Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help with removing virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help with removing virus

Unread postby Cherny » June 26th, 2007, 11:54 pm

Hey, i have a virus i think repeats its self but I'm not sure, can anybody help
here is my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:52:50 PM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tuuaymmc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [94265434] kiafyqi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\mucfglin.dll",forkonce
O4 - HKLM\..\RunServices: [94265434] kiafyqi.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [seek settings] "C:\DOCUME~1\Bryden\APPLIC~1\CHINWA~1\ball tick.exe"
O4 - HKCU\..\Run: [94265434] kiafyqi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2111720765
O16 - DPF: {EFFF96BF-7DA7-4646-BE34-9624B0C1475E} (Zeus Learning::. Complex Application Distribution System Control (CADS)) - http://www.keyboarding.emcp.com/Resourc ... t/cads.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\tuuaymmc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Cherny
Regular Member
 
Posts: 27
Joined: June 25th, 2007, 9:37 pm
Advertisement
Register to Remove

Unread postby tim s » June 27th, 2007, 12:15 am

Hi Cherny,

Welcome to the MalWare Removal forums! I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:
  1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
  2. Understand that cleaning your computer can sometimes take multiple passes/posts,
    and it's important to follow the steps as listed including re-running scans as listed
  3. Please reply to this thread, do not start another.


If you can do those three things, everything should go smoothly

---------------------------------------------------------------

Please do the following:

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


-----------------------------------------------------------------------

Sometimes malware will hide from HiJackThis so we rename it.

Here's what I need you to do:
Get to C:\Program Files\Hijackthis\Hijackthis.exe
  1. Click on Start button
  2. Click on "My Computer" .
  3. Double click on the C: drive to open.
  4. Double click on "Program Files" Folder to open.
  5. Double click on "HijackThis" Folder to open.
Rename HijackThis.exe
  1. Right click on the HijackThis icon.
    Image
  2. Select Rename.
    Image
  3. Now type the following scanner.exe <<< NOTE: make sure to put period before exe when typing.
    Hit the enter key on keyboard.
    Image

You may want to create a shortcut on your desktop for easy use here.
  • Right click on the newly named icon Scanner.exe and choose Send To...
  • Click on Desktop(create shortcut)
  • Done.

Close all open windows and double click on Scanner.exe icon that you put on your desktop to run.
Click on Do a system scan and save a logfile. Post log in next reply.

Please let me know if you have any questions!

--------------------------------------------------------------------------

Please post these in next reply to this thread by using the postreply button:
C:\vundofix.txt
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Cherny » June 29th, 2007, 1:12 am

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [94265434] kiafyqi.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ndfdrmvc.dll",forkonce
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [94265434] kiafyqi.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [seek settings] "C:\DOCUME~1\Bryden\APPLIC~1\CHINWA~1\ball tick.exe"
O4 - HKCU\..\Run: [94265434] kiafyqi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2111720765
O16 - DPF: {EFFF96BF-7DA7-4646-BE34-9624B0C1475E} (Zeus Learning::. Complex Application Distribution System Control (CADS)) - http://www.keyboarding.emcp.com/Resourc ... t/cads.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtutqp - C:\WINDOWS\SYSTEM32\awtutqp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\tuuaymmc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Cherny
Regular Member
 
Posts: 27
Joined: June 25th, 2007, 9:37 pm

Unread postby Cherny » June 29th, 2007, 1:19 am

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 9:36:26 PM 6/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\jkkji.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 9:50:45 PM 6/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\geedb.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedb.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedb.dll Has been deleted!

Performing Repairs to the registry.
Done!
Cherny
Regular Member
 
Posts: 27
Joined: June 25th, 2007, 9:37 pm

Unread postby tim s » June 29th, 2007, 1:23 am

Hi Cherny

The top part of HJT log got cut off Please repost HJT log (you can run HJT scan again and post that one.)
Make sure to select all before copying.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Cherny » June 29th, 2007, 9:08 pm

Logfile of HijackThis v1.99.1
Scan saved at 6:06:36 PM, on 6/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tuuaymmc.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - (no file)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\jmyvilrx.dll
O2 - BHO: (no name) - {5B6E8165-3D3D-4985-97DC-AEFF369DA529} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {792C9254-B529-4092-B111-C4E38EBACE73} - C:\WINDOWS\system32\vtsqp.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\awtutqp.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83736CCD-2CCC-4A09-91E9-E39E83A0E388} - (no file)
O2 - BHO: (no name) - {8C616D74-ACA5-4E55-8482-A11C2B0AFAE1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B1014FE0-568F-4B67-9802-0579EA1DC95F} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {C9AD9B78-1852-4173-B62E-6D293A4081E6} - C:\WINDOWS\system32\jkkji.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [94265434] kiafyqi.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ndfdrmvc.dll",forkonce
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [94265434] kiafyqi.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [seek settings] "C:\DOCUME~1\Bryden\APPLIC~1\CHINWA~1\ball tick.exe"
O4 - HKCU\..\Run: [94265434] kiafyqi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2111720765
O16 - DPF: {EFFF96BF-7DA7-4646-BE34-9624B0C1475E} (Zeus Learning::. Complex Application Distribution System Control (CADS)) - http://www.keyboarding.emcp.com/Resourc ... t/cads.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtutqp - C:\WINDOWS\SYSTEM32\awtutqp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\tuuaymmc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Cherny
Regular Member
 
Posts: 27
Joined: June 25th, 2007, 9:37 pm

Unread postby tim s » June 29th, 2007, 11:17 pm

Hi Cherny

Thanks for posting logs.

We need to upload files to be examined, please go to the link below

Upload Malware

Please fill out the form with your details. Put your username in the correct box and give the following link to this topic.
http://www.malwareremoval.com/forum/viewtopic.php?t=21263


In the File(s) To Submit: copy and past the following (one line per box):

C:\WINDOWS\system32\tuuaymmc.exe

C:\WINDOWS\system32\jmyvilrx.dll

C:\WINDOWS\system32\vtsqp.dll

C:\WINDOWS\system32\awtutqp.dll

C:\WINDOWS\system32\ndfdrmvc.dll


Now click Send File and close the window.


---------------------------------------------------------------

Go to Start- Run – type in CMD and click OK. The MSDOS window will be displayed. At the prompt type the following:

SC Stop DomainService

Then press Enter

Type:

SC Delete DomainService

Then press Enter.

Type:

exit


Then press Enter


----------------------------------------------------------------

We need to run VundoFix again, but slightly differently than before.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once the scan is complete, Right Click inside the listbox (white box) and click add more files
  • copy (Highlight just what is inside of the quote box nothing outside of it) then paste the entry below into the top box:
      C:\WINDOWS\system32\jmyvilrx.dll
      C:\WINDOWS\system32\vtsqp.dll
      C:\WINDOWS\system32\awtutqp.dll
      C:\WINDOWS\system32\ndfdrmvc.dll

  • Click Add Files and Click Close Window
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


------------------------------------------------------------------

Next do the following:
1. Download this file - combofix.exe
2. Close all open windows.
3. Double click combofix.exe & follow the prompts.
4. When finished, it shall produce a log for you. It is located >> C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note: ComboFix may reset a number of Internet Explorer's settings.

---------------------------------------------------------------

Please post these in next reply;
C:\vundofix.txt
C:\ComboFix.txt
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Cherny » June 30th, 2007, 1:51 am

Logfile of HijackThis v1.99.1
Scan saved at 10:50:12 PM, on 6/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\tuuaymmc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - (no file)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\jmyvilrx.dll (file missing)
O2 - BHO: (no name) - {5B6E8165-3D3D-4985-97DC-AEFF369DA529} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {792C9254-B529-4092-B111-C4E38EBACE73} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: (no name) - {7A535622-274C-4D24-9025-49E2208C5F14} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\awtutqp.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83736CCD-2CCC-4A09-91E9-E39E83A0E388} - (no file)
O2 - BHO: (no name) - {8C616D74-ACA5-4E55-8482-A11C2B0AFAE1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B1014FE0-568F-4B67-9802-0579EA1DC95F} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {C9AD9B78-1852-4173-B62E-6D293A4081E6} - C:\WINDOWS\system32\jkkji.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [94265434] kiafyqi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\nbthufic.dll",forkonce
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [94265434] kiafyqi.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [seek settings] "C:\DOCUME~1\Bryden\APPLIC~1\CHINWA~1\ball tick.exe"
O4 - HKCU\..\Run: [94265434] kiafyqi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2111720765
O16 - DPF: {EFFF96BF-7DA7-4646-BE34-9624B0C1475E} (Zeus Learning::. Complex Application Distribution System Control (CADS)) - http://www.keyboarding.emcp.com/Resourc ... t/cads.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtutqp - C:\WINDOWS\SYSTEM32\awtutqp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\tuuaymmc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe




Java version is 1.5.0.11

Scan started at 10:02:23 PM 6/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\pqstv.bak1
C:\WINDOWS\system32\pqstv.bak2
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\vtsqp.dll

Beginning removal...

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jmyvilrx.dll
C:\WINDOWS\system32\jmyvilrx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ndfdrmvc.dll
C:\WINDOWS\system32\ndfdrmvc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.bak1
C:\WINDOWS\system32\pqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.bak2
C:\WINDOWS\system32\pqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Has been deleted!

