Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • Please log in to reply
4 replies to this topic

#1 tkenney65

tkenney65

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 08 June 2007 - 05:54 PM

Please help. Infected with AOLspy.exe, Worm_Rbot.cbu, Toj.PrintSpool just to start. Computer is acting funny and my wireless signal keeps dropping (may or may not be related)

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 6:48:50 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\Catroot\aol.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Instant Message Grabber 2.x\IMGrabber2.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\system32\pntnyvwfntr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Instant Message Grabber 2.x\IMGrabber2.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [IMGrabber2] "C:\Program Files\Instant Message Grabber 2.x\IMGrabber2.exe" UI
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kejlpwy] C:\WINDOWS\system32\kejlpwy.exe
O4 - HKLM\..\Run: [pntnyvwfntr] C:\WINDOWS\system32\pntnyvwfntr.exe
O4 - HKLM\..\Run: [pzqillgbpe] C:\WINDOWS\system32\pzqillgbpe.exe
O4 - HKLM\..\Run: [mnhxnnv] C:\WINDOWS\system32\mnhxnnv.exe
O4 - HKLM\..\Run: [gldqioe] C:\WINDOWS\system32\gldqioe.exe
O4 - HKLM\..\Run: [fnhthtsnsws] C:\WINDOWS\system32\fnhthtsnsws.exe
O4 - HKLM\..\Run: [xhlsklfu] C:\WINDOWS\system32\xhlsklfu.exe
O4 - HKLM\..\Run: [vft] C:\WINDOWS\system32\vft.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunServices: [kejlpwy] C:\WINDOWS\system32\kejlpwy.exe
O4 - HKLM\..\RunServices: [pntnyvwfntr] C:\WINDOWS\system32\pntnyvwfntr.exe
O4 - HKLM\..\RunServices: [pzqillgbpe] C:\WINDOWS\system32\pzqillgbpe.exe
O4 - HKLM\..\RunServices: [mnhxnnv] C:\WINDOWS\system32\mnhxnnv.exe
O4 - HKLM\..\RunServices: [gldqioe] C:\WINDOWS\system32\gldqioe.exe
O4 - HKLM\..\RunServices: [fnhthtsnsws] C:\WINDOWS\system32\fnhthtsnsws.exe
O4 - HKLM\..\RunServices: [xhlsklfu] C:\WINDOWS\system32\xhlsklfu.exe
O4 - HKLM\..\RunServices: [vft] C:\WINDOWS\system32\vft.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LBConfig] "C:\DOCUME~1\Tim\LOCALS~1\Temp\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\LBConfig\Setup.exe" /Config -s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178162950906
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Anti-Spyware Service (AOL-AntiSpySvc) - Unknown owner - C:\WINDOWS\pchealth\aolspy.exe (file missing)
O23 - Service: AOL Loading Service (AOL-MG_SV) - Unknown owner - C:\WINDOWS\System32\Catroot\aol.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MGS - Unknown owner - C:\Program Files\Instant Message Grabber 2.x\IMGrabber2.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



Thanks,

Tim

BC AdBot (Login to Remove)

 


#2 tkenney65

tkenney65
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 13 June 2007 - 10:13 PM

OT,

Followed your instructions with only 1 problem. Both times I ran the scan on AVG Anti-Spyware, there were no reports listed after I completed the "Apply All Actions" step. I do recall in both instances just about everything listed was Low Level and tied to the IMGrabber software I have loaded. Here are the other 2 logs as requested:


WinPFind3 logfile created on: 6/13/2007 11:06:44 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Tim\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

2.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 90.33% Memory free
4.00 Gb Paging File | 3.75 Gb Available in Paging File | 93.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 16.03 Gb Free Space | 43.02% Space Free
Drive D: | 186.31 Gb Total Space | 136.49 Gb Free Space | 73.26% Space Free
E: Drive not present or media not loaded
Drive F: | 38.28 Gb Total Space | 19.44 Gb Free Space | 50.79% Space Free

Computer Name: MAINCOMPUTER
Current User Name: Tim
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 151552 bytes | Modified Date = 2/20/2003 11:07:42 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 5/3/2007 8:14:12 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 6731312 bytes | Modified Date = 5/30/2007 8:30:58 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 5/3/2007 8:14:12 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 5/3/2007 8:14:14 PM | Attr = ]
cthelper.exe -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 0, 2 | Size = 24576 bytes | Modified Date = 7/2/2002 5:56:00 AM | Attr = ]
ctnotify.exe -> %ProgramFiles%\Creative\ShareDLL\CTNOTIFY.EXE -> Creative Technology Ltd. [Ver = 2.00.05.0 | Size = 191488 bytes | Modified Date = 12/25/2001 2:00:00 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 1:01:00 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 4/27/2007 11:25:52 AM | Attr = ]
ir.exe -> %ProgramFiles%\WinTV\Ir.exe -> Hauppauge Computer Works [Ver = 2.51.24286 | Size = 106551 bytes | Modified Date = 10/13/2006 3:57:16 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 4/27/2007 11:25:58 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.37 | Size = 307200 bytes | Modified Date = 2/26/2004 9:55:20 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.37 | Size = 174592 bytes | Modified Date = 2/26/2004 9:55:50 AM | Attr = ]
mediadet.exe -> %ProgramFiles%\Creative\ShareDLL\MEDIADET.EXE -> Creative Technology Ltd. [Ver = 2.00.07.0 | Size = 167424 bytes | Modified Date = 4/29/2002 2:00:00 PM | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 0, 18 | Size = 139264 bytes | Modified Date = 10/9/2006 11:28:56 AM | Attr = ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 5, 0, 18 | Size = 884736 bytes | Modified Date = 10/9/2006 11:22:58 AM | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr = ]
schedul2.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 3/1/2007 7:55:50 PM | Attr = ]
spysweeperui.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,3,2,2361 | Size = 4865600 bytes | Modified Date = 3/1/2007 7:55:36 PM | Attr = ]
ssu.exe -> %ProgramFiles%\Webroot\Spy Sweeper\ssu.exe -> [Ver = | Size = 168512 bytes | Modified Date = 3/1/2007 7:55:46 PM | Attr = ]
trueimagemonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 10/16/2006 9:12:20 PM | Attr = ]
ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 3/13/2004 4:04:16 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 5/5/2007 9:29:16 PM | Attr = ]
(AOL-AntiSpySvc) AOL Anti-Spyware Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\pchealth\aolspy.exe -> File not found
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 151552 bytes | Modified Date = 2/20/2003 11:07:42 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 5/3/2007 8:14:12 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 5/3/2007 8:14:14 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 1:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 4/27/2007 11:25:52 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.37 | Size = 307200 bytes | Modified Date = 2/26/2004 9:55:20 AM | Attr = ]
(MGS) MGS [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Instant Message Grabber 2.x\IMGrabber2.exe -> File not found
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 6, 6, 0 | Size = 724992 bytes | Modified Date = 10/9/2006 10:11:08 PM | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 3/13/2004 4:04:16 AM | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 3/1/2007 7:55:50 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 6731312 bytes | Modified Date = 5/30/2007 8:30:58 AM | Attr = ]
ATIModeChange -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 9/4/2001 5:24:26 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.4032 | Size = 315392 bytes | Modified Date = 2/20/2003 9:00:00 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 5/3/2007 8:14:12 PM | Attr = ]
CTStartup -> %ProgramFiles%\Creative\Splash Screen\CTEaxSpl.exe -> Creative Technology Ltd. [Ver = 1, 1, 0, 1 | Size = 28672 bytes | Modified Date = 12/20/2001 1:00:00 AM | Attr = ]
Disc Detector -> %ProgramFiles%\Creative\ShareDLL\CTNOTIFY.EXE -> Creative Technology Ltd. [Ver = 2.00.05.0 | Size = 191488 bytes | Modified Date = 12/25/2001 2:00:00 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 4/27/2007 11:25:58 AM | Attr = ]
Jet Detection -> %ProgramFiles%\Creative\SBLive\Program\ADGJDet.exe -> [Ver = 1, 0, 2, 0 | Size = 28672 bytes | Modified Date = 11/29/2001 1:00:00 AM | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 4:40:44 PM | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 2:42:54 PM | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,3,2,2361 | Size = 4865600 bytes | Modified Date = 3/1/2007 7:55:36 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
TrueImageMonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 10/16/2006 9:12:20 PM | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 1:00:00 AM | Attr = ]
WINDVDPatch -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 0, 2 | Size = 24576 bytes | Modified Date = 7/2/2002 5:56:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 0, 18 | Size = 139264 bytes | Modified Date = 10/9/2006 11:28:56 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr = ]
%AllUsersStartup%\AutoStart IR.lnk -> %ProgramFiles%\WinTV\Ir.exe -> Hauppauge Computer Works [Ver = 2.51.24286 | Size = 106551 bytes | Modified Date = 10/13/2006 3:57:16 PM | Attr = ]
%AllUsersStartup%\ColorVisionStartup.lnk -> %ProgramFiles%\ColorVision\Utility\ColorVisionStartup.exe -> ColorVision Inc. [Ver = 1, 0, 4, 1 | Size = 385024 bytes | Modified Date = 1/31/2006 5:48:52 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Tim\Start Menu\Programs\Startup
%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 7:16:50 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 8:29:58 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
WRNotifier -> %System32%\WRLogonNTF.dll -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 233024 bytes | Modified Date = 3/1/2007 7:55:48 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> _
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> _
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} [HKLM] -> %ProgramFiles%\FireTrust\SiteHound\SiteHound.dll [CPub Object] -> Firetrust Limited. [Ver = 1.5.0 | Size = 1314816 bytes | Modified Date = 9/1/2006 5:37:22 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{73F7F495-A325-4C52-BE48-5F97FA511E89} [HKLM] -> %ProgramFiles%\FireTrust\SiteHound\SiteHound.dll [SiteHound] -> Firetrust Limited. [Ver = 1.5.0 | Size = 1314816 bytes | Modified Date = 9/1/2006 5:37:22 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{F5875681-35BC-4D07-A6A3-26298125E53F} -> () ->
{F75A537D-B970-4AB2-B773-4CE77767E5E6} -> (Intel® PRO/100 VE Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{01A88BB1-1174-41EC-ACCB-963509EAE56B} -> SysProWmi Class - CodeBase = http://support.dell.com/systemprofiler/SysPro.CAB ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1178162950906 ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} -> WScanCtl Class - CodeBase = http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> MSN Games - Installer - CodeBase = http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab ->

[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 5/23/2007 6:35:21 PM | Attr = RH ]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 5/28/2007 8:21:54 PM | Attr = ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/22/2007 9:54:11 PM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 6/13/2007 5:14:00 PM | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 6/13/2007 5:10:43 PM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 6/13/2007 5:13:42 PM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 6/8/2007 7:44:14 PM | Attr = ]
PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [Ver = | Size = 151 bytes | Created Date = 5/15/2007 7:39:38 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 6/7/2007 9:28:36 PM | Attr = ]
{00000002-00000000-00000001-00001102-00000002-80651102}.BAK -> %SystemRoot%\{00000002-00000000-00000001-00001102-00000002-80651102}.BAK -> [Ver = | Size = 3374063 bytes | Created Date = 6/13/2007 8:44:52 PM | Attr = ]
{00000002-00000000-00000001-00001102-00000002-80651102}.CDF -> %SystemRoot%\{00000002-00000000-00000001-00001102-00000002-80651102}.CDF -> [Ver = | Size = 3374063 bytes | Created Date = 6/13/2007 8:44:48 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 6/7/2007 10:22:42 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 6/7/2007 10:23:14 PM | Attr = ]
DVDRProX.dll -> %System32%\DVDRProX.dll -> NuMedia Soft, Inc. [Ver = 1, 0, 0, 6 | Size = 589824 bytes | Created Date = 5/28/2007 8:27:30 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 6/7/2007 10:22:46 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/7/2007 9:28:27 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 6/7/2007 9:28:27 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/7/2007 9:28:27 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 6/7/2007 9:28:27 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 6/7/2007 10:22:45 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 6/7/2007 10:22:46 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 6/7/2007 10:23:14 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 6/13/2007 8:38:00 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 6/9/2007 3:11:00 PM | Attr = RH ]
BJPrinter -> %SystemDrive%\BJPrinter -> [Folder | Modified Date = 5/16/2007 12:20:30 AM | Attr = H ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/7/2007 10:28:30 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = -1880027136 bytes | Modified Date = 6/13/2007 11:01:32 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/8/2007 4:52:28 PM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 6/4/2007 8:36:08 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 5/30/2007 9:36:16 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/13/2007 10:21:10 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/13/2007 8:50:40 AM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/22/2007 10:54:12 PM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 6/13/2007 6:14:02 PM | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 6/13/2007 6:10:46 PM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 6/13/2007 6:13:46 PM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 6/8/2007 9:38:40 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/13/2007 11:01:34 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 6/13/2007 6:10:56 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/8/2007 8:44:18 PM | Attr = S]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/13/2007 6:14:14 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/7/2007 10:28:34 PM | Attr = HS]
LEXSTAT.INI -> %SystemRoot%\LEXSTAT.INI -> [Ver = | Size = 244 bytes | Modified Date = 5/24/2007 5:29:28 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 6/11/2007 9:27:14 PM | Attr = ]
pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 6/8/2007 2:43:10 AM | Attr = ]
PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [Ver = | Size = 151 bytes | Modified Date = 6/8/2007 7:37:28 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/13/2007 10:26:06 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 6/7/2007 10:28:38 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/13/2007 10:21:10 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/13/2007 11:02:46 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 662 bytes | Modified Date = 6/7/2007 11:27:26 PM | Attr = ]
{00000002-00000000-00000001-00001102-00000002-80651102}.BAK -> %SystemRoot%\{00000002-00000000-00000001-00001102-00000002-80651102}.BAK -> [Ver = | Size = 3374063 bytes | Modified Date = 6/13/2007 11:02:12 PM | Attr = ]
{00000002-00000000-00000001-00001102-00000002-80651102}.CDF -> %SystemRoot%\{00000002-00000000-00000001-00001102-00000002-80651102}.CDF -> [Ver = | Size = 3374063 bytes | Modified Date = 6/13/2007 11:02:12 PM | Attr = ]
Ad-Aware SE Plus.job -> %SystemRoot%\tasks\Ad-Aware SE Plus.job -> [Ver = | Size = 358 bytes | Modified Date = 6/13/2007 3:02:28 AM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 6/8/2007 5:00:02 AM | Attr = ]
CCleaner.job -> %SystemRoot%\tasks\CCleaner.job -> [Ver = | Size = 282 bytes | Modified Date = 6/13/2007 2:00:14 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/13/2007 11:01:36 PM | Attr = H ]
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 324 bytes | Modified Date = 6/13/2007 7:20:18 PM | Attr = ]
wrSpySweeper_L67D2E4762A3446EBB9ABBB1AEB6972D0.job -> %SystemRoot%\tasks\wrSpySweeper_L67D2E4762A3446EBB9ABBB1AEB6972D0.job -> [Ver = | Size = 1538 bytes | Modified Date = 6/13/2007 6:08:58 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 6/7/2007 11:27:16 PM | Attr = ]
BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx -> %System32%\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx -> [Ver = | Size = 25296 bytes | Modified Date = 6/13/2007 11:00:52 PM | Attr = ]
BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx -> %System32%\BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx -> [Ver = | Size = 25296 bytes | Modified Date = 6/13/2007 11:00:52 PM | Attr = ]
BMXState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx -> %System32%\BMXState-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx -> [Ver = | Size = 16516 bytes | Modified Date = 6/13/2007 11:00:52 PM | Attr = ]
BMXStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx -> %System32%\BMXStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.rfx -> [Ver = | Size = 16516 bytes | Modified Date = 6/13/2007 11:00:52 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 6/13/2007 9:41:28 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/13/2007 9:44:32 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/13/2007 6:14:06 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/13/2007 9:44:44 PM | Attr = ]
DVCState-{00000002-00000000-00000001-00001102-00000002-80651102}.dat -> %System32%\DVCState-{00000002-00000000-00000001-00001102-00000002-80651102}.dat -> [Ver = | Size = 24 bytes | Modified Date = 6/13/2007 11:00:52 PM | Attr = ]
DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.dat -> %System32%\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80651102}.dat -> [Ver = | Size = 24 bytes | Modified Date = 6/13/2007 11:00:52 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 6/7/2007 11:29:28 PM | Attr = ]
imgg.cfg -> %System32%\imgg.cfg -> [Ver = | Size = 35550 bytes | Modified Date = 6/12/2007 12:10:10 PM | Attr = ]
imgv.cfg -> %System32%\imgv.cfg -> [Ver = | Size = 32812 bytes | Modified Date = 6/12/2007 10:40:56 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 6/7/2007 11:29:28 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 6/13/2007 11:00:52 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 6/13/2007 11:00:52 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 6/7/2007 11:29:28 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/13/2007 11:02:20 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 8:10:42 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 6/7/2007 10:36:24 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\imgs.exe:Zone.Identifier ->
Thawte Consulting , -> %SystemRoot%\imgs.exe -> [Ver = | Size = 1114776 bytes | Modified Date = 5/8/2007 9:10:28 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 5/3/2007 8:14:18 PM | Attr = ]

< End of report >



Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process aol.exe .
C:\WINDOWS\SYSTEM32\CatRoot\aol.exe moved successfully.
Process kejlpwy.exe killed successfully.
C:\WINDOWS\SYSTEM32\kejlpwy.exe moved successfully.
[Win32 Services - Non-Microsoft Only]
Unable to stop service AOL-MG_SV .
Service AOL-MG_SV deleted successfully.
File C:\WINDOWS\SYSTEM32\CatRoot\aol.exe not found.
Service yscoasojyauoe stopped successfully.
Service yscoasojyauoe deleted successfully.
C:\WINDOWS\SYSTEM32\vft.exe moved successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\fnhthtsnsws deleted successfully.
C:\WINDOWS\SYSTEM32\fnhthtsnsws.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\gldqioe deleted successfully.
C:\WINDOWS\SYSTEM32\gldqioe.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kejlpwy deleted successfully.
File C:\WINDOWS\SYSTEM32\kejlpwy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mnhxnnv deleted successfully.
C:\WINDOWS\SYSTEM32\mnhxnnv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pntnyvwfntr deleted successfully.
C:\WINDOWS\SYSTEM32\pntnyvwfntr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pzqillgbpe deleted successfully.
C:\WINDOWS\SYSTEM32\pzqillgbpe.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vft deleted successfully.
File C:\WINDOWS\SYSTEM32\vft.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\xhlsklfu deleted successfully.
C:\WINDOWS\SYSTEM32\xhlsklfu.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\fnhthtsnsws deleted successfully.
File C:\WINDOWS\SYSTEM32\fnhthtsnsws.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\gldqioe deleted successfully.
File C:\WINDOWS\SYSTEM32\gldqioe.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\kejlpwy deleted successfully.
File C:\WINDOWS\SYSTEM32\kejlpwy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\mnhxnnv deleted successfully.
File C:\WINDOWS\SYSTEM32\mnhxnnv.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\pntnyvwfntr deleted successfully.
File C:\WINDOWS\SYSTEM32\pntnyvwfntr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\pzqillgbpe deleted successfully.
File C:\WINDOWS\SYSTEM32\pzqillgbpe.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\vft deleted successfully.
File C:\WINDOWS\SYSTEM32\vft.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\xhlsklfu deleted successfully.
File C:\WINDOWS\SYSTEM32\xhlsklfu.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LBConfig deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{11316B13-33F0-4C9F-BD55-09994CCFA8EB} deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\imsins.BAK moved successfully.
C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-80651102}.BAK moved successfully.
C:\WINDOWS\SYSTEM32\aoxjtkmq.exe moved successfully.
C:\WINDOWS\SYSTEM32\awsudfk.exe moved successfully.
C:\WINDOWS\SYSTEM32\ciqsg.exe moved successfully.
C:\WINDOWS\SYSTEM32\coobpu.exe moved successfully.
C:\WINDOWS\SYSTEM32\cuuzi.exe moved successfully.
C:\WINDOWS\SYSTEM32\cxtfrhvmrysc.exe moved successfully.
C:\WINDOWS\SYSTEM32\dcere.exe moved successfully.
C:\WINDOWS\SYSTEM32\djswww.exe moved successfully.
C:\WINDOWS\SYSTEM32\dzp.exe moved successfully.
C:\WINDOWS\SYSTEM32\eehjxj.exe moved successfully.
C:\WINDOWS\SYSTEM32\eey.exe moved successfully.
File C:\WINDOWS\SYSTEM32\fnhthtsnsws.exe not found!
C:\WINDOWS\SYSTEM32\fx.exe moved successfully.
File C:\WINDOWS\SYSTEM32\gldqioe.exe not found!
C:\WINDOWS\SYSTEM32\hfcuoandjrae.exe moved successfully.
C:\WINDOWS\SYSTEM32\hgwmzpwrmow.exe moved successfully.
C:\WINDOWS\SYSTEM32\hlohktdfa.exe moved successfully.
C:\WINDOWS\SYSTEM32\hvbd.exe moved successfully.
C:\WINDOWS\SYSTEM32\hxoyqdnv.exe moved successfully.
C:\WINDOWS\SYSTEM32\i.exe moved successfully.
C:\WINDOWS\SYSTEM32\islfnheg.exe moved successfully.
C:\WINDOWS\SYSTEM32\ivxrnfklaz.exe moved successfully.
C:\WINDOWS\SYSTEM32\j.exe moved successfully.
C:\WINDOWS\SYSTEM32\jtvlyzmb.exe moved successfully.
File C:\WINDOWS\SYSTEM32\kejlpwy.exe not found!
C:\WINDOWS\SYSTEM32\kxjc.exe moved successfully.
C:\WINDOWS\SYSTEM32\lcecifgj.exe moved successfully.
C:\WINDOWS\SYSTEM32\mbwidthkq.exe moved successfully.
C:\WINDOWS\SYSTEM32\mcizdu.exe moved successfully.
C:\WINDOWS\SYSTEM32\mg.exe moved successfully.
File C:\WINDOWS\SYSTEM32\mnhxnnv.exe not found!
C:\WINDOWS\SYSTEM32\mqemxz.exe moved successfully.
C:\WINDOWS\SYSTEM32\mvkzhmnux.exe moved successfully.
C:\WINDOWS\SYSTEM32\n.exe moved successfully.
C:\WINDOWS\SYSTEM32\nbwshjb.exe moved successfully.
C:\WINDOWS\SYSTEM32\nghmwfxti.exe moved successfully.
C:\WINDOWS\SYSTEM32\nuemhi.exe moved successfully.
C:\WINDOWS\SYSTEM32\nybwhzzn.exe moved successfully.
C:\WINDOWS\SYSTEM32\oetx.exe moved successfully.
C:\WINDOWS\SYSTEM32\ogfjss.exe moved successfully.
C:\WINDOWS\SYSTEM32\owdfcoyvq.exe moved successfully.
C:\WINDOWS\SYSTEM32\phpuzgpl.exe moved successfully.
File C:\WINDOWS\SYSTEM32\pntnyvwfntr.exe not found!
File C:\WINDOWS\SYSTEM32\pzqillgbpe.exe not found!
C:\WINDOWS\SYSTEM32\qm.exe moved successfully.
C:\WINDOWS\SYSTEM32\qmmzigrv.exe moved successfully.
C:\WINDOWS\SYSTEM32\rcu.exe moved successfully.
C:\WINDOWS\SYSTEM32\rl.exe moved successfully.
C:\WINDOWS\SYSTEM32\rmosihcfvsha.exe moved successfully.
C:\WINDOWS\SYSTEM32\sdxhzqw.exe moved successfully.
C:\WINDOWS\SYSTEM32\tbcuz.exe moved successfully.
File C:\WINDOWS\SYSTEM32\vft.exe not found!
C:\WINDOWS\SYSTEM32\vnlfn.exe moved successfully.
C:\WINDOWS\SYSTEM32\vvnyqwtnkh.exe moved successfully.
C:\WINDOWS\SYSTEM32\wmxmjoakasb.exe moved successfully.
C:\WINDOWS\SYSTEM32\woboyvfpko.exe moved successfully.
C:\WINDOWS\SYSTEM32\xgadwxgt.exe moved successfully.
File C:\WINDOWS\SYSTEM32\xhlsklfu.exe not found!
C:\WINDOWS\SYSTEM32\ymzrtww.exe moved successfully.
C:\WINDOWS\SYSTEM32\znzuh.exe moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\imsins.BAK not found!
File C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-80651102}.BAK not found!
C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-80651102}.CDF moved successfully.
File C:\WINDOWS\SYSTEM32\awsudfk.exe not found!
File C:\WINDOWS\SYSTEM32\ciqsg.exe not found!
File C:\WINDOWS\SYSTEM32\coobpu.exe not found!
File C:\WINDOWS\SYSTEM32\cuuzi.exe not found!
File C:\WINDOWS\SYSTEM32\cxtfrhvmrysc.exe not found!
File C:\WINDOWS\SYSTEM32\dcere.exe not found!
File C:\WINDOWS\SYSTEM32\djswww.exe not found!
File C:\WINDOWS\SYSTEM32\dzp.exe not found!
File C:\WINDOWS\SYSTEM32\eehjxj.exe not found!
File C:\WINDOWS\SYSTEM32\eey.exe not found!
File C:\WINDOWS\SYSTEM32\fnhthtsnsws.exe not found!
File C:\WINDOWS\SYSTEM32\fx.exe not found!
File C:\WINDOWS\SYSTEM32\gldqioe.exe not found!
File C:\WINDOWS\SYSTEM32\hfcuoandjrae.exe not found!
File C:\WINDOWS\SYSTEM32\hgwmzpwrmow.exe not found!
File C:\WINDOWS\SYSTEM32\hlohktdfa.exe not found!
File C:\WINDOWS\SYSTEM32\hvbd.exe not found!
File C:\WINDOWS\SYSTEM32\hxoyqdnv.exe not found!
File C:\WINDOWS\SYSTEM32\i.exe not found!
File C:\WINDOWS\SYSTEM32\islfnheg.exe not found!
File C:\WINDOWS\SYSTEM32\ivxrnfklaz.exe not found!
File C:\WINDOWS\SYSTEM32\j.exe not found!
File C:\WINDOWS\SYSTEM32\jtvlyzmb.exe not found!
File C:\WINDOWS\SYSTEM32\kejlpwy.exe not found!
File C:\WINDOWS\SYSTEM32\kxjc.exe not found!
File C:\WINDOWS\SYSTEM32\lcecifgj.exe not found!
File C:\WINDOWS\SYSTEM32\mbwidthkq.exe not found!
File C:\WINDOWS\SYSTEM32\mcizdu.exe not found!
File C:\WINDOWS\SYSTEM32\mg.exe not found!
File C:\WINDOWS\SYSTEM32\mnhxnnv.exe not found!
File C:\WINDOWS\SYSTEM32\mqemxz.exe not found!
File C:\WINDOWS\SYSTEM32\mvkzhmnux.exe not found!
File C:\WINDOWS\SYSTEM32\n.exe not found!
File C:\WINDOWS\SYSTEM32\nbwshjb.exe not found!
File C:\WINDOWS\SYSTEM32\nghmwfxti.exe not found!
File C:\WINDOWS\SYSTEM32\nuemhi.exe not found!
File C:\WINDOWS\SYSTEM32\nybwhzzn.exe not found!
File C:\WINDOWS\SYSTEM32\oetx.exe not found!
File C:\WINDOWS\SYSTEM32\ogfjss.exe not found!
File C:\WINDOWS\SYSTEM32\owdfcoyvq.exe not found!
File C:\WINDOWS\SYSTEM32\phpuzgpl.exe not found!
File C:\WINDOWS\SYSTEM32\pntnyvwfntr.exe not found!
File C:\WINDOWS\SYSTEM32\pzqillgbpe.exe not found!
File C:\WINDOWS\SYSTEM32\qm.exe not found!
File C:\WINDOWS\SYSTEM32\qmmzigrv.exe not found!
File C:\WINDOWS\SYSTEM32\rcu.exe not found!
File C:\WINDOWS\SYSTEM32\rl.exe not found!
File C:\WINDOWS\SYSTEM32\rmosihcfvsha.exe not found!
File C:\WINDOWS\SYSTEM32\sdxhzqw.exe not found!
File C:\WINDOWS\SYSTEM32\tbcuz.exe not found!
File C:\WINDOWS\SYSTEM32\vft.exe not found!
File C:\WINDOWS\SYSTEM32\vnlfn.exe not found!
File C:\WINDOWS\SYSTEM32\vvnyqwtnkh.exe not found!
File C:\WINDOWS\SYSTEM32\wmxmjoakasb.exe not found!
File C:\WINDOWS\SYSTEM32\woboyvfpko.exe not found!
File C:\WINDOWS\SYSTEM32\xgadwxgt.exe not found!
File C:\WINDOWS\SYSTEM32\xhlsklfu.exe not found!
File C:\WINDOWS\SYSTEM32\ymzrtww.exe not found!
File C:\WINDOWS\SYSTEM32\znzuh.exe not found!
[Empty Temp Folders]
C:\DOCUME~1\Tim\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 06/13/2007 21:41:37

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:46 PM

Posted 14 June 2007 - 04:34 AM

Hi tkenney65. Everything looks fine. How are things running? Any more problems?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 tkenney65

tkenney65
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 14 June 2007 - 06:41 AM

OT,

Things are running fine. Thanks so much for the help. What exactly was infecting my system?

A few quick questions for you:

I am running Spysweeper currently. You recommended AVG AS.....is this a better solution?

Were the problems you fixed possibly causing any wireless connectivity issues (my signal has ben dropping off)?

What do you recommend for a firewall prodcut. I currently only use Windows Firewall.


Thanks,

Tim

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:46 PM

Posted 15 June 2007 - 04:42 AM

You are very welcome tkenney65. I'm glad we could be of assistance.

I'm not sure exactly what was on the system. I think it was multiple infections that were either replicating or downloading additional files as time went on. Since the names were random I couldn't find any name for the infection through the normal means. We could have sent a few of them to get analyzed by multiple antivirus companies but each company has their own naming scheme and would have called it something different.

Both SpySweeper and AVG AS are good products. I have always liked Grisoft products. AVG AS was formerly Ewido Anti-Spyware and was purchased by Grisoft within the last year. I have used it for a few years now and it does a good job. I have never used SpySweeper so I can't speak for that.

I don't think that the infection would have been the primary cause of wireless connection disconnects. It might have been a secondary effect due to traffic on the link. Hard to say. Is there still a problem with that? If so, then I would suggest posting a questions in the Networking forum and have the techs there do a little digging. They are the ones who specialize in matters pertaining to networking issues. It could be something related to the connection software (drivers or such) or it could be in the hardware configuration. Let them know that you have been to this forum and had the system cleaned prior to going to that forum.

Windows firewall is better than having nothing but all-in-all is not a really firewall solution. There are a couple of very good free firewalls available:
I use the Kerio firewall myself.

Let me know if there is anything else we can do for you. If things are running well now you can go ahead and delete the WinPFind3u folder from your desktop. There is a folder inside it called MovedFiles that has all of the infected files in it. You will probably not want to leave that laying around lol.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users