.ocx () )

>>>>> HKCU Internet Explorer CmdMapping <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} = 8199 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} = 8198 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{4528BBE0-4E08-11D5-AD55-00010333D0AD} = 8195 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8196 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8201

>>>>> HKLM Internet Explorer Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKLM C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.) )
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKCU C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}]
ButtonText = Web Anti-Virus statistics

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}]
ButtonText = Create Mobile Favorite
ClsidExtension = {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - Reg Data - Key not found ( HKLM Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}]
MenuText = Create Mobile Favorite...
ClsidExtension = {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - Reg Data - Key not found ( HKLM Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}]
ButtonText = Messenger
MenuText = MSN Messenger Service

>>>>> HKCU Internet Explorer Menu Extensions <<<<<

>>>>> HKLM Internet Explorer Plugins Extensions <<<<<

>>>>> HKLM Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{03FF3962-D823-11D4-97F0-009027769C61} = Data Caching Shell Extension ( HKLM = C:\Program Files\Data Caching\FLASHSHL.DLL ( ) )
{1E2CDF40-419B-11D2-A5A1-002018648BA7} = AVG Shell Extension ( CLSID not found! )
{330417E8-EF62-4047-82BE-D8305CEFF572} = ShellExtension Class ( HKLM = C:\Program Files\4Musics MP3 Bitrate Changer\amshellext.dll (4Musics, Inc.) )
{39D328C0-C37A-11cf-BE99-0020AFD208B9} = Shell extensions for Folio Infobases ( CLSID not found! )
{3c249f62-e26e-11d4-97f0-009027769c61} = Format Shell ( HKLM = C:\Program Files\Format Shell\SMSHELL.DLL (OnSpec Electronic Inc.,) )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( HKLM = deskpan.dll (File not found) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} = Web Anti-Virus statistics ( HKLM = Reg Data - Key not found (File not found) )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\SYSTEM32\hticons.dll (Hilgraeve, Inc.) )
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = PowerISO ( HKLM = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.) )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\PROGRAM FILES\WinRAR\RarExt.dll () )
{B4B3001E-0F56-4E51-8250-BDE11547EC55} = Super Ad Blocker Toolbar ( CLSID not found! )
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} = Web Folders ( HKLM = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL () )
{C56C4E21-706D-11d0-AFC5-444553540002} = My Digital Camera ( HKLM = C:\Program Files\Common Files\FotoNation\camView.dll (FotoNation Inc.) )
{c7745760-8ead-11ce-b750-02608ca5202c} = IomegaWare Shell Extension ( HKLM = C:\Program Files\Iomega\Shell\IMGMENU.DLL (Iomega Corp.) )
{c7745761-8ead-11ce-b750-02608ca5202c} = IomegaWare Shell Extension ( HKLM = C:\Program Files\Iomega\Shell\IMGPROP.DLL (Iomega Corp.) )
{D9872D13-7651-4471-9EEE-F0A00218BEBB} = Multiscan ( CLSID not found! )
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = UnlockerShellExtension ( HKLM = C:\Program Files\Unlocker\UnlockerCOM.dll () )
{E0D79304-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79305-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79306-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79307-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )

>>>>> HKCU Approved Shell Extensions <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} = Web Folders ( HKLM = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL () )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Shell Extension]
@ = {1E2CDF40-419B-11D2-A5A1-002018648BA7} ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\FileSnoop]
@ = {D6C6A253-FC96-43B9-A883-FBB9EAFDCCAD} ( HKLM = C:\Program Files\FileSnoop\ContMenu.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus]
@ = {dd230880-495a-11d1-b064-008048ec2fc5} ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\MagicISO]
@ = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} ( HKLM = C:\Program Files\MagicISO\misosh.dll (MagicISO, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\PowerISO]
@ = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} ( HKLM = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\QuickViewPlusMenu]
@ = {F0F08737-0C36-101B-B086-0020AF07D0F4} ( HKLM = C:\Program Files\Quick View Plus\PROGRAM\QVPSE2.DLL (Inso Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\PROGRAM FILES\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\UnlockerShellExtension]
@ = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} ( HKLM = C:\Program Files\Unlocker\UnlockerCOM.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\ID3-TagIT\command]
@ = "C:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" (C:\Program Files\ID3-TagIT 3\ID3-TagIT.exe ( ))

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\Open in FileSnoop\command]
@ = C:\Program Files\FileSnoop\FileSnoop.exe "%L" (C:\Program Files\FileSnoop\FileSnoop.exe (Ziff Davis Media, Inc))

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\MagicISO]
@ = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} ( HKLM = C:\Program Files\MagicISO\misosh.dll (MagicISO, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\PowerISO]
@ = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} ( HKLM = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\PROGRAM FILES\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG Shell Extension]
@ = {1E2CDF40-419B-11D2-A5A1-002018648BA7} ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\InfobaseFindMenu]
@ = {39D328C0-C37A-11cf-BE99-0020AFD208B9} ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus]
@ = {dd230880-495a-11d1-b064-008048ec2fc5} ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\MagicISO]
@ = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} ( HKLM = C:\Program Files\MagicISO\misosh.dll (MagicISO, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\PowerISO]
@ = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} ( HKLM = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\UnlockerShellExtension]
@ = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} ( HKLM = C:\Program Files\Unlocker\UnlockerCOM.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\PROGRAM FILES\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network]
HideSharePwds = ( 1 0 0 0 ) - 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp]
NoRealMode = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 0
CDRAutoRun = ( 0 0 0 0 ) -

>>>>> Security Providers <<<<<

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = ssiefr.e;
ExcludeFromKnownDlls =


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
ComSpec = C:\WINDOWS\system32\COMMAND.COM ( C:\WINDOWS\SYSTEM32\command.com () )
TEMP = C:\WINDOWS\TEMP
TMP = C:\WINDOWS\TEMP
windir = C:\WINDOWS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path]
%SystemRoot%\system32
%SystemRoot%
%SystemRoot%\system32\WBEM
%SYSTEMROOT%\COMMAND
C:\Perl\bin

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT]
.COM
.EXE
.BAT
.CMD
.VBS
.VBE
.JS
.JSE
.WSF
.WSH

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

>>>>> User Agent Post Platform <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
Q312461 =