Performing Repairs to the registry.
Done!
Cherny
Regular Member
 
Posts: 27
Joined: June 25th, 2007, 9:37 pm

Unread postby Cherny » June 30th, 2007, 2:13 am

"Bryden" - 2007-06-29 22:54:27 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\awtutqp.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bgtojepu.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\phiduajc.exe
C:\WINDOWS\system32\qtbhfcfi.exe
C:\WINDOWS\system32\rqjvwxsd.exe
C:\WINDOWS\system32\tuuaymmc.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))


2007-06-29 21:58 <DIR> d-------- C:\Program Files\iPod
2007-06-29 21:57 <DIR> d-------- C:\Program Files\iTunes
2007-06-29 21:46 128,576 --a------ C:\WINDOWS\system32\nbthufic.dll
2007-06-29 21:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-06-29 21:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-28 21:43 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-28 21:43 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-28 21:43 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-28 21:43 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-28 21:43 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-28 21:43 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-28 21:43 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-28 21:42 85,960 --a------ C:\WINDOWS\system32\build_dol.exe
2007-06-28 21:12 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-28 21:05 <DIR> d-------- C:\DOCUME~1\Bryden\APPLIC~1\iolo
2007-06-28 21:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-06-28 20:49 4,672 --a------ C:\WINDOWS\system32\miibnhxu.exe
2007-06-27 21:24 4,672 --a------ C:\WINDOWS\system32\iotuooxp.exe
2007-06-25 19:17 37,901 --------- C:\WINDOWS\art.exe
2007-06-25 19:17 178,688 --a------ C:\WINDOWS\gold.exe
2007-06-21 21:22 <DIR> d-------- C:\Program Files\XoftSpySE
2007-06-18 10:02 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-17 14:32 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-06-17 14:31 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-17 14:30 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-17 11:33 <DIR> d-------- C:\TrendMicroPCCsmall
2007-06-17 09:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-17 09:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-06-17 09:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-06-14 21:05 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 19:52 <DIR> d-------- C:\Program Files\Xilisoft
2007-06-13 07:44 <DIR> d-------- C:\DOCUME~1\Bryden\APPLIC~1\River Past G5
2007-06-13 07:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
2007-06-12 21:40 <DIR> d-------- C:\DOCUME~1\Taya\APPLIC~1\Leadertech
2007-06-10 15:07 430 --a------ C:\WINDOWS\system32\rwvspb32.dll
2007-06-09 22:40 <DIR> d-------- C:\DOCUME~1\Bryden\APPLIC~1\Reno 911 Paintball
2007-06-07 22:29 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2007-06-07 22:29 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-06-04 19:21 <DIR> d-------- C:\VundoFix Backups
2007-06-04 18:34 164 --a------ C:\install.dat
2007-06-04 18:32 <DIR> d-------- C:\DOCUME~1\Bryden\APPLIC~1\GetRightToGo
2007-06-03 22:51 <DIR> d-------- C:\Program Files\inKline Global
2007-06-03 14:13 <DIR> d-------- C:\Program Files\Smart Popup Blocker
2007-06-03 14:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-03 13:55 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-03 13:55 <DIR> d-------- C:\Program Files\CCleaner
2007-06-03 12:58 <DIR> d-------- C:\Program Files\Your Uninstaller 2006
2007-06-03 11:45 <DIR> d-------- C:\DOCUME~1\Bryden\APPLIC~1\URSoft
2007-06-03 09:47 <DIR> d-------- C:\Program Files\Panicware


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-30 04:54:56 -------- d-----w C:\Program Files\QuickTime
2007-06-29 04:10:58 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\uTorrent
2007-06-27 04:03:50 -------- d-----w C:\Program Files\LimeWire
2007-06-26 02:17:14 -------- d-----w C:\Program Files\MSN Messenger
2007-06-21 18:50:23 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\LimeWire
2007-06-13 14:51:02 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-13 14:51:02 -------- d-----w C:\Program Files\InterVideo
2007-06-03 23:12:14 -------- d-----w C:\Program Files\Cakewalk
2007-06-03 20:25:05 -------- d-----w C:\Program Files\MalwareBot
2007-06-03 20:10:46 -------- d-----w C:\Program Files\Only Astrology
2007-06-03 20:10:34 -------- d-----w C:\Program Files\AdwareAlert
2007-05-28 05:38:43 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Vso
2007-05-28 05:24:05 -------- d-----w C:\Program Files\CloneDVD
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 03:07:08 -------- d-----w C:\Program Files\Enigma Software Group
2007-05-07 04:19:27 81,920 ----a-w C:\DOCUME~1\Bryden\APPLIC~1\ezpinst.exe
2007-05-07 04:19:27 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-07 04:19:27 47,360 ----a-w C:\DOCUME~1\Bryden\APPLIC~1\pcouffin.sys
2007-05-06 17:10:42 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Sonic
2007-05-06 17:08:17 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Leadertech
2007-05-06 17:07:08 -------- d-----w C:\Program Files\Common Files\Sonic
2007-05-06 17:04:38 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\HP
2007-05-06 04:04:47 -------- d-----w C:\Program Files\HP
2007-05-06 04:01:45 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2007-05-06 01:23:45 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Image Zone Express
2007-05-06 01:20:12 112,912 ----a-w C:\WINDOWS\hpoins07.dat
2007-05-06 01:18:56 -------- d-----w C:\Program Files\Common Files\HP
2007-05-06 01:15:54 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-05-04 22:59:38 -------- d-----w C:\Program Files\STOPzilla!
2007-05-04 22:51:42 -------- d-----w C:\Program Files\SpeedItUpFree
2007-05-04 04:21:29 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-03 16:59:03 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\CHIN WARN
2007-05-02 01:44:38 -------- d-----w C:\Program Files\WinAVIVideoConverter
2007-05-01 02:58:49 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\STOPzilla!
2007-05-01 02:33:15 -------- d-----w C:\Program Files\NoAdware5.0
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-07 22:32:52 14 ----a-w C:\WINDOWS\system32\systeminfo3.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{5B6E8165-3D3D-4985-97DC-AEFF369DA529}=C:\WINDOWS\system32\jkkji.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{792C9254-B529-4092-B111-C4E38EBACE73}=C:\WINDOWS\system32\vtsqp.dll []
{7A535622-274C-4D24-9025-49E2208C5F14}=C:\WINDOWS\system32\vtsqp.dll []
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{B1014FE0-568F-4B67-9802-0579EA1DC95F}=C:\WINDOWS\system32\geedb.dll []
{C9AD9B78-1852-4173-B62E-6D293A4081E6}=C:\WINDOWS\system32\jkkji.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"94265434"="kiafyqi.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"seek settings"="C:\DOCUME~1\Bryden\APPLIC~1\CHINWA~1\ball tick.exe" [2007-03-30 18:30]
"94265434"="kiafyqi.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"94265434"=kiafyqi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-06-30 04:13:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-23 10:00:00 C:\WINDOWS\tasks\XoftSpySE.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-29 23:06:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-29 23:07:32 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-29 23:07
C:\ComboFix2.txt ... 2007-06-17 16:09
C:\ComboFix3.txt ... 2007-06-14 21:22

--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\awtutqp.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bgtojepu.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\phiduajc.exe
C:\WINDOWS\system32\qtbhfcfi.exe
C:\WINDOWS\system32\rqjvwxsd.exe
C:\WINDOWS\system32\tuuaymmc.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-30 04:54:56 -------- d-----w C:\Program Files\QuickTime
2007-06-29 04:10:58 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\uTorrent
2007-06-27 04:03:50 -------- d-----w C:\Program Files\LimeWire
2007-06-26 02:17:14 -------- d-----w C:\Program Files\MSN Messenger
2007-06-21 18:50:23 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\LimeWire
2007-06-13 14:51:02 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-13 14:51:02 -------- d-----w C:\Program Files\InterVideo
2007-06-03 23:12:14 -------- d-----w C:\Program Files\Cakewalk
2007-06-03 20:25:05 -------- d-----w C:\Program Files\MalwareBot
2007-06-03 20:10:46 -------- d-----w C:\Program Files\Only Astrology
2007-06-03 20:10:34 -------- d-----w C:\Program Files\AdwareAlert
2007-05-28 05:38:43 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Vso
2007-05-28 05:24:05 -------- d-----w C:\Program Files\CloneDVD
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 03:07:08 -------- d-----w C:\Program Files\Enigma Software Group
2007-05-07 04:19:27 81,920 ----a-w C:\DOCUME~1\Bryden\APPLIC~1\ezpinst.exe
2007-05-07 04:19:27 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-07 04:19:27 47,360 ----a-w C:\DOCUME~1\Bryden\APPLIC~1\pcouffin.sys
2007-05-06 17:10:42 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Sonic
2007-05-06 17:08:17 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Leadertech
2007-05-06 17:07:08 -------- d-----w C:\Program Files\Common Files\Sonic
2007-05-06 17:04:38 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\HP
2007-05-06 04:04:47 -------- d-----w C:\Program Files\HP
2007-05-06 04:01:45 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2007-05-06 01:23:45 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Image Zone Express
2007-05-06 01:20:12 112,912 ----a-w C:\WINDOWS\hpoins07.dat
2007-05-06 01:18:56 -------- d-----w C:\Program Files\Common Files\HP
2007-05-06 01:15:54 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-05-04 22:59:38 -------- d-----w C:\Program Files\STOPzilla!
2007-05-04 22:51:42 -------- d-----w C:\Program Files\SpeedItUpFree
2007-05-04 04:21:29 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-03 16:59:03 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\CHIN WARN
2007-05-02 01:44:38 -------- d-----w C:\Program Files\WinAVIVideoConverter
2007-05-01 02:58:49 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\STOPzilla!
2007-05-01 02:33:15 -------- d-----w C:\Program Files\NoAdware5.0
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-07 22:32:52 14 ----a-w C:\WINDOWS\system32\systeminfo3.dll
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\awtutqp.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bgtojepu.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\phiduajc.exe
C:\WINDOWS\system32\qtbhfcfi.exe
C:\WINDOWS\system32\rqjvwxsd.exe
C:\WINDOWS\system32\tuuaymmc.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-30 04:54:56 -------- d-----w C:\Program Files\QuickTime
2007-06-29 04:10:58 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\uTorrent
2007-06-27 04:03:50 -------- d-----w C:\Program Files\LimeWire
2007-06-26 02:17:14 -------- d-----w C:\Program Files\MSN Messenger
2007-06-21 18:50:23 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\LimeWire
2007-06-13 14:51:02 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-13 14:51:02 -------- d-----w C:\Program Files\InterVideo
2007-06-03 23:12:14 -------- d-----w C:\Program Files\Cakewalk
2007-06-03 20:25:05 -------- d-----w C:\Program Files\MalwareBot
2007-06-03 20:10:46 -------- d-----w C:\Program Files\Only Astrology
2007-06-03 20:10:34 -------- d-----w C:\Program Files\AdwareAlert
2007-05-28 05:38:43 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Vso
2007-05-28 05:24:05 -------- d-----w C:\Program Files\CloneDVD
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 03:07:08 -------- d-----w C:\Program Files\Enigma Software Group
2007-05-07 04:19:27 81,920 ----a-w C:\DOCUME~1\Bryden\APPLIC~1\ezpinst.exe
2007-05-07 04:19:27 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-07 04:19:27 47,360 ----a-w C:\DOCUME~1\Bryden\APPLIC~1\pcouffin.sys
2007-05-06 17:10:42 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Sonic
2007-05-06 17:08:17 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Leadertech
2007-05-06 17:07:08 -------- d-----w C:\Program Files\Common Files\Sonic
2007-05-06 17:04:38 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\HP
2007-05-06 04:04:47 -------- d-----w C:\Program Files\HP
2007-05-06 04:01:45 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2007-05-06 01:23:45 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\Image Zone Express
2007-05-06 01:20:12 112,912 ----a-w C:\WINDOWS\hpoins07.dat
2007-05-06 01:18:56 -------- d-----w C:\Program Files\Common Files\HP
2007-05-06 01:15:54 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-05-04 22:59:38 -------- d-----w C:\Program Files\STOPzilla!
2007-05-04 22:51:42 -------- d-----w C:\Program Files\SpeedItUpFree
2007-05-04 04:21:29 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-03 16:59:03 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\CHIN WARN
2007-05-02 01:44:38 -------- d-----w C:\Program Files\WinAVIVideoConverter
2007-05-01 02:58:49 -------- d-----w C:\DOCUME~1\Bryden\APPLIC~1\STOPzilla!
2007-05-01 02:33:15 -------- d-----w C:\Program Files\NoAdware5.0
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-07 22:32:52 14 ----a-w C:\WINDOWS\system32\systeminfo3.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{5B6E8165-3D3D-4985-97DC-AEFF369DA529}=C:\WINDOWS\system32\jkkji.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{792C9254-B529-4092-B111-C4E38EBACE73}=C:\WINDOWS\system32\vtsqp.dll []
{7A535622-274C-4D24-9025-49E2208C5F14}=C:\WINDOWS\system32\vtsqp.dll []
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{B1014FE0-568F-4B67-9802-0579EA1DC95F}=C:\WINDOWS\system32\geedb.dll []
{C9AD9B78-1852-4173-B62E-6D293A4081E6}=C:\WINDOWS\system32\jkkji.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"94265434"="kiafyqi.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"seek settings"="C:\DOCUME~1\Bryden\APPLIC~1\CHINWA~1\ball tick.exe" [2007-03-30 18:30]
"94265434"="kiafyqi.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"94265434"=kiafyqi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-06-30 04:13:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-23 10:00:00 C:\WINDOWS\tasks\XoftSpySE.job
Cherny
Regular Member
 
Posts: 27
Joined: June 25th, 2007, 9:37 pm

Unread postby tim s » June 30th, 2007, 10:05 pm

Hi Cherny

Please let me know if you were able to upload files to be examined?

From the looks of logs I need to see a log from this tool:

Note* If, after posting your reply, the last line is not < End of Report > then the log is too big to fit into a single reply post and you will need to split it into separate reply post.

Please do the following:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files.
It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Change settings Under Files/Folders Created Within-----
    • Click on 60 days
  • Change settings Under Files/Folders Modified Within-----
    • Click on 60 days
  • Next on the right side of screen Under Additional Scans
    • Put a checkmark in the box next to Reg-Uninstall List
    • Put a checkmark in the box next to File-Additional Folder Scan
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Use the Add Reply button and Copy/Paste the information back here.

Note* If, after posting your reply, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into separate reply post.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Cherny » July 1st, 2007, 12:08 am

I was able to submit the file for examination



WinPFind3 logfile created on: 2007-06-30 21:00:52
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Bryden\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

766.00 Mb Total Physical Memory | 443.18 Mb Available Physical Memory | 57.86% Memory free
1.83 Gb Paging File | 1.55 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 4.52 Gb Free Space | 12.14% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: BRYDENSCOMP
Current User Name: Bryden
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 12, 0, 0 | Size = 106496 bytes | Modified Date = 2007-06-28 04:06:52 | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 2007-04-30 08:42:48 | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 2007-04-30 09:04:38 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 2007-04-30 08:42:40 | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 2007-04-30 08:41:28 | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 2007-04-30 08:29:56 | Attr = ]
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 2005-09-30 20:22:50 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.4: 2007051502 | Size = 7637104 bytes | Modified Date = 2007-05-31 17:06:50 | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 2005-05-11 23:12:54 | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 2004-09-29 12:14:36 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 501048 bytes | Modified Date = 2007-06-28 09:14:32 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 270648 bytes | Modified Date = 2007-06-28 09:14:42 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 03:43:44 | Attr = ]
wbload.exe -> %ProgramFiles%\AlienGUIse\wbload.exe -> Stardock Systems, Inc [Ver = 4.51 | Size = 437760 bytes | Modified Date = 2005-05-12 12:02:24 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 2007-06-23 15:15:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2007-02-13 19:06:16 | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 12, 0, 0 | Size = 106496 bytes | Modified Date = 2007-06-28 04:06:52 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 2007-04-30 08:29:56 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 2007-04-30 08:42:40 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 2007-04-30 09:04:38 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 2007-04-30 08:41:28 | Attr = ]
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 2005-09-30 20:22:50 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 00:56:48 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 501048 bytes | Modified Date = 2007-06-28 09:14:32 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 2004-09-29 12:14:36 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
94265434 -> kiafyqi.exe -> File not found
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 2005-06-07 00:46:24 | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 2007-04-30 08:42:48 | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 2005-05-11 23:12:54 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 270648 bytes | Modified Date = 2007-06-28 09:14:42 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 2007-04-27 09:41:54 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 03:43:44 | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 2003-08-19 01:01:00 | Attr = ]
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices ->
94265434 -> kiafyqi.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
94265434 -> kiafyqi.exe -> File not found
seek settings -> %UserAppData%\CHIN WARN\ball tick.exe -> [Ver = | Size = 458752 bytes | Modified Date = 2007-03-30 18:30:02 | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2003-02-26 23:27:44 | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> [WebCheck] -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{8C616D74-ACA5-4E55-8482-A11C2B0AFAE1} [HKLM] -> Reg Data - Value does not exist [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 2003-04-07 01:06:48 | Attr = ]
WB -> %ProgramFiles%\AlienGUIse\fastload.dll -> Stardock [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 2001-12-21 00:34:52 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.google.com ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> \blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://www.google.com ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 2006-10-26 10:28:40 | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 2006-10-26 10:28:40 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-23 00:08:42 | Attr = ]
{0CF0B8EE-6596-11D5-A98E-0003470BB48E} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{5B6E8165-3D3D-4985-97DC-AEFF369DA529} [HKLM] -> %System32%\jkkji.dll [Reg Data - Value does not exist] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 2007-03-14 03:43:40 | Attr = ]
{792C9254-B529-4092-B111-C4E38EBACE73} [HKLM] -> %System32%\vtsqp.dll [Reg Data - Value does not exist] -> File not found
{7A535622-274C-4D24-9025-49E2208C5F14} [HKLM] -> %System32%\vtsqp.dll [Reg Data - Value does not exist] -> File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{83736CCD-2CCC-4A09-91E9-E39E83A0E388} [HKLM] -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
{8C616D74-ACA5-4E55-8482-A11C2B0AFAE1} [HKLM] -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
{B1014FE0-568F-4B67-9802-0579EA1DC95F} [HKLM] -> %System32%\geedb.dll [Reg Data - Value does not exist] -> File not found
{C9AD9B78-1852-4173-B62E-6D293A4081E6} [HKLM] -> %System32%\jkkji.dll [Reg Data - Value does not exist] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{8F05B1A8-9D77-4B8F-AF54-6B2202066F95} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 2006-10-26 10:28:40 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 2006-10-26 10:28:40 | Attr = ]
WebBrowser\\{F3DF2532-A2CC-48D8-8643-A033AE4FC313} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 2007-03-14 03:43:42 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 2007-03-14 03:43:40 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{23F39303-2EE9-46BB-ABE8-558E495AF464} -> (Broadcom 440x 10/100 Integrated Controller) ->
{2D5923FE-4A6F-4716-AFAD-C71E8D199218} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by102fd.bay102.hotmail.msn.com/r ... nPUpld.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/Fac ... loader.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.microsoft.com/microso ... 2111720765 ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
{EFFF96BF-7DA7-4646-BE34-9624B0C1475E} -> Zeus Learning::. Complex Application Distribution System Control (CADS) - CodeBase = http://www.keyboarding.emcp.com/Resourc ... t/cads.CAB ->


