1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Vundo on Machine & have tried VundoFix, SpyBot and VirtumundoBeGone!

Discussion in 'Virus & Other Malware Removal' started by Slugkiller, Oct 25, 2007.

Thread Status:
Not open for further replies.
  1. Slugkiller

    Slugkiller Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    3
    I have been trying to delete Vundo I have tried both VundoFix, SpyBot and VirtumundoBeGone and they do not fix the problem. They all seem to find the virus (spybot finds it in 14 places!) but everytime I reboot its back again. I have run HiJackThis and WinPFind3, please find the HiJackThis log below if you want the WinPFind3 let me know (its to long to fit in one thread). Please help on this its driving me mad.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:58:08, on 10/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlservr.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\Isass.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft CRM\Client\res\Web\bin\Microsoft.Crm.Application.Hoster.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\PerSono\PersTray.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    G:\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://extra.eonic.co.uk
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://extra.eonic.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Workflow] F:\Workflow.exe
    O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\lkmsiaqw.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSCRMStartup] "C:\Program Files\Microsoft CRM\Client\res\Web\bin\Microsoft.Crm.Application.Hoster.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MXIE User.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Perstray.lnk = C:\Program Files\PerSono\PersTray.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://extra.eonic.co.uk
    O15 - Trusted Zone: *.eonic.co.uk
    O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
    O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://crm.prod.eonic.co.uk/Viewer/ActiveX...tiveXViewer.Cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1147164324872
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147164494141
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.eonic.co.uk
    O17 - HKLM\Software\..\Telephony: DomainName = office.eonic.co.uk
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = office.eonic.co.uk
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = office.eonic.co.uk
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (file missing)
    O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

    --
    End of file - 11305 bytes
     
  2. Slugkiller

    Slugkiller Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    3
    WinPFind3 logfile created on: 10/25/2007 11:04:39
    WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Program Files\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.39% Memory free
    2.60 Gb Paging File | 2.05 Gb Available in Paging File | 78.96% Paging File free
    Paging file location(s): c:\pagefile.sys 768 1536;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 32.60 Gb Total Space | 10.14 Gb Free Space | 31.12% Space Free
    Drive D: | 34.94 Gb Total Space | 34.17 Gb Free Space | 97.80% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: *********
    Current User Name: ******
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.1.2005092300 | Size = 483328 bytes | Modified Date = 9/24/2005 06:30:38 | Attr = ]
    apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 03:08:42 | Attr = ]
    apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.7.136 | Size = 114688 bytes | Modified Date = 11/7/2003 09:21:28 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Modified Date = 6/28/2005 14:55:40 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Modified Date = 6/28/2005 14:55:40 | Attr = ]
    atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5157 | Size = 344064 bytes | Modified Date = 6/28/2005 21:05:00 | Attr = ]
    azmixersel.exe -> %ProgramFiles%\Realtek\InstallShield\AzMixerSel.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 2 | Size = 53248 bytes | Modified Date = 2/14/2005 03:18:36 | Attr = ]
    ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.6.3 | Size = 48752 bytes | Modified Date = 10/4/2005 12:42:40 | Attr = ]
    ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.6.3 | Size = 185968 bytes | Modified Date = 10/4/2005 12:42:42 | Attr = ]
    ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.6.3 | Size = 177776 bytes | Modified Date = 10/4/2005 12:42:50 | Attr = ]
    defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 20208 bytes | Modified Date = 11/15/2005 13:27:44 | Attr = ]
    evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20 | Size = 434176 bytes | Modified Date = 8/2/2006 01:39:20 | Attr = ]
    hijackthis.exe -> G:\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 10/24/2007 14:07:26 | Attr = ]
    hpqgalry.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgalry.exe -> Hewlett-Packard Co. [Ver = 045.004.157.000 | Size = 425984 bytes | Modified Date = 11/4/2004 19:36:46 | Attr = ]
    hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 15:49:00 | Attr = ]
    hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 10, 1, 0, 2 | Size = 69632 bytes | Modified Date = 12/24/2004 11:11:46 | Attr = ]
    ico.exe -> %System32%\ico.exe -> Primax Electronics Ltd. [Ver = 1, 0, 0, 8 | Size = 45056 bytes | Modified Date = 3/14/2002 16:46:58 | Attr = ]
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 323584 bytes | Modified Date = 12/20/2005 21:54:34 | Attr = ]
    isass.exe -> %System32%\Isass.exe -> [Ver = | Size = 38912 bytes | Modified Date = 6/13/2007 11:23:08 | Attr = H ]
    ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 278528 bytes | Modified Date = 12/20/2005 21:54:48 | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:36 | Attr = ]
    perstray.exe -> %ProgramFiles%\PerSono\PersTray.exe -> Plantronics [Ver = 2.04.000 | Size = 32768 bytes | Modified Date = 10/9/2002 16:25:58 | Attr = R ]
    photoshopelementsdeviceconnect.exe -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -> [Ver = | Size = 118784 bytes | Modified Date = 10/4/2004 03:40:50 | Attr = ]
    photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 98304 bytes | Modified Date = 10/4/2004 04:47:04 | Attr = ]
    realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 2/8/2006 20:07:12 | Attr = ]
    regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4 | Size = 327680 bytes | Modified Date = 8/2/2006 01:24:22 | Attr = ]
    rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 1777392 bytes | Modified Date = 11/15/2005 13:28:44 | Attr = ]
    s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.0.34 | Size = 937984 bytes | Modified Date = 8/2/2006 01:31:22 | Attr = ]
    savroam.exe -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.2.2000 | Size = 169200 bytes | Modified Date = 11/15/2005 13:27:56 | Attr = ]
    tosa2dp.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe -> TOSHIBA CORPORATION. [Ver = 3.01.5520.US | Size = 262144 bytes | Modified Date = 5/20/2005 14:27:06 | Attr = ]
    tosbthsp.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe -> TOSHIBA CORPORATION. [Ver = 1.01.03.5311 | Size = 217088 bytes | Modified Date = 3/11/2005 12:48:54 | Attr = ]
    tosbtmng.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION. [Ver = 3.03.5621.US | Size = 487424 bytes | Modified Date = 6/21/2005 18:50:48 | Attr = ]
    vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 85744 bytes | Modified Date = 11/15/2005 13:28:04 | Attr = ]
    winpfind3u.exe -> %ProgramFiles%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (AdobeActiveFileMonitor) Adobe Active File Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 98304 bytes | Modified Date = 10/4/2004 04:47:04 | Attr = ]
    (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Modified Date = 6/28/2005 14:55:40 | Attr = ]
    (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.6.3 | Size = 185968 bytes | Modified Date = 10/4/2005 12:42:42 | Attr = ]
    (ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.5.6.3 | Size = 83568 bytes | Modified Date = 10/4/2005 12:42:48 | Attr = ]
    (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.6.3 | Size = 177776 bytes | Modified Date = 10/4/2005 12:42:50 | Attr = ]
    (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 20208 bytes | Modified Date = 11/15/2005 13:27:44 | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 13:00:00 | Attr = ]
    (EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20 | Size = 434176 bytes | Modified Date = 8/2/2006 01:39:20 | Attr = ]
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 01:41:10 | Attr = ]
    (Image Converter video recording monitor for VAIO Entertainment) Image Converter video recording monitor for VAIO Entertainment [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\Image Converter 2\IcVzMon.exe -> Sony Corporation [Ver = 1, 0, 0, 12270 | Size = 32768 bytes | Modified Date = 4/5/2005 13:06:36 | Attr = ]
    (iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 323584 bytes | Modified Date = 12/20/2005 21:54:34 | Attr = ]
    (MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.2.00.06070 | Size = 53337 bytes | Modified Date = 6/7/2005 01:32:54 | Attr = ]
    (PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.2.00.06070 | Size = 53337 bytes | Modified Date = 6/7/2005 01:28:04 | Attr = ]
    (PhotoshopElementsDeviceConnect) Photoshop Elements Device Connect [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -> [Ver = | Size = 118784 bytes | Modified Date = 10/4/2004 03:40:50 | Attr = ]
    (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 10, 1, 0, 2 | Size = 69632 bytes | Modified Date = 12/24/2004 11:11:46 | Attr = ]
    (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4 | Size = 327680 bytes | Modified Date = 8/2/2006 01:24:22 | Attr = ]
    (S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.0.34 | Size = 937984 bytes | Modified Date = 8/2/2006 01:31:22 | Attr = ]
    (SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.2.2000 | Size = 169200 bytes | Modified Date = 11/15/2005 13:27:56 | Attr = ]
    (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.1.105 | Size = 214672 bytes | Modified Date = 10/19/2005 17:39:34 | Attr = ]
    (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,5,1,3 | Size = 992864 bytes | Modified Date = 3/30/2005 21:48:22 | Attr = ]
    (SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.2.00.06070 | Size = 69718 bytes | Modified Date = 6/7/2005 01:22:34 | Attr = ]
    (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 1777392 bytes | Modified Date = 11/15/2005 13:28:44 | Attr = ]
    (VAIO Entertainment TV Device Arbitration Service) VAIO Entertainment TV Device Arbitration Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> File not found
    (VCI) VAIO Cooporated Initialisation [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -> Sony Corporation [Ver = 1.1.0.0 | Size = 398336 bytes | Modified Date = 1/4/2005 11:09:36 | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    54a58e5f -> %System32%\mljaeuxa.dll [rundll32.exe "C:\WINDOWS\system32\mljaeuxa.dll",b] -> [Ver = | Size = 84544 bytes | Modified Date = 10/25/2007 10:58:18 | Attr = ]
    Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.1.2005092300 | Size = 483328 bytes | Modified Date = 9/24/2005 06:30:38 | Attr = ]
    Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 10:43:28 | Attr = ]
    Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.7.136 | Size = 114688 bytes | Modified Date = 11/7/2003 09:21:28 | Attr = ]
    ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5157 | Size = 344064 bytes | Modified Date = 6/28/2005 21:05:00 | Attr = ]
    AzMixerSel -> %ProgramFiles%\Realtek\InstallShield\AzMixerSel.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 2 | Size = 53248 bytes | Modified Date = 2/14/2005 03:18:36 | Attr = ]
    ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.6.3 | Size = 48752 bytes | Modified Date = 10/4/2005 12:42:40 | Attr = ]
    Hcontrol -> %SystemRoot%\ATK0100\Hcontrol.exe -> [Ver = 1043, 2, 15, 28 | Size = 61440 bytes | Modified Date = 7/19/2004 06:05:38 | Attr = ]
    HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 15:49:00 | Attr = ]
    ISBMgr.exe -> %ProgramFiles%\Sony\ISB Utility\ISBMgr.exe -> Sony Corporation [Ver = 1, 0, 0, 2180 | Size = 32768 bytes | Modified Date = 2/20/2004 14:12:34 | Attr = ]
    iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 278528 bytes | Modified Date = 12/20/2005 21:54:48 | Attr = ]
    Local Security Authority Service -> %System32%\Isass.exe -> [Ver = | Size = 38912 bytes | Modified Date = 6/13/2007 11:23:08 | Attr = H ]
    Mouse Suite 98 Daemon -> %System32%\ico.exe -> Primax Electronics Ltd. [Ver = 1, 0, 0, 8 | Size = 45056 bytes | Modified Date = 3/14/2002 16:46:58 | Attr = ]
    QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 1/16/2006 11:25:48 | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:36 | Attr = ]
    Switcher.exe -> %ProgramFiles%\Sony\Wireless Switch Setting Utility\Switcher.exe -> Sony Corporation [Ver = 3.3.00.02140 | Size = 176128 bytes | Modified Date = 2/14/2006 13:11:46 | Attr = ]
    TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 2/8/2006 20:07:12 | Attr = ]
    VAIO Update 2 -> %ProgramFiles%\Sony\VAIO Update 2\VAIOUpdt.exe -> Sony Corporation [Ver = 2, 1, 2, 1140 | Size = 151552 bytes | Modified Date = 1/14/2005 13:43:28 | Attr = ]
    vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 85744 bytes | Modified Date = 11/15/2005 13:28:04 | Attr = ]
    Workflow -> F:\Workflow.exe -> File not found
    < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
    IMAIL -> Installed = 1 ->
    MAPI -> Installed = 1 ->
    MSFS -> Installed = 1 ->
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 17:45:08 | Attr = R ]
    Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\ypager.exe -> File not found
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
    %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 23:05:26 | Attr = ]
    %AllUsersStartup%\Bluetooth Manager.lnk -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION. [Ver = 3.03.5621.US | Size = 487424 bytes | Modified Date = 6/21/2005 18:50:48 | Attr = ]
    %AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 19:28:24 | Attr = ]
    %AllUsersStartup%\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 045.004.157.000 | Size = 53248 bytes | Modified Date = 11/4/2004 19:50:52 | Attr = ]
    %AllUsersStartup%\Perstray.lnk -> %ProgramFiles%\PerSono\PersTray.exe -> Plantronics [Ver = 2.04.000 | Size = 32768 bytes | Modified Date = 10/9/2002 16:25:58 | Attr = R ]
    < User Startup > -> C:\Documents and Settings\Iaine\Start Menu\Programs\Startup ->
    %UserStartup%\MXIE User.lnk -> %ProgramFiles%\Zultys\MXIE\bin\mxie.exe -> Zultys Technologies [Ver = 3.0.23.0 | Size = 6713344 bytes | Modified Date = 7/8/2006 00:30:32 | Attr = ]
    < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
    {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} [HKLM] -> Reg Data - Key not found [] -> File not found
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 46080 bytes | Modified Date = 6/28/2005 14:56:50 | Attr = ]
    NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 43760 bytes | Modified Date = 11/15/2005 13:28:12 | Attr = ]
    < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
    < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
    < HOSTS File > (192978 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
    < Internet Explorer Settings > -> ->
    HKLM: Default_Page_URL -> http://uk.yahoo.com ->
    HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
    HKLM: Start Page -> http://www.msn.com/ ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
    HKLM: SearchAssistant -> http://www.google.com/ie ->
    HKCU: Default_Page_URL -> http://extra.eonic.co.uk ->
    HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
    HKCU: Search Bar -> http://www.google.com/ie ->
    HKCU: Search Page -> http://www.google.com ->
    HKCU: Start Page -> http://extra.eonic.co.uk ->
    HKCU: SearchAssistant -> http://www.google.com/ie ->
    HKCU: ProxyEnable -> 0 ->
    HKCU: ProxyOverride -> <local> ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    msn.com [ - ] -> ->
    < Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    eonic.co.uk [*] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 05:16:42 | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 16:46:14 | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ]
    {89AD4D75-2429-462e-BD4E-443F233F6033} [HKLM] -> %System32%\cpjcyeoc.dll [Reg Data - Value does not exist] -> [Ver = | Size = 76864 bytes | Modified Date = 10/25/2007 11:01:18 | Attr = ]
    {A5C96568-3D07-4577-9EF7-905217567903} [HKLM] -> %System32%\awvtr.dll [Reg Data - Value does not exist] -> [Ver = | Size = 307808 bytes | Modified Date = 10/19/2007 11:34:50 | Attr = ]
    < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ]
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 16:46:14 | Attr = ]
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
    E&xport to Microsoft Excel -> -> File not found
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {297F82D7-632A-4C41-8C2C-231A13E0C956} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
    {59F8B86B-8F5F-4E4B-8FE3-E0DDE173032A} -> (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) ->
    {6F227D1E-AED6-472C-836A-FD7455495B7C} -> () ->
    {7E4B1EE2-0AD4-4F26-843C-4DFF96B4AFF1} -> (1394 Net Adapter) ->
    {D9F49B82-6672-4FF6-814B-C1167F0AD21F} -> () ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {02CF1781-EA91-4FA5-A200-646E8241987C} -> VaioInfo.CMClass - CodeBase = http://esupport.sony.com/VaioInfo.CAB ->
    {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab ->
    {2DEF4530-8CE6-41C9-84B6-A54536C90213} -> Crystal Report Viewer Control 9 - CodeBase = http://crm.prod.eonic.co.uk/Viewer/ActiveXViewer/ActiveXViewer.Cab ->
    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
    {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147164324872 ->
    {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} -> GameLauncher Control - CodeBase = http://www.acclaim.com/cabs/acclaim_v4.cab ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147164494141 ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc4.cab ->
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    Microsoft XML Parser for Java -> - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab ->
     
  3. Slugkiller

    Slugkiller Thread Starter

    Joined:
    Oct 25, 2007
    Messages:
    3
    [Files/Folders - Created Within 30 days]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146816000 bytes | Created Date = 1/1/1601 | Attr = HS]
    HiJackThis -> %SystemDrive%\HiJackThis -> [Folder | Created Date = 10/23/2007 12:46:43 | Attr = ]
    spybotsd15.exe -> %SystemDrive%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Created Date = 10/23/2007 12:53:12 | Attr = ]
    @Alternate Data Stream - 26 bytes -> %SystemDrive%\spybotsd15.exe:Zone.Identifier ->
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 10/24/2007 13:36:57 | Attr = ]
    $NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/12/2007 07:17:02 | Attr = H ]
    $NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/12/2007 07:14:47 | Attr = H ]
    .jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Created Date = 10/13/2007 19:10:43 | Attr = ]
    awvtr.dll -> %System32%\awvtr.dll -> [Ver = | Size = 307808 bytes | Created Date = 10/19/2007 10:34:47 | Attr = ]
    axueajlm.ini -> %System32%\axueajlm.ini -> [Ver = | Size = 834 bytes | Created Date = 10/25/2007 09:58:16 | Attr = HS]
    cpjcyeoc.dll -> %System32%\cpjcyeoc.dll -> [Ver = | Size = 76864 bytes | Created Date = 10/25/2007 10:01:15 | Attr = ]
    dlmczthe.exe -> %System32%\dlmczthe.exe -> [Ver = 1.00 | Size = 15785 bytes | Created Date = 10/22/2007 16:49:26 | Attr = ]
    esqavgyk.ini -> %System32%\esqavgyk.ini -> [Ver = | Size = 230400 bytes | Created Date = 10/23/2007 12:47:05 | Attr = HS]
    exegzlr.exe -> %System32%\exegzlr.exe -> [Ver = 1.00 | Size = 15785 bytes | Created Date = 10/21/2007 10:25:39 | Attr = ]
    hnkuw.exe -> %System32%\hnkuw.exe -> [Ver = | Size = 24442 bytes | Created Date = 10/22/2007 16:49:26 | Attr = ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 10/18/2007 07:15:56 | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 10/18/2007 07:15:56 | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 10/18/2007 07:15:56 | Attr = ]
    kygvaqse.dll -> %System32%\kygvaqse.dll -> [Ver = | Size = 84544 bytes | Created Date = 10/23/2007 12:46:54 | Attr = ]
    lkmsiaqw.dll -> %System32%\lkmsiaqw.dll -> [Ver = | Size = 84544 bytes | Created Date = 10/25/2007 08:10:29 | Attr = ]
    mljaeuxa.dll -> %System32%\mljaeuxa.dll -> [Ver = | Size = 84544 bytes | Created Date = 10/25/2007 09:58:16 | Attr = ]
    mljihee.dll -> %System32%\mljihee.dll -> [Ver = | Size = 0 bytes | Created Date = 10/22/2007 09:24:21 | Attr = ]
    mswdch.exe -> %System32%\mswdch.exe -> [Ver = 1.00 | Size = 15785 bytes | Created Date = 10/22/2007 17:09:58 | Attr = ]
    oftxuswh.ini -> %System32%\oftxuswh.ini -> [Ver = | Size = 654 bytes | Created Date = 10/24/2007 19:26:42 | Attr = HS]
    osjgrlnn.ini -> %System32%\osjgrlnn.ini -> [Ver = | Size = 534 bytes | Created Date = 10/24/2007 16:50:44 | Attr = HS]
    qaihzmxe.exe -> %System32%\qaihzmxe.exe -> [Ver = 1.00 | Size = 15785 bytes | Created Date = 10/22/2007 09:24:04 | Attr = ]
    rtvwa.bak1 -> %System32%\rtvwa.bak1 -> [Ver = | Size = 6465 bytes | Created Date = 10/19/2007 10:36:14 | Attr = HS]
    rtvwa.bak2 -> %System32%\rtvwa.bak2 -> [Ver = | Size = 297256 bytes | Created Date = 10/21/2007 17:40:25 | Attr = HS]
    rtvwa.ini -> %System32%\rtvwa.ini -> [Ver = | Size = 297742 bytes | Created Date = 10/24/2007 12:47:36 | Attr = HS]
    rtvwa.ini2 -> %System32%\rtvwa.ini2 -> [Ver = | Size = 294703 bytes | Created Date = 10/23/2007 21:00:52 | Attr = HS]
    rtvwa.tmp -> %System32%\rtvwa.tmp -> [Ver = | Size = 297777 bytes | Created Date = 10/23/2007 14:56:43 | Attr = HS]
    ruogtb.exe -> %System32%\ruogtb.exe -> [Ver = 1.00 | Size = 15785 bytes | Created Date = 10/19/2007 08:03:51 | Attr = ]
    wqaismkl.ini -> %System32%\wqaismkl.ini -> [Ver = | Size = 774 bytes | Created Date = 10/25/2007 08:10:30 | Attr = HS]
    xoiybswl.ini -> %System32%\xoiybswl.ini -> [Ver = | Size = 414 bytes | Created Date = 10/24/2007 15:17:03 | Attr = HS]
    zbhqfo.drv -> %System32%\zbhqfo.drv -> [Ver = | Size = 123169 bytes | Created Date = 10/13/2007 19:04:51 | Attr = ]
    hosts.20071024-154651.backup -> %System32%\drivers\etc\hosts.20071024-154651.backup -> [Ver = | Size = 758 bytes | Created Date = 10/24/2007 14:46:51 | Attr = ]
    hosts.20071024-162047.backup -> %System32%\drivers\etc\hosts.20071024-162047.backup -> [Ver = | Size = 192978 bytes | Created Date = 10/24/2007 15:20:47 | Attr = R ]
    hosts.20071024-165510.backup -> %System32%\drivers\etc\hosts.20071024-165510.backup -> [Ver = | Size = 192978 bytes | Created Date = 10/24/2007 15:55:10 | Attr = R ]


    [Files/Folders - Modified Within 30 days]
    Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 10/24/2007 16:10:02 | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146816000 bytes | Modified Date = 10/25/2007 10:53:08 | Attr = HS]
    HiJackThis -> %SystemDrive%\HiJackThis -> [Folder | Modified Date = 10/23/2007 15:02:06 | Attr = ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/25/2007 10:09:22 | Attr = R ]
    spybotsd15.exe -> %SystemDrive%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Modified Date = 10/23/2007 13:52:46 | Attr = ]
    @Alternate Data Stream - 26 bytes -> %SystemDrive%\spybotsd15.exe:Zone.Identifier ->
    sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/4/2007 17:57:08 | Attr = H ]
    sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/5/2007 07:50:58 | Attr = H ]
    sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/5/2007 16:38:44 | Attr = H ]
    sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/8/2007 17:43:54 | Attr = H ]
    sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/9/2007 16:49:34 | Attr = H ]
    sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/10/2007 08:38:24 | Attr = H ]
    sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/12/2007 14:42:02 | Attr = H ]
    sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/13/2007 21:39:48 | Attr = H ]
    sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/13/2007 23:16:54 | Attr = H ]
    sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/16/2007 16:44:02 | Attr = H ]
    sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/16/2007 23:38:58 | Attr = H ]
    sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/17/2007 17:40:22 | Attr = H ]
    sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/17/2007 22:23:36 | Attr = H ]
    sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/18/2007 13:54:32 | Attr = H ]
    sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/19/2007 09:25:34 | Attr = H ]
    sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 10/19/2007 11:26:08 | Attr = H ]
    sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/4/2007 17:57:08 | Attr = H ]
    sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/5/2007 07:50:58 | Attr = H ]
    sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/5/2007 16:38:44 | Attr = H ]
    sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/8/2007 17:43:54 | Attr = H ]
    sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/9/2007 16:49:34 | Attr = H ]
    sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/10/2007 08:38:24 | Attr = H ]
    sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/12/2007 14:42:02 | Attr = H ]
    sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/13/2007 21:39:48 | Attr = H ]
    sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/13/2007 23:16:52 | Attr = H ]
    sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/16/2007 16:44:02 | Attr = H ]
    sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/16/2007 23:38:58 | Attr = H ]
    sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/17/2007 17:40:22 | Attr = H ]
    sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/17/2007 22:23:36 | Attr = H ]
    sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/18/2007 13:54:32 | Attr = H ]
    sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/19/2007 09:25:34 | Attr = H ]
    sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/19/2007 11:26:08 | Attr = H ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 10/25/2007 10:45:38 | Attr = ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/25/2007 10:58:06 | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 10/12/2007 08:17:02 | Attr = H ]
    $NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/12/2007 08:17:06 | Attr = H ]
    $NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/12/2007 08:14:50 | Attr = H ]
    .jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Modified Date = 10/13/2007 20:13:04 | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/25/2007 10:53:56 | Attr = S]
    CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 10/25/2007 10:54:04 | Attr = HS]
    ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 10/12/2007 08:15:12 | Attr = ]
    imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/12/2007 08:15:34 | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/24/2007 19:34:44 | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/24/2007 19:22:44 | Attr = HS]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/25/2007 10:55:32 | Attr = ]
    security -> %SystemRoot%\security -> [Folder | Modified Date = 10/25/2007 09:29:22 | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 10/25/2007 11:04:46 | Attr = ]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 10/25/2007 10:58:46 | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/25/2007 10:54:10 | Attr = H ]
    awvtr.dll -> %System32%\awvtr.dll -> [Ver = | Size = 307808 bytes | Modified Date = 10/19/2007 11:34:50 | Attr = ]
    axueajlm.ini -> %System32%\axueajlm.ini -> [Ver = | Size = 834 bytes | Modified Date = 10/25/2007 10:58:28 | Attr = HS]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/24/2007 14:33:32 | Attr = ]
    cpjcyeoc.dll -> %System32%\cpjcyeoc.dll -> [Ver = | Size = 76864 bytes | Modified Date = 10/25/2007 11:01:18 | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/12/2007 14:43:38 | Attr = RHS]
    dlmczthe.exe -> %System32%\dlmczthe.exe -> [Ver = 1.00 | Size = 15785 bytes | Modified Date = 10/22/2007 17:49:28 | Attr = ]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 10/13/2007 20:01:06 | Attr = ]
    esqavgyk.ini -> %System32%\esqavgyk.ini -> [Ver = | Size = 230400 bytes | Modified Date = 10/23/2007 13:47:10 | Attr = HS]
    exegzlr.exe -> %System32%\exegzlr.exe -> [Ver = 1.00 | Size = 15785 bytes | Modified Date = 10/21/2007 11:25:40 | Attr = ]
    hnkuw.exe -> %System32%\hnkuw.exe -> [Ver = | Size = 24442 bytes | Modified Date = 10/22/2007 17:49:28 | Attr = ]
    kygvaqse.dll -> %System32%\kygvaqse.dll -> [Ver = | Size = 84544 bytes | Modified Date = 10/23/2007 13:46:56 | Attr = ]
    lkmsiaqw.dll -> %System32%\lkmsiaqw.dll -> [Ver = | Size = 84544 bytes | Modified Date = 10/25/2007 09:10:32 | Attr = ]
    mljaeuxa.dll -> %System32%\mljaeuxa.dll -> [Ver = | Size = 84544 bytes | Modified Date = 10/25/2007 10:58:18 | Attr = ]
    mljihee.dll -> %System32%\mljihee.dll -> [Ver = | Size = 0 bytes | Modified Date = 10/22/2007 12:58:16 | Attr = ]
    mswdch.exe -> %System32%\mswdch.exe -> [Ver = 1.00 | Size = 15785 bytes | Modified Date = 10/22/2007 18:10:00 | Attr = ]
    oftxuswh.ini -> %System32%\oftxuswh.ini -> [Ver = | Size = 654 bytes | Modified Date = 10/25/2007 09:02:08 | Attr = HS]
    osjgrlnn.ini -> %System32%\osjgrlnn.ini -> [Ver = | Size = 534 bytes | Modified Date = 10/24/2007 19:17:48 | Attr = HS]
    qaihzmxe.exe -> %System32%\qaihzmxe.exe -> [Ver = 1.00 | Size = 15785 bytes | Modified Date = 10/22/2007 10:24:06 | Attr = ]
    Restore -> %System32%\Restore -> [Folder | Modified Date = 10/24/2007 16:30:26 | Attr = ]
    rtvwa.bak1 -> %System32%\rtvwa.bak1 -> [Ver = | Size = 6465 bytes | Modified Date = 10/19/2007 11:36:16 | Attr = HS]
    rtvwa.bak2 -> %System32%\rtvwa.bak2 -> [Ver = | Size = 297256 bytes | Modified Date = 10/25/2007 10:55:52 | Attr = HS]
    rtvwa.ini -> %System32%\rtvwa.ini -> [Ver = | Size = 297742 bytes | Modified Date = 10/24/2007 13:44:04 | Attr = HS]
    rtvwa.ini2 -> %System32%\rtvwa.ini2 -> [Ver = | Size = 294703 bytes | Modified Date = 10/25/2007 11:04:46 | Attr = HS]
    rtvwa.tmp -> %System32%\rtvwa.tmp -> [Ver = | Size = 297777 bytes | Modified Date = 10/23/2007 22:00:54 | Attr = HS]
    ruogtb.exe -> %System32%\ruogtb.exe -> [Ver = 1.00 | Size = 15785 bytes | Modified Date = 10/19/2007 09:03:52 | Attr = ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 12620 bytes | Modified Date = 10/25/2007 10:55:02 | Attr = ]
    wqaismkl.ini -> %System32%\wqaismkl.ini -> [Ver = | Size = 774 bytes | Modified Date = 10/25/2007 10:55:40 | Attr = HS]
    xoiybswl.ini -> %System32%\xoiybswl.ini -> [Ver = | Size = 414 bytes | Modified Date = 10/24/2007 17:45:26 | Attr = HS]
    zbhqfo.drv -> %System32%\zbhqfo.drv -> [Ver = | Size = 123169 bytes | Modified Date = 10/22/2007 10:41:52 | Attr = ]
    etc -> %System32%\drivers\etc -> [Folder | Modified Date = 10/24/2007 16:20:48 | Attr = ]
    hosts.20071024-154651.backup -> %System32%\drivers\etc\hosts.20071024-154651.backup -> [Ver = | Size = 758 bytes | Modified Date = 10/23/2007 12:56:14 | Attr = ]
    hosts.20071024-162047.backup -> %System32%\drivers\etc\hosts.20071024-162047.backup -> [Ver = | Size = 192978 bytes | Modified Date = 10/24/2007 15:46:52 | Attr = R ]
    hosts.20071024-165510.backup -> %System32%\drivers\etc\hosts.20071024-165510.backup -> [Ver = | Size = 192978 bytes | Modified Date = 10/24/2007 16:20:48 | Attr = R ]


    [File String Scan - Non-Microsoft Only]
    @Alternate Data Stream - 26 bytes -> %SystemDrive%\spybotsd15.exe:Zone.Identifier ->
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 13:00:00 | Attr = ]
    UPX! , UPX0 , -> %System32%\dlmczthe.exe -> [Ver = 1.00 | Size = 15785 bytes | Modified Date = 10/22/2007 17:49:28 | Attr = ]
    UPX! , UPX0 , -> %System32%\exegzlr.exe -> [Ver = 1.00 | Size = 15785 bytes | Modified Date = 10/21/2007 11:25:40 | Attr = ]
    UPX! , UPX0 , -> %System32%\mswdch.exe -> [Ver = 1.00 | Size = 15785 bytes | Modified Date = 10/22/2007 18:10:00 | Attr = ]
    UPX! , UPX0 , -> %System32%\qaihzmxe.exe -> [Ver = 1.00 | Size = 15785 bytes | Modified Date = 10/22/2007 10:24:06 | Attr = ]
    UPX! , UPX0 , -> %System32%\ruogtb.exe -> [Ver = 1.00 | Size = 15785 bytes | Modified Date = 10/19/2007 09:03:52 | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 13:00:00 | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/4/2004 13:00:00 | Attr = ]
    abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 192978 bytes | Modified Date = 10/24/2007 16:55:12 | Attr = R ]
    abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071024-162047.backup -> [Ver = | Size = 192978 bytes | Modified Date = 10/24/2007 15:46:52 | Attr = R ]
    abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071024-165510.backup -> [Ver = | Size = 192978 bytes | Modified Date = 10/24/2007 16:20:48 | Attr = R ]

    < End of report >
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/643292

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice