1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: WinAntivirus

Discussion in 'Virus & Other Malware Removal' started by mRCuBe, Feb 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. mRCuBe

    mRCuBe Thread Starter

    Joined:
    Feb 11, 2007
    Messages:
    36
    Sorry to intrude on this thread but I'm having the same issue with winantiviruspro popups and adware. Seems like the current situation is quite unique and I wanted to know if someone could help me with my computer specifically. I've tried to run vundofix.exe but I'm not sure if I'm doing it correctly. I'll post my log of HijackThis. Any assistance would be greatly appreciated.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:07:04 AM, on 2/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AVerTV2K\QuickTV.exe
    C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [frsvabb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\frsvabb.dll,mhomdtd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119324819776
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread".
    It gets too confusing trying to address two different people's problem in the same thread and you may get overlooked.

    Please continue in this thread.

    Download and run VundoFix: http://www.atribune.org/ccount/click.php?id=4
    Double-click VundoFix.exe to run it.
    Put a check next to Run VundoFix as a task.
    You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
    When VundoFix re-opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt and a new HijackThis log.
     
  3. mRCuBe

    mRCuBe Thread Starter

    Joined:
    Feb 11, 2007
    Messages:
    36
    My apologies for posting within another thread and thank you for creating one for me. I wasn't able to run 'Run VundoFix as a task' but I ran it anyway and it remove some files. When it restarted, it didn't load windows completely, it just started vundo.exe and told me to remove 1 remaining file. I removed that file and the computer restarted again. I believe that fixed it because I already notice the difference by looking at a few processes but I'll still post the information you asked for:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:08:26 PM, on 2/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AVerTV2K\QuickTV.exe
    C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\aukyqnpb.dll (file missing)
    O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll
    O2 - BHO: (no name) - {AAAAF767-A998-49A9-8197-7B56F0EF10AC} - C:\WINDOWS\system32\hgggg.dll (file missing)
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [frsvabb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\frsvabb.dll,mhomdtd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119324819776
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    VundoFix V6.3.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.4

    Scan started at 11:18:01 AM 2/11/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\aukyqnpb.dll
    C:\WINDOWS\system32\ggggh.bak1
    C:\WINDOWS\system32\ggggh.ini
    C:\WINDOWS\system32\hgggg.dll
    C:\WINDOWS\system32\winxby32.dll
    C:\WINDOWS\system32\wvuvuvs.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\aukyqnpb.dll
    C:\WINDOWS\system32\aukyqnpb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ggggh.bak1
    C:\WINDOWS\system32\ggggh.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ggggh.ini
    C:\WINDOWS\system32\ggggh.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hgggg.dll
    C:\WINDOWS\system32\hgggg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\winxby32.dll
    C:\WINDOWS\system32\winxby32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wvuvuvs.dll
    C:\WINDOWS\system32\wvuvuvs.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\wvuvuvs.dll
    C:\WINDOWS\system32\wvuvuvs.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    No problem :)

    Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

    Start in Safe Mode Using the F8 method:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode menu item.
    • Press the Enter key.

    Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.

    • Click “Configure scan options”
    • Under “Run AdOns” select the following:
      • Policies.def
      • Security.def
    • Click “apply”
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new Hijack This log.
     
  5. mRCuBe

    mRCuBe Thread Starter

    Joined:
    Feb 11, 2007
    Messages:
    36
    I didn't have the option to 'Configure scan options' but I ran the program anyway with the default options. It crashed the first time I tried to run it wih some memory error but I ran it again and it worked. Here are the results and a new HijackThis log:

    WinPFind logfile created on: 2/12/2007 10:10:39 PM
    WinPFind by OldTimer - v2.0.0 Folder = C:\Documents and Settings\mR CuBe\Desktop\WinPFind\

    »»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

    Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
    Internet Explorer Version: 6.0.2900.2180

    »»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

    654880 Kb Total Physical Memory | 528484 Kb Available Physical Memory | 80.70% Memory free
    1603660 Kb Paging File | 1533360 Kb Available in Paging File | 95.62% Paging File free
    Paging file location: c:\pagefile.sys 960 1920

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 134205088 Kb Total Space | 89178676 Kb Free Space | 66.45% Space Free
    Drive D: | 2569604 Kb Total Space | 0 Kb Free Space | 0.00% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    »»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

    C:\Documents and Settings\mR CuBe\Desktop\WinPFind\WinPFind.exe ()

    »»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

    (CAISafe) CAISafe [Win32_Own | Auto | Stopped]
    = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe (Computer Associates International, Inc.)

    (CCALib8) Canon Camera Access Library 8 [Win32_Own | Disabled | Stopped]
    = C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
    = C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

    (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped]
    = C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

    (VETMSGNT) VET Message Service [Win32_Own | Auto | Stopped]
    = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe (Computer Associates International, Inc.)

    (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped]
    = C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs Inc.)

    »»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

    >>>>> Run Keys and Auto-Start Folders <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    CaAvTray = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe (Computer Associates International, Inc.)
    CAVRID = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRid.exe (Computer Associates International, Inc.)
    frsvabb.dll = C:\WINDOWS\system32\frsvabb.dll ()
    NvCplDaemon = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    NvMediaCenter = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
    nwiz = C:\WINDOWS\system32\nwiz.exe ()
    QOELOADER = C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe (Qurb, Inc.)
    Zone Labs Client = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe (Computer Associates)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    Installed = 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    Installed = 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    Installed = 1

    < Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickTV.lnk
    = C:\Program Files\AVerTV2K\QuickTV.exe (AVerMedia Technologies, Inc.)