[Registry - Additional Scans - Non-Microsoft Only]
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0611BD4E-4FE4-4a62-B0C0-18A4CC463428} -> CP_Package_Variety1 ->
{08094E03-AFE4-4853-9D31-6D0743DF5328} -> QuickTime ->
{084709F7-38C5-4609-B55F-2417939315EB} -> Adobe Premiere Pro ->
{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3} -> Destinations ->
{09DA4F91-2A09-4232-AB8C-6BC740096DE3} -> Sonic Update Manager ->
{0B33B738-AD79-4E32-90C5-E67BFB10BBFF} -> AiO_Scan ->
{193DB24F-9A66-4896-8404-22D53EA89075} -> 1400_Help ->
{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A} -> CP_Package_Variety3 ->
{236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2 ->
{266959FA-0AEE-41D0-A88E-F1EAC10A7C14} -> 1400 ->
{2BD5C305-1B27-4D41-B690-7A61172D2FEB} -> Macromedia Flash 8 ->
{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C} -> Unload ->
{30C19FF2-7FBA-4d09-B9DE-1659977F64F6} -> TrayApp ->
{3248F0A8-6813-11D6-A77B-00B0D0150030} -> J2SE Runtime Environment 5.0 Update 3 ->
{3248F0A8-6813-11D6-A77B-00B0D0150110} -> J2SE Runtime Environment 5.0 Update 11 ->
{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1 ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978) ->
{43983EB4-43DC-4C3D-9712-1EF592A31CA8} -> OpenOffice.org 2.1 ->
{468190DA-FB4C-45BA-8E40-4B165FF1A939} -> BACS ->
{49672EC2-171B-47B4-8CE7-50D7806360D7} -> Windows Live Sign-in Assistant ->
{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} -> Adobe® Photoshop® Album Starter Edition 3.0 ->
{52504CE6-E909-4113-B232-4AFEC6543A61} -> Broadcom 440x 10/100 Integrated Controller ->
{54DC27A1-2708-421E-8915-119955DB3B92} -> PC Camera (6029 CIF) ->
{54E3707F-808E-4fd4-95C9-15D1AB077E5D} -> NewCopy ->
{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} -> Macromedia Extension Manager ->
{56F6A91D-46D4-4919-ABE6-55BD17DEB039} -> Quick Movie Magic 1.0E ->
{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE} -> WebReg ->
{571700F0-DB9D-4B3A-B03D-35A14BB5939F} -> Windows Live Messenger ->
{5B622B7A-60FB-4630-B11D-F121D20BCCD6} -> MarketResearch ->
{5B79CFD1-6845-4158-9D7D-6BE89DF2C135} -> HP PSC & OfficeJet 5.3.B ->
{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} -> eSupportQFolder ->
{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724} -> DocProc ->
{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15} -> CustomerResearchQFolder ->
{7850A6D2-CBEA-4728-9877-F1BEDEA9F619} -> AiOSoftware ->
{7C9B95B7-B598-4398-B30F-7F6827192E6C} -> ProductContext ->
{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB} -> iTunes ->
{885A63EA-382B-4DD4-A755-14809B8557D6} -> Macromedia Flash Player 8 ->
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel(R) Extreme Graphics Driver ->
{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} -> Macromedia Flash 8 Video Encoder ->
{8C6027FD-53DC-446D-BB75-CACD7028A134} -> HP Update ->
{8EDBA74D-0686-4C99-BFDD-F894678E5B39} -> Adobe Common File Installer ->
{8FC46258-0843-4D79-B7F0-F2B82FE6173B} -> Apple Mobile Device Support ->
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 ->
{91057632-CA70-413C-B628-2D3CDBBB906B} -> Macromedia Flash Player 8 Plugin ->
{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F} -> Readme ->
{A195B13E-A5E3-4BAF-A995-7F70F445CD06} -> ScannerCopy ->
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable ->
{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} -> Apple Software Update ->
{AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder ->
{AC76BA86-7AD7-1033-7B44-A80000000002} -> Adobe Reader 8 ->
{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA} -> CP_Package_Variety2 ->
{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC} -> BufferChm ->
{BA0601E1-B65C-11D5-80A9-0000B494D9A6} -> PC Booster ->
{C506A18C-1469-4678-B094-F4EC9DAE6DB7} -> Scan ->
{C510CA36-98D6-4F07-8AFF-81E7399A075B} -> 1400Trb ->
{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC} -> Fax ->
{D1014B9B-5704-4B27-B581-1C19B72528D1} -> Panasonic DVC USB Driver ->
{D78653C3-A8FF-415F-92E6-D774E634FF2D} -> Dell ResourceCD ->
{E07C71A6-1576-4F7F-8856-B1C439E669AC} -> MotionDV STUDIO 5.6E LE for DV ->
{E3F90083-80D4-4b5a-87C7-E97E12F5516D} -> HPProductAssistant ->
{EA103B64-C0E4-4C0E-A506-751590E1653D} -> SolutionCenter ->
{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4} -> Status ->
{FE64AE29-0883-4C70-8388-DC026019C900} -> HP Image Zone Express ->
Ad-Aware SE Professional -> Ad-Aware SE Professional ->
Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2 ->
Adobe Shockwave Player -> Adobe Shockwave Player ->
AlienGUIse Theme Manager -> AlienGUIse Theme Manager ->
avast! -> avast! Antivirus ->
CAL -> Canon Camera Access Library ->
CameraWindowDVC5 -> Canon Camera Window DC_DV 5 for ZoomBrowser EX ->
CameraWindowDVC6 -> Canon Camera Window DC_DV 6 for ZoomBrowser EX ->
CameraWindowMC -> Canon Camera Window MC 6 for ZoomBrowser EX ->
Canon G.726 WMP-Decoder -> Canon G.726 WMP-Decoder ->
CCleaner -> CCleaner (remove only) ->
CNXT_MODEM_PCI_VEN_14F1&DEV_2702 -> Conexant SmartHSFi V.9x 56K DF PCI Modem ->
CSCLIB -> Canon Camera Support Core Library ->
EOS Utility -> Canon Utilities EOS Utility ->
HijackThis -> HijackThis 1.99.1 ->
Hijackthis_is1 -> Hijackthis 1.99.1 ->
HP Imaging Device Functions -> HP Imaging Device Functions 5.3 ->
HP Solution Center & Imaging Support Tools -> HP Solution Center & Imaging Support Tools 5.3 ->
HPExtendedCapabilities -> HP Extended Capabilities 5.3 ->
InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939} -> Broadcom Advanced Control Suite ->
InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61} -> Broadcom 440x 10/100 Integrated Controller ->
InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1} -> Panasonic DVC USB Driver ->
InterActual Player -> InterActual Player ->
KB873339 -> Windows XP Hotfix - KB873339 ->
KB885835 -> Windows XP Hotfix - KB885835 ->
KB885836 -> Windows XP Hotfix - KB885836 ->
KB886185 -> Windows XP Hotfix - KB886185 ->
KB887472 -> Windows XP Hotfix - KB887472 ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB890046 -> Security Update for Windows XP (KB890046) ->
KB890859 -> Windows XP Hotfix - KB890859 ->
KB891781 -> Windows XP Hotfix - KB891781 ->
KB892130 -> Windows Genuine Advantage Validation Tool (KB892130) ->
KB893756 -> Security Update for Windows XP (KB893756) ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB896358 -> Security Update for Windows XP (KB896358) ->
KB896423 -> Security Update for Windows XP (KB896423) ->
KB896424 -> Security Update for Windows XP (KB896424) ->
KB896428 -> Security Update for Windows XP (KB896428) ->
KB898461 -> Update for Windows XP (KB898461) ->
KB899587 -> Security Update for Windows XP (KB899587) ->
KB899591 -> Security Update for Windows XP (KB899591) ->
KB900485 -> Update for Windows XP (KB900485) ->
KB900725 -> Security Update for Windows XP (KB900725) ->
KB901017 -> Security Update for Windows XP (KB901017) ->
KB901214 -> Security Update for Windows XP (KB901214) ->
KB902400 -> Security Update for Windows XP (KB902400) ->
KB904706 -> Security Update for Windows XP (KB904706) ->
KB905414 -> Security Update for Windows XP (KB905414) ->
KB905749 -> Security Update for Windows XP (KB905749) ->
KB908519 -> Security Update for Windows XP (KB908519) ->
KB908531 -> Update for Windows XP (KB908531) ->
KB910437 -> Update for Windows XP (KB910437) ->
KB911280 -> Update for Windows XP (KB911280) ->
KB911562 -> Security Update for Windows XP (KB911562) ->
KB911564 -> Security Update for Windows Media Player (KB911564) ->
KB911927 -> Security Update for Windows XP (KB911927) ->
KB912919 -> Security Update for Windows XP (KB912919) ->
KB913580 -> Security Update for Windows XP (KB913580) ->
KB914388 -> Security Update for Windows XP (KB914388) ->
KB914389 -> Security Update for Windows XP (KB914389) ->
KB916595 -> Update for Windows XP (KB916595) ->
KB917344 -> Security Update for Windows XP (KB917344) ->
KB917422 -> Security Update for Windows XP (KB917422) ->
KB917734_WMP8 -> Security Update for Windows Media Player 8 (KB917734) ->
KB917734_WMP9 -> Security Update for Windows Media Player 9 (KB917734) ->
KB917953 -> Security Update for Windows XP (KB917953) ->
KB918118 -> Security Update for Windows XP (KB918118) ->
KB919007 -> Security Update for Windows XP (KB919007) ->
KB920213 -> Security Update for Windows XP (KB920213) ->
KB920670 -> Security Update for Windows XP (KB920670) ->
KB920683 -> Security Update for Windows XP (KB920683) ->
KB920685 -> Security Update for Windows XP (KB920685) ->
KB920872 -> Update for Windows XP (KB920872) ->
KB921398 -> Security Update for Windows XP (KB921398) ->
KB921883 -> Security Update for Windows XP (KB921883) ->
KB922582 -> Update for Windows XP (KB922582) ->
KB922616 -> Security Update for Windows XP (KB922616) ->
KB922819 -> Security Update for Windows XP (KB922819) ->
KB923191 -> Security Update for Windows XP (KB923191) ->
KB923414 -> Security Update for Windows XP (KB923414) ->
KB923689 -> Security Update for Windows XP (KB923689) ->
KB923694 -> Security Update for Windows XP (KB923694) ->
KB923789 -> Security Update for Windows XP (KB923789) ->
KB923980 -> Security Update for Windows XP (KB923980) ->
KB924191 -> Security Update for Windows XP (KB924191) ->
KB924270 -> Security Update for Windows XP (KB924270) ->
KB924496 -> Security Update for Windows XP (KB924496) ->
KB924667 -> Security Update for Windows XP (KB924667) ->
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) ->
KB925902 -> Security Update for Windows XP (KB925902) ->
KB926239 -> Hotfix for Windows XP (KB926239) ->
KB926255 -> Security Update for Windows XP (KB926255) ->
KB926436 -> Security Update for Windows XP (KB926436) ->
KB927779 -> Security Update for Windows XP (KB927779) ->
KB927802 -> Security Update for Windows XP (KB927802) ->
KB927891 -> Update for Windows XP (KB927891) ->
KB928090 -> Security Update for Windows XP (KB928090) ->
KB928255 -> Security Update for Windows XP (KB928255) ->
KB928843 -> Security Update for Windows XP (KB928843) ->
KB929123 -> Security Update for Windows XP (KB929123) ->
KB929338 -> Update for Windows XP (KB929338) ->
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) ->
KB929969 -> Security Update for Windows XP (KB929969) ->
KB930178 -> Security Update for Windows XP (KB930178) ->
KB930916 -> Update for Windows XP (KB930916) ->
KB931261 -> Security Update for Windows XP (KB931261) ->
KB931768 -> Security Update for Windows XP (KB931768) ->
KB931784 -> Security Update for Windows XP (KB931784) ->
KB931836 -> Update for Windows XP (KB931836) ->
KB932168 -> Security Update for Windows XP (KB932168) ->
KB933566 -> Security Update for Windows XP (KB933566) ->
KB935839 -> Security Update for Windows XP (KB935839) ->
KB935840 -> Security Update for Windows XP (KB935840) ->
LimeWire -> LimeWire PRO 4.12.3 ->
MainApp.exe_is1 -> CloneDVD 4.0 ->
MovieEditTask -> Canon MovieEdit Task for ZoomBrowser EX ->
Mozilla Firefox (2.0.0.4) -> Mozilla Firefox (2.0.0.4) ->
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP ->
Only Astrology -> Only Astrology ->
PhotoStitch -> Canon Utilities PhotoStitch ->
RAW Image Task -> Canon RAW Image Task for ZoomBrowser EX ->
Registry Mechanic_is1 -> Registry Mechanic 6.0 ->
RemoteCaptureTask -> Canon RemoteCapture Task for ZoomBrowser EX ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
uTorrent -> µTorrent ->
WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->
WgaNotify -> Windows Genuine Advantage Notifications (KB905474) ->
WinAVIVideoConverter_is1 -> WinAVIVideoConverter ->
Windows Media Format Runtime -> Windows Media Format 11 runtime ->
Windows Media Player -> Windows Media Player 11 ->
Windows XP Service Pack -> Windows XP Service Pack 2 ->
WinRAR archiver -> WinRAR archiver ->
WMFDist11 -> Windows Media Format 11 runtime ->
wmp11 -> Windows Media Player 11 ->
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 ->
XoftSpySE -> XoftSpySE ->
Your Uninstaller! 2006_is1 -> Your Uninstaller! 2006 Version 5 ->
ZoomBrowser EX -> Canon Utilities ZoomBrowser EX ->


[Files/Folders - Created Within 60 days]
Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 2007-06-29 22:01:21 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-06-29 21:53:28 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2007-06-29 20:48:51 | Attr = HS]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 2007-06-04 17:34:59 | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2007-06-14 20:07:43 | Attr = ]
TrendMicroPCCsmall -> %SystemDrive%\TrendMicroPCCsmall -> [Folder | Created Date = 2007-06-17 10:33:22 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2007-06-04 18:21:28 | Attr = ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 2007-05-22 21:44:02 | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 2007-06-12 21:15:43 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 2007-05-09 22:12:05 | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 2007-05-09 22:12:18 | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 2007-06-12 21:15:53 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 2007-06-12 21:14:38 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 2007-06-12 21:15:37 | Attr = H ]
art.exe -> %SystemRoot%\art.exe -> [Ver = | Size = 37901 bytes | Created Date = 2007-06-25 18:17:12 | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87552 bytes | Created Date = 2007-06-14 20:05:31 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2007-06-14 20:08:16 | Attr = ]
gold.exe -> %SystemRoot%\gold.exe -> Emergy Development [Ver = 1.00 | Size = 178688 bytes | Created Date = 2007-06-25 18:17:07 | Attr = ]
hpoins07.dat -> %SystemRoot%\hpoins07.dat -> [Ver = | Size = 112912 bytes | Created Date = 2007-05-05 17:09:33 | Attr = ]
hpomdl07.dat -> %SystemRoot%\hpomdl07.dat -> [Ver = | Size = 21124 bytes | Created Date = 2007-05-05 17:09:33 | Attr = ]
HP_48BitScanUpdatePatch.ini -> %SystemRoot%\HP_48BitScanUpdatePatch.ini -> [Ver = | Size = 214 bytes | Created Date = 2007-05-05 20:06:11 | Attr = ]
HP_CounterReport_Update_HPSU.ini -> %SystemRoot%\HP_CounterReport_Update_HPSU.ini -> [Ver = | Size = 227 bytes | Created Date = 2007-05-05 20:06:23 | Attr = ]
HP_RedboxHprblog_HPSU.ini -> %SystemRoot%\HP_RedboxHprblog_HPSU.ini -> [Ver = | Size = 221 bytes | Created Date = 2007-05-05 20:02:05 | Attr = ]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 2007-06-17 13:30:50 | Attr = ]
IsUninst.exe -> %SystemRoot%\IsUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Created Date = 2007-05-05 17:13:17 | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 2007-05-03 20:21:39 | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 2007-06-14 20:05:31 | Attr = ]
popupads.ini -> %SystemRoot%\popupads.ini -> [Ver = | Size = 398 bytes | Created Date = 2007-06-03 14:20:23 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 2007-06-29 21:00:34 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 2007-06-29 21:00:34 | Attr = H ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7168 bytes | Created Date = 2007-05-22 11:02:48 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
Title.INI -> %SystemRoot%\Title.INI -> [Ver = | Size = 117 bytes | Created Date = 2007-06-22 14:33:36 | Attr = ]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 364 bytes | Created Date = 2007-06-21 20:22:17 | Attr = ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 2007-06-28 20:43:34 | Attr = ]
ACTSKN43.OCX -> %System32%\ACTSKN43.OCX -> [Ver = 4, 3, 0, 0 | Size = 389120 bytes | Created Date = 2007-06-07 21:29:14 | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Created Date = 2007-06-28 20:43:34 | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 95872 bytes | Created Date = 2007-06-28 20:43:44 | Attr = ]
cifuhtbn.ini -> %System32%\cifuhtbn.ini -> [Ver = | Size = 3162480 bytes | Created Date = 2007-06-29 20:47:04 | Attr = HS]
cjpgpydk.ini -> %System32%\cjpgpydk.ini -> [Ver = | Size = 1067576 bytes | Created Date = 2007-06-03 15:38:36 | Attr = HS]
cvmrdfdn.ini -> %System32%\cvmrdfdn.ini -> [Ver = | Size = 2218754 bytes | Created Date = 2007-06-28 08:24:01 | Attr = HS]
Flash.ocx -> %System32%\Flash.ocx -> Macromedia, Inc. [Ver = 8,0,22,0 | Size = 1435272 bytes | Created Date = 2007-06-07 21:29:15 | Attr = ]
HPZidr12.dll -> %System32%\HPZidr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 278584 bytes | Created Date = 2007-05-05 17:13:42 | Attr = ]
HPZinw12.exe -> %System32%\HPZinw12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 61440 bytes | Created Date = 2007-05-05 17:13:42 | Attr = ]
HPZipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Created Date = 2007-05-05 17:13:42 | Attr = ]
HPZipr12.dll -> %System32%\HPZipr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 204800 bytes | Created Date = 2007-05-05 17:13:42 | Attr = ]
HPZipt12.dll -> %System32%\HPZipt12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 94208 bytes | Created Date = 2007-05-05 17:13:42 | Attr = ]
HPZisn12.dll -> %System32%\HPZisn12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 57344 bytes | Created Date = 2007-05-05 17:13:42 | Attr = ]
ijkmp.ini -> %System32%\ijkmp.ini -> [Ver = | Size = 353 bytes | Created Date = 2007-06-03 15:32:21 | Attr = HS]
iotuooxp.exe -> %System32%\iotuooxp.exe -> [Ver = | Size = 4672 bytes | Created Date = 2007-06-27 20:24:20 | Attr = ]
lfknbjex.ini -> %System32%\lfknbjex.ini -> [Ver = | Size = 963405 bytes | Created Date = 2007-06-27 08:04:13 | Attr = HS]
LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 2007-06-17 08:44:15 | Attr = ]
miibnhxu.exe -> %System32%\miibnhxu.exe -> [Ver = | Size = 4672 bytes | Created Date = 2007-06-28 19:49:14 | Attr = ]
nbthufic.dll -> %System32%\nbthufic.dll -> [Ver = | Size = 128576 bytes | Created Date = 2007-06-29 20:46:59 | Attr = ]
nilgfcum.ini -> %System32%\nilgfcum.ini -> [Ver = | Size = 966388 bytes | Created Date = 2007-06-26 12:10:30 | Attr = HS]
ProgressBar4.ocx -> %System32%\ProgressBar4.ocx -> Ariad Software [Ver = 4.01.0007 | Size = 89088 bytes | Created Date = 2007-06-07 21:29:14 | Attr = ]
rwvspb32.dll -> %System32%\rwvspb32.dll -> [Ver = | Size = 430 bytes | Created Date = 2007-06-10 14:07:53 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 2007-06-14 20:05:31 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-06-14 20:05:31 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-06-14 20:05:31 | Attr = ]
threadapi.tlb -> %System32%\threadapi.tlb -> [Ver = | Size = 11012 bytes | Created Date = 2007-06-07 21:29:14 | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-06-14 20:05:31 | Attr = ]
XceedBkp.dll -> %System32%\XceedBkp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.0.108.0 | Size = 423784 bytes | Created Date = 2007-06-07 21:29:15 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 2007-06-17 13:32:04 | Attr = H ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 26888 bytes | Created Date = 2007-06-28 20:43:48 | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 85952 bytes | Created Date = 2007-06-28 20:43:41 | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 94552 bytes | Created Date = 2007-06-28 20:43:41 | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 23416 bytes | Created Date = 2007-06-28 20:43:50 | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 43176 bytes | Created Date = 2007-06-28 20:43:49 | Attr = ]
HPZipr12.sys -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Created Date = 2007-05-05 17:15:27 | Attr = R ]
pfc.sys -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 200 | Size = 14604 bytes | Created Date = 2007-05-03 10:52:13 | Attr = ]
hosts.cru -> %System32%\drivers\etc\hosts.cru -> [Ver = | Size = 27 bytes | Created Date = 2007-06-25 18:19:12 | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 27 bytes | Created Date = 2007-06-03 15:14:48 | Attr = ]
tmvsthfss.bin -> %System32%\drivers\etc\tmvsthfss.bin -> [Ver = | Size = 27 bytes | Created Date = 2007-06-17 08:33:31 | Attr = ]
tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin -> [Ver = | Size = 27 bytes | Created Date = 2007-06-17 08:33:31 | Attr = ]
Apple -> %AllUsersAppData%\Apple -> [Folder | Created Date = 2007-06-29 20:46:03 | Attr = ]
DVD Shrink -> %AllUsersAppData%\DVD Shrink -> [Folder | Created Date = 2007-05-07 15:03:57 | Attr = ]
DVDXStudio -> %AllUsersAppData%\DVDXStudio -> [Folder | Created Date = 2007-05-06 20:19:16 | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 2007-06-16 08:17:16 | Attr = ]
HP -> %AllUsersAppData%\HP -> [Folder | Created Date = 2007-05-05 17:19:17 | Attr = ]
iolo -> %AllUsersAppData%\iolo -> [Folder | Created Date = 2007-06-28 20:05:27 | Attr = ]
River Past G5 -> %AllUsersAppData%\River Past G5 -> [Folder | Created Date = 2007-06-13 06:44:11 | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 2007-06-28 20:12:57 | Attr = ]
@Alternate Data Stream - 151 bytes -> %AllUsersAppData%\TEMP:C4252FE0 ->
Trend Micro -> %AllUsersAppData%\Trend Micro -> [Folder | Created Date = 2007-06-17 08:30:38 | Attr = ]
Yahoo! Companion -> %AllUsersAppData%\Yahoo! Companion -> [Folder | Created Date = 2007-06-03 13:07:59 | Attr = ]
GetRightToGo -> %UserAppData%\GetRightToGo -> [Folder | Created Date = 2007-06-04 17:32:40 | Attr = ]
HP -> %UserAppData%\HP -> [Folder | Created Date = 2007-05-05 17:09:25 | Attr = ]
Image Zone Express -> %UserAppData%\Image Zone Express -> [Folder | Created Date = 2007-05-05 17:23:44 | Attr = ]
iolo -> %UserAppData%\iolo -> [Folder | Created Date = 2007-06-28 20:05:27 | Attr = ]
Leadertech -> %UserAppData%\Leadertech -> [Folder | Created Date = 2007-05-06 09:08:17 | Attr = ]
Reno 911 Paintball -> %UserAppData%\Reno 911 Paintball -> [Folder | Created Date = 2007-06-09 21:40:46 | Attr = ]
River Past G5 -> %UserAppData%\River Past G5 -> [Folder | Created Date = 2007-06-13 06:44:11 | Attr = ]
Sonic -> %UserAppData%\Sonic -> [Folder | Created Date = 2007-05-06 09:07:10 | Attr = ]
URSoft -> %UserAppData%\URSoft -> [Folder | Created Date = 2007-06-03 10:45:14 | Attr = ]
book marked.doc -> %UserDocuments%\book marked.doc -> [Ver = | Size = 19968 bytes | Created Date = 2007-05-09 18:18:03 | Attr = ]
City after six songs -> %UserDocuments%\City after six songs -> [Folder | Created Date = 2007-06-13 19:30:02 | Attr = ]
Resume.pub -> %UserDocuments%\Resume.pub -> [Ver = | Size = 48128 bytes | Created Date = 2007-06-24 13:21:52 | Attr = ]
Rudiment.doc -> %UserDocuments%\Rudiment.doc -> [Ver = | Size = 29184 bytes | Created Date = 2007-06-22 16:53:26 | Attr = ]
Updater5 -> %UserDocuments%\Updater5 -> [Folder | Created Date = 2007-06-22 23:32:47 | Attr = ]
~$CIAL STUDIES.doc -> %UserDocuments%\~$CIAL STUDIES.doc -> [Ver = | Size = 162 bytes | Created Date = 2007-06-17 13:40:21 | Attr = H ]
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Created Date = 2007-06-28 20:43:50 | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 1804 bytes | Created Date = 2007-06-29 20:58:43 | Attr = ]
PC Booster.lnk -> %AllUsersDesktop%\PC Booster.lnk -> [Ver = | Size = 579 bytes | Created Date = 2007-06-03 21:51:35 | Attr = ]
-=mininova.org=- System Mechanic 7.1.7 - Standard and Professional [h33t.migel].torrent -> %UserDesktop%\-=mininova.org=- System Mechanic 7.1.7 - Standard and Professional [h33t.migel].torrent -> [Ver = | Size = 22000 bytes | Created Date = 2007-06-28 19:54:41 | Attr = ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 2007-06-03 12:55:13 | Attr = ]
CloneDVD.lnk -> %UserDesktop%\CloneDVD.lnk -> [Ver = | Size = 675 bytes | Created Date = 2007-05-06 20:19:25 | Attr = ]
ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1092209 bytes | Created Date = 2007-06-29 21:43:50 | Attr = ]
Hijackthis.lnk -> %UserDesktop%\Hijackthis.lnk -> [Ver = | Size = 655 bytes | Created Date = 2007-06-26 19:47:06 | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Created Date = 2007-06-04 18:21:17 | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 2007-06-30 20:00:36 | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 355277 bytes | Created Date = 2007-06-30 20:00:27 | Attr = ]
Xilisoft Audio Converter.lnk -> %UserDesktop%\Xilisoft Audio Converter.lnk -> [Ver = | Size = 846 bytes | Created Date = 2007-06-13 18:52:16 | Attr = ]
XoftSpySE.lnk -> %UserDesktop%\XoftSpySE.lnk -> [Ver = | Size = 682 bytes | Created Date = 2007-06-21 20:22:15 | Attr = ]
Your Uninstaller!.lnk -> %UserDesktop%\Your Uninstaller!.lnk -> [Ver = | Size = 814 bytes | Created Date = 2007-06-03 11:58:16 | Attr = ]
Apple -> %CommonProgramFiles%\Apple -> [Folder | Created Date = 2007-06-29 20:46:06 | Attr = ]
Hewlett-Packard -> %CommonProgramFiles%\Hewlett-Packard -> [Folder | Created Date = 2007-05-05 17:15:54 | Attr = ]
HP -> %CommonProgramFiles%\HP -> [Folder | Created Date = 2007-05-05 17:18:54 | Attr = ]
Sonic -> %CommonProgramFiles%\Sonic -> [Folder | Created Date = 2007-05-06 09:07:08 | Attr = ]