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = Reg Data - Key not found
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = Reg Data - Key not found
.js [@ = JSFile] -> PersistentHandler = Reg Data - Key not found
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL %1,%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)

https [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> %1
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -> "C:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [Open in FileSnoop] -> C:\Program Files\FileSnoop\FileSnoop.exe "%L" (Ziff Davis Media, Inc)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = %SystemRoot%\system32\ie4uinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\system32\setup\wmpocm.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91FA33B8-18AD-4011-97A3-699BEB1F9DBA}] ( D-Link AirPlus G DWL-G630 Wireless Cardbus Adapter )
DefaultGateway =
DhcpDefaultGateway = 192.168.0.1;
DhcpIPAddress = 192.168.0.166
DhcpNameServer = 192.168.0.1
DhcpServer = 192.168.0.1
DhcpSubnetMask = 255.255.255.0
DisableDynamicUpdate = 0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F26C22CB-012C-4057-A2A8-EF08C9B3B0D7}]
DefaultGateway =
DisableDynamicUpdate = 0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF5FD8D5-0978-4B20-A9F3-FCA62BF52F0B}] ( Intel 8255x-based PCI Ethernet Adapter (10/100) )
DefaultGateway =
DhcpIPAddress = 192.168.0.103
DhcpServer = 192.168.0.1
DhcpSubnetMask = 255.255.255.0
DisableDynamicUpdate = 0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Default Protocols [HKLM] <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@ivt - 1 = Local intranet
file - 3 = Internet
ftp - 3 = Internet
http - 3 = Internet
https - 3 = Internet
shell - 0 = My Computer

>>>>> Protocol Handlers <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mctp]
CLSID = {d7b95390-b1c5-11d0-b111-0080c712fe82} - ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ndwiat]
CLSID = {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vnd.ms.radio]
CLSID = {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - ( HKLM = C:\WINDOWS\SYSTEM32\msdxm.ocx () )