    < User Startup Folder = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup >
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini ()

    >>>>> MsConfig Disabled Items <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk (File not found)
    backup = C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk (File not found)
    location = Common Startup
    command = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    item = Adobe Reader Speed Launch

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\defender]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = dfndrff_e34
    hkey = HKLM
    command = c:\dfndrff_e34.exe (;ew;weew;e;wr;43;;5;)
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPDJ Taskbar Utility]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = hpztsb10
    hkey = HKLM
    command = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = msmsgs
    hkey = HKCU
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\newname]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = nwnmff_e34
    hkey = HKLM
    command = c:\nwnmff_e34.exe (;wd3;43;4;;344;;34;43;43)
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    hkey = HKLM
    command = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
    hkey = HKLM
    command = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = C:\WINDOWS\system32\nwiz.exe ()
    hkey = HKLM
    command = C:\WINDOWS\system32\nwiz.exe ()
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = qttask
    hkey = HKLM
    command = C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = jusched
    hkey = HKLM
    command = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = SNDMon
    hkey = HKLM
    command = C:\PROGRA~1\SYMNET~1\SNDMon.exe (File not found)
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = realsched
    hkey = HKLM
    command = C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TPP Auto Loader]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = C:\WINDOWS\tppaldr.exe (In-System Design, Inc.)
    hkey = HKLM
    command = C:\WINDOWS\tppaldr.exe (In-System Design, Inc.)
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\_AntiSpyware]
    key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item = masalert
    hkey = HKLM
    command = c:\progra~1\mcafee\MCAFEE~1\masalert.exe (File not found)
    inimapping = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
    system.ini = 0
    win.ini = 0
    bootini = 2
    services = 0
    startup = 2

    >>>>> Disabled Startup Folder Items <<<<<

    >>>>> Items Started Through Miscellaneous Registry Keys <<<<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {0AFEA888-B97B-4EDE-AC47-1FEE31D5CEE5} = 

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    incestuously = {03413bf7-e34c-445b-bfc0-a2b127255871} ( HKLM = Reg Data - Key not found (File not found) )

    >>>>> Security Providers <<<<<

    >>>>> Winlogon Keys <<<<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
    Control_RunDLL (File not found)
    >>>>> Policy Keys <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    NoActiveDesktopChanges = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    dontdisplaylastusername = 0
    legalnoticecaption =
    legalnoticetext =
    shutdownwithoutlogon = 1
    undockwithoutlogon = 1
    DisableTaskMgr = 0
    DisableCAD = 0

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    NoDriveTypeAutoRun = 145
    NoActiveDesktop = 0
    NoSaveSettings = 0
    ClassicShell = 0
    NoThemesTab = 0

    >>>>> Desktop Components <<<<<

    >>>>> HOSTS File <<<<<

    HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 734 bytes | Modified Date: 8/23/2001 4:00:00 AM)
    127.0.0.1 localhost

    >>>>> Internet Explorer Settings <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Local Page = %SystemRoot%\system32\blank.htm
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    ProxyEnable = 0

    >>>>> Browser Helper Objects <<<<<

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a43385f0-7113-496d-96d7-b9b550e3fcca}]
    - ( HKLM = C:\WINDOWS\system32\ixt0.dll () )

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]
    - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

    >>>>> Bars, Toolbars and Extensions <<<<<

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
    - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} = 8194 - Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )
    {669B269B-0D4E-41FB-A3D8-FD67CA94F646} = 8195 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
    {8828075D-D097-4055-AA02-2DBFA9D85E8A} = 8196 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} = 8197 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
    {97809617-3937-4F84-B335-9BB05EF1A8D4} = 8198 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
    {c95fe080-8f5d-11d2-a20b-00aa003c157a} = 8199 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
    {FB5F1910-F110-11d2-BB9E-00C04F795683} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
    NextId = 8200

    >>>>> Approved Shell Extensions <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
    {1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
    {1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
    {32683183-48a0-441b-a342-7c2a440a9478} = Media Band ( CLSID not found! )
    {764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
    {7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
    {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
    {88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
    {A70C977A-BF00-412C-90B7-034C51DA2439} = DesktopContext Class ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )
    {FFB699E0-306A-11d3-8BD1-00104B6F7516} = NVIDIA CPL Extension ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

    >>>>> Context Menu Handlers / Column Handlers <<<<<

    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\CA_AntiVirus]
    @ = {1CE2AA40-1317-11D3-9922-00104B0AD431} ( HKLM = C:\WINDOWS\AVShlExt.dll (Computer Associates International, Inc.) )

    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
    @ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinUHA]
    @ = {095177B8-8097-4D32-9081-A8949C47020E} ( HKLM = C:\Program Files\WinUHA\shellwinuha.dll () )

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
    @ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\00nView]
    @ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\system32\nvshell.dll () )

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]
    @ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\CA_AntiVirus]
    @ = {1CE2AA40-1317-11D3-9922-00104B0AD431} ( HKLM = C:\WINDOWS\AVShlExt.dll (Computer Associates International, Inc.) )

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
    @ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinUHA]
    @ = {095177B8-8097-4D32-9081-A8949C47020E} ( HKLM = C:\Program Files\WinUHA\shellwinuha.dll () )

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\AutorunsDisabled]
    @ = Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )

    >>>>> User Agent Post Platform <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    SV1 =
     
  6. mRCuBe

    mRCuBe Thread Starter

    Joined:
    Feb 11, 2007
    Messages:
    36
    >>>>> TCP/IP Configuration <<<<<

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3CD2CC55-A7EC-4A6A-88D1-880B5AE86DBA}] ( Realtek RTL8029(AS) PCI Ethernet Adapter )
    DefaultGateway =
    DhcpDefaultGateway = 192.168.1.1;
    DhcpIPAddress = 192.168.1.100
    DhcpNameServer = 66.75.164.90 66.75.164.89
    DhcpServer = 192.168.1.1
    DhcpSubnetMask = 255.255.255.0
    Domain =
    EnableDHCP = 1
    IPAddress = 0.0.0.0;
    IPAutoconfigurationAddress = 0.0.0.0
    NameServer =
    SubnetMask = 0.0.0.0;

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5283CFF-6558-4DF7-9B33-91663D0DC709}]
    DefaultGateway =
    Domain =
    EnableDHCP = 1
    IPAddress = 0.0.0.0;
    NameServer =
    SubnetMask = 0.0.0.0;

    >>>>> WinSock2 Parameters <<<<<

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
    PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
    PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
    PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017]
    PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)

    >>>>> Protocol Handlers <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled\cetihpz]
    CLSID = {CF184AD3-CDCB-4168-A3F7-8E447D129300} - ( HKLM C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) )

    >>>>> Protocol Filters <<<<<

    >>>>> Downloaded Program Files <<<<<

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\DownloadInformation]
    CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    INF = C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\DownloadInformation]
    CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119324819776
    INF = C:\WINDOWS\Downloaded Program Files\wuweb.inf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\DownloadInformation]
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    INF =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

    »»»»»»»»»»»»»»»»»»»» Files Created Within 30 Days »»»»»»»»»»»»»

    C:\Program Files\Common Files\svchost.exe [Ver = 1.0.0.1 | Size = 155648 bytes | Created Date = 2/8/2007 11:36:45 AM | Attr = H ]
    C:\WINDOWS\MEMORY.DMP [Ver = | Size = 670695424 bytes | Created Date = 2/10/2007 9:44:59 AM | Attr = ]
    C:\WINDOWS\SET34.tmp [Ver = | Size = 1042903 bytes | Created Date = 2/10/2007 6:12:02 PM | Attr = R ]
    C:\WINDOWS\SET35.tmp [Ver = | Size = 1042903 bytes | Created Date = 2/10/2007 6:30:21 PM | Attr = R ]
    C:\WINDOWS\SET36.tmp [Ver = | Size = 1042903 bytes | Created Date = 2/10/2007 6:40:32 PM | Attr = R ]
    C:\WINDOWS\SET37.tmp [Ver = | Size = 1086058 bytes | Created Date = 2/10/2007 6:12:06 PM | Attr = R ]
    C:\WINDOWS\SET38.tmp [Ver = | Size = 1086058 bytes | Created Date = 2/10/2007 6:30:26 PM | Attr = R ]
    C:\WINDOWS\SET39.tmp [Ver = | Size = 1086058 bytes | Created Date = 2/10/2007 6:40:37 PM | Attr = R ]
    C:\WINDOWS\SET3A.tmp [Ver = | Size = 1042903 bytes | Created Date = 2/10/2007 7:05:20 PM | Attr = R ]
    C:\WINDOWS\SET3B.tmp [Ver = | Size = 1042903 bytes | Created Date = 2/10/2007 9:15:15 PM | Attr = R ]
    C:\WINDOWS\SET3D.tmp [Ver = | Size = 1086058 bytes | Created Date = 2/10/2007 7:05:24 PM | Attr = R ]
    C:\WINDOWS\SET40.tmp [Ver = | Size = 1086058 bytes | Created Date = 2/10/2007 9:15:20 PM | Attr = R ]
    C:\WINDOWS\SET43.tmp [Ver = | Size = 13753 bytes | Created Date = 2/10/2007 6:12:11 PM | Attr = R ]
    C:\WINDOWS\SET47.tmp [Ver = | Size = 13753 bytes | Created Date = 2/10/2007 6:30:31 PM | Attr = R ]
    C:\WINDOWS\SET48.tmp [Ver = | Size = 13753 bytes | Created Date = 2/10/2007 6:40:41 PM | Attr = R ]
    C:\WINDOWS\SET4C.tmp [Ver = | Size = 13753 bytes | Created Date = 2/10/2007 7:05:29 PM | Attr = R ]
    C:\WINDOWS\SET50.tmp [Ver = | Size = 13753 bytes | Created Date = 2/10/2007 9:15:26 PM | Attr = R ]
    C:\WINDOWS\SET90.tmp [Ver = | Size = 1042903 bytes | Created Date = 2/10/2007 6:00:05 PM | Attr = R ]
    C:\WINDOWS\SET93.tmp [Ver = | Size = 1086058 bytes | Created Date = 2/10/2007 6:00:09 PM | Attr = R ]
    C:\WINDOWS\SET9F.tmp [Ver = | Size = 13753 bytes | Created Date = 2/10/2007 6:00:14 PM | Attr = R ]
    C:\WINDOWS\svchost.exe [Ver = 1.0.0.1 | Size = 155648 bytes | Created Date = 2/6/2007 9:32:06 PM | Attr = H ]
    C:\WINDOWS\WindowsShell.Manifest [Ver = | Size = 749 bytes | Created Date = 2/10/2007 9:27:48 PM | Attr = RH ]
    C:\WINDOWS\System32\cbwhciqm.dll [Ver = | Size = 44165 bytes | Created Date = 2/5/2007 8:08:36 PM | Attr = ]
    C:\WINDOWS\System32\cekkucaf.dll [Ver = | Size = 76412 bytes | Created Date = 2/10/2007 2:22:48 PM | Attr = ]
    C:\WINDOWS\System32\cuvtpwvp.dll [Ver = | Size = 44165 bytes | Created Date = 2/9/2007 11:37:36 AM | Attr = ]
    C:\WINDOWS\System32\fcfotmgp.dll [Ver = | Size = 44165 bytes | Created Date = 2/6/2007 8:08:49 PM | Attr = ]
    C:\WINDOWS\System32\logonui.exe.manifest [Ver = | Size = 488 bytes | Created Date = 2/10/2007 9:28:01 PM | Attr = RH ]
    C:\WINDOWS\System32\ncpa.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 2/10/2007 9:27:47 PM | Attr = RH ]
    C:\WINDOWS\System32\nv4_disp.dll NVIDIA Corporation [Ver = 6.14.10.8196 | Size = 3954176 bytes | Created Date = 2/10/2007 9:58:55 PM | Attr = ]
    C:\WINDOWS\System32\nwc.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 2/10/2007 9:27:47 PM | Attr = RH ]
    C:\WINDOWS\System32\pducinvv.dll [Ver = | Size = 44165 bytes | Created Date = 2/4/2007 8:08:43 PM | Attr = ]
    C:\WINDOWS\System32\sapi.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 2/10/2007 9:27:48 PM | Attr = RH ]
    C:\WINDOWS\System32\spxcoins.dll Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 2/10/2007 9:15:48 PM | Attr = ]
    C:\WINDOWS\System32\uldecpxy.dll [Ver = | Size = 76412 bytes | Created Date = 2/4/2007 8:08:26 PM | Attr = ]
    C:\WINDOWS\System32\unsvchosts.lzma [Ver = | Size = 911 bytes | Created Date = 2/6/2007 9:32:06 PM | Attr = ]
    C:\WINDOWS\System32\wuaucpl.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 2/10/2007 9:27:48 PM | Attr = RH ]
    C:\WINDOWS\System32\dllcache\big5.nls [Ver = | Size = 66728 bytes | Created Date = 2/10/2007 9:32:02 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\bopomofo.nls [Ver = | Size = 82172 bytes | Created Date = 2/10/2007 9:32:03 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\cap7146.sys Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 2/10/2007 9:32:32 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\chtskf.dll [Ver = | Size = 173568 bytes | Created Date = 2/10/2007 9:32:39 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_10001.nls [Ver = | Size = 162850 bytes | Created Date = 2/10/2007 9:32:05 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_10002.nls [Ver = | Size = 195618 bytes | Created Date = 2/10/2007 9:32:06 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_10003.nls [Ver = | Size = 177698 bytes | Created Date = 2/10/2007 9:32:06 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_10004.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:06 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_10005.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:07 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_10008.nls [Ver = | Size = 173602 bytes | Created Date = 2/10/2007 9:32:07 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_10021.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:08 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1047.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:09 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1140.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:09 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1141.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:09 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1142.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:10 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1143.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:10 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1144.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:10 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1145.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:11 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1146.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:11 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1147.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:11 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1148.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:12 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1149.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:12 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_1361.nls [Ver = | Size = 189986 bytes | Created Date = 2/10/2007 9:32:13 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20000.nls [Ver = | Size = 180258 bytes | Created Date = 2/10/2007 9:32:14 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20001.nls [Ver = | Size = 186402 bytes | Created Date = 2/10/2007 9:32:14 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20002.nls [Ver = | Size = 173602 bytes | Created Date = 2/10/2007 9:32:15 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20003.nls [Ver = | Size = 185378 bytes | Created Date = 2/10/2007 9:32:15 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20004.nls [Ver = | Size = 180258 bytes | Created Date = 2/10/2007 9:32:15 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20005.nls [Ver = | Size = 187938 bytes | Created Date = 2/10/2007 9:32:16 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20105.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:16 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20106.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:16 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20107.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:17 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20108.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:17 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20269.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:18 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20273.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:18 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20277.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:18 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20278.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:19 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20280.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:19 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20284.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:19 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20285.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:20 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20290.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:20 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20297.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:20 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20420.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:21 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20423.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:21 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20424.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:21 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20833.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:22 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20838.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:22 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20871.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:23 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20880.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:23 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20924.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:23 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20932.nls [Ver = | Size = 180770 bytes | Created Date = 2/10/2007 9:32:24 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20936.nls [Ver = | Size = 173602 bytes | Created Date = 2/10/2007 9:32:24 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_20949.nls [Ver = | Size = 177698 bytes | Created Date = 2/10/2007 9:32:24 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_21025.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:25 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_21027.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:25 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_28596.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:26 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_708.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:27 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_720.nls [Ver = | Size = 66594 bytes | Created Date = 2/10/2007 9:32:27 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_858.nls [Ver = | Size = 66594 bytes | Created Date = 2/10/2007 9:32:28 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_862.nls [Ver = | Size = 66594 bytes | Created Date = 2/10/2007 9:32:28 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_864.nls [Ver = | Size = 66594 bytes | Created Date = 2/10/2007 9:32:29 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\c_870.nls [Ver = | Size = 66082 bytes | Created Date = 2/10/2007 9:32:29 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\esucmd.dll SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 2/10/2007 9:33:09 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\esuimgd.dll SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 2/10/2007 9:33:09 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\esunid.dll SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 2/10/2007 9:33:10 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\FP4.CAT [Ver = | Size = 31281 bytes | Created Date = 2/10/2007 6:00:24 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\fpencode.dll [Ver = | Size = 94208 bytes | Created Date = 2/10/2007 9:33:19 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\hanja.lex [Ver = | Size = 108827 bytes | Created Date = 2/10/2007 9:33:35 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\HPCRDP.CAT [Ver = | Size = 13472 bytes | Created Date = 2/10/2007 6:00:24 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\hwxjpn.dll [Ver = | Size = 13463552 bytes | Created Date = 2/10/2007 9:33:46 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\IASNT4.CAT [Ver = | Size = 8574 bytes | Created Date = 2/10/2007 6:00:25 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\imekr.lex [Ver = | Size = 134339 bytes | Created Date = 2/10/2007 9:34:04 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\imjpinst.exe [Ver = | Size = 196665 bytes | Created Date = 2/10/2007 9:34:11 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\IMS.CAT [Ver = | Size = 13753 bytes | Created Date = 2/10/2007 6:00:24 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\imscinst.exe [Ver = | Size = 59392 bytes | Created Date = 2/10/2007 9:34:15 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\korwbrkr.lex [Ver = | Size = 1158818 bytes | Created Date = 2/10/2007 9:34:42 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\ksc.nls [Ver = | Size = 47066 bytes | Created Date = 2/10/2007 9:34:43 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [Ver = | Size = 399645 bytes | Created Date = 2/10/2007 6:00:24 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\mediactr.cat [Ver = | Size = 31965 bytes | Created Date = 2/10/2007 6:00:25 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\MSMSGS.CAT [Ver = | Size = 9581 bytes | Created Date = 2/10/2007 6:00:24 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\msn7.cat [Ver = | Size = 24209 bytes | Created Date = 2/10/2007 6:00:26 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\msn9.cat [Ver = | Size = 11651 bytes | Created Date = 2/10/2007 6:00:26 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [Ver = | Size = 7245 bytes | Created Date = 2/10/2007 6:00:25 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\MW770.CAT [Ver = | Size = 37484 bytes | Created Date = 2/10/2007 6:00:24 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\netfx.cat [Ver = | Size = 141702 bytes | Created Date = 2/10/2007 6:00:26 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\NT5.CAT [Ver = | Size = 2012670 bytes | Created Date = 2/10/2007 6:00:22 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\NT5IIS.CAT [Ver = | Size = 797189 bytes | Created Date = 2/10/2007 6:00:23 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\NT5INF.CAT [Ver = | Size = 502724 bytes | Created Date = 2/10/2007 6:00:21 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\NTPRINT.CAT [Ver = | Size = 1086058 bytes | Created Date = 2/10/2007 6:00:23 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [Ver = | Size = 7382 bytes | Created Date = 2/10/2007 6:00:25 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\pintlcsa.dll [Ver = | Size = 175104 bytes | Created Date = 2/10/2007 9:35:50 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\prc.nls [Ver = | Size = 83748 bytes | Created Date = 2/10/2007 9:35:54 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\prcp.nls [Ver = | Size = 83748 bytes | Created Date = 2/10/2007 9:35:55 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\rw330ext.dll Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 2/10/2007 9:36:13 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\rwia001.dll Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 2/10/2007 9:36:13 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\rwia330.dll Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 2/10/2007 9:36:13 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\SP2.CAT [Ver = | Size = 1042903 bytes | Created Date = 2/10/2007 6:00:23 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\spxcoins.dll Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 2/10/2007 9:15:48 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\tabletpc.cat [Ver = | Size = 110116 bytes | Created Date = 2/10/2007 6:00:25 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\wmerrenu.cat [Ver = | Size = 7334 bytes | Created Date = 2/10/2007 6:00:24 PM | Attr = ]
    C:\WINDOWS\System32\dllcache\xjis.nls [Ver = | Size = 28288 bytes | Created Date = 2/10/2007 9:37:48 PM | Attr = ]
    C:\WINDOWS\System32\drivers\nv4_mini.sys NVIDIA Corporation [Ver = 6.14.10.8196 | Size = 3535296 bytes | Created Date = 2/10/2007 9:58:54 PM | Attr = ]
    C:\WINDOWS\System32\drivers\RTL8029.sys Realtek Semiconductor Corporation [Ver = 5.508.0803.2000 | Size = 19017 bytes | Created Date = 2/10/2007 9:18:59 PM | Attr = ]
     
  7. mRCuBe

    mRCuBe Thread Starter

    Joined:
    Feb 11, 2007
    Messages:
    36
    »»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»»

    C:\boot.ini [Ver = | Size = 211 bytes | Modified Date = 2/10/2007 9:50:36 PM | Attr = HS]
    C:\Documents and Settings\All Users\Application Data\desktop.ini [Ver = | Size = 62 bytes | Modified Date = 2/10/2007 9:15:38 PM | Attr = HS]
    C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [Ver = | Size = 4240656 bytes | Modified Date = 2/11/2007 9:52:22 AM | Attr = H ]
    C:\Documents and Settings\All Users\Documents\desktop.ini [Ver = | Size = 129 bytes | Modified Date = 2/10/2007 9:15:38 PM | Attr = HS]
    C:\Documents and Settings\All Users\Documents\music\(New)mario - let me love you.mp3 [Ver = | Size = 5923664 bytes | Modified Date = 2/6/2007 11:13:52 AM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\01 - Lauryn Hill - Intro.mp3 [Ver = | Size = 758530 bytes | Modified Date = 2/6/2007 11:05:50 AM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\01 - Usher - Intro - www.masterdown.tk.mp3 [Ver = | Size = 1075200 bytes | Modified Date = 2/6/2007 11:06:36 AM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\01 - Your Love Is King.mp3 [Ver = | Size = 3557504 bytes | Modified Date = 2/6/2007 11:10:18 AM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\01 01 01 Track 1.wma [Ver = | Size = 3749951 bytes | Modified Date = 2/6/2007 11:00:02 AM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\06 NO MORE PECHEKUN NE INISI.wma [Ver = | Size = 4443095 bytes | Modified Date = 1/24/2007 10:49:52 PM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\06 Pwomen met ei reom.wma [Ver = | Size = 4981015 bytes | Modified Date = 1/24/2007 10:55:46 PM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\07 I Do it For You.wma [Ver = | Size = 4066669 bytes | Modified Date = 1/24/2007 5:15:54 PM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\08 I'll Never Break Your Heart.wma [Ver = | Size = 4628373 bytes | Modified Date = 1/24/2007 11:01:36 PM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\08 Underneath It All.wma [Ver = | Size = 3995307 bytes | Modified Date = 1/24/2007 11:06:32 PM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\09 More than Words.wma [Ver = | Size = 5441265 bytes | Modified Date = 1/24/2007 11:12:56 PM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\09 Wake Up.wma [Ver = | Size = 4317655 bytes | Modified Date = 1/24/2007 11:19:14 PM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\12 It's True.wma [Ver = | Size = 4096825 bytes | Modified Date = 2/6/2007 10:22:22 AM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\Track 1.wma [Ver = | Size = 3839603 bytes | Modified Date = 1/25/2007 12:40:32 AM | Attr = ]
    C:\Documents and Settings\All Users\Documents\music\Track 10.wma [Ver = | Size = 2986639 bytes | Modified Date = 1/25/2007 12:35:46 AM | Attr = ]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Modified Date = 2/10/2007 9:30:34 PM | Attr = HS]
    C:\Program Files\Common Files\svchost.exe [Ver = 1.0.0.1 | Size = 155648 bytes | Modified Date = 2/6/2007 9:32:04 PM | Attr = H ]
    C:\WINDOWS\AVerTV2K.ini [Ver = | Size = 1529 bytes | Modified Date = 2/12/2007 10:08:24 PM | Attr = ]
    C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 2/12/2007 10:09:24 PM | Attr = S]
    C:\WINDOWS\imsins.BAK [Ver = | Size = 1344 bytes | Modified Date = 2/10/2007 7:06:16 PM | Attr = ]
    C:\WINDOWS\MEMORY.DMP [Ver = | Size = 670695424 bytes | Modified Date = 2/10/2007 6:10:34 PM | Attr = ]
    C:\WINDOWS\NeroDigital.ini [Ver = | Size = 49 bytes | Modified Date = 2/12/2007 10:00:18 AM | Attr = ]
    C:\WINDOWS\ODBCINST.INI [Ver = | Size = 4161 bytes | Modified Date = 2/10/2007 9:29:54 PM | Attr = ]
    C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 2/2/2007 1:24:20 AM | Attr = H ]
    C:\WINDOWS\svchost.exe [Ver = 1.0.0.1 | Size = 155648 bytes | Modified Date = 2/6/2007 9:32:04 PM | Attr = H ]
    C:\WINDOWS\system.ini [Ver = | Size = 227 bytes | Modified Date = 2/10/2007 9:50:36 PM | Attr = ]
    C:\WINDOWS\win.ini [Ver = | Size = 688 bytes | Modified Date = 2/10/2007 9:50:36 PM | Attr = ]
    C:\WINDOWS\WindowsShell.Manifest [Ver = | Size = 749 bytes | Modified Date = 2/10/2007 9:27:50 PM | Attr = RH ]
    C:\WINDOWS\WMSysPr9.prx [Ver = | Size = 316640 bytes | Modified Date = 2/10/2007 9:30:24 PM | Attr = ]
    C:\WINDOWS\System32\$winnt$.inf [Ver = | Size = 287 bytes | Modified Date = 2/10/2007 9:38:52 PM | Attr = ]
    C:\WINDOWS\System32\amcompat.tlb [Ver = | Size = 16832 bytes | Modified Date = 2/10/2007 9:30:20 PM | Attr = ]
    C:\WINDOWS\System32\cbwhciqm.dll [Ver = | Size = 44165 bytes | Modified Date = 2/5/2007 8:08:38 PM | Attr = ]
    C:\WINDOWS\System32\cdplayer.exe.manifest [Ver = | Size = 749 bytes | Modified Date = 2/10/2007 9:27:50 PM | Attr = RH ]
    C:\WINDOWS\System32\cekkucaf.dll [Ver = | Size = 76412 bytes | Modified Date = 2/10/2007 2:22:50 PM | Attr = ]
    C:\WINDOWS\System32\cuvtpwvp.dll [Ver = | Size = 44165 bytes | Modified Date = 2/9/2007 11:37:38 AM | Attr = ]
    C:\WINDOWS\System32\emptyregdb.dat [Ver = | Size = 22776 bytes | Modified Date = 2/10/2007 9:25:34 PM | Attr = ]
    C:\WINDOWS\System32\fcfotmgp.dll [Ver = | Size = 44165 bytes | Modified Date = 2/6/2007 8:08:52 PM | Attr = ]
    C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 241536 bytes | Modified Date = 2/10/2007 9:40:28 PM | Attr = ]
    C:\WINDOWS\System32\logonui.exe.manifest [Ver = | Size = 488 bytes | Modified Date = 2/10/2007 9:28:02 PM | Attr = RH ]
    C:\WINDOWS\System32\ncpa.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 2/10/2007 9:27:48 PM | Attr = RH ]
    C:\WINDOWS\System32\nscompat.tlb [Ver = | Size = 23392 bytes | Modified Date = 2/10/2007 9:30:20 PM | Attr = ]
    C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 41237 bytes | Modified Date = 2/12/2007 8:34:48 AM | Attr = ]
    C:\WINDOWS\System32\nwc.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 2/10/2007 9:27:48 PM | Attr = RH ]
    C:\WINDOWS\System32\pducinvv.dll [Ver = | Size = 44165 bytes | Modified Date = 2/4/2007 8:08:46 PM | Attr = ]
    C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 41040 bytes | Modified Date = 2/10/2007 9:44:06 PM | Attr = ]
    C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 314838 bytes | Modified Date = 2/10/2007 9:44:06 PM | Attr = ]
    C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 360124 bytes | Modified Date = 2/10/2007 9:44:06 PM | Attr = ]
    C:\WINDOWS\System32\sapi.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 2/10/2007 9:27:50 PM | Attr = RH ]
    C:\WINDOWS\System32\uldecpxy.dll [Ver = | Size = 76412 bytes | Modified Date = 2/4/2007 8:08:28 PM | Attr = ]
    C:\WINDOWS\System32\unsvchosts.lzma [Ver = | Size = 911 bytes | Modified Date = 2/6/2007 9:32:08 PM | Attr = ]
    C:\WINDOWS\System32\vsconfig.xml [Ver = | Size = 890 bytes | Modified Date = 2/12/2007 5:08:14 PM | Attr = H ]
    C:\WINDOWS\System32\WindowsLogon.manifest [Ver = | Size = 488 bytes | Modified Date = 2/10/2007 9:28:02 PM | Attr = RH ]
    C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 2228 bytes | Modified Date = 2/12/2007 8:35:46 AM | Attr = ]
    C:\WINDOWS\System32\wuaucpl.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 2/10/2007 9:27:50 PM | Attr = RH ]
    »»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
    [UPX! , UPX0 , ]C:\MTE3NDI6ODoxNg.exe ()
    [UPX! , UPX0 , ]C:\MTE3NDI6ODoxNgnew.exe ()
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\Thumbs.db:encryptable (0 bytes)
    [WSUD , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\Audio\patch\win98\~Claudine's~ Crew\c9 chok\Reina.jpg ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\Audio\wdm\ALSndMgr.cpl (Realtek Semiconductor Corp.)
    [WSUD , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Aropaz\Lessons\Lesson08\Leaves.psd ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Claud#09's Documents\My Photos\c9 chok\Reina.jpg ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Documents\DV20031226195400.avi ()
    [UPX! , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Documents\DV20031226202724.avi ()
    [UPX0 , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Documents\DV20031226223526.avi ()
    [UPX! , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Documents\DV20031226234238.avi ()
    [UPX0 , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Documents\DV20040109032111.avi ()
    [UPX! , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Documents\DV20040109032555.avi ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Documents\DV20040109040230.avi ()
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Documents\AOL Downloads\Thumbs.db:encryptable (0 bytes)
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Documents\AOL Downloads\96\Thumbs.db:encryptable (0 bytes)
    [WSUD , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\Lessons\Lesson08\Leaves.psd ()
    [UPX! , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\My Shared Folder\Clipse ft. Pharrell - Grindin'.mp3 ()
    [UPX! , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\My Shared Folder\Clipse_Operator.mp3 ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\My Shared Folder\Ronan Keating Nothing At All.MP3 ()
    [UPX0 , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\My Shared Folder\Sergio Mendez - Magalena.mp3 ()
    [UPX0 , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\My Shared Folder\Tyrese feat R.Kelly - Sweet Lady (remix).mp3 ()
    [UPX! , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\My Shared Folder\yougotserverost02.mp3 ()
    [UPX! , UPX0 , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\REINA KAZ\Desktop\stinger.exe (Network Associates Inc.)
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\REINA KAZ\My Music\Unknown Artist\Unknown Album (1 22 2004 9 49 56 PM)\09 Track 9.wma ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\REINA KAZ\My Music\Unknown Artist\weiresin jerome\01 Track 1.wma ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\REINA KAZ\Pati\Think Of Me\08 Track 8.wma ()
    [PTech , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\REINA KAZ\pictures\VG20040111_084845.bmp ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\REINA KAZ\pictures\VG20040111_085113.bmp ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\OldStuff\REINA KAZ\pictures\VG20040111_085425.bmp ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\EmachineDriverwin2000\Videowin2k_xp141\vbios852-855GM.zip ()
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Hollow Man.avi. File size too big (678873088 bytes)
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\Movie\Thumbs.db:encryptable (0 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\007Die_Another_Day\all.rm. File size too big (310542336 bytes)
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\Movie\007Die_Another_Day\Thumbs.db:encryptable (0 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\007GoldenEye\01.rmvb. File size too big (211746552 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\007GoldenEye\02.rmvb. File size too big (206269368 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\13days\Thirteen.Days.2000.CD1.rmvb. File size too big (225478667 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\13days\Thirteen.Days.2000.CD2.rmvb. File size too big (246109562 bytes)
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\Movie\13days\Thumbs.db:encryptable (0 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Basic\all.rmvb. File size too big (336921976 bytes)
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\Movie\Basic\Thumbs.db:encryptable (0 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\CollateralDamage\01.rm. File size too big (185475672 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\CollateralDamage\02.rm. File size too big (185076995 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\EysWideShut\01dvd.rm. File size too big (252788858 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\EysWideShut\02dvd.rm. File size too big (267290114 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\FindingNemo\xvid-fn.avi. File size too big (725874688 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Frequency\all.rm. File size too big (391491131 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Heat\01.rmvb. File size too big (184374443 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Heat\02.rmvb. File size too big (177980883 bytes)
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\Movie\Heat\Thumbs.db:encryptable (0 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\ID4\all.rmvb. File size too big (511851668 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Imposter\all.rmvb. File size too big (370800345 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\JetLi\dvl-c2tg.avi. File size too big (731834368 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Neogotiater\01.rmvb. File size too big (232320512 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Neogotiater\02.rmvb. File size too big (228700513 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Original Sin\all.rmvb. File size too big (402926946 bytes)
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\Movie\Original Sin\Thumbs.db:encryptable (0 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Rules of Engagement\01.rm. File size too big (178371199 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Rules of Engagement\02.rm. File size too big (255446779 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Spy Game\Spy.Game.CD1.2001-QMC.rmvb. File size too big (268987863 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Spy Game\Spy.Game.CD2.2001-QMC.rmvb. File size too big (289046757 bytes)
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\Movie\Spy Game\Thumbs.db:encryptable (0 bytes)
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\Movie\The Last Samurai\Thumbs.db:encryptable (0 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\The Last Samurai\????.rmvb. File size too big (524354923 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\The Matrix 2\01.rmvb. File size too big (240160302 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\The Matrix 2\02.rmvb. File size too big (218271637 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\The Matrix III\cd1.rmvb. File size too big (318865339 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\The Matrix III\cd2.rmvb. File size too big (240560500 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\TheItalianJob\TheItalianJobCd1.rmvb. File size too big (217845504 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\TheItalianJob\TheItalianJobCd2.rmvb. File size too big (216207973 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\U-571\all.rm. File size too big (373261971 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Xman\00.wmv. File size too big (216965894 bytes)
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\Movie\Xman\Thumbs.db:encryptable (0 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Xman2\01.rmvb. File size too big (253220787 bytes)
    File scan skipped for file C:\Documents and Settings\All Users\Documents\Movie\Xman2\02.rmvb. File size too big (264588153 bytes)
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\01 Kose Mochen Tongeiei.wma ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\01 Xavier.wma ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\02 underthesea.wma ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\03 I may hate myself in the morning.wma ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\04 Don't Say No.wma ()
    [UPX! , ]C:\Documents and Settings\All Users\Documents\music\04 Hey Mama.wma ()
    [UPX0 , ]C:\Documents and Settings\All Users\Documents\music\04 Whole Again.wma ()
    [UPX0 , ]C:\Documents and Settings\All Users\Documents\music\05 Confessions, Pt. 2.wma ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\07 Almost doesnt count.wma ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\07 Broken Promises.wma ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\music\07 Samoan3.wma ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\07 T.O.N.G.wma ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\music\08 Uthile.wma ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\09 It's Your Love.wma ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\09 PWUPWURATIW FAN NOUM CHORI.wma ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\10 Nasty Girl---.wma ()
    [FSG! , ]C:\Documents and Settings\All Users\Documents\music\11 - Usher - Simple Things - www.masterdown.tk.mp3 ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\12 LP song 5.wma ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\music\12 Reason to believe.wma ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\music\13 Where Is the Love-.wma ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\music\14 - Goapele - Red, White & Blues.mp3 ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\music\14 - Lauryn Hill - the Miseducation of Lauryn Hill.mp3 ()
    [PEC2 , ]C:\Documents and Settings\All Users\Documents\music\14 We Belong together.wma ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\music\15 - Cherish The Day.mp3 ()
    [FSG! , ]C:\Documents and Settings\All Users\Documents\music\16 - Lauryn Hill - Tell Him.mp3 ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\music\17 Back to My Roots [Live].wma ()
    [UPX! , ]C:\Documents and Settings\All Users\Documents\music\17 Track 17.wma ()
    [WSUD , ]C:\Documents and Settings\All Users\Documents\music\Jill Scott - Rasool.mp3 ()
    [FSG! , ]C:\Documents and Settings\All Users\Documents\music\Ozeky - Pwipwi neto won mesei.mp3 ()
    [FSG! , ]C:\Documents and Settings\All Users\Documents\music\Ozeky - Titanic.mp3 ()
    [FSG! , ]C:\Documents and Settings\All Users\Documents\music\Relinda - Kopwe ngang.mp3 ()
    [FSG! , ]C:\Documents and Settings\All Users\Documents\music\Relinda - Neto won messei.mp3 ()
    [UPX0 , ]C:\Documents and Settings\All Users\Documents\music\Shaggy - We are da 1.mp3 ()
    [UPX! , ]C:\Documents and Settings\All Users\Documents\music\Shakira - Whenever, whereeva.mp3 ()
    [PTech , ]C:\Documents and Settings\All Users\Documents\music\Sixer - Kukun Terrorist.mp3 ()
    [FSG! , ]C:\Documents and Settings\All Users\Documents\music\Stu - Akononinen.mp3 ()
    @Alternate Data Stream - C:\Documents and Settings\All Users\Documents\music\Thumbs.db:encryptable (0 bytes)
    [UPX! , ]C:\Documents and Settings\All Users\Documents\music\Track 12.wma ()
    [UPX0 , ]C:\Documents and Settings\All Users\Documents\music\Virian&FIJI - Peace in this world.mp3 ()
    [PEC2 , ]C:\Program Files\Common Files\GTK\2.0\bin\libglib-2.0-0.dll (The GLib developer community)
    [Thawte Consulting , ]C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip ()
    [PEC2 , PECompact2 , ]C:\Program Files\Common Files\Real\GToolbar\GDSSetup.exe ()
    [PEC2 , WSUD , ]C:\Program Files\Common Files\SpeechEngines\Microsoft\SR61\1033\AF031033.AM ()
    File scan skipped for file C:\WINDOWS\MEMORY.DMP. File size too big (670695424 bytes)
    @Alternate Data Stream - C:\WINDOWS\Thumbs.db:encryptable (0 bytes)
    [UPX! , UPX0 , ]C:\WINDOWS\System32\cbwhciqm.dll ()
    [UPX! , UPX0 , ]C:\WINDOWS\System32\cekkucaf.dll ()
    [UPX! , UPX0 , ]C:\WINDOWS\System32\cuvtpwvp.dll ()
    [PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
    [UPX! , UPX0 , ]C:\WINDOWS\System32\fcfotmgp.dll ()
    [MZKERNEL32.DLL , ]C:\WINDOWS\System32\isnotify.exe ()
    [UPX! , UPX0 , ]C:\WINDOWS\System32\pducinvv.dll ()
    [UPX! , UPX0 , ]C:\WINDOWS\System32\uldecpxy.dll ()
    [winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
    [UPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll ()
    [PTech , ]C:\WINDOWS\System32\drivers\mtlstrm.sys (Smart Link)

    < End of report >
     
  8. mRCuBe

    mRCuBe Thread Starter

    Joined:
    Feb 11, 2007
    Messages:
    36
    Logfile of HijackThis v1.99.1
    Scan saved at 6:28:59 AM, on 2/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [frsvabb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\frsvabb.dll,mhomdtd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119324819776
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  10. mRCuBe

    mRCuBe Thread Starter

    Joined:
    Feb 11, 2007
    Messages:
    36
    I keep getting this error when trying to run the manual script:

    Fatal error: could not create new script file.
     
  11. mRCuBe

    mRCuBe Thread Starter

    Joined:
    Feb 11, 2007
    Messages:
    36
    Sorry, I left a space at the top :D
     
  12. mRCuBe

    mRCuBe Thread Starter

    Joined:
    Feb 11, 2007
    Messages:
    36
    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\uqmgtrcd

    *******************

    Script file located at: \??\C:\Program Files\ygsydytq.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\frsvabb.dll deleted successfully.
    File c:\dfndrff_e34.exe deleted successfully.
    File c:\nwnmff_e34.exe deleted successfully.
    File C:\WINDOWS\system32\ixt0.dll deleted successfully.
    File C:\WINDOWS\System32\cbwhciqm.dll deleted successfully.
    File C:\WINDOWS\System32\cekkucaf.dll deleted successfully.
    File C:\WINDOWS\System32\cuvtpwvp.dll deleted successfully.
    File C:\WINDOWS\System32\fcfotmgp.dll deleted successfully.
    File C:\WINDOWS\System32\pducinvv.dll deleted successfully.
    File C:\WINDOWS\System32\uldecpxy.dll deleted successfully.
    File C:\WINDOWS\System32\isnotify.exe deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
     
  13. mRCuBe

    mRCuBe Thread Starter

    Joined:
    Feb 11, 2007
    Messages:
    36
    SmitFraudFix v2.142

    Scan done at 7:30:54.87, Thu 02/15/2007
    Run from C:\Documents and Settings\mR CuBe\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    C:\MTE3NDI6ODoxNg.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\svchost.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\ioctrl.dll FOUND !
    C:\WINDOWS\system32\ishost.exe FOUND !
    C:\WINDOWS\system32\ismini.exe FOUND !
    C:\WINDOWS\system32\issearch.exe FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\ts.ico FOUND !
    C:\WINDOWS\system32\components\flx?.dll FOUND !
    C:\WINDOWS\system32\components\flx??.dll FOUND !
    C:\WINDOWS\system32\components\flx???.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  15. mRCuBe

    mRCuBe Thread Starter

    Joined:
    Feb 11, 2007
    Messages:
    36
    SmitFraudFix v2.142

    Scan done at 10:06:50.91, Mon 02/19/2007
    Run from C:\Documents and Settings\mR CuBe\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\MTE3NDI6ODoxNg.exe Deleted
    C:\WINDOWS\svchost.exe Deleted
    C:\WINDOWS\system32\ioctrl.dll Deleted
    C:\WINDOWS\system32\ishost.exe Deleted
    C:\WINDOWS\system32\ismini.exe Deleted
    C:\WINDOWS\system32\issearch.exe Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\ts.ico Deleted
    C:\WINDOWS\system32\components\flx?.dll Deleted
    C:\WINDOWS\system32\components\flx??.dll Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/543200

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice