1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TROJANS... PEASE HELP!!!!

Discussion in 'Windows - Virus and spyware problems' started by kgtrain, Apr 8, 2007.

  1. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    G'day to all.. I have no idea how to delete the virus or many viruses etc from my computer. I'm normally pretty good (for a novice) in fixing my pc.

    I know it has something to do with WinAntiVirus PRO trojan & wtf is NetworkNews, I've never seen it before but its running in the task-bar.
    I have tried (many, many times) to get rid of it with no success & I may also have more viruses :( I just don't know, I gave up.

    This is out of my league & I'm at whits end, but I hope the people of this forum will be able to find a solution, I need help all!
    Here's a HjT log & if you need anything else I'm at your disposal!
    PS thank you to anyone who is willing to help!
     
  2. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of HijackThis v1.99.1
    Scan saved at 1:57:38 AM, on 4/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis 1.99.1\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O5 "LPT1:" /M "Stylus Photo R210"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\vwatihvh.dll",setvm
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151938061078
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
     
  3. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    Hi,
    KotaGuy any chance you can help me?
    I assumed that it is a vundo attack, but vundofix wont delete iifclawv.dll, & i also get an error msg on start up about vwatihvh.dll which sounds like gibberish to me.
    However I may have a reason why windows explorer wont run in safe mode, it seems that when microsoft released an update there was a problem with verclsid.exe, which told the computer the executable was open before it was, or something like that, causing the .exe to fail, but that was in 2006 surly they would have rectified it by now, any thouts on that one?
    I'm still as screwed as ever.
    I would very much appreciate anyone & KotaGuy help in this matter.. Thank you in advance
     
  4. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Yeah...its Vundo. Don't think its that MS update thats causing the Safe Mode issue. Certain Vundo infections will cause Safe Mode not to work properly.

    Rename HijackThis.exe to kota.exe.

    Rescan and post the new log please.
     
  5. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    Hi, sry it took me so long to post a reply.
    Yeah you were right it wasn't a MS problem, it started working for some reason.


    Here's the log

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 6:42:27 PM, on 4/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\DfrgNtfs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\David\Desktop\kota.exe.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O5 "LPT1:" /M "Stylus Photo R210"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151938061078
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe

    --
    End of file - 5992 bytes
     
  6. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Odd... HijackThis isn't showing the dll's in the 02's or 020's.

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

    [*]Close ALL OTHER PROGRAMS.
    [*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    [*]Now click the Run Scan button on the toolbar.
    [*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    [*]When the scan is complete Notepad will open with the report file loaded in it.
    [*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

    Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
     
  7. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    lol i never even noticed.. suppose thats why your the expert :)
    Heres the log.


    WinPFind3 logfile created on: 4/11/2007 3:32:52 PM
    WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Kayla\Desktop\winpfind3u\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    4088.50 Mb Total Physical Memory | 2939.89 Mb Available Physical Memory | 71.90% Memory free
    5.25 Gb Paging File | 3.98 Gb Available in Paging File | 75.80% Paging File free
    Paging file location(s): ?:\pagefile.sys;

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 249.05 Gb Total Space | 104.19 Gb Free Space | 41.83% Space Free
    Drive D: | 249.05 Gb Total Space | 244.60 Gb Free Space | 98.21% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: Kayla
    Current User Name: Kayla
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 9:06:38 AM | Attr = ]
    agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 9:06:38 AM | Attr = ]
    avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 4/10/2007 3:34:10 PM | Attr = ]
    avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 4/10/2007 3:34:10 PM | Attr = ]
    avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 4/10/2007 3:34:10 PM | Attr = ]
    avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 4/10/2007 3:34:10 PM | Attr = ]
    avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/10/2007 3:34:16 PM | Attr = ]
    e_s4i3h2.exe -> %System32%\spool\drivers\w32x86\3\E_S4I3H2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 9/11/2003 1:00:00 PM | Attr = ]
    e_s4i3h2.exe -> %System32%\spool\drivers\w32x86\3\E_S4I3H2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 9/11/2003 1:00:00 PM | Attr = ]
    googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 2/28/2007 7:42:36 PM | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 2:23:28 AM | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 2:23:28 AM | Attr = ]
    nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 0, 0, 0 | Size = 94208 bytes | Modified Date = 9/3/2005 3:18:30 PM | Attr = ]
    nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 0, 0, 0 | Size = 94208 bytes | Modified Date = 9/3/2005 3:18:30 PM | Attr = ]
    pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 1/12/2005 3:01:32 AM | Attr = ]
    pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 1/12/2005 3:01:32 AM | Attr = ]
    reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 12:48:20 AM | Attr = ]
    sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools [Ver = 3.2.0.10 | Size = 700928 bytes | Modified Date = 10/10/2005 9:49:38 AM | Attr = ]
    sistray.exe -> %System32%\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3660 | Size = 266240 bytes | Modified Date = 3/4/2005 2:48:30 AM | Attr = ]
    sistray.exe -> %System32%\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3660 | Size = 266240 bytes | Modified Date = 3/4/2005 2:48:30 AM | Attr = ]
    soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 77824 bytes | Modified Date = 11/15/2004 8:20:20 PM | Attr = ]
    soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 77824 bytes | Modified Date = 11/15/2004 8:20:20 PM | Attr = ]
    winpfind3u.exe -> %SystemDrive%\Documents and Settings\David\Desktop\winpfind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 4/10/2007 3:34:10 PM | Attr = ]
    (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/10/2007 3:34:16 PM | Attr = ]
    (AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 4/10/2007 3:34:10 PM | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
    (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/28/2007 7:42:34 PM | Attr = ]
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 8:36:32 AM | Attr = ]
    (SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools [Ver = 3.2.0.10 | Size = 700928 bytes | Modified Date = 10/10/2005 9:49:38 AM | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 9:06:38 AM | Attr = ]
    AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 4/10/2007 3:34:10 PM | Attr = ]
    EPSON Stylus Photo R210 Series -> %System32%\spool\drivers\w32x86\3\E_S4I3H2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 9/11/2003 1:00:00 PM | Attr = ]
    NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
    RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 1/12/2005 3:01:32 AM | Attr = ]
    SiSPower -> %System32%\SiSPower.dll [Rundll32.exe SiSPower.dll,ModeAgent] -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3660 | Size = 49152 bytes | Modified Date = 3/4/2005 4:50:22 AM | Attr = R ]
    SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 77824 bytes | Modified Date = 11/15/2004 8:20:20 PM | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 2:23:28 AM | Attr = ]
    < RunOnce\Setup [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup
    Registrando Panda ActiveX -> %System32%\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll [C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll] -> File not found
    Registrando Panda Almacen -> %System32%\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll [C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll] -> File not found
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 0, 0, 0 | Size = 94208 bytes | Modified Date = 9/3/2005 3:18:30 PM | Attr = ]
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 12:48:20 AM | Attr = ]
    %AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/22/2006 11:01:50 PM | Attr = ]
    %AllUsersStartup%\Utility Tray.lnk -> %System32%\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3660 | Size = 266240 bytes | Modified Date = 3/4/2005 2:48:30 AM | Attr = ]
    < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> Reg Data - Key not found [] -> File not found
    {5FDC09D8-3426-48C4-9D20-A9B78FA99041} [HKLM] -> Reg Data - Value does not exist [] -> File not found
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
    WRNotifier -> WRLogonNTF.dll -> File not found
    < HOSTS File > (781 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
    127.0.0.1 localhost -> ->
    127.0.0.1 mpa.one.microsoft.com -> ->
    < Internet Explorer Settings > ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Search Page -> ->
    HKLM: Start Page -> http://www.ninemsn.com.au ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
    HKCU: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKCU: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    HKCU: ProxyEnable -> 0 ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    msn.com [ - ] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.2.7.dll [BitComet Helper] -> BitComet [Ver = 20070207 | Size = 158272 bytes | Modified Date = 2/8/2007 5:04:02 AM | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 2:23:24 AM | Attr = ]
    {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 10:55:32 PM | Attr = R ]
    {B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.0.0.265 | Size = 682296 bytes | Modified Date = 10/4/2005 10:43:08 AM | Attr = ]
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 10:55:32 PM | Attr = R ]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
    {77BA4270-C9C7-4B7E-B9B7-A9D913011B62} -> () ->
    {89A73597-921B-482D-80A9-B811D4793E24} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
    {9C49CBB6-0692-4EEC-B22F-0DC9D6464E56} -> () ->
    {A46D5777-B50A-4B69-8077-5D27F5C7EFCD} -> (NETGEAR WG311v2 802.11g Wireless PCI Adapter) ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    {17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151938061078 ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab ->


    [Files/Folders - Created Within 30 days]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/8/2007 2:13:21 PM | Attr = ]
    $NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/5/2007 9:40:40 AM | Attr = H ]
    $NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/15/2007 4:02:17 AM | Attr = H ]
    $NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 3/15/2007 4:03:16 AM | Attr = H ]
    diagerr.xml -> %SystemRoot%\diagerr.xml -> [Ver = | Size = 1905 bytes | Created Date = 3/19/2007 4:36:03 AM | Attr = ]
    diagwrn.xml -> %SystemRoot%\diagwrn.xml -> [Ver = | Size = 1905 bytes | Created Date = 3/19/2007 4:36:03 AM | Attr = ]
    libeay32.dll -> %SystemRoot%\libeay32.dll -> [Ver = | Size = 684032 bytes | Created Date = 4/9/2007 6:56:35 PM | Attr = ]
    PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [Ver = | Size = 151 bytes | Created Date = 3/23/2007 3:57:31 AM | Attr = ]
    Spy Sweeper 4.x.x FIX -> %SystemRoot%\Spy Sweeper 4.x.x FIX -> [Folder | Created Date = 4/9/2007 7:05:14 PM | Attr = ]
    ssleay32.dll -> %SystemRoot%\ssleay32.dll -> [Ver = | Size = 155648 bytes | Created Date = 4/9/2007 6:56:35 PM | Attr = ]
    WRUninstall.dll -> %SystemRoot%\WRUninstall.dll -> Webroot Software, Inc [Ver = 1.0.0.0 | Size = 468480 bytes | Created Date = 4/9/2007 6:56:35 PM | Attr = ]
    Uniblue SpyEraser.job -> %SystemRoot%\tasks\Uniblue SpyEraser.job -> [Ver = | Size = 338 bytes | Created Date = 4/9/2007 11:10:35 PM | Attr = ]
    XoftSpy.job -> %SystemRoot%\tasks\XoftSpy.job -> [Ver = | Size = 300 bytes | Created Date = 4/8/2007 2:55:05 PM | Attr = ]
    aoffadck.ini -> %System32%\aoffadck.ini -> [Ver = | Size = 1632277 bytes | Created Date = 4/6/2007 2:01:36 AM | Attr = HS]
    A_reg.reg -> %System32%\A_reg.reg -> [Ver = | Size = 14909 bytes | Created Date = 4/2/2007 3:29:48 PM | Attr = ]
    cdg.dll -> %System32%\cdg.dll -> Cucusoft Inc. [Ver = 1.00 | Size = 364544 bytes | Created Date = 4/2/2007 3:29:47 PM | Attr = ]
    cdga.dll -> %System32%\cdga.dll -> [Ver = 1.00 | Size = 348160 bytes | Created Date = 4/2/2007 3:29:47 PM | Attr = ]
    CLVSD.ax -> %System32%\CLVSD.ax -> CyberLink Corp. [Ver = 5.0.1316 | Size = 516096 bytes | Created Date = 4/2/2007 3:29:47 PM | Attr = ]
    exec1.exe -> %System32%\exec1.exe -> [Ver = | Size = 3526998 bytes | Created Date = 4/2/2007 3:31:42 PM | Attr = ]
    hvhitawv.ini -> %System32%\hvhitawv.ini -> [Ver = | Size = 1634251 bytes | Created Date = 4/7/2007 9:19:00 PM | Attr = HS]
    ijkmp.bak1 -> %System32%\ijkmp.bak1 -> [Ver = | Size = 490868 bytes | Created Date = 4/10/2007 12:49:29 PM | Attr = HS]
    ijkmp.ini -> %System32%\ijkmp.ini -> [Ver = | Size = 491444 bytes | Created Date = 4/10/2007 12:49:12 PM | Attr = HS]
    mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 4/6/2007 6:51:52 PM | Attr = ]
    PropListCtrl.ocx -> %System32%\PropListCtrl.ocx -> Cucusoft Inc. [Ver = 1, 0, 0, 1 | Size = 114688 bytes | Created Date = 4/2/2007 3:29:47 PM | Attr = ]
    SmartUI2.ocx -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Created Date = 3/15/2007 12:22:38 PM | Attr = ]
    winsusrm.dll -> %System32%\winsusrm.dll -> [Ver = | Size = 264 bytes | Created Date = 4/8/2007 2:19:55 PM | Attr = ]
    XceedCry.dll -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Created Date = 3/15/2007 12:19:58 PM | Attr = ]
    XceedZip.dll -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Created Date = 3/15/2007 12:23:16 PM | Attr = ]
    avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Created Date = 4/10/2007 3:34:16 PM | Attr = ]
    avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 4/10/2007 3:34:22 PM | Attr = ]
    avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 4/10/2007 3:34:24 PM | Attr = ]
    avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/10/2007 3:34:27 PM | Attr = ]
    avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Created Date = 4/10/2007 3:34:26 PM | Attr = ]
    avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 4/10/2007 3:34:26 PM | Attr = ]
    pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Created Date = 4/2/2007 3:33:57 PM | Attr = ]

    [Files/Folders - Modified Within 30 days]
    boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/11/2007 2:51:08 PM | Attr = RHS]
    Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/11/2007 3:31:08 PM | Attr = HS]
    ConverterOutput -> %SystemDrive%\ConverterOutput -> [Folder | Modified Date = 4/2/2007 4:25:26 PM | Attr = ]
    Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 4/11/2007 3:29:56 PM | Attr = ]
    Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 4/11/2007 3:26:32 PM | Attr = ]
    My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 4/10/2007 3:47:26 PM | Attr = ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/10/2007 3:34:10 PM | Attr = ]
    sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/9/2007 11:15:22 PM | Attr = H ]
    sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/9/2007 11:22:58 PM | Attr = H ]
    sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/10/2007 12:47:52 PM | Attr = H ]
    sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/10/2007 2:21:56 PM | Attr = H ]
    sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/3/2007 7:52:42 PM | Attr = H ]
    sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/4/2007 12:12:32 AM | Attr = H ]
    sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/5/2007 11:07:52 AM | Attr = H ]
    sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Modified Date = 4/5/2007 11:07:52 AM | Attr = H ]
    sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/5/2007 11:48:40 PM | Attr = H ]
    sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 4/5/2007 11:48:40 PM | Attr = H ]
    sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/6/2007 1:27:28 AM | Attr = H ]
    sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/6/2007 2:00:58 PM | Attr = H ]
    sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/7/2007 3:03:44 PM | Attr = H ]
    sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/7/2007 3:26:34 PM | Attr = H ]
    sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/7/2007 6:26:16 PM | Attr = H ]
    sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/8/2007 1:55:48 PM | Attr = H ]
    sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/8/2007 5:05:18 PM | Attr = H ]
    sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/8/2007 9:13:28 PM | Attr = H ]
    sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/8/2007 9:38:04 PM | Attr = H ]
    sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/9/2007 12:06:30 PM | Attr = H ]
    sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/9/2007 11:22:58 PM | Attr = H ]
    sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/10/2007 12:47:52 PM | Attr = H ]
    sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/10/2007 2:21:56 PM | Attr = H ]
    sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/3/2007 7:52:42 PM | Attr = H ]
    sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/4/2007 12:12:30 AM | Attr = H ]
    sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/5/2007 11:07:52 AM | Attr = H ]
    sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/5/2007 11:07:52 AM | Attr = H ]
    sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/5/2007 11:48:40 PM | Attr = H ]
    sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/5/2007 11:48:40 PM | Attr = H ]
    sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/6/2007 1:27:28 AM | Attr = H ]
    sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/6/2007 2:00:58 PM | Attr = H ]
    sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/7/2007 3:03:44 PM | Attr = H ]
    sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/7/2007 3:26:34 PM | Attr = H ]
    sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/7/2007 6:26:16 PM | Attr = H ]
    sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/8/2007 1:55:48 PM | Attr = H ]
    sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/8/2007 5:05:18 PM | Attr = H ]
    sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/8/2007 9:13:24 PM | Attr = H ]
    sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/8/2007 9:38:02 PM | Attr = H ]
    sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/9/2007 12:06:30 PM | Attr = H ]
    sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/9/2007 11:15:20 PM | Attr = H ]
    System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/8/2007 12:12:52 PM | Attr = HS]
    Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 3/22/2007 5:32:32 PM | Attr = ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/10/2007 3:34:48 PM | Attr = ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/10/2007 3:33:56 PM | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/5/2007 9:39:14 AM | Attr = H ]
    $NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/5/2007 9:40:44 AM | Attr = H ]
    $NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/15/2007 4:02:20 AM | Attr = H ]
    $NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 3/15/2007 4:03:18 AM | Attr = H ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/11/2007 2:45:02 PM | Attr = S]
    diagerr.xml -> %SystemRoot%\diagerr.xml -> [Ver = | Size = 1905 bytes | Modified Date = 3/19/2007 4:45:36 AM | Attr = ]
    diagwrn.xml -> %SystemRoot%\diagwrn.xml -> [Ver = | Size = 1905 bytes | Modified Date = 3/19/2007 4:45:36 AM | Attr = ]
    Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/10/2007 4:16:30 PM | Attr = S]
    Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/16/2007 2:53:02 PM | Attr = ]
    imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 3/15/2007 4:03:20 AM | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/7/2007 2:55:04 PM | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/11/2007 3:31:08 PM | Attr = HS]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 4/10/2007 3:45:48 PM | Attr = ]
    PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [Ver = | Size = 151 bytes | Modified Date = 3/23/2007 3:57:32 AM | Attr = ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/11/2007 3:19:12 PM | Attr = ]
    Spy Sweeper 4.x.x FIX -> %SystemRoot%\Spy Sweeper 4.x.x FIX -> [Folder | Modified Date = 4/9/2007 7:05:16 PM | Attr = ]
    system -> %SystemRoot%\system -> [Folder | Modified Date = 4/10/2007 3:33:54 PM | Attr = ]
    system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/11/2007 2:51:08 PM | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 4/10/2007 3:33:56 PM | Attr = ]
    Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/9/2007 11:10:36 PM | Attr = S]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/11/2007 3:31:28 PM | Attr = ]
    win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 679 bytes | Modified Date = 4/11/2007 2:51:08 PM | Attr = ]
    AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 4/7/2007 10:43:02 AM | Attr = ]
    RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 372 bytes | Modified Date = 4/5/2007 3:06:32 AM | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/11/2007 2:45:40 PM | Attr = H ]
    Uniblue SpyEraser.job -> %SystemRoot%\tasks\Uniblue SpyEraser.job -> [Ver = | Size = 338 bytes | Modified Date = 4/9/2007 11:10:36 PM | Attr = ]
    XoftSpy.job -> %SystemRoot%\tasks\XoftSpy.job -> [Ver = | Size = 300 bytes | Modified Date = 4/8/2007 2:55:06 PM | Attr = ]
    aoffadck.ini -> %System32%\aoffadck.ini -> [Ver = | Size = 1632277 bytes | Modified Date = 4/7/2007 3:27:12 PM | Attr = HS]
    CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 4/10/2007 2:12:20 PM | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/10/2007 3:36:10 PM | Attr = ]
    config -> %System32%\config -> [Folder | Modified Date = 4/10/2007 10:24:16 PM | Attr = ]
    CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 4/8/2007 11:22:30 AM | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/5/2007 9:40:46 AM | Attr = RHS]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 4/10/2007 3:34:28 PM | Attr = ]
    exec1.exe -> %System32%\exec1.exe -> [Ver = | Size = 3526998 bytes | Modified Date = 4/2/2007 3:31:44 PM | Attr = ]
    FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 91888 bytes | Modified Date = 4/5/2007 11:08:46 AM | Attr = ]
    Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 4/7/2007 7:14:04 PM | Attr = ]
    hvhitawv.ini -> %System32%\hvhitawv.ini -> [Ver = | Size = 1634251 bytes | Modified Date = 4/8/2007 11:48:32 AM | Attr = HS]
    ijkmp.bak1 -> %System32%\ijkmp.bak1 -> [Ver = | Size = 490868 bytes | Modified Date = 4/10/2007 12:49:32 PM | Attr = HS]
    ijkmp.ini -> %System32%\ijkmp.ini -> [Ver = | Size = 491444 bytes | Modified Date = 4/10/2007 2:12:22 PM | Attr = HS]
    mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 4/6/2007 6:51:54 PM | Attr = ]
    pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 4/7/2007 7:14:02 PM | Attr = ]
    perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 58596 bytes | Modified Date = 3/27/2007 1:13:40 PM | Attr = ]
    perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 392296 bytes | Modified Date = 3/27/2007 1:13:40 PM | Attr = ]
    PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 458340 bytes | Modified Date = 3/27/2007 1:13:40 PM | Attr = ]
    Restore -> %System32%\Restore -> [Folder | Modified Date = 4/8/2007 12:12:52 PM | Attr = ]
    SmartUI2.ocx -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 3/15/2007 12:22:38 PM | Attr = ]
    Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 4/7/2007 7:14:06 PM | Attr = ]
    winsusrm.dll -> %System32%\winsusrm.dll -> [Ver = | Size = 264 bytes | Modified Date = 4/8/2007 2:19:56 PM | Attr = ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 4/11/2007 3:30:50 PM | Attr = ]
    XceedCry.dll -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 3/15/2007 12:19:58 PM | Attr = ]
    XceedZip.dll -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 3/15/2007 12:23:16 PM | Attr = ]
    avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 4/10/2007 3:34:18 PM | Attr = ]
    avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 4/10/2007 3:34:24 PM | Attr = ]
    avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 4/10/2007 3:34:26 PM | Attr = ]
    avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 4/10/2007 3:34:28 PM | Attr = ]
    avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Modified Date = 4/10/2007 3:34:28 PM | Attr = ]
    avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 4/10/2007 3:34:28 PM | Attr = ]
    pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 4/2/2007 3:33:58 PM | Attr = ]

    [File String Scan - Non-Microsoft Only]
    WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.36 | Size = 16162816 bytes | Modified Date = 11/17/2004 6:08:06 PM | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 10:00:00 PM | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 2/1/2007 2:56:06 PM | Attr = ]
    Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 3/15/2007 12:22:38 PM | Attr = ]
    UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
    UPX! , UPX0 , -> %System32%\swreg.exe -> [Ver = | Size = 42496 bytes | Modified Date = 1/9/2006 10:36:04 AM | Attr = ]
    UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 10:36:06 AM | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 10:00:00 PM | Attr = ]
    Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 3/15/2007 12:19:58 PM | Attr = ]
    Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 3/15/2007 12:23:16 PM | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 10:00:00 PM | Attr = ]
    UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 4/10/2007 3:34:18 PM | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

    < End of report >
     
    Last edited: Apr 10, 2007
  8. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    OK... it will take a bit to go through the log.

    Might not get back to you until I'm home from work.
     
  9. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    Hey, no problem take your time, I'm getting used to the computer running slow now lol!
    I think there's a new symptom tho, I never really noticed it til today.
    My computer is on a network & when its on but not in use (no updates or programs that should be downloading) the wireless image on the router flashes as if there is something downloading.
    Would this be one of the start up processes using the connection to download certain content, or perhaps a vundo?
    I'm a bit confused because it never used to do it before these other problems appeared & it is downloading a bit too.
    Thank you again for helping me, i wouldn't be able to do this by myself :)
     
  10. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Most likely the infection... we'll take care of that though ;)
     
  11. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    haha excellent, looking forward to your help :p
     
  12. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

    Next, Please follow the steps below in order:

    Step #1

    Download CCleaner and install it but do not run it yet.

    Step #2

    Download AVG anti-spyware from HERE and save that file to your desktop.

    [*]Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    [*]Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
    [*]On the main screen select the icon "Update" then select the "Update now" link.
    [*]Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    [*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    [*]Once in the Settings screen, under "How to act" select "Quarantine".
    [*]Under "Reports"
    [*]Select "Automatically generate report after every scan"
    [*]Un-Select "Only if threats were found"

    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

    Step #3

    Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

    The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

    Reboot into Safe Mode by doing the following:

    [*]As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    [*]Use the arrow keys to select the Safe Mode menu item.
    [*]Press the Enter key.

    Step #4

    Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

    Step #5

    Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

    [*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    [*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:

    [*]Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    [*]At the bottom of the window click on the "Apply all actions" button

    Note: Don't save the report before you hit the Apply action button.

    [*]Next select the "Reports" icon at the top.
    [*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    [*]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


    Step #6

    Post the following back here:

    [*] a new WinPFind3U report
    [*] the AVG Anti-Spyware report
    [*] the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)

    I will review the information when it comes back in.

    Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
     
  13. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    Wow, how do you know to do all this stuff?
    Umm I don't know if it all worked, step 1 & 2 no problem but in step 3 an error message came up in WinPFind3U after i pasted this..

    .. Into the the Paste fix here window. It said, Cannot create file C:\WINDOWS\System32\drivers\etc\Hosts.

    So i deleted the following text from the window and then clicked the Run Fix botton

    The log generated from the above fix is the following

    & i wasn't asked if i want to reboot, if that means anything.

    Everything else worked just how you said with no further problems as far as i can tell :)
    The results of the AVG log are..

    & i will post a new WinPFind3U log in another post because I don't think there's enough room in this post now :)

     
  14. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    Computer is still slow on start up, normally taking 7-10 minutes from when its turned on till it fully loads.
    Here's the WinPFind3U log ran after all the steps :)
    Would a defrag help with the performance of the computer? I ran I last night but it kept stopping for some reason & wouldn't go to 100%
    There's also this 'Drive Fitness Test' http://www.hitachigst.com/hdd/support/download.htm#DFT
    that looks at the health of your hard drive, would that be worth a look at? Looking forward to your reply :)

    WinPFind3 logfile created on: 4/12/2007 3:04:25 PM
    WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Kayla\Desktop\winpfind3u\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    4088.50 Mb Total Physical Memory | 2851.28 Mb Available Physical Memory | 69.73% Memory free
    5.25 Gb Paging File | 3.71 Gb Available in Paging File | 70.66% Paging File free
    Paging file location(s): ?:\pagefile.sys;

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 249.05 Gb Total Space | 104.19 Gb Free Space | 41.83% Space Free
    Drive D: | 249.05 Gb Total Space | 244.60 Gb Free Space | 98.21% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded


    Computer Name: Kayla
    Current User Name: Kayla
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 9:06:38 AM | Attr = ]
    avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 10:20:00 PM | Attr = ]
    e_s4i3h2.exe -> %System32%\spool\drivers\w32x86\3\E_S4I3H2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 9/11/2003 1:00:00 PM | Attr = ]
    googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 2/28/2007 7:42:36 PM | Attr = ]
    guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/29/2006 12:13:20 AM | Attr = ]
    jucheck.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 251648 bytes | Modified Date = 12/15/2006 2:23:26 AM | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 2:23:28 AM | Attr = ]
    nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 0, 0, 0 | Size = 94208 bytes | Modified Date = 9/3/2005 3:18:30 PM | Attr = ]
    pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 1/12/2005 3:01:32 AM | Attr = ]
    sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools [Ver = 3.2.0.10 | Size = 700928 bytes | Modified Date = 10/10/2005 9:49:38 AM | Attr = ]
    sistray.exe -> %System32%\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3660 | Size = 266240 bytes | Modified Date = 3/4/2005 2:48:30 AM | Attr = ]
    soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 77824 bytes | Modified Date = 11/15/2004 8:20:20 PM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\winpfind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/29/2006 12:13:20 AM | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
    (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/28/2007 7:42:34 PM | Attr = ]
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 8:36:32 AM | Attr = ]
    (SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools [Ver = 3.2.0.10 | Size = 700928 bytes | Modified Date = 10/10/2005 9:49:38 AM | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 10:20:00 PM | Attr = ]
    AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 9:06:38 AM | Attr = ]
    EPSON Stylus Photo R210 Series -> %System32%\spool\drivers\w32x86\3\E_S4I3H2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 9/11/2003 1:00:00 PM | Attr = ]
    NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
    RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 1/12/2005 3:01:32 AM | Attr = ]
    SiSPower -> %System32%\SiSPower.dll [Rundll32.exe SiSPower.dll,ModeAgent] -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3660 | Size = 49152 bytes | Modified Date = 3/4/2005 4:50:22 AM | Attr = R ]
    SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 77824 bytes | Modified Date = 11/15/2004 8:20:20 PM | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 2:23:28 AM | Attr = ]
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 0, 0, 0 | Size = 94208 bytes | Modified Date = 9/3/2005 3:18:30 PM | Attr = ]
    swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 2/28/2007 7:42:36 PM | Attr = ]
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 12:48:20 AM | Attr = ]
    %AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/22/2006 11:01:50 PM | Attr = ]
    %AllUsersStartup%\Utility Tray.lnk -> %System32%\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3660 | Size = 266240 bytes | Modified Date = 3/4/2005 2:48:30 AM | Attr = ]
    < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/29/2006 12:13:28 AM | Attr = ]
    {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> Reg Data - Key not found [] -> File not found
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
    WRNotifier -> WRLogonNTF.dll -> File not found
    < HOSTS File > (781 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
    127.0.0.1 localhost -> ->
    127.0.0.1 mpa.one.microsoft.com -> ->
    < Internet Explorer Settings > ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Search Page -> ->
    HKLM: Start Page -> http://www.ninemsn.com.au ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Search Page -> ->
    HKCU: Start Page -> http://www.ninemsn.com.au ->
    HKCU: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
    HKCU: ProxyEnable -> 0 ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    msn.com [ - ] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
    {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.2.7.dll [BitComet Helper] -> BitComet [Ver = 20070207 | Size = 158272 bytes | Modified Date = 2/8/2007 5:04:02 AM | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 2:23:24 AM | Attr = ]
    {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 10:55:32 PM | Attr = R ]
    {B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.0.0.265 | Size = 682296 bytes | Modified Date = 10/4/2005 10:43:08 AM | Attr = ]
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 10:55:32 PM | Attr = R ]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
    < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 10:55:32 PM | Attr = R ]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
    {77BA4270-C9C7-4B7E-B9B7-A9D913011B62} -> () ->
    {89A73597-921B-482D-80A9-B811D4793E24} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
    {9C49CBB6-0692-4EEC-B22F-0DC9D6464E56} -> () ->
    {A46D5777-B50A-4B69-8077-5D27F5C7EFCD} -> (NETGEAR WG311v2 802.11g Wireless PCI Adapter) ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    {17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151938061078 ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab ->


    [Files/Folders - Created Within 30 days]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/8/2007 2:13:21 PM | Attr = ]
    $NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/5/2007 9:40:40 AM | Attr = H ]
    $NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/15/2007 4:02:17 AM | Attr = H ]
    $NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 3/15/2007 4:03:16 AM | Attr = H ]
    diagerr.xml -> %SystemRoot%\diagerr.xml -> [Ver = | Size = 1905 bytes | Created Date = 3/19/2007 4:36:03 AM | Attr = ]
    diagwrn.xml -> %SystemRoot%\diagwrn.xml -> [Ver = | Size = 1905 bytes | Created Date = 3/19/2007 4:36:03 AM | Attr = ]
    libeay32.dll -> %SystemRoot%\libeay32.dll -> [Ver = | Size = 684032 bytes | Created Date = 4/9/2007 6:56:35 PM | Attr = ]
    PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [Ver = | Size = 151 bytes | Created Date = 3/23/2007 3:57:31 AM | Attr = ]
    Spy Sweeper 4.x.x FIX -> %SystemRoot%\Spy Sweeper 4.x.x FIX -> [Folder | Created Date = 4/9/2007 7:05:14 PM | Attr = ]
    ssleay32.dll -> %SystemRoot%\ssleay32.dll -> [Ver = | Size = 155648 bytes | Created Date = 4/9/2007 6:56:35 PM | Attr = ]
    WRUninstall.dll -> %SystemRoot%\WRUninstall.dll -> Webroot Software, Inc [Ver = 1.0.0.0 | Size = 468480 bytes | Created Date = 4/9/2007 6:56:35 PM | Attr = ]
    Uniblue SpyEraser.job -> %SystemRoot%\tasks\Uniblue SpyEraser.job -> [Ver = | Size = 338 bytes | Created Date = 4/9/2007 11:10:35 PM | Attr = ]
    XoftSpy.job -> %SystemRoot%\tasks\XoftSpy.job -> [Ver = | Size = 300 bytes | Created Date = 4/8/2007 2:55:05 PM | Attr = ]
    cdg.dll -> %System32%\cdg.dll -> Cucusoft Inc. [Ver = 1.00 | Size = 364544 bytes | Created Date = 4/2/2007 3:29:47 PM | Attr = ]
    cdga.dll -> %System32%\cdga.dll -> [Ver = 1.00 | Size = 348160 bytes | Created Date = 4/2/2007 3:29:47 PM | Attr = ]
    CLVSD.ax -> %System32%\CLVSD.ax -> CyberLink Corp. [Ver = 5.0.1316 | Size = 516096 bytes | Created Date = 4/2/2007 3:29:47 PM | Attr = ]
    PropListCtrl.ocx -> %System32%\PropListCtrl.ocx -> Cucusoft Inc. [Ver = 1, 0, 0, 1 | Size = 114688 bytes | Created Date = 4/2/2007 3:29:47 PM | Attr = ]
    SmartUI2.ocx -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Created Date = 3/15/2007 12:22:38 PM | Attr = ]
    XceedCry.dll -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Created Date = 3/15/2007 12:19:58 PM | Attr = ]
    XceedZip.dll -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Created Date = 3/15/2007 12:23:16 PM | Attr = ]
    AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/12/2007 12:22:32 PM | Attr = ]
    pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Created Date = 4/2/2007 3:33:57 PM | Attr = ]

    [Files/Folders - Modified Within 30 days]
    boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/11/2007 2:51:08 PM | Attr = RHS]
    Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/11/2007 3:31:08 PM | Attr = HS]
    ConverterOutput -> %SystemDrive%\ConverterOutput -> [Folder | Modified Date = 4/2/2007 4:25:26 PM | Attr = ]
    Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 4/11/2007 3:29:56 PM | Attr = ]
    Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 4/11/2007 4:32:50 PM | Attr = ]
    My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 4/10/2007 3:47:26 PM | Attr = ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/12/2007 11:42:42 AM | Attr = ]
    RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/11/2007 4:32:36 PM | Attr = HS]
    sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/9/2007 11:15:22 PM | Attr = H ]
    sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/9/2007 11:22:58 PM | Attr = H ]
    sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/10/2007 12:47:52 PM | Attr = H ]
    sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/10/2007 2:21:56 PM | Attr = H ]
    sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/3/2007 7:52:42 PM | Attr = H ]
    sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/4/2007 12:12:32 AM | Attr = H ]
    sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/5/2007 11:07:52 AM | Attr = H ]
    sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Modified Date = 4/5/2007 11:07:52 AM | Attr = H ]
    sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/5/2007 11:48:40 PM | Attr = H ]
    sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 4/5/2007 11:48:40 PM | Attr = H ]
    sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/6/2007 1:27:28 AM | Attr = H ]
    sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/6/2007 2:00:58 PM | Attr = H ]
    sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/7/2007 3:03:44 PM | Attr = H ]
    sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/7/2007 3:26:34 PM | Attr = H ]
    sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/7/2007 6:26:16 PM | Attr = H ]
    sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/8/2007 1:55:48 PM | Attr = H ]
    sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/8/2007 5:05:18 PM | Attr = H ]
    sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/8/2007 9:13:28 PM | Attr = H ]
    sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/8/2007 9:38:04 PM | Attr = H ]
    sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/9/2007 12:06:30 PM | Attr = H ]
    sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/9/2007 11:22:58 PM | Attr = H ]
    sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/10/2007 12:47:52 PM | Attr = H ]
    sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/10/2007 2:21:56 PM | Attr = H ]
    sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/3/2007 7:52:42 PM | Attr = H ]
    sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/4/2007 12:12:30 AM | Attr = H ]
    sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/5/2007 11:07:52 AM | Attr = H ]
    sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/5/2007 11:07:52 AM | Attr = H ]
    sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/5/2007 11:48:40 PM | Attr = H ]
    sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/5/2007 11:48:40 PM | Attr = H ]
    sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/6/2007 1:27:28 AM | Attr = H ]
    sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/6/2007 2:00:58 PM | Attr = H ]
    sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/7/2007 3:03:44 PM | Attr = H ]
    sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/7/2007 3:26:34 PM | Attr = H ]
    sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/7/2007 6:26:16 PM | Attr = H ]
    sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/8/2007 1:55:48 PM | Attr = H ]
    sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/8/2007 5:05:18 PM | Attr = H ]
    sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/8/2007 9:13:24 PM | Attr = H ]
    sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/8/2007 9:38:02 PM | Attr = H ]
    sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/9/2007 12:06:30 PM | Attr = H ]
    sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/9/2007 11:15:20 PM | Attr = H ]
    System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/8/2007 12:12:52 PM | Attr = HS]
    Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 3/22/2007 5:32:32 PM | Attr = ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/10/2007 3:34:48 PM | Attr = ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/12/2007 2:35:14 PM | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/5/2007 9:39:14 AM | Attr = H ]
    $NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/5/2007 9:40:44 AM | Attr = H ]
    $NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/15/2007 4:02:20 AM | Attr = H ]
    $NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 3/15/2007 4:03:18 AM | Attr = H ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/12/2007 2:34:48 PM | Attr = S]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/12/2007 12:30:56 PM | Attr = ]
    diagerr.xml -> %SystemRoot%\diagerr.xml -> [Ver = | Size = 1905 bytes | Modified Date = 3/19/2007 4:45:36 AM | Attr = ]
    diagwrn.xml -> %SystemRoot%\diagwrn.xml -> [Ver = | Size = 1905 bytes | Modified Date = 3/19/2007 4:45:36 AM | Attr = ]
    Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/10/2007 4:16:30 PM | Attr = S]
    Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/16/2007 2:53:02 PM | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/7/2007 2:55:04 PM | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/11/2007 3:31:08 PM | Attr = HS]
    Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/12/2007 12:30:56 PM | Attr = ]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 4/12/2007 2:21:46 AM | Attr = ]
    PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [Ver = | Size = 151 bytes | Modified Date = 3/23/2007 3:57:32 AM | Attr = ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/12/2007 12:22:26 PM | Attr = ]
    Spy Sweeper 4.x.x FIX -> %SystemRoot%\Spy Sweeper 4.x.x FIX -> [Folder | Modified Date = 4/9/2007 7:05:16 PM | Attr = ]
    system -> %SystemRoot%\system -> [Folder | Modified Date = 4/12/2007 11:56:32 AM | Attr = ]
    system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/11/2007 2:51:08 PM | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 4/12/2007 2:31:30 PM | Attr = ]
    Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/9/2007 11:10:36 PM | Attr = S]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/12/2007 2:36:46 PM | Attr = ]
    win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 679 bytes | Modified Date = 4/11/2007 2:51:08 PM | Attr = ]
    AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 4/7/2007 10:43:02 AM | Attr = ]
    RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 372 bytes | Modified Date = 4/12/2007 3:00:22 AM | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/12/2007 2:35:16 PM | Attr = H ]
    Uniblue SpyEraser.job -> %SystemRoot%\tasks\Uniblue SpyEraser.job -> [Ver = | Size = 338 bytes | Modified Date = 4/9/2007 11:10:36 PM | Attr = ]
    XoftSpy.job -> %SystemRoot%\tasks\XoftSpy.job -> [Ver = | Size = 300 bytes | Modified Date = 4/8/2007 2:55:06 PM | Attr = ]
    CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 4/11/2007 11:39:52 PM | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/11/2007 11:39:48 PM | Attr = ]
    config -> %System32%\config -> [Folder | Modified Date = 4/10/2007 10:24:16 PM | Attr = ]
    CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 4/8/2007 11:22:30 AM | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/5/2007 9:40:46 AM | Attr = RHS]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 4/12/2007 12:22:34 PM | Attr = ]
    FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 91888 bytes | Modified Date = 4/5/2007 11:08:46 AM | Attr = ]
    Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 4/7/2007 7:14:04 PM | Attr = ]
    pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 4/7/2007 7:14:02 PM | Attr = ]
    perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 58596 bytes | Modified Date = 3/27/2007 1:13:40 PM | Attr = ]
    perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 392296 bytes | Modified Date = 3/27/2007 1:13:40 PM | Attr = ]
    PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 458340 bytes | Modified Date = 3/27/2007 1:13:40 PM | Attr = ]
    Restore -> %System32%\Restore -> [Folder | Modified Date = 4/8/2007 12:12:52 PM | Attr = ]
    SmartUI2.ocx -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 3/15/2007 12:22:38 PM | Attr = ]
    Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 4/7/2007 7:14:06 PM | Attr = ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 4/12/2007 2:36:34 PM | Attr = ]
    XceedCry.dll -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 3/15/2007 12:19:58 PM | Attr = ]
    XceedZip.dll -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 3/15/2007 12:23:16 PM | Attr = ]
    pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 4/2/2007 3:33:58 PM | Attr = ]

    [File String Scan - Non-Microsoft Only]
    WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.36 | Size = 16162816 bytes | Modified Date = 11/17/2004 6:08:06 PM | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 10:00:00 PM | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 2/1/2007 2:56:06 PM | Attr = ]
    Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 3/15/2007 12:22:38 PM | Attr = ]
    UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
    UPX! , UPX0 , -> %System32%\swreg.exe -> [Ver = | Size = 42496 bytes | Modified Date = 1/9/2006 10:36:04 AM | Attr = ]
    UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 10:36:06 AM | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 10:00:00 PM | Attr = ]
    Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 3/15/2007 12:19:58 PM | Attr = ]
    Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 3/15/2007 12:23:16 PM | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 10:00:00 PM | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

    < End of report >
     
  15. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    WinPFind log is clean.

    Can I get you to do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky,
    Click Yes.

    [*]The program will launch and then begin downloading the latest definition files:
    [*]Once the files have been downloaded click on NEXT
    [*]Now click on Scan Settings
    [*]In the scan settings make that the following are selected:

    [*]Scan using the following Anti-Virus database:

    Extended (if available otherwise Standard)

    [*]Scan Options:

    Scan Archives Scan Mail Bases

    [*]Click OK
    [*]Now under select a target to scan:

    Select My Computer

    [*]This will program will start and scan your system.
    [*]The scan will take a while so be patient and let it run.
    [*]Once the scan is complete it will display if your system has been infected.
    [*]Now click on the Save as Text button:
    [*]Save the file to your desktop.

    Post the log in your next reply please.
     
  16. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    Hi, Im so sorry it took me so long to reply, i had a bit of an emergency but all is better now, ill give your last step a go, again sorry!
     
  17. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    Ok heres the results, sorry again that it took me so long

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, April 20, 2007 2:00:48 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 20/04/2007
    Kaspersky Anti-Virus database records: 299713
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 36721
    Number of viruses found: 5
    Number of infected objects: 17 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 01:46:52

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\Kayla\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Kayla\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Kayla\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Kayla\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Kayla\Local Settings\History\History.IE5\MSHist012007042020070421\index.dat Object is locked skipped
    C:\Documents and Settings\Kayla\Local Settings\Temp\Perflib_Perfdata_720.dat Object is locked skipped
    C:\Documents and Settings\Kayla\Local Settings\Temp\~DF8E70.tmp Object is locked skipped
    C:\Documents and Settings\Kayla\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Kayla\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Kayla\My Documents\My Downloads\Comp\GenuineWindowsPatcher.rar/GenuineWindowsPatcher/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    C:\Documents and Settings\Kayla\My Documents\My Downloads\Comp\GenuineWindowsPatcher.rar/GenuineWindowsPatcher/keyfinder.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    C:\Documents and Settings\Kayla\My Documents\My Downloads\Comp\GenuineWindowsPatcher.rar/GenuineWindowsPatcher/keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    C:\Documents and Settings\Kayla\My Documents\My Downloads\Comp\GenuineWindowsPatcher.rar RAR: infected - 3 skipped
    C:\Documents and Settings\Kayla\My Documents\My Downloads\Comp\miniputtsetup.exe/63mm.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.a skipped
    C:\Documents and Settings\Kayla\My Documents\My Downloads\Comp\miniputtsetup.exe SetupFactory: infected - 1 skipped
    C:\Documents and Settings\Kayla\My Documents\My Downloads\Comp\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Kayla\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Kayla\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Downloads\Kaspersky Suite 2007 - Full (English-Spanish) 4in1 (AIO)\Kaspersky_Suite.exe.bc! Object is locked skipped
    C:\Downloads\Kaspersky Suite 2007 - Full (English-Spanish) 4in1 (AIO)\PLEASE README.txt Object is locked skipped
    C:\Downloads\Kaspersky Suite 2007 - Full (English-Spanish) 4in1 (AIO)\tracked_by_h33t_com.txt Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{37A3246E-8A77-4742-A276-558B5F7D7DF7}\RP150\A0072447.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{37A3246E-8A77-4742-A276-558B5F7D7DF7}\RP151\A0076459.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ig skipped
    C:\System Volume Information\_restore{37A3246E-8A77-4742-A276-558B5F7D7DF7}\RP151\A0076460.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ig skipped
    C:\System Volume Information\_restore{37A3246E-8A77-4742-A276-558B5F7D7DF7}\RP151\A0076462.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ig skipped
    C:\System Volume Information\_restore{37A3246E-8A77-4742-A276-558B5F7D7DF7}\RP151\A0076463.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ig skipped
    C:\System Volume Information\_restore{37A3246E-8A77-4742-A276-558B5F7D7DF7}\RP151\A0076464.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ig skipped
    C:\System Volume Information\_restore{37A3246E-8A77-4742-A276-558B5F7D7DF7}\RP151\A0076465.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ig skipped
    C:\System Volume Information\_restore{37A3246E-8A77-4742-A276-558B5F7D7DF7}\RP151\A0076466.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ig skipped
    C:\System Volume Information\_restore{37A3246E-8A77-4742-A276-558B5F7D7DF7}\RP152\A0077550.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ig skipped
    C:\System Volume Information\_restore{37A3246E-8A77-4742-A276-558B5F7D7DF7}\RP152\A0077564.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{37A3246E-8A77-4742-A276-558B5F7D7DF7}\RP156\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
  18. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    C:\Documents and Settings\Kayla\My Documents\My Downloads\Comp\GenuineWindowsPatcher.rar/GenuineWindowsPatcher/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    C:\Documents and Settings\Kayla\My Documents\My Downloads\Comp\GenuineWindowsPatcher.rar/GenuineWindowsPatcher/keyfinder.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    C:\Documents and Settings\Kayla\My Documents\My Downloads\Comp\GenuineWindowsPatcher.rar/GenuineWindowsPatcher/keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    C:\Documents and Settings\Kayla\My Documents\My Downloads\Comp\GenuineWindowsPatcher.rar RAR: infected - 3 skipped


    Hmmm... I don't like seeing those. Can you tell me what you are or have used that for?
     
  19. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    LOL! Yeah they look bad now I see them like that too.
    I brought a legit copy of XP & had it reinstalled when some files were deleted or something, but when it was returned MS said it was a illegal copy & therefore couldn't be activated. So instead of reinstalling the original copy of XP I downloaded a fix to turn it back into a version that ms recognises as legit, but there the files were clean when I downloaded them I scanned it with anti-virus software before extracting them. Don't know why it says there infected :|
    Would it be just as easy repartitioning that hard drive? I think whatever is on it isn't too keen on leaving in a hurry!
     
  20. bkf

    bkf Guest

    Kota guy: It will be interesting how you handle this one considering the universty. I have not been on much, cancer has jumped up once again so I have not been on much. Just to sick. Ask the universty to cut me some slack as I will not share what I was told I can not and would still like to go through if possiable. Ill try to get back into it after lord knows how much more radation. Im going to start glowing in the dark. I think you know what the above means. The "handle this one" line. I still at times try to get on and read logs then go off and do research on the problems I think I see. Bk
     

Share This Page