[Files/Folders - Modified Within 60 days]
Avenger -> %SystemDrive%\Avenger -> [Folder | Modified Date = 2007-06-29 23:06:06 | Attr = ]
Cakewalk Projects -> %SystemDrive%\Cakewalk Projects -> [Folder | Modified Date = 2007-06-03 13:09:20 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-06-29 23:10:04 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-06-29 22:45:50 | Attr = HS]
DELL -> %SystemDrive%\DELL -> [Folder | Modified Date = 2007-05-22 12:02:46 | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2007-06-04 18:57:50 | Attr = ]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 2007-06-04 18:35:00 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-06-29 21:58:08 | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2007-06-14 21:07:44 | Attr = ]
TrendMicroPCCsmall -> %SystemDrive%\TrendMicroPCCsmall -> [Folder | Modified Date = 2007-06-17 11:34:12 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2007-06-29 22:44:02 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-06-29 22:46:50 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-06-12 21:40:46 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 2007-05-22 22:44:04 | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 2007-06-12 22:15:46 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 2007-05-09 23:12:06 | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 2007-05-09 23:12:26 | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 2007-06-12 22:16:00 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 2007-06-12 22:14:40 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 2007-06-12 22:15:38 | Attr = H ]
art.exe -> %SystemRoot%\art.exe -> [Ver = | Size = 37901 bytes | Modified Date = 2007-06-25 19:17:16 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-06-30 20:46:58 | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87552 bytes | Modified Date = 2007-06-05 05:24:04 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2007-06-13 22:37:08 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-06-17 13:22:12 | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2007-06-29 22:58:54 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-06-03 13:01:52 | Attr = R S]
gold.exe -> %SystemRoot%\gold.exe -> Emergy Development [Ver = 1.00 | Size = 178688 bytes | Modified Date = 2007-06-25 19:17:12 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-06-23 10:16:30 | Attr = ]
hpoins07.dat -> %SystemRoot%\hpoins07.dat -> [Ver = | Size = 112912 bytes | Modified Date = 2007-05-05 18:20:14 | Attr = ]
HP_48BitScanUpdatePatch.ini -> %SystemRoot%\HP_48BitScanUpdatePatch.ini -> [Ver = | Size = 214 bytes | Modified Date = 2007-05-05 21:06:12 | Attr = ]
HP_CounterReport_Update_HPSU.ini -> %SystemRoot%\HP_CounterReport_Update_HPSU.ini -> [Ver = | Size = 227 bytes | Modified Date = 2007-05-05 21:06:24 | Attr = ]
HP_RedboxHprblog_HPSU.ini -> %SystemRoot%\HP_RedboxHprblog_HPSU.ini -> [Ver = | Size = 221 bytes | Modified Date = 2007-05-05 21:02:06 | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 2007-06-03 13:25:06 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-06-29 21:47:48 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-06-29 22:00:34 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 2007-06-28 21:25:42 | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 2007-05-03 21:21:30 | Attr = ]
MotionDVSTUDIO.INI -> %SystemRoot%\MotionDVSTUDIO.INI -> [Ver = | Size = 28 bytes | Modified Date = 2007-06-22 16:33:36 | Attr = ]
popupads.ini -> %SystemRoot%\popupads.ini -> [Ver = | Size = 398 bytes | Modified Date = 2007-06-10 15:28:28 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-06-30 20:55:46 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2007-06-29 22:00:36 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2007-06-30 20:48:02 | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-06-03 13:08:08 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-06-03 23:04:16 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 2007-06-17 13:22:12 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 2007-06-23 15:44:20 | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 268 bytes | Modified Date = 2007-05-06 14:03:56 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2007-06-30 20:58:42 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2007-06-29 22:58:38 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-06-30 20:51:14 | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7168 bytes | Modified Date = 2007-05-22 12:02:50 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
Title.INI -> %SystemRoot%\Title.INI -> [Ver = | Size = 117 bytes | Modified Date = 2007-06-22 16:33:18 | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 2007-06-03 13:08:02 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1243 bytes | Modified Date = 2007-06-07 16:09:12 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-06-29 21:46:06 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2007-06-29 21:13:02 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-06-30 20:47:04 | Attr = H ]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 364 bytes | Modified Date = 2007-06-23 03:00:02 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-06-29 21:49:46 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-06-29 21:47:44 | Attr = ]
cifuhtbn.ini -> %System32%\cifuhtbn.ini -> [Ver = | Size = 3162480 bytes | Modified Date = 2007-06-29 22:54:14 | Attr = HS]
cjpgpydk.ini -> %System32%\cjpgpydk.ini -> [Ver = | Size = 1067576 bytes | Modified Date = 2007-06-04 17:55:40 | Attr = HS]
config -> %System32%\config -> [Folder | Modified Date = 2007-06-29 22:59:40 | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 2007-06-28 22:05:54 | Attr = ]
cvmrdfdn.ini -> %System32%\cvmrdfdn.ini -> [Ver = | Size = 2218754 bytes | Modified Date = 2007-06-29 21:46:32 | Attr = HS]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-06-12 22:16:06 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-06-29 23:07:34 | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 2007-06-29 21:47:44 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 204920 bytes | Modified Date = 2007-06-03 15:21:56 | Attr = ]
hpzjrd01.dll -> %System32%\hpzjrd01.dll -> Hewlett Packard [Ver = 2.01.00.003 | Size = 139264 bytes | Modified Date = 2007-05-05 21:01:46 | Attr = ]
ijkmp.ini -> %System32%\ijkmp.ini -> [Ver = | Size = 353 bytes | Modified Date = 2007-06-03 16:32:24 | Attr = HS]
iotuooxp.exe -> %System32%\iotuooxp.exe -> [Ver = | Size = 4672 bytes | Modified Date = 2007-06-27 21:24:22 | Attr = ]
lfknbjex.ini -> %System32%\lfknbjex.ini -> [Ver = | Size = 963405 bytes | Modified Date = 2007-06-28 09:15:46 | Attr = HS]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 2007-06-17 09:44:16 | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 2007-06-09 22:24:12 | Attr = ]
miibnhxu.exe -> %System32%\miibnhxu.exe -> [Ver = | Size = 4672 bytes | Modified Date = 2007-06-28 20:49:16 | Attr = ]
mui -> %System32%\mui -> [Folder | Modified Date = 2007-06-03 13:08:08 | Attr = ]
nbthufic.dll -> %System32%\nbthufic.dll -> [Ver = | Size = 128576 bytes | Modified Date = 2007-06-29 21:47:06 | Attr = ]
nilgfcum.ini -> %System32%\nilgfcum.ini -> [Ver = | Size = 966388 bytes | Modified Date = 2007-06-27 20:27:08 | Attr = HS]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 2007-06-03 13:11:04 | Attr = ]
oobe -> %System32%\oobe -> [Folder | Modified Date = 2007-06-03 13:08:08 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-06-03 10:16:42 | Attr = ]
rwvspb32.dll -> %System32%\rwvspb32.dll -> [Ver = | Size = 430 bytes | Modified Date = 2007-06-10 15:11:26 | Attr = ]
spool -> %System32%\spool -> [Folder | Modified Date = 2007-06-24 11:02:50 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 2007-06-13 22:41:00 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-06-30 20:47:48 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 2007-06-17 14:34:50 | Attr = H ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-06-30 20:59:54 | Attr = ]
pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.36 | Size = 47360 bytes | Modified Date = 2007-05-06 21:19:28 | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 2007-06-03 13:10:58 | Attr = ]
hosts.cru -> %System32%\drivers\etc\hosts.cru -> [Ver = | Size = 27 bytes | Modified Date = 2007-06-25 19:19:14 | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 27 bytes | Modified Date = 2007-06-14 21:10:06 | Attr = ]
tmvsthfss.bin -> %System32%\drivers\etc\tmvsthfss.bin -> [Ver = | Size = 27 bytes | Modified Date = 2007-06-17 14:13:12 | Attr = ]
tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin -> [Ver = | Size = 27 bytes | Modified Date = 2007-06-17 14:13:44 | Attr = ]
.zreglib -> %AllUsersAppData%\.zreglib -> [Ver = | Size = 165 bytes | Modified Date = 2007-05-06 11:12:18 | Attr = HS]
Apple -> %AllUsersAppData%\Apple -> [Folder | Modified Date = 2007-06-29 21:46:04 | Attr = ]
blah start curb keep -> %AllUsersAppData%\blah start curb keep -> [Folder | Modified Date = 2007-05-03 09:57:04 | Attr = ]
Comodo -> %AllUsersAppData%\Comodo -> [Folder | Modified Date = 2007-06-03 23:03:58 | Attr = ]
DVD Shrink -> %AllUsersAppData%\DVD Shrink -> [Folder | Modified Date = 2007-05-07 16:09:46 | Attr = ]
DVDXStudio -> %AllUsersAppData%\DVDXStudio -> [Folder | Modified Date = 2007-05-06 21:19:18 | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 2007-06-16 09:17:18 | Attr = ]
HP -> %AllUsersAppData%\HP -> [Folder | Modified Date = 2007-05-05 18:19:18 | Attr = ]
iolo -> %AllUsersAppData%\iolo -> [Folder | Modified Date = 2007-06-28 21:05:28 | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 2007-06-26 22:02:22 | Attr = S]
Panasonic -> %AllUsersAppData%\Panasonic -> [Folder | Modified Date = 2007-06-03 13:09:20 | Attr = ]
River Past G5 -> %AllUsersAppData%\River Past G5 -> [Folder | Modified Date = 2007-06-13 07:52:08 | Attr = ]
STOPzilla! -> %AllUsersAppData%\STOPzilla! -> [Folder | Modified Date = 2007-06-03 13:09:20 | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 2007-06-28 21:23:02 | Attr = ]
@Alternate Data Stream - 151 bytes -> %AllUsersAppData%\TEMP:C4252FE0 ->
Trend Micro -> %AllUsersAppData%\Trend Micro -> [Folder | Modified Date = 2007-06-17 14:14:42 | Attr = ]
Yahoo! Companion -> %AllUsersAppData%\Yahoo! Companion -> [Folder | Modified Date = 2007-06-24 11:03:50 | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 2007-05-19 13:24:56 | Attr = ]
CHIN WARN -> %UserAppData%\CHIN WARN -> [Folder | Modified Date = 2007-05-03 09:59:04 | Attr = ]
ezpinst.exe -> %UserAppData%\ezpinst.exe -> [Ver = | Size = 81920 bytes | Modified Date = 2007-05-06 21:19:28 | Attr = ]
GetRightToGo -> %UserAppData%\GetRightToGo -> [Folder | Modified Date = 2007-06-04 18:34:16 | Attr = ]
HP -> %UserAppData%\HP -> [Folder | Modified Date = 2007-05-06 10:04:40 | Attr = ]
Image Zone Express -> %UserAppData%\Image Zone Express -> [Folder | Modified Date = 2007-05-05 18:23:46 | Attr = ]
iolo -> %UserAppData%\iolo -> [Folder | Modified Date = 2007-06-28 21:05:28 | Attr = ]
Leadertech -> %UserAppData%\Leadertech -> [Folder | Modified Date = 2007-05-06 10:08:18 | Attr = ]
LimeWire -> %UserAppData%\LimeWire -> [Folder | Modified Date = 2007-06-21 11:50:24 | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 2007-06-24 17:37:50 | Attr = S]
pcouffin.cat -> %UserAppData%\pcouffin.cat -> [Ver = | Size = 7176 bytes | Modified Date = 2007-05-06 21:19:28 | Attr = ]
pcouffin.inf -> %UserAppData%\pcouffin.inf -> [Ver = | Size = 1144 bytes | Modified Date = 2007-05-06 21:19:28 | Attr = ]
pcouffin.sys -> %UserAppData%\pcouffin.sys -> VSO Software [Ver = 1.36 | Size = 47360 bytes | Modified Date = 2007-05-06 21:19:28 | Attr = ]
Reno 911 Paintball -> %UserAppData%\Reno 911 Paintball -> [Folder | Modified Date = 2007-06-09 22:40:52 | Attr = ]
River Past G5 -> %UserAppData%\River Past G5 -> [Folder | Modified Date = 2007-06-13 07:44:12 | Attr = ]
Sonic -> %UserAppData%\Sonic -> [Folder | Modified Date = 2007-05-06 10:10:44 | Attr = ]
URSoft -> %UserAppData%\URSoft -> [Folder | Modified Date = 2007-06-03 11:45:16 | Attr = ]
uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 2007-06-28 21:11:00 | Attr = ]
Vso -> %UserAppData%\Vso -> [Folder | Modified Date = 2007-05-27 22:38:44 | Attr = ]
Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 2007-06-23 15:44:58 | Attr = ]
Apple Computer -> %LocalAppData%\Apple Computer -> [Folder | Modified Date = 2007-06-22 12:27:50 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 15360
Cherny
Regular Member
 
Posts: 27
Joined: June 25th, 2007, 9:37 pm

Unread postby tim s » July 1st, 2007, 12:23 am

Hi Cherny,

Apple Computer -> %LocalAppData%\Apple Computer -> [Folder | Modified Date = 2007-06-22 12:27:50 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 15360


Your log got cut off at end from here (line show above) from were it left off copy and past rest of log in next reply it is to long to put in one post.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Cherny » July 1st, 2007, 6:40 pm

Apple Computer -> %LocalAppData%\Apple Computer -> [Folder | Modified Date = 2007-06-22 12:27:50 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 15360 bytes | Modified Date = 2007-06-22 16:27:46 | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 46952 bytes | Modified Date = 2007-06-06 19:44:42 | Attr = ]
Google -> %LocalAppData%\Google -> [Folder | Modified Date = 2007-06-23 22:30:04 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 7464882 bytes | Modified Date = 2007-06-22 17:53:40 | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 2007-06-24 12:33:32 | Attr = ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 2007-06-03 13:09:20 | Attr = ]
My Pictures -> %AllUsersDocuments%\My Pictures -> [Folder | Modified Date = 2007-06-03 13:09:18 | Attr = S]
2 band -> %UserDocuments%\2 band -> [Folder | Modified Date = 2007-06-13 20:47:50 | Attr = ]
City after six songs -> %UserDocuments%\City after six songs -> [Folder | Modified Date = 2007-06-13 21:11:44 | Attr = ]
Downloads -> %UserDocuments%\Downloads -> [Folder | Modified Date = 2007-06-28 20:55:40 | Attr = ]
music -> %UserDocuments%\music -> [Folder | Modified Date = 2007-06-21 12:09:04 | Attr = R ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 2007-06-20 11:09:38 | Attr = S]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 2007-06-23 10:20:32 | Attr = S]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 2007-06-23 00:37:48 | Attr = R ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 575 bytes | Modified Date = 2007-07-01 15:17:04 | Attr = ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 2007-06-22 16:20:50 | Attr = S]
Resume.pub -> %UserDocuments%\Resume.pub -> [Ver = | Size = 48128 bytes | Modified Date = 2007-06-24 14:21:54 | Attr = ]
Rudiment.doc -> %UserDocuments%\Rudiment.doc -> [Ver = | Size = 29184 bytes | Modified Date = 2007-06-22 17:53:28 | Attr = ]
Updater -> %UserDocuments%\Updater -> [Folder | Modified Date = 2007-06-03 13:09:40 | Attr = ]
Updater5 -> %UserDocuments%\Updater5 -> [Folder | Modified Date = 2007-06-23 00:33:08 | Attr = ]
~$CIAL STUDIES.doc -> %UserDocuments%\~$CIAL STUDIES.doc -> [Ver = | Size = 162 bytes | Modified Date = 2007-06-17 14:40:22 | Attr = H ]
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Modified Date = 2007-06-28 21:43:52 | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 1804 bytes | Modified Date = 2007-06-29 21:58:44 | Attr = ]
PC Booster.lnk -> %AllUsersDesktop%\PC Booster.lnk -> [Ver = | Size = 579 bytes | Modified Date = 2007-06-03 22:51:36 | Attr = ]
-=mininova.org=- System Mechanic 7.1.7 - Standard and Professional [h33t.migel].torrent -> %UserDesktop%\-=mininova.org=- System Mechanic 7.1.7 - Standard and Professional [h33t.migel].torrent -> [Ver = | Size = 22000 bytes | Modified Date = 2007-06-28 20:54:40 | Attr = ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 2007-06-03 13:55:14 | Attr = ]
ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1092209 bytes | Modified Date = 2007-06-29 22:43:46 | Attr = ]
Hijackthis.lnk -> %UserDesktop%\Hijackthis.lnk -> [Ver = | Size = 655 bytes | Modified Date = 2007-06-28 22:08:40 | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Modified Date = 2007-06-04 19:21:04 | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 2007-06-30 21:04:18 | Attr = ]
Xilisoft Audio Converter.lnk -> %UserDesktop%\Xilisoft Audio Converter.lnk -> [Ver = | Size = 846 bytes | Modified Date = 2007-06-13 19:52:18 | Attr = ]
XoftSpySE.lnk -> %UserDesktop%\XoftSpySE.lnk -> [Ver = | Size = 682 bytes | Modified Date = 2007-06-21 21:22:16 | Attr = ]
Your Uninstaller!.lnk -> %UserDesktop%\Your Uninstaller!.lnk -> [Ver = | Size = 814 bytes | Modified Date = 2007-06-03 12:58:18 | Attr = ]
Apple -> %CommonProgramFiles%\Apple -> [Folder | Modified Date = 2007-06-29 21:46:08 | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 2007-06-12 22:15:48 | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , PECompact2 , -> %SystemRoot%\art.exe -> [Ver = | Size = 37901 bytes | Modified Date = 2007-06-25 19:17:16 | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 2007-04-30 08:46:10 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2003-07-16 13:26:44 | Attr = ]
PEC2 , PECompact2 , -> %System32%\nbthufic.dll -> [Ver = | Size = 128576 bytes | Modified Date = 2007-06-29 21:47:06 | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 2007-03-15 12:22:38 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2003-07-16 13:50:38 | Attr = ]
Thawte Consulting , -> %System32%\XceedBkp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.0.108.0 | Size = 423784 bytes | Modified Date = 2004-05-11 10:56:54 | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 2007-03-15 12:19:58 | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 2007-03-15 12:23:16 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2003-07-16 13:22:38 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 2004-08-03 22:41:38 | Attr = ]
@Alternate Data Stream - 151 bytes -> %AllUsersAppData%\TEMP:C4252FE0 ->
UPX! , UPX0 , -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1092209 bytes | Modified Date = 2007-06-29 22:43:46 | Attr = ]
PEC2 , PECompact2 , -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Modified Date = 2007-06-04 19:21:04 | Attr = ]

< End of report >
Cherny
Regular Member
 
Posts: 27
Joined: June 25th, 2007, 9:37 pm

Unread postby tim s » July 1st, 2007, 9:29 pm

Hi Cherny,

I have just notice what happen to your firewall Zonealarm not showing in log now? Without firewall you will keep getting reinfected before I can clear malware off.

This is next:

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Don't run ATF yet. Will do it a bit later.

==================================

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports. NOTE* If this is not selected you will not be able to click Save Scan Report button when instructed to do so.
    • Under What to scan? - Select Scan every file.
Close AVG Anti-Spyware without running yet.
Now disable (turn off AVG Anti-Spyware)
  • Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Double-click ATF Cleaner.exe to open it

  • Under Main choose:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Cookies
    • Temporary Internet Files
    • Prefetch
    • Java Cache

      *The other boxes are optional*
    • Then click the Empty Selected button.
    Firefox:
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    Opera:
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
  • Click Exit on the Main menu to close the program.


-----------------------------------------------

Open AVG Anti-Spyware program.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
Restart computer back into normal mode.

-------------------------------------------------

This is next:

Run Panda's ActiveScan from here and perform a full system scan.
NOTE* You must use Internet Explorer for this scan to work.

1. Once you are on the Panda site scroll to the bottom of page and click the "Scan your PC" button NOTE: If you have a popblocker enable you will have to allow popup here.
2. A new window will open...click the big "Check Now" button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It will take a couple minutes. You may have to reboot here and start back with step 1. I did.)
10. Click on "Local Disks" to start the scan
11. Post Panda scan results in your next reply with others requested.

-----------------------------------------------------

Please post this in next reply:

AVG Anti-Spyware log
Panda's Scan report
Run a new HiJackthis log and post it.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Cherny » July 2nd, 2007, 4:26 pm

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:18 2007-07-02

+ Scan result:



HKU\S-1-5-21-789336058-412668190-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\Update.exe.vir -> Backdoor.Bifrose.aes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AC5E1D3-8E29-424A-93B8-8701E6DAB35C}\RP314\A0032891.exe -> Backdoor.Bifrose.aes : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iotuooxp.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\WINDOWS\system32\miibnhxu.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2007-06-14_211008.57.zip/core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2007-06-17_160756.92.zip/core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2007-06-29_230611.68.zip/core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AC5E1D3-8E29-424A-93B8-8701E6DAB35C}\RP325\A0040379.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.80:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lljtx88g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lljtx88g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.71:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.10:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.13:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.6:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.7:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.8:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.9:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.16:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.72:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.73:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.74:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.75:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.78:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.81:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.26:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Taya\Application Data\Mozilla\Firefox\Profiles\n4ohwm21.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{2AC5E1D3-8E29-424A-93B8-8701E6DAB35C}\RP322\A0039346.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AC5E1D3-8E29-424A-93B8-8701E6DAB35C}\RP325\A0040461.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AC5E1D3-8E29-424A-93B8-8701E6DAB35C}\RP322\A0039347.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\bgtojepu.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\phiduajc.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\qtbhfcfi.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\rqjvwxsd.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\tuuaymmc.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AC5E1D3-8E29-424A-93B8-8701E6DAB35C}\RP325\A0040373.exe -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AC5E1D3-8E29-424A-93B8-8701E6DAB35C}\RP325\A0040374.exe -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AC5E1D3-8E29-424A-93B8-8701E6DAB35C}\RP325\A0040375.exe -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AC5E1D3-8E29-424A-93B8-8701E6DAB35C}\RP325\A0040376.exe -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AC5E1D3-8E29-424A-93B8-8701E6DAB35C}\RP325\A0040377.exe -> Trojan.Agent.aoy : Cleaned with backup (quarantined).


::Report end
Cherny
Regular Member
 
Posts: 27
Joined: June 25th, 2007, 9:37 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware