Win32:PurityScan-AF virus?? I need help once again

The avast! logs and file creation dates in combofix agree on 25 June. Just making sure I didn’t miss anything the first time.

Download OTMoveIt by OldTimer. Save it to your desktop but don’t use it yet.

Open HijackThis and click to Do a System Scan Only. Then place a check mark next to these lines

[b]O4 - HKCU..\Run: [Outerinfo] “C:\Program Files\Outerinfo\Outerinfo.exe”

O4 - HKCU..\Run: [OuterinfoUpdate] “C:\Program Files\Outerinfo\OuterinfoUpdate.exe”

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab[/b]

Close all other windows, including your browser, and click Fix Checked.

Close HijackThis and double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\xxyayww.dll
C:\WINDOWS\system32\efccyab.dll
C:\WINDOWS\system32\pmnonnk.dll
C:\WINDOWS\system32\tuvtqpm.dll
C:\WINDOWS\acdt68.exe
C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\ddccb.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
C:\Program Files\Outerinfo\Outerinfo.exe
C:\Program Files\Outerinfo\OuterinfoUpdate.exe
C:\WINDOWS\system32\vtuspol.dll
C:\WINDOWS\system32\ddccb.dll

Return to OTMoveIt, right click on the “Paste List of Files/Folders to be moved” window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Now open Add/Remove Programs in the Control Panel and uninstall any of the following you find there

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga

Then run a complete system scan with the free version of SuperAntiSpyware and save, then post, the log along with a fresh HJT log

http://www.superantispyware.com/

Finally, submit this file to Virus Total and post the scan results

C:\Program Files\Messenger\meqot43855.dll

I did the system scan and clicked fixed checked after check marking those lines you told me to. I then proceeded to OTMoveIt and moved the files you told me to. However about this time the AVG AntiSpyware told me I had a trojan so i clicked ignore to finish up with the OTMoveIt. This when the OTMoveIt told me to reboot my system. I did that and then once the computer began to restart my avast showed it found a trojan. I’m unsure how to go back and get the results from the OTMoveIt. Should I just continue and run the hijackthis or will I have to redo everything again so that I can get the results from the OTMoveIT?

Also, when the AVG went up with that trojan warning it asked if should quarantine, which i clicked yes. it then told me i need to reboot to finish cleaning up the file should I do that? I have yet to do look for and uninstall the programs you told me to in the Control Panel.

Yes, do both of the above.

Then try to move all the same files with OTMoveIt as before, and post the results. Don’t worry if most of them are not found now.

I still need th Virus total results for

C:\Program Files\Messenger\meqot43855.dll

and then I would also like a new ComboFix and HJT logs (in that order).

EDIT: Post the contents of the AVG quarantine too.

When I have the files moved, (using OTMoveIt) it tells me to reboot, however it does not allow me to make a copy of the results.

File/Folder C:\WINDOWS\system32\xxyayww.dll not found.
File/Folder C:\WINDOWS\system32\efccyab.dll not found.
File/Folder C:\WINDOWS\system32\pmnonnk.dll not found.
File/Folder C:\WINDOWS\system32\tuvtqpm.dll not found.
File/Folder C:\WINDOWS\acdt68.exe not found.
File/Folder C:\WINDOWS\system32\bccdd.bak1 not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\ddccb.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ddccb.dll scheduled to be moved on reboot.
File/Folder C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap not found.
File/Folder C:\Program Files\Outerinfo\Outerinfo.exe not found.
File/Folder C:\Program Files\Outerinfo\OuterinfoUpdate.exe not found.
File/Folder C:\WINDOWS\system32\vtuspol.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\ddccb.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ddccb.dll scheduled to be moved on reboot.

Created on 06-27-2007 14:34:34

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/27/2007 at 03:53 PM

Application Version : 3.8.1002

Core Rules Database Version : 3258
Trace Rules Database Version: 1269

Scan type : Complete Scan
Total Scan Time : 00:48:32

Memory items scanned : 482
Memory threats detected : 1
Registry items scanned : 5743
Registry threats detected : 14
File items scanned : 24902
File threats detected : 68

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\DDCCB.DLL
C:\WINDOWS\SYSTEM32\DDCCB.DLL
HKLM\Software\Classes\CLSID{81DD6C8F-EA28-4CFF-A56A-5BD9A8F1D1FD}
HKCR\CLSID{81DD6C8F-EA28-4CFF-A56A-5BD9A8F1D1FD}
HKCR\CLSID{81DD6C8F-EA28-4CFF-A56A-5BD9A8F1D1FD}\InprocServer32
HKCR\CLSID{81DD6C8F-EA28-4CFF-A56A-5BD9A8F1D1FD}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{81DD6C8F-EA28-4CFF-A56A-5BD9A8F1D1FD}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddccb

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID{F31723F2-81C7-4F92-9C4A-7E6F422E46CE}
HKCR\CLSID{F31723F2-81C7-4F92-9C4A-7E6F422E46CE}
HKCR\CLSID{F31723F2-81C7-4F92-9C4A-7E6F422E46CE}
HKCR\CLSID{F31723F2-81C7-4F92-9C4A-7E6F422E46CE}\InProcServer32
HKCR\CLSID{F31723F2-81C7-4F92-9C4A-7E6F422E46CE}\InProcServer32#ThreadingModel
C:\PROGRAM FILES\MESSENGER\MEQOT43855.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F31723F2-81C7-4F92-9C4A-7E6F422E46CE}

Adware.Tracking Cookie
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@viamtvcom.112.2o7[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@2o7[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@atdmt[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@adopt.specificclick[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@bs.serving-sys[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@tacoda[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@112.2o7[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@metacafe.122.2o7[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@serving-sys[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@adinterax[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@2.adbrite[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@hitbox[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@ehg-viacom.hitbox[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@fastclick[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@tribalfusion[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@advertising[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@edge.ru4[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@burstnet[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@ad.xplusone[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@doubleclick[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@specificclick[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@mediaplex[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@ads.pointroll[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@www.burstnet[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@imedia.foxsports[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@adopt.euroclick[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@ads.cnn[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@image.masterstats[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@adlegend[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@ads.cluster01.oasis.zmh.zope[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@zedo[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@questionmarket[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@media.mtvnservices[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@toplist[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@ad[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@ads.gametap[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@overture[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@cgi-bin[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@realmedia[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@ads.k8l[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@adbrite[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@trafficmp[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@perf.overture[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@anad.tacoda[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@revsci[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@anat.tacoda[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@track.searchignite[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@data4.perf.overture[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@msnportal.112.2o7[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@atwola[2].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@cbs.112.2o7[1].txt
C:\Documents and Settings\Brenda Mayorga\Cookies\brenda mayorga@pointroll[1].txt

Adware.ClickSpring/Outer Info Network
HKLM\Software\Outerinfo
HKLM\Software\Outerinfo#InstallDirectory
C:\Documents and Settings\Brenda Mayorga\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Brenda Mayorga\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Brenda Mayorga\Start Menu\Programs\Outerinfo

Adware.RAC
C:\SYSTEM VOLUME INFORMATION_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP220\A0044438.EXE

Adware.eZula
C:\SYSTEM VOLUME INFORMATION_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP222\A0044669.EXE

Trojan.Downloader-Gen/HitItQuitIt
C:_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\EFCCYAB.DLL
C:_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\PMNONNK.DLL
C:_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\TUVTQPM.DLL
C:_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\XXYAYWW.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\6T78XCR6\tob_snd_20070616[1]
C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\JJ1RJTOS\adfcook[1]
C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\LBCRWB6D_affvm[2]
C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\PKO7T5KT_jnvm[1]

Logfile of HijackThis v1.99.1
Scan saved at 4:26, on 2007-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Airlink101\AWLC4030\WLService.exe
C:\Program Files\Airlink101\AWLC4030\WLanCfgAG.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\mtgafqjo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {81DD6C8F-EA28-4CFF-A56A-5BD9A8F1D1FD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM..\Run: [icq.com] rundll32.exe “C:\WINDOWS\system32\dobypqqc.dll”,forkonce
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176249475250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176249440859
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vtuspol - vtuspol.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tcbbsjha.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super G Wireless Cardbus Service - Unknown owner - C:\Program Files\Airlink101\AWLC4030\WLService.exe

Virus total showed…
0 bytes size received / Se ha recibido un archivo vacio

Also while i was doing the hijacklog, my avast popped up saying i had signs of another trojan. I’ve put the log from 6-25-2007 to now.
2007-06-20 1:01 SYSTEM 2032 Sign of “Win32:Agent-HZS [Trj]” has been found in “C:\SYSTEM VOLUME INFORMATION_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP208\A0041500.EXE” file.
2007-06-25 7:27 SYSTEM 2036 Sign of “Win32:VB-TGS [Trj]” has been found in “C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\snapsnet.exe” file.
2007-06-25 7:32 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\Program Files\Outerinfo\OinFP.exe[UPX]” file.
2007-06-25 7:32 SYSTEM 2036 Sign of “Win32:Mirar-B [Adw]” has been found in “C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe” file.
2007-06-25 7:33 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\Program Files\Outerinfo\Outerinfo.dll” file.
2007-06-25 7:35 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\Program Files\Outerinfo\OinFP.exe[UPX]” file.
2007-06-25 7:38 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\Program Files\Outerinfo\OinFP.exe[UPX]” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:Agent-HKJ [Trj]” has been found in “C:\WINDOWS\retadpu2000219.exe[UPX]” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsx26.tmp\KillNDrv.dll” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\AXMHGBKX\acdt68[1].exe” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\Program Files\Outerinfo\Outerinfo.dll” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:Agent-HKJ [Trj]” has been found in “C:\QooBox\Quarantine\C\WINDOWS\retadpu2000219.exe.vir[UPX]” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\Program Files\Outerinfo\Outerinfo.dll” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsx26.tmp\KillNDrv.dll” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsy31.tmp\KillNDrv.dll” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsy30.tmp\KillNDrv.dll” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsy30.tmp\KillNDrv.dll” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\Program Files\Outerinfo\Outerinfo.exe” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsy31.tmp\KillNDrv.dll” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\Program Files\Outerinfo\Outerinfo.exe” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\Program Files\Outerinfo\OuterinfoUpdate.exe[UPX]” file.
2007-06-26 12:01 SYSTEM 2036 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\Program Files\Outerinfo\OuterinfoUpdate.exe[UPX]” file.
2007-06-26 12:10 Brenda Mayorga 468 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\Program Files\Outerinfo\Outerinfo.exe” file.
2007-06-26 12:28 Brenda Mayorga 468 Sign of “Win32:PurityScan-AF [Trj]” has been found in “C:\QooBox\Quarantine\C\Program Files\Outerinfo\Outerinfo.dll.vir” file.
2007-06-27 12:02 SYSTEM 928 Sign of “Win32:Agent-HZS [Trj]” has been found in “C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\PZWPLAF2\koocwolla_20070601[1]” file.
2007-06-27 2:26 SYSTEM 148 Sign of “Win32:Agent-HZS [Trj]” has been found in “C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\LBCRWB6D\koocwolla_20070601[1]” file.
2007-06-27 3:35 SYSTEM 152 Sign of “Win32:Agent-HKJ [Trj]” has been found in “C:\QOOBOX\QUARANTINE\C\WINDOWS\RETADPU2000219.EXE.VIR[UPX]” file.
2007-06-27 3:41 SYSTEM 152 Sign of “Win32:Agent-HKJ [Trj]” has been found in “C:\SYSTEM VOLUME INFORMATION_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP219\A0042431.EXE[UPX]” file.

There is still Virtumondo on your computer and possibly some processes we haven’t found yet.

Download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it’s done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from “Click the
Scan for Vundo button.” when VundoFix appears at reboot.

A log will be produced which you can post in your next response.

VundoFix will likely clean many (hopefully all) of the infected files but I’m unsure if it will get the underlying problem, so after you post the VundoFix report I would also like you to download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Under Additional Scans click the checkboxes in front of the following items to select them:

Non-Microsoft Only

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Also, I had previously recommended a firewall - this would be a very good time to get one.

I’ve ran the VundoFix, however it told me that there were no infected files. It did not prompt me to reboot the system. Should I x out of the VundoFix or do I actually need to click on Remove Vundo? I’m assuming since no file was found that there will be no log produced?

It can just be closed.

WinPFind3 logfile created on: 2007-06-27 PM 10:57:07
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Brenda Mayorga\Desktop\WinPFind3u
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

222.48 Mb Total Physical Memory | 42.85 Mb Available Physical Memory | 19.26% Memory free
582.59 Mb Paging File | 200.34 Mb Available in Paging File | 34.39% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.00 Gb Free Space | 64.42% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: BRENDA
Current User Name: Brenda Mayorga
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
ashdisp.exe → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 2007-01-15 AM 11:28:58 | Attr = ]
ashmaisv.exe → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 2007-01-15 AM 11:28:32 | Attr = ]
ashserv.exe → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 2007-01-15 AM 11:28:52 | Attr = ]
ashwebsv.exe → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 2007-01-15 AM 11:27:52 | Attr = ]
aswupdsv.exe → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → [Ver = | Size = 59008 bytes | Modified Date = 2007-01-15 AM 11:18:24 | Attr = ]
ati2evxx.exe → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 2005-04-11 AM 8:31:26 | Attr = ]
ati2evxx.exe → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 2005-04-11 AM 8:31:26 | Attr = ]
atiptaxx.exe → %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe → ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 2005-04-11 PM 12:00:00 | Attr = ]
avgas.exe → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 AM 4:25:42 | Attr = ]
eabservr.exe → %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe → Hewlett-Packard [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 2004-12-03 PM 3:24:20 | Attr = ]
guard.exe → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 AM 7:31:10 | Attr = ]
hp wireless assistant.exe → %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe → Hewlett-Packard Company [Ver = 1, 1, 1, 2 | Size = 794624 bytes | Modified Date = 2005-04-01 PM 5:11:14 | Attr = ]
hpqste08.exe → %ProgramFiles%\Hp\Digital Imaging\bin\hpqste08.exe → Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 2005-05-12 AM 1:40:38 | Attr = ]
hpqtra08.exe → %ProgramFiles%\Hp\Digital Imaging\bin\hpqtra08.exe → Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 2005-05-12 AM 12:23:26 | Attr = ]
hpqwmi.exe → %ProgramFiles%\HPQ\Shared\hpqwmi.exe → Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 2005-03-04 PM 2:16:18 | Attr = R ]
hprblog.exe → %ProgramFiles%\Hp\Digital Imaging\Product Assistant\bin\hprblog.exe → Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 77824 bytes | Modified Date = 2005-05-12 AM 12:16:22 | Attr = ]
hpwuschd2.exe → %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe → Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 2005-05-12 AM 12:12:54 | Attr = ]
ipodservice.exe → %ProgramFiles%\iPod\bin\iPodService.exe → Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 327680 bytes | Modified Date = 2004-10-13 PM 6:03:54 | Attr = ]
ituneshelper.exe → %ProgramFiles%\iTunes\iTunesHelper.exe → Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 278528 bytes | Modified Date = 2004-10-13 PM 6:04:14 | Attr = ]
jusched.exe → %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe → Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 AM 3:43:44 | Attr = ]
lssrvc.exe → %CommonProgramFiles%\LightScribe\LSSrvc.exe → [Ver = 1.0.21.1 | Size = 38912 bytes | Modified Date = 2005-02-22 PM 6:32:14 | Attr = ]
qttask.exe → %ProgramFiles%\QuickTime\qttask.exe → Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2005-04-29 AM 8:02:28 | Attr = ]
superantispyware.exe → %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe → SUPERAntiSpyware.com [Ver = 3, 8, 0, 1002 | Size = 1314816 bytes | Modified Date = 2007-05-23 AM 10:12:46 | Attr = ]
syntpenh.exe → %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe → Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2005-02-02 AM 7:11:12 | Attr = ]
syntplpr.exe → %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe → Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2005-02-02 AM 7:12:22 | Attr = ]
winpfind3u.exe → %UserDesktop%\WinPFind3u\WinPFind3U.exe → OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 2007-06-23 PM 3:15:54 | Attr = ]
wkcalrem.exe → %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe → Microsoft® Corporation [Ver = 8.04.0623.0 | Size = 15360 bytes | Modified Date = 2004-06-23 PM 2:23:00 | Attr = ]
wlancfgag.exe → %ProgramFiles%\Airlink101\AWLC4030\WLanCfgAG.exe → [Ver = 1, 0, 7, 3 | Size = 827392 bytes | Modified Date = 2005-07-25 PM 10:05:08 | Attr = ]
wlservice.exe → %ProgramFiles%\Airlink101\AWLC4030\WLService.exe → [Ver = | Size = 49152 bytes | Modified Date = 2004-03-29 PM 4:08:16 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → [Ver = | Size = 59008 bytes | Modified Date = 2007-01-15 AM 11:18:24 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] → %System32%\ati2evxx.exe → ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 2005-04-11 AM 8:31:26 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 2007-01-15 AM 11:28:52 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 2007-01-15 AM 11:28:32 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 2007-01-15 AM 11:27:52 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 AM 7:31:10 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] → %System32%\dmadmin.exe → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 AM 3:00:00 | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Stopped] → %System32%\tcbbsjha.exe → File not found
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] → %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe → Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-04-16 AM 11:15:26 | Attr = ]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Running] → %ProgramFiles%\HPQ\Shared\hpqwmi.exe → Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 2005-03-04 PM 2:16:18 | Attr = R ]
(iPodService) iPod Service [Win32_Own | On_Demand | Running] → %ProgramFiles%\iPod\bin\iPodService.exe → Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 327680 bytes | Modified Date = 2004-10-13 PM 6:03:54 | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] → %CommonProgramFiles%\LightScribe\LSSrvc.exe → [Ver = 1.0.21.1 | Size = 38912 bytes | Modified Date = 2005-02-22 PM 6:32:14 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] → %System32%\HPZipm12.exe → HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 2004-09-29 PM 1:14:36 | Attr = ]
(Super G Wireless Cardbus Service) Super G Wireless Cardbus Service [Win32_Own | Auto | Running] → %ProgramFiles%\Airlink101\AWLC4030\WLService.exe → [Ver = | Size = 49152 bytes | Modified Date = 2004-03-29 PM 4:08:16 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
!AVG Anti-Spyware → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 AM 4:25:42 | Attr = ]
ATIPTA → %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe → ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 2005-04-11 PM 12:00:00 | Attr = ]
avast! → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 2007-01-15 AM 11:28:58 | Attr = ]
Cpqset → %ProgramFiles%\HPQ\Default Settings\Cpqset.exe → [Ver = | Size = 233534 bytes | Modified Date = 2005-02-17 PM 4:01:20 | Attr = ]
eabconfg.cpl → %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe → Hewlett-Packard [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 2004-12-03 PM 3:24:20 | Attr = ]
HP Software Update → %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe → Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 2005-05-12 AM 12:12:54 | Attr = ]
hpWirelessAssistant → %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe → Hewlett-Packard Company [Ver = 1, 1, 1, 2 | Size = 794624 bytes | Modified Date = 2005-04-01 PM 5:11:14 | Attr = ]
icq.com → %System32%\dobypqqc.dll [rundll32.exe “C:\WINDOWS\system32\dobypqqc.dll”,forkonce] → [Ver = | Size = 128576 bytes | Modified Date = 2007-06-27 PM 2:25:50 | Attr = ]
iTunesHelper → %ProgramFiles%\iTunes\iTunesHelper.exe → Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 278528 bytes | Modified Date = 2004-10-13 PM 6:04:14 | Attr = ]
LSBWatcher → %SystemDrive%\hp\drivers\hplsbwatcher\lsburnwatcher.exe → Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 2004-10-14 PM 3:54:32 | Attr = ]
QuickTime Task → %ProgramFiles%\QuickTime\qttask.exe → Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2005-04-29 AM 8:02:28 | Attr = ]
SunJavaUpdateSched → %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe → Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 AM 3:43:44 | Attr = ]
SynTPEnh → %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe → Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2005-02-02 AM 7:11:12 | Attr = ]
SynTPLpr → %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe → Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2005-02-02 AM 7:12:22 | Attr = ]
< OptionalComponents [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ →
IMAIL → Installed = 1 →
MAPI → Installed = 1 →
MSFS → Installed = 1 →
< Run [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
SUPERAntiSpyware → %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe → SUPERAntiSpyware.com [Ver = 3, 8, 0, 1002 | Size = 1314816 bytes | Modified Date = 2007-05-23 AM 10:12:46 | Attr = ]
Yahoo! Pager → %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe → Yahoo! Inc. [Ver = 8,1,0,402 | Size = 4670968 bytes | Modified Date = 2007-06-11 PM 6:16:12 | Attr = ]
< Common Startup > → C:\Documents and Settings\All Users\Start Menu\Programs\Startup →
%AllUsersStartup%\HP Digital Imaging Monitor.lnk → %ProgramFiles%\Hp\Digital Imaging\bin\hpqtra08.exe → Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 2005-05-12 AM 12:23:26 | Attr = ]
< User Startup > → C:\Documents and Settings\Brenda Mayorga\Start Menu\Programs\Startup →
%UserStartup%\wkcalrem.LNK → %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe → Microsoft® Corporation [Ver = 8.04.0623.0 | Size = 15360 bytes | Modified Date = 2004-06-23 PM 2:23:00 | Attr = ]
< ShellExecuteHooks [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks →
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] → GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 AM 7:29:58 | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] → %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 PM 1:55:48 | Attr = ]
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] → %System32%\vtuspol.dll → File not found
< SecurityProviders [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders →
< Winlogon settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon\Notify settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ →
!SASWinLogon → %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll → SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 2007-04-19 PM 1:41:36 | Attr = ]
AtiExtEvent → %System32%\ati2evxx.dll → ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 46080 bytes | Modified Date = 2005-04-11 AM 8:31:30 | Attr = ]
vtuspol → vtuspol.dll → File not found
< CurrentVersion Policy Settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ScanWithAntiVirus → 2 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} → 1073741857 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} → 32 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\dontdisplaylastusername → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticecaption → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticetext → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\shutdownwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\undockwithoutlogon → 1 →
< CurrentVersion Policy Settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 36 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveAutoRun → ÿÿÿÿ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools → 0 →
< HOSTS File > (27 bytes) → C:\WINDOWS\System32\drivers\etc\Hosts →
127.0.0.1 localhost → →
< Internet Explorer Settings > → →
HKLM: Default_Page_URL → http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
HKLM: Main\Default_Search_URL → http://www.google.com/ie
HKLM: Local Page → %SystemRoot%\system32\blank.htm →
HKLM: Search Bar → http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
HKLM: Search Page → http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
HKLM: Start Page → about:blank →
HKLM: CustomizeSearch → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM: Search\Default_Search_URL → http://www.google.com/ie
HKLM: SearchAssistant → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU: Local Page → C:\WINDOWS\system32\blank.htm →
HKCU: Search Page → http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU: Start Page → http://yahoo.com/
HKCU: ProxyEnable → 0 →
< Trusted Sites > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
msn.com [ - ] → →

< Trusted Sites > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
www_yahoo.com [https] → →
< BHO’s > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ →
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] → %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] → Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 2003-11-03 PM 4:17:44 | Attr = ]
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1} [HKLM] → %System32%\mtgafqjo.dll [Reg Data - Value does not exist] → [Ver = | Size = 66112 bytes | Modified Date = 2007-06-26 PM 11:53:24 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] → %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll → Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 AM 1:04:00 | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] → %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] → Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 2006-10-31 PM 3:33:52 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] → %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] → Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 2007-03-14 AM 3:43:40 | Attr = ]
{81DD6C8F-EA28-4CFF-A56A-5BD9A8F1D1FD} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] → %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-19 PM 11:55:32 | Attr = R ]
< Internet Explorer ToolBars [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar →
[HKLM] → Reg Data - Key not found [Reg Data - Value does not exist] → File not found
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] → %ProgramFiles%\Google\googletoolbar2.dll [&Google] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-19 PM 11:55:32 | Attr = R ]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\Hp\Digital Imaging\bin\HPDTLK02.dll [HP view] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 2003-11-21 AM 5:26:28 | Attr = ]
< Internet Explorer ToolBars [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ →
ShellBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\Hp\Digital Imaging\bin\HPDTLK02.dll [HP view] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 2003-11-21 AM 5:26:28 | Attr = ]
WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] → %ProgramFiles%\Google\googletoolbar2.dll [&Google] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-19 PM 11:55:32 | Attr = R ]
WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
WebBrowser\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
WebBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\Hp\Digital Imaging\bin\HPDTLK02.dll [HP view] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 2003-11-21 AM 5:26:28 | Attr = ]
< Internet Explorer Extensions [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ →
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] → %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] → Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 2007-03-14 AM 3:43:42 | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} → Reg Data - Value does not exist [ButtonText: Yahoo! Services] → File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} → Reg Data - Value does not exist [ButtonText: Real.com] → File not found
< Internet Explorer Menu Extensions [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ →
&AOL Toolbar search → %ProgramFiles%\AOL Toolbar\toolbar.dll\SEARCH.HTM → File not found
&Google Search → %ProgramFiles%\Google\GoogleToolbar1.dll\cmsearch.htm → File not found
Backward Links → %ProgramFiles%\Google\GoogleToolbar1.dll\cmbacklinks.htm → File not found
Cached Snapshot of Page → %ProgramFiles%\Google\GoogleToolbar1.dll\cmcache.htm → File not found
E&xport to Microsoft Excel → → File not found
Similar Pages → %ProgramFiles%\Google\GoogleToolbar1.dll\cmsimilar.htm → File not found
Translate into English → %ProgramFiles%\Google\GoogleToolbar1.dll\cmtrans.htm → File not found
< User Agent Post Platform [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform →
SV1 → →
< DNS Name Servers [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ →
{5F47C24C-E1E4-4206-A770-13751059C1B6} → (Airlink101 Super G Cardbus Adapter) →
{88D6CB69-2796-421A-947C-8ABE5BCF3389} → (Realtek RTL8139/810x Family Fast Ethernet NIC) →
{DB92313F-449F-4995-9964-1BA2360A9476} → (Broadcom 802.11b/g WLAN) →
{E8B6B49F-5814-4947-A101-7512A4B92FC7} → (Westell WireSpeed Dual Connect Modem) →
< Protocol Handlers [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ →
ipp → Reg Data - Key not found → File not found
msdaipp → Reg Data - Key not found → File not found
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ →
{166B1BCA-3F9C-11CF-8075-444553540000} → Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} → Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} → Installation Support - CodeBase = C:\Program Files\Yahoo!\Common\Yinsthelper.dll →
{406B5949-7190-4245-91A9-30A17DE16AD0} → Snapfish Activia - CodeBase = http://photos.walmart.com/WalmartActivia.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} → WUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176249475250
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} → MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176249440859
{8AD9C840-044E-11D1-B3E9-00805F499D93} → Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} → Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} → Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

[Files/Folders - Created Within 30 days]
IO.SYS → %SystemDrive%\IO.SYS → [Ver = | Size = 0 bytes | Created Date = 2007-06-16 PM 11:14:36 | Attr = RHS]
MSDOS.SYS → %SystemDrive%\MSDOS.SYS → [Ver = | Size = 0 bytes | Created Date = 2007-06-16 PM 11:14:36 | Attr = RHS]
QooBox → %SystemDrive%\QooBox → [Folder | Created Date = 2007-06-25 PM 10:40:02 | Attr = ]
VundoFix Backups → %SystemDrive%\VundoFix Backups → [Folder | Created Date = 2007-06-27 PM 9:28:54 | Attr = ]
_OTMoveIt → %SystemDrive%_OTMoveIt → [Folder | Created Date = 2007-06-26 PM 10:40:00 | Attr = ]
$NtUninstallKB929123$ → %SystemRoot%$NtUninstallKB929123$ → [Folder | Created Date = 2007-06-13 AM 2:04:45 | Attr = H ]
$NtUninstallKB933566$ → %SystemRoot%$NtUninstallKB933566$ → [Folder | Created Date = 2007-06-13 AM 2:05:49 | Attr = H ]
$NtUninstallKB935839$ → %SystemRoot%$NtUninstallKB935839$ → [Folder | Created Date = 2007-06-13 AM 2:01:59 | Attr = H ]
$NtUninstallKB935840$ → %SystemRoot%$NtUninstallKB935840$ → [Folder | Created Date = 2007-06-13 AM 2:04:30 | Attr = H ]
catchme.exe → %SystemRoot%\catchme.exe → [Ver = | Size = 87552 bytes | Created Date = 2007-06-25 PM 10:25:19 | Attr = ]
nircmd.exe → %SystemRoot%\nircmd.exe → NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 2007-06-25 PM 10:25:18 | Attr = ]
QTFont.for → %SystemRoot%\QTFont.for → [Ver = | Size = 1409 bytes | Created Date = 2007-06-16 PM 12:03:32 | Attr = ]
QTFont.qfn → %SystemRoot%\QTFont.qfn → [Ver = | Size = 54156 bytes | Created Date = 2007-06-16 PM 12:03:32 | Attr = H ]
bccdd.bak2 → %System32%\bccdd.bak2 → [Ver = | Size = 1846573 bytes | Created Date = 2007-06-26 PM 12:26:05 | Attr = HS]
bccdd.ini2 → %System32%\bccdd.ini2 → [Ver = | Size = 1845942 bytes | Created Date = 2007-06-27 PM 2:47:06 | Attr = HS]
bccdd.tmp → %System32%\bccdd.tmp → [Ver = | Size = 1845942 bytes | Created Date = 2007-06-27 PM 2:38:54 | Attr = HS]
bccdd.tmp2 → %System32%\bccdd.tmp2 → [Ver = | Size = 1843200 bytes | Created Date = 2007-06-27 PM 2:47:06 | Attr = ]
cqqpybod.ini → %System32%\cqqpybod.ini → [Ver = | Size = 930139 bytes | Created Date = 2007-06-27 PM 1:25:50 | Attr = HS]
dljqvpxg.ini → %System32%\dljqvpxg.ini → [Ver = | Size = 929906 bytes | Created Date = 2007-06-26 PM 10:55:46 | Attr = HS]
dobypqqc.dll → %System32%\dobypqqc.dll → [Ver = | Size = 128576 bytes | Created Date = 2007-06-27 PM 1:25:46 | Attr = ]
gxpvqjld.dll → %System32%\gxpvqjld.dll → [Ver = | Size = 128576 bytes | Created Date = 2007-06-26 PM 10:55:13 | Attr = ]
java.exe → %System32%\java.exe → Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 2007-06-20 AM 11:51:15 | Attr = ]
javacpl.cpl → %System32%\javacpl.cpl → Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 2007-06-20 AM 11:51:16 | Attr = ]
javaw.exe → %System32%\javaw.exe → Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 2007-06-20 AM 11:51:15 | Attr = ]
javaws.exe → %System32%\javaws.exe → Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 2007-06-20 AM 11:51:16 | Attr = ]
mtgafqjo.dll → %System32%\mtgafqjo.dll → [Ver = | Size = 66112 bytes | Created Date = 2007-06-26 PM 10:53:22 | Attr = ]
swreg.exe → %System32%\swreg.exe → SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 2007-06-25 PM 10:25:19 | Attr = ]
swsc.exe → %System32%\swsc.exe → SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-06-25 PM 10:25:18 | Attr = ]
swxcacls.exe → %System32%\swxcacls.exe → SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-06-25 PM 10:25:18 | Attr = ]
vfind.exe → %System32%\vfind.exe → [Ver = | Size = 49152 bytes | Created Date = 2007-06-19 PM 6:58:34 | Attr = ]
AvgAsCln.sys → %System32%\drivers\AvgAsCln.sys → GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2007-06-20 PM 11:37:35 | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi → %SystemDrive%\Config.Msi → [Folder | Modified Date = 2007-06-20 PM 5:07:22 | Attr = H ]
hiberfil.sys → %SystemDrive%\hiberfil.sys → [Ver = | Size = 233361408 bytes | Modified Date = 2007-06-27 PM 4:01:18 | Attr = HS]
IO.SYS → %SystemDrive%\IO.SYS → [Ver = | Size = 0 bytes | Modified Date = 2007-06-17 AM 12:14:38 | Attr = RHS]
MSDOS.SYS → %SystemDrive%\MSDOS.SYS → [Ver = | Size = 0 bytes | Modified Date = 2007-06-17 AM 12:14:38 | Attr = RHS]
Program Files → %ProgramFiles% → [Folder | Modified Date = 2007-06-26 AM 12:28:54 | Attr = R ]
QooBox → %SystemDrive%\QooBox → [Folder | Modified Date = 2007-06-25 PM 11:40:04 | Attr = ]
VundoFix Backups → %SystemDrive%\VundoFix Backups → [Folder | Modified Date = 2007-06-27 PM 10:28:56 | Attr = ]
WINDOWS → %SystemRoot% → [Folder | Modified Date = 2007-06-26 PM 6:27:54 | Attr = ]
_OTMoveIt → %SystemDrive%_OTMoveIt → [Folder | Modified Date = 2007-06-26 PM 11:40:02 | Attr = ]
$hf_mig$ → %SystemRoot%$hf_mig$ → [Folder | Modified Date = 2007-06-13 AM 2:18:10 | Attr = H ]
$NtUninstallKB929123$ → %SystemRoot%$NtUninstallKB929123$ → [Folder | Modified Date = 2007-06-13 AM 3:04:50 | Attr = H ]
$NtUninstallKB933566$ → %SystemRoot%$NtUninstallKB933566$ → [Folder | Modified Date = 2007-06-13 AM 3:05:56 | Attr = H ]
$NtUninstallKB935839$ → %SystemRoot%$NtUninstallKB935839$ → [Folder | Modified Date = 2007-06-13 AM 3:02:02 | Attr = H ]
$NtUninstallKB935840$ → %SystemRoot%$NtUninstallKB935840$ → [Folder | Modified Date = 2007-06-13 AM 3:04:34 | Attr = H ]
bootstat.dat → %SystemRoot%\bootstat.dat → [Ver = | Size = 2048 bytes | Modified Date = 2007-06-27 PM 4:01:34 | Attr = S]
catchme.exe → %SystemRoot%\catchme.exe → [Ver = | Size = 87552 bytes | Modified Date = 2007-06-05 AM 5:24:04 | Attr = ]
Downloaded Program Files → %SystemRoot%\Downloaded Program Files → [Folder | Modified Date = 2007-06-26 PM 11:32:30 | Attr = S]
Help → %SystemRoot%\Help → [Folder | Modified Date = 2007-06-20 PM 3:30:20 | Attr = ]
imsins.BAK → %SystemRoot%\imsins.BAK → [Ver = | Size = 1374 bytes | Modified Date = 2007-06-13 AM 3:05:14 | Attr = ]
inf → %SystemRoot%\inf → [Folder | Modified Date = 2007-06-22 AM 7:55:58 | Attr = H ]
Installer → %SystemRoot%\Installer → [Folder | Modified Date = 2007-06-20 PM 5:07:22 | Attr = HS]
Prefetch → %SystemRoot%\Prefetch → [Folder | Modified Date = 2007-06-27 PM 10:54:18 | Attr = ]
QTFont.for → %SystemRoot%\QTFont.for → [Ver = | Size = 1409 bytes | Modified Date = 2007-06-16 PM 1:03:34 | Attr = ]
QTFont.qfn → %SystemRoot%\QTFont.qfn → [Ver = | Size = 54156 bytes | Modified Date = 2007-06-16 PM 1:03:34 | Attr = H ]
Registration → %SystemRoot%\Registration → [Folder | Modified Date = 2007-06-25 PM 7:19:24 | Attr = ]
system32 → %System32% → [Folder | Modified Date = 2007-06-27 PM 7:30:32 | Attr = ]
Tasks → %SystemRoot%\Tasks → [Folder | Modified Date = 2007-06-27 PM 4:05:10 | Attr = S]
Temp → %SystemRoot%\Temp → [Folder | Modified Date = 2007-06-27 PM 8:12:06 | Attr = ]
MP Scheduled Scan.job → %SystemRoot%\tasks\MP Scheduled Scan.job → [Ver = | Size = 330 bytes | Modified Date = 2007-06-27 PM 4:05:10 | Attr = H ]
SA.DAT → %SystemRoot%\tasks\SA.DAT → [Ver = | Size = 6 bytes | Modified Date = 2007-06-27 PM 4:01:52 | Attr = H ]
bccdd.bak2 → %System32%\bccdd.bak2 → [Ver = | Size = 1846573 bytes | Modified Date = 2007-06-27 PM 1:26:42 | Attr = HS]
bccdd.ini2 → %System32%\bccdd.ini2 → [Ver = | Size = 1845942 bytes | Modified Date = 2007-06-27 PM 3:59:40 | Attr = HS]
bccdd.tmp → %System32%\bccdd.tmp → [Ver = | Size = 1845942 bytes | Modified Date = 2007-06-27 PM 3:47:08 | Attr = HS]
bccdd.tmp2 → %System32%\bccdd.tmp2 → [Ver = | Size = 1843200 bytes | Modified Date = 2007-06-27 PM 3:59:46 | Attr = ]
CatRoot2 → %System32%\CatRoot2 → [Folder | Modified Date = 2007-06-27 PM 3:06:02 | Attr = ]
cqqpybod.ini → %System32%\cqqpybod.ini → [Ver = | Size = 930139 bytes | Modified Date = 2007-06-27 PM 7:30:32 | Attr = HS]
dljqvpxg.ini → %System32%\dljqvpxg.ini → [Ver = | Size = 929906 bytes | Modified Date = 2007-06-27 AM 11:50:22 | Attr = HS]
dllcache → %System32%\dllcache → [Folder | Modified Date = 2007-06-21 AM 2:16:42 | Attr = RHS]
dobypqqc.dll → %System32%\dobypqqc.dll → [Ver = | Size = 128576 bytes | Modified Date = 2007-06-27 PM 2:25:50 | Attr = ]
drivers → %System32%\drivers → [Folder | Modified Date = 2007-06-26 AM 12:27:22 | Attr = ]
gxpvqjld.dll → %System32%\gxpvqjld.dll → [Ver = | Size = 128576 bytes | Modified Date = 2007-06-26 PM 11:55:14 | Attr = ]
Macromed → %System32%\Macromed → [Folder | Modified Date = 2007-06-22 AM 7:53:34 | Attr = ]
mtgafqjo.dll → %System32%\mtgafqjo.dll → [Ver = | Size = 66112 bytes | Modified Date = 2007-06-26 PM 11:53:24 | Attr = ]
wpa.dbl → %System32%\wpa.dbl → [Ver = | Size = 1158 bytes | Modified Date = 2007-06-27 PM 4:04:50 | Attr = ]
AvgAsCln.sys → %System32%\drivers\AvgAsCln.sys → GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 2007-05-30 AM 7:10:42 | Attr = ]
etc → %System32%\drivers\etc → [Folder | Modified Date = 2007-06-19 PM 8:20:54 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , → %System32%\aswBoot.exe → [Ver = 4, 7, 936, 0 | Size = 689280 bytes | Modified Date = 2007-01-15 AM 11:32:08 | Attr = ]
PEC2 , → %System32%\dfrg.msc → [Ver = | Size = 41397 bytes | Modified Date = 2004-08-04 AM 3:00:00 | Attr = ]
PEC2 , PECompact2 , → %System32%\dobypqqc.dll → [Ver = | Size = 128576 bytes | Modified Date = 2007-06-27 PM 2:25:50 | Attr = ]
PEC2 , PECompact2 , → %System32%\gxpvqjld.dll → [Ver = | Size = 128576 bytes | Modified Date = 2007-06-26 PM 11:55:14 | Attr = ]
PEC2 , PECompact2 , → %System32%\mtgafqjo.dll → [Ver = | Size = 66112 bytes | Modified Date = 2007-06-26 PM 11:53:24 | Attr = ]
PEC2 , PECompact2 , → %System32%\SerialShield.dll → Ionworx Technology [Ver = 1.9.5.0 | Size = 225280 bytes | Modified Date = 2006-04-04 AM 10:40:26 | Attr = ]
winsync , → %System32%\wbdbase.deu → [Ver = | Size = 1309184 bytes | Modified Date = 2004-08-04 AM 3:00:00 | Attr = ]

< End of report >