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab

Files / Folders Created Within 30 Days

C:\MSDOS.SYS [Ver = | Size = 0 bytes | Created Date = 5/4/2007 10:33:19 PM | Attr = RHS]
C:\My Music [Folder | Created Date = 5/10/2007 10:18:41 PM | Attr = ]
C:\FOUND.000 [Folder | Created Date = 5/26/2007 8:52:38 AM | Attr = ]
C:\VundoFix Backups [Folder | Created Date = 5/29/2007 8:38:11 PM | Attr = ]
C:\CONFIG.SYS [Ver = | Size = 0 bytes | Created Date = 5/11/2007 9:23:00 PM | Attr = H ]
C:\AUTOEXEC.BAT [Ver = | Size = 0 bytes | Created Date = 5/11/2007 9:23:00 PM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft [Folder | Created Date = 5/11/2007 9:18:05 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\McAfee [Folder | Created Date = 5/11/2007 9:33:06 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Maxtor [Folder | Created Date = 5/11/2007 9:33:06 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Avg7 [Folder | Created Date = 5/12/2007 8:57:04 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Google [Folder | Created Date = 5/13/2007 9:57:29 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [Folder | Created Date = 5/21/2007 11:17:59 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\WinZip [Folder | Created Date = 5/25/2007 8:00:51 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Created Date = 5/26/2007 5:47:43 PM | Attr = ]
C:\Documents and Settings\Administrator\Application Data\AVG7 [Folder | Created Date = 5/26/2007 5:49:33 PM | Attr = ]
C:\Documents and Settings\Administrator\Application Data\PC Tools [Folder | Created Date = 5/4/2007 11:05:35 PM | Attr = ]
C:\Documents and Settings\All Users\Documents\DrWatson [Folder | Created Date = 5/11/2007 11:33:36 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1346 bytes | Created Date = 5/26/2007 5:48:38 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk [Ver = | Size = 624 bytes | Created Date = 5/26/2007 12:55:57 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Trend Micro Anti-Spyware.lnk [Ver = | Size = 569 bytes | Created Date = 5/12/2007 11:16:32 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 611 bytes | Created Date = 5/26/2007 9:01:33 AM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix [Folder | Created Date = 5/31/2007 9:43:57 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\Anonymizer_Software(2).exe [Ver = | Size = 35475296 bytes | Created Date = 5/8/2007 3:19:35 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\Multi Password Recovery 1.0.3.exe [Ver = | Size = 837640 bytes | Created Date = 5/7/2007 9:57:26 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\backups [Folder | Created Date = 5/30/2007 8:45:05 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\Anonymizer.lnk [Ver = | Size = 1751 bytes | Created Date = 5/8/2007 3:44:43 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\cwshredder.exe Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Created Date = 5/12/2007 11:09:14 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\hijackthis.zip [Ver = | Size = 212849 bytes | Created Date = 5/25/2007 8:00:30 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\AntiPuper.exe Business Information Solutions [Ver = 1.2 | Size = 186946 bytes | Created Date = 5/26/2007 9:31:18 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\sc.zip [Ver = | Size = 26052 bytes | Created Date = 5/31/2007 10:51:32 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\VundoFix.exe Atribune.org [Ver = 6.04.0001 | Size = 102912 bytes | Created Date = 5/29/2007 8:36:22 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe [Ver = | Size = 877773 bytes | Created Date = 5/23/2007 10:14:07 AM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [Ver = | Size = 1087736 bytes | Created Date = 5/29/2007 9:22:09 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\winpfind.exe [Ver = | Size = 267222 bytes | Created Date = 6/2/2007 8:14:07 AM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\spywareblastersetup351.exe Javacool Software LLC [Ver = 3.5.1 | Size = 2566736 bytes | Created Date = 5/4/2007 2:15:56 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\softe_flac_to_mp3_converter.exe [Ver = | Size = 9005132 bytes | Created Date = 5/10/2007 9:21:12 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix(2).exe [Ver = | Size = 878106 bytes | Created Date = 5/29/2007 8:06:12 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\HostsXpert.zip [Ver = | Size = 301050 bytes | Created Date = 5/30/2007 7:31:46 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\HostsXpert [Folder | Created Date = 5/30/2007 7:33:19 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\DrWeb.csv [Ver = | Size = 1309 bytes | Created Date = 5/30/2007 11:54:46 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe [Ver = | Size = 6438560 bytes | Created Date = 5/30/2007 8:07:51 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\ComboFix(2).exe [Ver = | Size = 1088077 bytes | Created Date = 6/1/2007 12:52:30 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\WinPFind [Folder | Created Date = 6/2/2007 8:15:02 AM | Attr = ]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk [Ver = | Size = 603 bytes | Created Date = 5/12/2007 11:16:32 PM | Attr = ]
C:\Program Files\Common Files\Softwin [Folder | Created Date = 5/6/2007 8:17:38 AM | Attr = ]
C:\Program Files\Common Files\Wise Installation Wizard [Folder | Created Date = 5/8/2007 3:44:20 PM | Attr = ]
C:\WINDOWS\MEMORY.DMP [Ver = | Size = 267964416 bytes | Created Date = 5/11/2007 11:42:32 PM | Attr = ]
C:\WINDOWS\$NtUninstallKB842773$ [Folder | Created Date = 5/13/2007 8:54:08 PM | Attr = H ]
C:\WINDOWS\Active Setup Log.BAK [Ver = | Size = 969 bytes | Created Date = 5/13/2007 8:59:55 PM | Attr = ]
C:\WINDOWS\SET2A.tmp [Ver = | Size = 13785 bytes | Created Date = 5/11/2007 9:11:35 PM | Attr = R ]
C:\WINDOWS\SET52.tmp [Ver = | Size = 1167584 bytes | Created Date = 5/11/2007 9:11:42 PM | Attr = R ]
C:\WINDOWS\System32\mcrh.tmp [Ver = | Size = 143 bytes | Created Date = 5/3/2007 11:01:17 PM | Attr = ]
C:\WINDOWS\System32\tmp.reg [Ver = | Size = 2618 bytes | Created Date = 5/23/2007 6:32:26 PM | Attr = ]
C:\WINDOWS\System32\cliconf.chm [Ver = | Size = 71859 bytes | Created Date = 5/11/2007 9:26:41 PM | Attr = ]
C:\WINDOWS\System32\12520850.cpx [Ver = | Size = 2233 bytes | Created Date = 5/11/2007 9:26:34 PM | Attr = ]
C:\WINDOWS\System32\sqlclnt.rsp [Ver = | Size = 181 bytes | Created Date = 5/11/2007 9:26:19 PM | Attr = ]
C:\WINDOWS\System32\sqlsodbc.chm [Ver = | Size = 46133 bytes | Created Date = 5/11/2007 9:26:44 PM | Attr = ]
C:\WINDOWS\System32\tmmute.ini [Ver = | Size = 2162 bytes | Created Date = 5/12/2007 11:16:32 PM | Attr = ]
C:\WINDOWS\System32\odbcconf.rsp [Ver = | Size = 4310 bytes | Created Date = 5/11/2007 9:26:28 PM | Attr = ]
C:\WINDOWS\System32\spxcoins.dll Specialix International Ltd. [Ver = 1.0.0.0004 | Size = 148992 bytes | Created Date = 5/11/2007 9:11:49 PM | Attr = ]
C:\WINDOWS\System32\12520437.cpx [Ver = | Size = 2151 bytes | Created Date = 5/11/2007 9:26:34 PM | Attr = ]
C:\WINDOWS\System32\bdod.bin [Ver = | Size = 81984 bytes | Created Date = 5/6/2007 7:48:04 PM | Attr = ]
C:\WINDOWS\System32\hypertrm.dll Hilgraeve, Inc. [Ver = 5.00.2195.6684 | Size = 574224 bytes | Created Date = 5/11/2007 9:18:45 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_690.dat [Ver = | Size = 16384 bytes | Created Date = 5/11/2007 8:08:46 PM | Attr = ]
C:\WINDOWS\System32\mdaccore.rsp [Ver = | Size = 253 bytes | Created Date = 5/11/2007 9:26:19 PM | Attr = ]
C:\WINDOWS\System32\redist.rsp [Ver = | Size = 28 bytes | Created Date = 5/11/2007 9:26:19 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_900.dat [Ver = | Size = 16384 bytes | Created Date = 5/11/2007 8:06:48 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_694.dat [Ver = | Size = 16384 bytes | Created Date = 5/11/2007 8:14:38 PM | Attr = ]
C:\WINDOWS\System32\instcat.sql [Ver = | Size = 956996 bytes | Created Date = 5/11/2007 9:26:42 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_334.dat [Ver = | Size = 16384 bytes | Created Date = 5/11/2007 9:38:15 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_75c.dat [Ver = | Size = 16384 bytes | Created Date = 5/13/2007 10:34:55 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_764.dat [Ver = | Size = 16384 bytes | Created Date = 5/6/2007 8:33:38 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_34c.dat [Ver = | Size = 16384 bytes | Created Date = 5/4/2007 10:40:00 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_704.dat [Ver = | Size = 16384 bytes | Created Date = 5/11/2007 11:51:47 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_70c.dat [Ver = | Size = 16384 bytes | Created Date = 5/12/2007 7:26:40 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_358.dat [Ver = | Size = 16384 bytes | Created Date = 5/4/2007 3:17:50 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_644.dat [Ver = | Size = 16384 bytes | Created Date = 5/3/2007 11:07:10 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7c4.dat [Ver = | Size = 16384 bytes | Created Date = 5/27/2007 10:17:47 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_132c.dat [Ver = | Size = 16384 bytes | Created Date = 5/24/2007 9:17:00 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_354.dat [Ver = | Size = 16384 bytes | Created Date = 5/4/2007 6:03:36 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_1e0.dat [Ver = | Size = 16384 bytes | Created Date = 5/31/2007 12:30:58 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_860.dat [Ver = | Size = 16384 bytes | Created Date = 5/23/2007 7:12:05 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_72c.dat [Ver = | Size = 16384 bytes | Created Date = 5/6/2007 7:53:12 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_6bc.dat [Ver = | Size = 16384 bytes | Created Date = 5/12/2007 8:42:44 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_6a4.dat [Ver = | Size = 16384 bytes | Created Date = 5/6/2007 8:20:02 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_2d4.dat [Ver = | Size = 16384 bytes | Created Date = 5/31/2007 11:08:30 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_3bc.dat [Ver = | Size = 16384 bytes | Created Date = 5/13/2007 9:06:50 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_320.dat [Ver = | Size = 16384 bytes | Created Date = 5/13/2007 9:30:17 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_394.dat [Ver = | Size = 16384 bytes | Created Date = 5/31/2007 12:03:26 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_6a8.dat [Ver = | Size = 16384 bytes | Created Date = 5/16/2007 6:57:16 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_628.dat [Ver = | Size = 16384 bytes | Created Date = 5/18/2007 2:39:31 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_880.dat [Ver = | Size = 16384 bytes | Created Date = 5/18/2007 2:40:21 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_39c.dat [Ver = | Size = 16384 bytes | Created Date = 5/23/2007 10:48:16 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_708.dat [Ver = | Size = 16384 bytes | Created Date = 5/22/2007 10:47:39 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_210.dat [Ver = | Size = 16384 bytes | Created Date = 5/22/2007 11:43:47 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_744.dat [Ver = | Size = 16384 bytes | Created Date = 5/22/2007 11:44:46 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_698.dat [Ver = | Size = 16384 bytes | Created Date = 5/23/2007 10:49:18 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_928.dat [Ver = | Size = 16384 bytes | Created Date = 5/23/2007 8:38:23 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_44c.dat [Ver = | Size = 16384 bytes | Created Date = 5/23/2007 7:28:36 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_6d8.dat [Ver = | Size = 16384 bytes | Created Date = 5/25/2007 8:18:20 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_634.dat [Ver = | Size = 16384 bytes | Created Date = 5/24/2007 10:03:54 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_65c.dat [Ver = | Size = 16384 bytes | Created Date = 5/25/2007 9:52:04 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_8e4.dat [Ver = | Size = 16384 bytes | Created Date = 5/25/2007 9:52:09 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7e4.dat [Ver = | Size = 16384 bytes | Created Date = 5/26/2007 6:07:49 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_36c.dat [Ver = | Size = 16384 bytes | Created Date = 5/26/2007 6:07:55 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_66c.dat [Ver = | Size = 16384 bytes | Created Date = 5/26/2007 9:51:32 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_748.dat [Ver = | Size = 16384 bytes | Created Date = 5/26/2007 10:55:35 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_6e8.dat [Ver = | Size = 16384 bytes | Created Date = 5/27/2007 1:44:13 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_890.dat [Ver = | Size = 16384 bytes | Created Date = 5/28/2007 12:00:13 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7f0.dat [Ver = | Size = 16384 bytes | Created Date = 5/28/2007 12:14:54 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7e8.dat [Ver = | Size = 16384 bytes | Created Date = 5/28/2007 1:07:37 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_444.dat [Ver = | Size = 16384 bytes | Created Date = 5/28/2007 1:21:07 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_32c.dat [Ver = | Size = 16384 bytes | Created Date = 5/28/2007 8:56:29 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7dc.dat [Ver = | Size = 16384 bytes | Created Date = 5/28/2007 9:08:42 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_754.dat [Ver = | Size = 16384 bytes | Created Date = 5/28/2007 2:59:22 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_740.dat [Ver = | Size = 16384 bytes | Created Date = 5/28/2007 8:28:35 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7e0.dat [Ver = | Size = 16384 bytes | Created Date = 5/29/2007 8:46:33 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_76c.dat [Ver = | Size = 16384 bytes | Created Date = 5/29/2007 8:40:48 PM | Attr = ]
C:\WINDOWS\System32\VundoFixSVC.exe Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Created Date = 5/29/2007 9:03:14 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7d0.dat [Ver = | Size = 16384 bytes | Created Date = 5/29/2007 9:12:53 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7b8.dat [Ver = | Size = 16384 bytes | Created Date = 5/29/2007 9:22:27 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_89c.dat [Ver = | Size = 16384 bytes | Created Date = 5/29/2007 10:30:18 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_410.dat [Ver = | Size = 16384 bytes | Created Date = 5/30/2007 8:10:14 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_384.dat [Ver = | Size = 16384 bytes | Created Date = 5/31/2007 12:03:54 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_700.dat [Ver = | Size = 16384 bytes | Created Date = 5/31/2007 12:25:07 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_198.dat [Ver = | Size = 16384 bytes | Created Date = 5/31/2007 12:31:05 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_784.dat [Ver = | Size = 16384 bytes | Created Date = 5/31/2007 9:16:01 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_8ec.dat [Ver = | Size = 16384 bytes | Created Date = 5/31/2007 9:17:07 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_778.dat [Ver = | Size = 16384 bytes | Created Date = 5/31/2007 9:57:27 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_830.dat [Ver = | Size = 16384 bytes | Created Date = 5/31/2007 11:08:34 PM | Attr = ]
C:\WINDOWS\System32\dllcache\12520437.cpx [Ver = | Size = 2151 bytes | Created Date = 5/11/2007 9:26:34 PM | Attr = ]
C:\WINDOWS\System32\dllcache\12520850.cpx [Ver = | Size = 2233 bytes | Created Date = 5/11/2007 9:26:34 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mei32api.dll IBM Corporation [Ver = 2.60.35.0 | Size = 31232 bytes | Created Date = 5/11/2007 9:28:28 PM | Attr = ]
C:\WINDOWS\System32\dllcache\meiw0439.dll IBM Corporation [Ver = 2.60.35.0 | Size = 83968 bytes | Created Date = 5/11/2007 9:28:28 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mplayer2.exe [Ver = | Size = 4639 bytes | Created Date = 5/11/2007 9:21:03 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwci32.dll IBM Corporation [Ver = 2.60.35.0 | Size = 51712 bytes | Created Date = 5/11/2007 9:29:01 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwave.dll IBM Corporation [Ver = 2.60.35.0 | Size = 50688 bytes | Created Date = 5/11/2007 9:29:00 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwavesrv.dll IBM Corporation [Ver = 2.60.35.0 | Size = 129024 bytes | Created Date = 5/11/2007 9:29:00 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwblw32.dll IBM Corporation [Ver = 2.60.35.0 | Size = 56832 bytes | Created Date = 5/11/2007 9:29:00 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwsetupk.sys IBM Corporation [Ver = 2.60.01.0 | Size = 3216 bytes | Created Date = 5/11/2007 9:29:05 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwcicore.dll IBM Corporation [Ver = 2.60.35.0 | Size = 71168 bytes | Created Date = 5/11/2007 9:29:02 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwcload.exe IBM Corporation [Ver = 2.60.35.0 | Size = 56832 bytes | Created Date = 5/11/2007 9:29:02 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwcloadw.exe IBM Corporation [Ver = 2.60.35.0 | Size = 60928 bytes | Created Date = 5/11/2007 9:29:02 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwclw32.dll IBM Corporation [Ver = 2.60.35.0 | Size = 90624 bytes | Created Date = 5/11/2007 9:29:02 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwcnam32.dll IBM Corporation [Ver = 2.60.35.0 | Size = 33280 bytes | Created Date = 5/11/2007 9:29:02 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwcpa32.cpl IBM Corporation [Ver = 2.60.35.0 | Size = 94208 bytes | Created Date = 5/11/2007 9:29:03 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwcpyrt.exe IBM Corporation [Ver = 2.60.35.0 | Size = 26112 bytes | Created Date = 5/11/2007 9:29:03 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwcsw32.exe IBM Corporation [Ver = 2.60.35.0 | Size = 160256 bytes | Created Date = 5/11/2007 9:29:03 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwmdmsvc.exe IBM Corporation [Ver = 2.60.35.0 | Size = 50688 bytes | Created Date = 5/11/2007 9:29:04 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwmlw32.dll IBM Corporation [Ver = 2.60.35.0 | Size = 262144 bytes | Created Date = 5/11/2007 9:29:04 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwmmw32.dll IBM Corporation [Ver = 2.60.35.0 | Size = 40448 bytes | Created Date = 5/11/2007 9:29:04 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwmpw32.dll IBM Corporation [Ver = 2.60.35.0 | Size = 164352 bytes | Created Date = 5/11/2007 9:29:04 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwmw32.dll IBM Corporation [Ver = 2.60.35.0 | Size = 121344 bytes | Created Date = 5/11/2007 9:29:05 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwrcov16.exe IBM Corporation [Ver = 2.51:01 | Size = 42496 bytes | Created Date = 5/11/2007 9:29:05 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwremind.exe IBM Corporation [Ver = 2.60.35.0 | Size = 202752 bytes | Created Date = 5/11/2007 9:29:05 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwssw32.exe IBM Corporation [Ver = 2.60.35.0 | Size = 29184 bytes | Created Date = 5/11/2007 9:29:05 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwwdm.sys IBM Corporation [Ver = 2.60.05.0 | Size = 39200 bytes | Created Date = 5/11/2007 9:29:05 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwwdmhlp.dll IBM Corporation [Ver = 2.60.35.0 | Size = 30720 bytes | Created Date = 5/11/2007 9:29:06 PM | Attr = ]
C:\WINDOWS\System32\dllcache\mwwtt32.dll IBM Corporation [Ver = 2.60.35.0 | Size = 108032 bytes | Created Date = 5/11/2007 9:29:06 PM | Attr = ]
C:\WINDOWS\System32\dllcache\odbcconf.rsp [Ver = | Size = 4310 bytes | Created Date = 5/11/2007 9:26:28 PM | Attr = ]
C:\WINDOWS\System32\dllcache\qtest32.exe IBM Corporation [Ver = 2.60.35.0 | Size = 155648 bytes | Created Date = 5/11/2007 9:29:36 PM | Attr = ]
C:\WINDOWS\System32\dllcache\qtestm32.dll IBM Corporation [Ver = 2.60.35.0 | Size = 31744 bytes | Created Date = 5/11/2007 9:29:36 PM | Attr = ]
C:\WINDOWS\System32\dllcache\spxcoins.dll Specialix International Ltd. [Ver = 1.0.0.0004 | Size = 148992 bytes | Created Date = 5/11/2007 9:11:49 PM | Attr = ]
C:\WINDOWS\System32\dllcache\tcarc.sys Thomas-Conrad Corporation [Ver = 1.10.0.0 | Size = 10800 bytes | Created Date = 5/11/2007 9:30:11 PM | Attr = ]
C:\WINDOWS\System32\dllcache\wangimg.exe Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 7440 bytes | Created Date = 5/11/2007 9:30:21 PM | Attr = ]
C:\WINDOWS\System32\dllcache\xilinxit.dll IBM Corporation [Ver = 2.60.35.0 | Size = 36352 bytes | Created Date = 5/11/2007 9:30:32 PM | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 5/12/2007 11:16:29 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Created Date = 5/26/2007 5:48:25 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 5/26/2007 5:48:32 PM | Attr = ]
C:\WINDOWS\System32\drivers\fidbox.idx [Ver = | Size = 32 bytes | Created Date = 5/10/2007 11:39:34 PM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox.dat [Ver = | Size = 32 bytes | Created Date = 5/10/2007 11:39:34 PM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox2.idx [Ver = | Size = 32 bytes | Created Date = 5/10/2007 11:39:34 PM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox2.dat [Ver = | Size = 544 bytes | Created Date = 5/10/2007 11:39:34 PM | Attr = HS]
C:\WINDOWS\System32\drivers\klick.dat [Ver = | Size = 74908 bytes | Created Date = 5/10/2007 11:39:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\klin.dat [Ver = | Size = 74396 bytes | Created Date = 5/10/2007 11:39:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\e100bnt5.sys Intel Corporation [Ver = 4.02.38.0000 | Size = 85776 bytes | Created Date = 5/11/2007 9:14:20 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsnt.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 26944 bytes | Created Date = 5/26/2007 5:48:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 5/26/2007 5:48:35 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 5/26/2007 5:48:35 PM | Attr = ]
C:\WINDOWS\System32\drivers\AvgArCln.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/26/2007 12:55:55 AM | Attr = ]
C:\WINDOWS\System32\drivers\AvgAsCln.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/26/2007 9:00:59 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/26/2007 5:48:35 PM | Attr = ]
C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin [Ver = | Size = 698 bytes | Created Date = 5/12/2007 11:16:55 PM | Attr = ]
C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin [Ver = | Size = 698 bytes | Created Date = 5/12/2007 11:16:55 PM | Attr = ]

Files / Folders Modified Within 30 Days

C:\MSDOS.SYS [Ver = | Size = 0 bytes | Modified Date = 5/4/2007 11:33:20 PM | Attr = RHS]
C:\My Music [Folder | Modified Date = 5/10/2007 11:18:42 PM | Attr = ]
C:\FOUND.000 [Folder | Modified Date = 5/26/2007 9:52:38 AM | Attr = ]
C:\VundoFix Backups [Folder | Modified Date = 5/29/2007 9:38:12 PM | Attr = ]
C:\boot.ini [Ver = | Size = 196 bytes | Modified Date = 5/11/2007 10:18:06 PM | Attr = HS]
C:\CONFIG.SYS [Ver = | Size = 0 bytes | Modified Date = 5/11/2007 10:23:02 PM | Attr = H ]
C:\AUTOEXEC.BAT [Ver = | Size = 0 bytes | Modified Date = 5/11/2007 10:23:02 PM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft [Folder | Modified Date = 5/11/2007 10:18:06 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\McAfee [Folder | Modified Date = 5/11/2007 10:33:08 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Maxtor [Folder | Modified Date = 5/11/2007 10:33:08 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Avg7 [Folder | Modified Date = 5/12/2007 9:57:06 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Google [Folder | Modified Date = 5/13/2007 10:57:30 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [Folder | Modified Date = 5/22/2007 12:18:00 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\WinZip [Folder | Modified Date = 5/25/2007 9:00:52 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Modified Date = 5/26/2007 6:47:44 PM | Attr = ]
C:\Documents and Settings\Administrator\Application Data\AVG7 [Folder | Modified Date = 5/26/2007 6:49:34 PM | Attr = ]
C:\Documents and Settings\Administrator\Application Data\PC Tools [Folder | Modified Date = 5/5/2007 12:05:36 AM | Attr = ]
C:\Documents and Settings\All Users\Documents\DrWatson [Folder | Modified Date = 5/12/2007 12:33:38 AM | Attr = ]
C:\Documents and Settings\Anthony R Gargano\My Documents\RetirementFlor.xls [Ver = | Size = 20480 bytes | Modified Date = 5/5/2007 5:05:06 PM | Attr = ]
C:\Documents and Settings\Anthony R Gargano\My Documents\Retirement.xls [Ver = | Size = 31232 bytes | Modified Date = 5/8/2007 4:16:38 PM | Attr = ]
C:\Documents and Settings\Anthony R Gargano\My Documents\Movie Library.doc [Ver = | Size = 136704 bytes | Modified Date = 6/1/2007 10:49:26 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1346 bytes | Modified Date = 5/26/2007 6:48:40 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk [Ver = | Size = 624 bytes | Modified Date = 5/26/2007 1:55:58 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Trend Micro Anti-Spyware.lnk [Ver = | Size = 569 bytes | Modified Date = 5/13/2007 12:16:34 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 611 bytes | Modified Date = 5/26/2007 10:01:34 AM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\Anonymizer_Software(2).exe [Ver = | Size = 35475296 bytes | Modified Date = 5/8/2007 4:31:30 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\SpywareBlaster.lnk [Ver = | Size = 487 bytes | Modified Date = 5/11/2007 10:47:36 AM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\backups [Folder | Modified Date = 5/30/2007 9:45:06 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\Anonymizer.lnk [Ver = | Size = 1751 bytes | Modified Date = 5/8/2007 5:04:18 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\cwshredder.exe Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 5/13/2007 12:05:20 AM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\hijackthis.zip [Ver = | Size = 212849 bytes | Modified Date = 5/25/2007 9:00:28 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\AntiPuper.exe Business Information Solutions [Ver = 1.2 | Size = 186946 bytes | Modified Date = 5/26/2007 10:30:04 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\sc.zip [Ver = | Size = 26052 bytes | Modified Date = 5/31/2007 11:51:28 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\VundoFix.exe Atribune.org [Ver = 6.04.0001 | Size = 102912 bytes | Modified Date = 5/29/2007 9:35:14 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe [Ver = | Size = 877773 bytes | Modified Date = 5/23/2007 11:14:28 AM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [Ver = | Size = 1087736 bytes | Modified Date = 5/29/2007 10:22:08 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\winpfind.exe [Ver = | Size = 267222 bytes | Modified Date = 6/2/2007 9:14:06 AM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\softe_flac_to_mp3_converter.exe [Ver = | Size = 9005132 bytes | Modified Date = 5/10/2007 10:21:46 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix(2).exe [Ver = | Size = 878106 bytes | Modified Date = 5/29/2007 9:06:12 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\HostsXpert.zip [Ver = | Size = 301050 bytes | Modified Date = 5/30/2007 8:31:38 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\HostsXpert [Folder | Modified Date = 5/30/2007 8:33:20 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\DrWeb.csv [Ver = | Size = 1309 bytes | Modified Date = 5/31/2007 12:54:48 AM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\Audio Conversion Wizard.lnk [Ver = | Size = 709 bytes | Modified Date = 5/10/2007 10:29:22 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe [Ver = | Size = 6438560 bytes | Modified Date = 5/30/2007 9:10:04 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\ComboFix(2).exe [Ver = | Size = 1088077 bytes | Modified Date = 6/1/2007 1:52:30 PM | Attr = ]
C:\Documents and Settings\Administrator\Desktop\WinPFind [Folder | Modified Date = 6/2/2007 9:15:04 AM | Attr = ]
C:\Program Files\Common Files\Softwin [Folder | Modified Date = 5/6/2007 9:17:40 AM | Attr = ]
C:\Program Files\Common Files\Wise Installation Wizard [Folder | Modified Date = 5/8/2007 4:44:22 PM | Attr = ]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk [Ver = | Size = 603 bytes | Modified Date = 5/13/2007 12:16:34 AM | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 3163 bytes | Modified Date = 5/11/2007 10:21:28 PM | Attr = ]
C:\WINDOWS\ODBCINST.INI [Ver = | Size = 4161 bytes | Modified Date = 5/11/2007 10:26:22 PM | Attr = ]
C:\WINDOWS\MEMORY.DMP [Ver = | Size = 267964416 bytes | Modified Date = 6/1/2007 12:37:58 AM | Attr = ]
C:\WINDOWS\desktop.ini [Ver = | Size = 271 bytes | Modified Date = 5/11/2007 10:21:44 PM | Attr = H ]
C:\WINDOWS\imsins.BAK [Ver = | Size = 4531 bytes | Modified Date = 5/11/2007 10:31:28 PM | Attr = ]
C:\WINDOWS\Screenphaser.ini [Ver = | Size = 129 bytes | Modified Date = 6/2/2007 9:09:52 AM | Attr = ]
C:\WINDOWS\$NtUninstallKB842773$ [Folder | Modified Date = 5/13/2007 9:54:10 PM | Attr = H ]
C:\WINDOWS\Active Setup Log.BAK [Ver = | Size = 969 bytes | Modified Date = 5/13/2007 10:23:54 PM | Attr = ]
C:\WINDOWS\folder.htt [Ver = | Size = 21692 bytes | Modified Date = 5/11/2007 10:21:44 PM | Attr = H ]
C:\WINDOWS\FLASHKSK.INI [Ver = | Size = 22 bytes | Modified Date = 6/1/2007 9:30:06 AM | Attr = ]
C:\WINDOWS\system.ini [Ver = | Size = 753 bytes | Modified Date = 5/11/2007 10:11:58 PM | Attr = ]
C:\WINDOWS\System32\mcrh.tmp [Ver = | Size = 143 bytes | Modified Date = 5/4/2007 12:01:18 AM | Attr = ]
C:\WINDOWS\System32\tmp.reg [Ver = | Size = 2618 bytes | Modified Date = 6/1/2007 1:17:30 AM | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 38036 bytes | Modified Date = 5/11/2007 10:22:10 PM | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 300378 bytes | Modified Date = 5/11/2007 10:22:10 PM | Attr = ]
C:\WINDOWS\System32\tmmute.ini [Ver = | Size = 2162 bytes | Modified Date = 5/13/2007 12:16:38 AM | Attr = ]
C:\WINDOWS\System32\nscompat.tlb [Ver = | Size = 23392 bytes | Modified Date = 5/11/2007 10:22:58 PM | Attr = ]
C:\WINDOWS\System32\$winnt$.inf [Ver = | Size = 1067 bytes | Modified Date = 5/11/2007 10:11:22 PM | Attr = ]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 121336 bytes | Modified Date = 5/11/2007 10:32:16 PM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 335022 bytes | Modified Date = 5/11/2007 10:22:10 PM | Attr = ]
C:\WINDOWS\System32\bdod.bin [Ver = | Size = 81984 bytes | Modified Date = 5/6/2007 11:47:08 PM | Attr = ]
C:\WINDOWS\System32\emptyregdb.dat [Ver = | Size = 15004 bytes | Modified Date = 5/11/2007 10:20:30 PM | Attr = ]
C:\WINDOWS\System32\mapisvc.inf [Ver = | Size = 535 bytes | Modified Date = 5/11/2007 10:20:38 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_690.dat [Ver = | Size = 16384 bytes | Modified Date = 5/11/2007 9:08:48 PM | Attr = ]
C:\WINDOWS\System32\amcompat.tlb [Ver = | Size = 16832 bytes | Modified Date = 5/11/2007 10:22:58 PM | Attr = ]
C:\WINDOWS\System32\folder.htt [Ver = | Size = 21692 bytes | Modified Date = 5/11/2007 10:21:44 PM | Attr = H ]
C:\WINDOWS\System32\desktop.ini [Ver = | Size = 271 bytes | Modified Date = 5/11/2007 10:21:44 PM | Attr = H ]
C:\WINDOWS\System32\Perflib_Perfdata_900.dat [Ver = | Size = 16384 bytes | Modified Date = 5/11/2007 9:06:50 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_694.dat [Ver = | Size = 16384 bytes | Modified Date = 5/11/2007 9:14:40 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_334.dat [Ver = | Size = 16384 bytes | Modified Date = 5/11/2007 10:38:16 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_75c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/15/2007 11:46:24 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_764.dat [Ver = | Size = 16384 bytes | Modified Date = 5/6/2007 9:33:40 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_34c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/4/2007 11:40:02 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_704.dat [Ver = | Size = 16384 bytes | Modified Date = 5/12/2007 12:51:50 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_70c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/12/2007 8:26:42 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_358.dat [Ver = | Size = 16384 bytes | Modified Date = 5/4/2007 4:17:52 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_644.dat [Ver = | Size = 16384 bytes | Modified Date = 5/4/2007 12:07:12 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7c4.dat [Ver = | Size = 16384 bytes | Modified Date = 5/27/2007 12:45:52 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_132c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/24/2007 10:17:02 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_354.dat [Ver = | Size = 16384 bytes | Modified Date = 5/4/2007 7:03:38 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_1e0.dat [Ver = | Size = 16384 bytes | Modified Date = 5/31/2007 1:31:00 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_860.dat [Ver = | Size = 16384 bytes | Modified Date = 5/24/2007 10:41:04 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_72c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/6/2007 8:53:14 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_6bc.dat [Ver = | Size = 16384 bytes | Modified Date = 5/12/2007 9:42:46 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_6a4.dat [Ver = | Size = 16384 bytes | Modified Date = 5/6/2007 9:20:04 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_2d4.dat [Ver = | Size = 16384 bytes | Modified Date = 6/1/2007 12:08:32 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_3bc.dat [Ver = | Size = 16384 bytes | Modified Date = 5/13/2007 10:06:52 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_320.dat [Ver = | Size = 16384 bytes | Modified Date = 5/13/2007 10:30:22 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_394.dat [Ver = | Size = 16384 bytes | Modified Date = 5/31/2007 1:03:28 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_6a8.dat [Ver = | Size = 16384 bytes | Modified Date = 5/16/2007 7:57:18 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_628.dat [Ver = | Size = 16384 bytes | Modified Date = 5/21/2007 11:08:32 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_880.dat [Ver = | Size = 16384 bytes | Modified Date = 5/18/2007 3:40:22 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_39c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/23/2007 11:48:18 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_708.dat [Ver = | Size = 16384 bytes | Modified Date = 5/26/2007 5:11:36 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_210.dat [Ver = | Size = 16384 bytes | Modified Date = 5/23/2007 12:43:48 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_744.dat [Ver = | Size = 16384 bytes | Modified Date = 5/31/2007 2:12:38 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_698.dat [Ver = | Size = 16384 bytes | Modified Date = 5/23/2007 11:49:20 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_928.dat [Ver = | Size = 16384 bytes | Modified Date = 5/23/2007 9:38:24 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_44c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/23/2007 10:50:26 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_6d8.dat [Ver = | Size = 16384 bytes | Modified Date = 5/26/2007 2:03:50 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_634.dat [Ver = | Size = 16384 bytes | Modified Date = 5/24/2007 11:03:56 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_65c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/25/2007 10:52:06 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_8e4.dat [Ver = | Size = 16384 bytes | Modified Date = 5/25/2007 10:52:10 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7e4.dat [Ver = | Size = 16384 bytes | Modified Date = 5/26/2007 7:07:50 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_36c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/26/2007 7:07:56 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_66c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/26/2007 10:51:34 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_748.dat [Ver = | Size = 16384 bytes | Modified Date = 5/26/2007 11:55:38 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_6e8.dat [Ver = | Size = 16384 bytes | Modified Date = 5/27/2007 2:44:14 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_890.dat [Ver = | Size = 16384 bytes | Modified Date = 5/28/2007 1:00:14 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7f0.dat [Ver = | Size = 16384 bytes | Modified Date = 5/28/2007 1:14:56 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7e8.dat [Ver = | Size = 16384 bytes | Modified Date = 5/28/2007 2:07:38 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_444.dat [Ver = | Size = 16384 bytes | Modified Date = 5/28/2007 2:21:08 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_32c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/28/2007 9:56:30 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7dc.dat [Ver = | Size = 16384 bytes | Modified Date = 5/29/2007 11:40:08 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_754.dat [Ver = | Size = 16384 bytes | Modified Date = 5/28/2007 3:59:24 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_740.dat [Ver = | Size = 16384 bytes | Modified Date = 5/28/2007 9:28:38 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7e0.dat [Ver = | Size = 16384 bytes | Modified Date = 5/29/2007 9:46:34 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_76c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/29/2007 9:40:52 PM | Attr = ]
C:\WINDOWS\System32\VundoFixSVC.exe Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Modified Date = 5/29/2007 10:03:16 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7d0.dat [Ver = | Size = 16384 bytes | Modified Date = 5/29/2007 10:12:54 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_7b8.dat [Ver = | Size = 16384 bytes | Modified Date = 5/29/2007 10:22:30 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_89c.dat [Ver = | Size = 16384 bytes | Modified Date = 5/29/2007 11:30:20 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_410.dat [Ver = | Size = 16384 bytes | Modified Date = 5/30/2007 9:10:16 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_384.dat [Ver = | Size = 16384 bytes | Modified Date = 5/31/2007 1:03:56 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_700.dat [Ver = | Size = 16384 bytes | Modified Date = 5/31/2007 1:25:08 AM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_198.dat [Ver = | Size = 16384 bytes | Modified Date = 5/31/2007 1:31:06 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_784.dat [Ver = | Size = 16384 bytes | Modified Date = 5/31/2007 10:16:02 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_8ec.dat [Ver = | Size = 16384 bytes | Modified Date = 5/31/2007 10:17:08 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_778.dat [Ver = | Size = 16384 bytes | Modified Date = 5/31/2007 10:57:30 PM | Attr = ]
C:\WINDOWS\System32\Perflib_Perfdata_830.dat [Ver = | Size = 16384 bytes | Modified Date = 6/1/2007 12:08:36 AM | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 5/13/2007 12:16:30 AM | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 5/26/2007 6:48:26 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 5/26/2007 6:48:34 PM | Attr = ]
C:\WINDOWS\System32\drivers\fidbox.idx [Ver = | Size = 32 bytes | Modified Date = 6/1/2007 9:27:36 AM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox.dat [Ver = | Size = 32 bytes | Modified Date = 6/1/2007 9:27:36 AM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox2.idx [Ver = | Size = 32 bytes | Modified Date = 6/1/2007 9:27:36 AM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox2.dat [Ver = | Size = 544 bytes | Modified Date = 6/1/2007 9:27:36 AM | Attr = HS]
C:\WINDOWS\System32\drivers\klick.dat [Ver = | Size = 74908 bytes | Modified Date = 5/11/2007 12:39:38 AM | Attr = ]
C:\WINDOWS\System32\drivers\klin.dat [Ver = | Size = 74396 bytes | Modified Date = 5/11/2007 12:39:38 AM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsnt.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 26944 bytes | Modified Date = 5/26/2007 6:48:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 5/26/2007 6:48:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 5/26/2007 6:48:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 5/26/2007 6:48:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin [Ver = | Size = 698 bytes | Modified Date = 6/1/2007 1:58:56 PM | Attr = ]
C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin [Ver = | Size = 698 bytes | Modified Date = 6/1/2007 1:57:52 PM | Attr = ]

File String Scan (Non-Microsoft Only)
[UPX! , UPX0 , ]C:\Documents and Settings\Administrator\Desktop\mp3dc201.exe ()
[Thawte Consulting , ]C:\Documents and Settings\Administrator\Desktop\ccsetup138.exe (Piriform Ltd)
[Thawte Consulting , ]C:\Documents and Settings\Administrator\Desktop\Anonymizer_Software.exe ()
[Thawte Consulting , ]C:\Documents and Settings\Administrator\Desktop\Anonymizer_Software(2).exe ()
[qoologic , urllogic , ]C:\Documents and Settings\Administrator\Desktop\cwshredder.exe (Trend Micro Incorporated)
[USERTRUST , ]C:\Documents and Settings\Administrator\Desktop\E2S4O_E_Freeware.exe ()
[PEC2 , PECompact2 , ]C:\Documents and Settings\Administrator\Desktop\VundoFix.exe (Atribune.org)
[UPX! , UPX0 , ]C:\Documents and Settings\Administrator\Desktop\ComboFix.exe ()
[Thawte Consulting , ]C:\Documents and Settings\Administrator\Desktop\spywareblastersetup351.exe (Javacool Software LLC )
[UPX! , UPX0 , ]C:\Documents and Settings\Administrator\Desktop\HijackThis.exe (Soeperman Enterprises Ltd.)
[UPX! , UPX0 , ]C:\Documents and Settings\Administrator\Desktop\ComboFix(2).exe ()
File scan skipped for file C:\WINDOWS\MEMORY.DMP. File size too big (267964416 bytes)
[UPX! , UPX0 , ]C:\WINDOWS\mowinnet.dll (Almeida & Andrade Ltda)
[aspack , ]C:\WINDOWS\System32\SKCL.dll (Concept Software, Inc.)
[UPX! , UPX0 , ]C:\WINDOWS\System32\avisynth.dll (The Public)
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\CoreAAC.ax ()
[Umonitor , ]C:\WINDOWS\System32\Fallback.sys (Conexant)
[Umonitor , ]C:\WINDOWS\System32\FaxNT.sys (Conexant)
[Umonitor , ]C:\WINDOWS\System32\FSKsNT.sys (Conexant)
[Umonitor , ]C:\WINDOWS\System32\K56nt.sys (Conexant)
[Umonitor , ]C:\WINDOWS\System32\V124nt.sys (Conexant)
[Umonitor , ]C:\WINDOWS\System32\AmosNT.sys (Conexant)
[Umonitor , ]C:\WINDOWS\System32\drivers\fsksnt.sys (Conexant)
[Umonitor , ]C:\WINDOWS\System32\drivers\fallback.sys (Conexant)
[Umonitor , ]C:\WINDOWS\System32\drivers\v124nt.sys (Conexant)
[Umonitor , ]C:\WINDOWS\System32\drivers\k56nt.sys (Conexant)
[Umonitor , ]C:\WINDOWS\System32\drivers\amosnt.sys (Conexant)
[Umonitor , ]C:\WINDOWS\System32\drivers\faxnt.sys (Conexant)
[aspack , FSG! , PEC2 , UPX! , ]C:\WINDOWS\System32\drivers\avg7core.sys (GRISOFT, s.r.o.)

< End of report >

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 02 June 2007 - 10:20 AM

Please download the OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\SET2A.tmp
C:\WINDOWS\SET52.tmp


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

******************************

Download and scan with the free 15 day trial of Counterspy V2
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into your next reply

Let me know how things are going now please Florie.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users