We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Vundo Virus
Options
Comments
-
when the file is open in notepad highlight half the text by holding down the left mouse key and dragging across and then down the page
when enough text is highlighted go to the menu at the top and click on Edit and then copy, then post in a reply here by "right click" on the mouse and paste , then do the same thing again to copy the rest of the text into a 2nd reply on the threadEx forum ambassador
Long term forum member0 -
WinPFind3 logfile created on: 21/07/2007 14:44:15
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Users\David\WinPFind3u\
Windows Vista (TM) Home Premium (Version = 6.0.6000)
Internet Explorer (Version = 7.0.6000.16473)
1022.75 Mb Total Physical Memory | 622.52 Mb Available Physical Memory | 60.87% Memory free
2.24 Gb Paging File | 1.45 Gb Available in Paging File | 64.52% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 105.23 Gb Free Space | 89.80% Space Free
Drive| 115.70 Gb Total Space | 114.55 Gb Free Space | 99.01% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: DAVID-PC
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 561152 bytes | Modified Date = 19/01/2007 00:53:02 | Attr = ]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 561152 bytes | Modified Date = 19/01/2007 00:53:02 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 20/04/2007 16:18:38 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 20/04/2007 16:18:40 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.474 | Size = 352768 bytes | Modified Date = 25/06/2007 16:25:42 | Attr = ]
avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 16/02/2007 15:48:30 | Attr = ]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 29/09/2006 10:57:36 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14/03/2007 03:43:44 | Attr = ]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 29/09/2006 10:57:30 | Attr = ]
mousetool.exe -> %ProgramFiles%\MouseTool\MouseTool.exe -> [Ver = 3, 1, 3, 0 | Size = 405504 bytes | Modified Date = 15/08/2000 13:44:50 | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 08/12/2003 18:35:14 | Attr = ]
picasamediadetector.exe -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.36.60 | Size = 366400 bytes | Modified Date = 16/06/2007 00:15:04 | Attr = ]
realonemessagecenter.exe -> %CommonProgramFiles%\Real\Update_OB\RealOneMessageCenter.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 69632 bytes | Modified Date = 27/03/2007 08:45:44 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 27/03/2007 08:45:44 | Attr = ]
soffice.bin -> %ProgramFiles%\OpenOffice.org 2.1\program\soffice.bin -> OpenOffice.org [Ver = 1.09.9090 | Size = 2486272 bytes | Modified Date = 30/11/2006 16:54:50 | Attr = ]
soffice.exe -> %ProgramFiles%\OpenOffice.org 2.1\program\soffice.exe -> OpenOffice.org [Ver = 1.09.9090 | Size = 2334720 bytes | Modified Date = 30/11/2006 16:54:34 | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 14:06:28 | Attr = ]
winpfind3u.exe -> %SystemDrive%\Users\David\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 23/06/2007 15:15:54 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 561152 bytes | Modified Date = 19/01/2007 00:53:02 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 20/04/2007 16:18:38 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 16/02/2007 15:48:30 | Attr = ]
(AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.474 | Size = 352768 bytes | Modified Date = 25/06/2007 16:25:42 | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 04/01/2007 02:40:22 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 03:06:32 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 20/04/2007 16:18:40 | Attr = ]
Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.36.60 | Size = 366400 bytes | Modified Date = 16/06/2007 00:15:04 | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 08/12/2003 18:35:14 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14/03/2007 03:43:44 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 27/03/2007 08:45:44 | Attr = ]
Windows Defender -> MSASCui.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
messengerskinner -> %ProgramFiles%\MessengerSkinner\MessengerSkinner.exe -> [Ver = 1, 0, 0, 6 | Size = 159232 bytes | Modified Date = 13/12/2006 17:13:02 | Attr = ]
msnmsgr -> ~"%ProgramFiles%\MSN Messenger\msnmsgr.exe -> File not found
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 10/11/2006 13:35:24 | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 14:06:28 | Attr = ]
< Common Startup > -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup ->
-> %AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\VTAgentReboot.exe -> [Ver = 1, 0, 0, 2 | Size = 143360 bytes | Modified Date = 07/10/2001 20:11:30 | Attr = R ]
< User Startup > -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ->
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 29/09/2006 10:57:36 | Attr = ]
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\MouseTool.lnk -> %ProgramFiles%\MouseTool\MouseTool.exe -> [Ver = 3, 1, 3, 0 | Size = 405504 bytes | Modified Date = 15/08/2000 13:44:50 | Attr = ]
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk -> %ProgramFiles%\OpenOffice.org 2.1\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 27/11/2006 17:45:48 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr = ]
{F49ED2B3-08F5-4BA3-8536-2DAEE8C8409B} [HKLM] -> Reg Data - Key not found [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\!!6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\!!0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
::1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Search_URL -> http://www.google.com/ie ->
HKCU: Local Page -> C:\Windows\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.visagecomputers.com/ ->
HKCU: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 11, 29, 1 | Size = 436288 bytes | Modified Date = 29/11/2006 17:35:00 | Attr = ]
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
!!02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 11, 29, 1 | Size = 436288 bytes | Modified Date = 29/11/2006 17:35:00 | Attr = ]
!!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr = ]
!!53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
!!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
!!7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 11, 29, 1 | Size = 436288 bytes | Modified Date = 29/11/2006 17:35:00 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\!!2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
!!08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
!!78161C01-01DC-485E-9FA1-9F643BBF5683} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about -> Reg Data - Key not found -> File not found
dvd -> Reg Data - Key not found -> File not found
its -> Reg Data - Key not found -> File not found
mhtml -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
tv -> Reg Data - Key not found -> File not found
vbscript -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
!!166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa0 -
!!166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
!!20A60F0D-9AFA-4515-A0FD-83BD84642501} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab ->
!!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
!!8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab ->
[Files/Folders - Created Within 90 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 29/04/2007 11:08:40 | Attr = RH ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 20/07/2007 14:49:10 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073078272 bytes | Created Date = 01/01/1601 | Attr = HS]
perflogs -> %SystemDrive%\perflogs -> [Folder | Created Date = 15/07/2007 16:26:17 | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 232 bytes | Created Date = 09/06/2007 21:04:36 | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Created Date = 09/06/2007 21:53:56 | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 09/06/2007 21:04:36 | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 09/06/2007 21:53:56 | Attr = H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 14/07/2007 07:33:48 | Attr = ]
FLV Player -> %SystemRoot%\FLV Player -> [Folder | Created Date = 16/06/2007 12:07:45 | Attr = ]
Replay Media Catcher -> %SystemRoot%\Replay Media Catcher -> [Folder | Created Date = 16/06/2007 12:35:03 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 18/07/2007 21:04:23 | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Created Date = 01/06/2007 09:34:42 | Attr = ]
User_Feed_Synchronization-{AB6B2466-293A-4EB1-825F-4031F7274834}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{AB6B2466-293A-4EB1-825F-4031F7274834}.job -> [Ver = | Size = 418 bytes | Created Date = 03/06/2007 10:26:23 | Attr = H ]
DSKernel2.dll -> %System32%\DSKernel2.dll -> LEAD Technologies, Inc. [Ver = 1.0.0.060 | Size = 135168 bytes | Created Date = 16/06/2007 12:36:01 | Attr = ]
GameUXLegacyGDFs.dll -> %System32%\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Created Date = 16/07/2007 20:51:40 | Attr = ]
Ikeext.etl -> %System32%\Ikeext.etl -> [Ver = | Size = 16384 bytes | Created Date = 19/07/2007 19:15:29 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 29/04/2007 10:50:33 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 29/04/2007 10:50:33 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 29/04/2007 10:50:34 | Attr = ]
ltmm15.dll -> %System32%\ltmm15.dll -> [Ver = 15.1.0.002 | Size = 1936528 bytes | Created Date = 16/06/2007 12:36:02 | Attr = ]
px.dll -> %System32%\px.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 514808 bytes | Created Date = 17/07/2007 17:25:37 | Attr = ]
pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.01.95a | Size = 477944 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.41a | Size = 68344 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
pxmas.dll -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 183032 bytes | Created Date = 17/07/2007 17:25:37 | Attr = ]
pxwave.dll -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 379640 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Created Date = 29/04/2007 11:29:24 | Attr = ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Created Date = 14/07/2007 07:39:42 | Attr = ]
vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.72a | Size = 39672 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
WNASPI32.DLL -> %System32%\WNASPI32.DLL -> Adaptec [Ver = 4.71 (0001) | Size = 45056 bytes | Created Date = 15/07/2007 15:36:11 | Attr = ]
ASPI32.SYS -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0001) | Size = 17005 bytes | Created Date = 15/07/2007 15:36:11 | Attr = ]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1049 | Size = 94480 bytes | Created Date = 18/07/2007 21:04:55 | Attr = ]
[Files/Folders - Modified Within 90 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 12/06/2007 18:43:16 | Attr = RH ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 20/07/2007 16:05:56 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 16/07/2007 22:00:48 | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073078272 bytes | Modified Date = 21/07/2007 12:22:16 | Attr = HS]
perflogs -> %SystemDrive%\perflogs -> [Folder | Modified Date = 15/07/2007 17:26:18 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 19/07/2007 21:04:14 | Attr = R ]
ProgramData -> %AllUsersAppData% -> [Folder | Modified Date = 17/07/2007 17:48:12 | Attr = H ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 232 bytes | Modified Date = 09/06/2007 22:04:38 | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Modified Date = 09/06/2007 22:53:58 | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 09/06/2007 22:04:38 | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 09/06/2007 22:53:58 | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 20/07/2007 17:40:00 | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 14/07/2007 09:08:40 | Attr = ]
Windows -> %SystemRoot% -> [Folder | Modified Date = 20/07/2007 19:26:02 | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 16/07/2007 21:53:32 | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 16/07/2007 22:24:28 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 21/07/2007 12:22:18 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 20/07/2007 18:54:50 | Attr = ]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 16/07/2007 21:53:28 | Attr = ]
FLV Player -> %SystemRoot%\FLV Player -> [Folder | Modified Date = 16/06/2007 13:07:46 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 21/07/2007 12:26:40 | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 16/07/2007 22:00:48 | Attr = HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 16/06/2007 13:34:30 | Attr = ]
Logs -> %SystemRoot%\Logs -> [Folder | Modified Date = 15/07/2007 17:32:14 | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 16/07/2007 22:24:28 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 21/07/2007 14:31:58 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 29/04/2007 12:32:46 | Attr = ]
Replay Media Catcher -> %SystemRoot%\Replay Media Catcher -> [Folder | Modified Date = 16/06/2007 13:35:04 | Attr = ]
rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 16/07/2007 21:55:14 | Attr = ]
servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 26/06/2007 21:38:54 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 18/07/2007 22:04:24 | Attr = ]
System32 -> %System32% -> [Folder | Modified Date = 21/07/2007 12:26:40 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 03/06/2007 11:26:24 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 21/07/2007 14:42:12 | Attr = ]
tracing -> %SystemRoot%\tracing -> [Folder | Modified Date = 21/07/2007 12:24:20 | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 16/07/2007 21:55:20 | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 21/07/2007 14:41:02 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 21/07/2007 12:22:20 | Attr = H ]
User_Feed_Synchronization-!!794349F5-F2A8-41FF-9F77-020E3B91F1A1}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-!!794349F5-F2A8-41FF-9F77-020E3B91F1A1}.job -> [Ver = | Size = 420 bytes | Modified Date = 20/07/2007 21:40:26 | Attr = H ]
User_Feed_Synchronization-!!7B6512D8-8FFA-4DA5-8770-D53DA07E55DE}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-!!7B6512D8-8FFA-4DA5-8770-D53DA07E55DE}.job -> [Ver = | Size = 418 bytes | Modified Date = 21/07/2007 14:40:02 | Attr = H ]
User_Feed_Synchronization-{AB6B2466-293A-4EB1-825F-4031F7274834}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{AB6B2466-293A-4EB1-825F-4031F7274834}.job -> [Ver = | Size = 418 bytes | Modified Date = 21/07/2007 14:40:02 | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3552 bytes | Modified Date = 21/07/2007 14:22:20 | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3552 bytes | Modified Date = 21/07/2007 14:22:20 | Attr = H ]
catroot -> %System32%\catroot -> [Folder | Modified Date = 16/07/2007 21:55:20 | Attr = ]
catroot2 -> %System32%\catroot2 -> [Folder | Modified Date = 20/07/2007 07:58:46 | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 18/07/2007 22:04:56 | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 16/07/2007 21:53:30 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 237392 bytes | Modified Date = 28/04/2007 06:41:02 | Attr = ]
GameUXLegacyGDFs.dll -> %System32%\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 16/07/2007 21:51:42 | Attr = ]
Ikeext.etl -> %System32%\Ikeext.etl -> [Ver = | Size = 16384 bytes | Modified Date = 21/07/2007 12:22:22 | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 17/05/2007 17:13:54 | Attr = ]
migration -> %System32%\migration -> [Folder | Modified Date = 13/06/2007 16:14:22 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 111812 bytes | Modified Date = 21/07/2007 12:26:40 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 631234 bytes | Modified Date = 21/07/2007 12:26:40 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 729436 bytes | Modified Date = 21/07/2007 12:26:40 | Attr = ]
SLUI -> %System32%\SLUI -> [Folder | Modified Date = 16/07/2007 21:53:30 | Attr = ]
Tasks -> %System32%\Tasks -> [Folder | Modified Date = 20/07/2007 15:50:52 | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Modified Date = 29/04/2007 12:29:26 | Attr = ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Modified Date = 14/07/2007 08:39:44 | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 16/07/2007 21:53:32 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.476 | Size = 820928 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 19904 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 19/07/2007 17:44:04 | Attr = ]
[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemDrive%\back_up.reg -> File size too big (344067696 bytes) ->
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 04/03/2007 12:55:32 | Attr = ]
PEC2 , PECompact2 , -> %System32%\fwihyjizlk.exe -> [Ver = | Size = 378368 bytes | Modified Date = 21/04/2007 20:18:34 | Attr = ]
UPX! , UPX0 , -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 123392 bytes | Modified Date = 25/11/2003 23:32:02 | Attr = ]
PEC2 , PECompact2 , -> %System32%\rghiuh.exe -> [Ver = | Size = 374784 bytes | Modified Date = 21/04/2007 20:18:50 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 27/03/2007 08:45:58 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.476 | Size = 820928 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
< End of report >0 -
I am on NTL broadband
The last two posts was the basic scan from WinPFind3u on the lefthand side of the page as it opened up but altered to last 90 days.0 -
Start WinPFind3U. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Registry - Non-Microsoft Only] < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks YN -> {F49ED2B3-08F5-4BA3-8536-2DAEE8C8409B} [HKLM] -> Reg Data - Key not found [] < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\ YN -> !!7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ YN -> WebBrowser\\!!2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ YN -> &Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm [File String Scan - Non-Microsoft Only] NY -> PEC2 , PECompact2 , -> %System32%\fwihyjizlk.exe NY -> PEC2 , PECompact2 , -> %System32%\rghiuh.exe
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan and a Hijackthis log, separately (the Hijackthis can be pasted on the reply).
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.0 -
WinPFind3U log repairs went ok
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks does not exist.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\!!7E853D72-626A-48EC-A868-BA8D5E23E045} not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\!!2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Windows Live Search deleted successfully.
[File String Scan - Non-Microsoft Only]
C:\Windows\SYSTEM32\fwihyjizlk.exe moved successfully.
C:\Windows\SYSTEM32\rghiuh.exe moved successfully.
< End of log >
Created on 07/22/2007 10:07:40
Hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:18, on 22/07/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MouseTool\MouseTool.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.visagecomputers.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Startup: MouseTool.lnk = C:\Program Files\MouseTool\MouseTool.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: !!20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 6749 bytes0 -
Winpfind3u log
WinPFind3 logfile created on: 22/07/2007 10:39:23
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Users\David\WinPFind3u\
Windows Vista (TM) Home Premium (Version = 6.0.6000)
Internet Explorer (Version = 7.0.6000.16473)
1022.75 Mb Total Physical Memory | 517.51 Mb Available Physical Memory | 50.60% Memory free
2.24 Gb Paging File | 1.47 Gb Available in Paging File | 65.49% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 105.24 Gb Free Space | 89.80% Space Free
Drive| 115.70 Gb Total Space | 114.55 Gb Free Space | 99.01% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: DAVID-PC
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 561152 bytes | Modified Date = 19/01/2007 00:53:02 | Attr = ]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 561152 bytes | Modified Date = 19/01/2007 00:53:02 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 20/04/2007 16:18:38 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 20/04/2007 16:18:40 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.474 | Size = 352768 bytes | Modified Date = 25/06/2007 16:25:42 | Attr = ]
avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 16/02/2007 15:48:30 | Attr = ]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 29/09/2006 10:57:36 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14/03/2007 03:43:44 | Attr = ]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 29/09/2006 10:57:30 | Attr = ]
mousetool.exe -> %ProgramFiles%\MouseTool\MouseTool.exe -> [Ver = 3, 1, 3, 0 | Size = 405504 bytes | Modified Date = 15/08/2000 13:44:50 | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 08/12/2003 18:35:14 | Attr = ]
picasamediadetector.exe -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.36.60 | Size = 366400 bytes | Modified Date = 16/06/2007 00:15:04 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 27/03/2007 08:45:44 | Attr = ]
soffice.bin -> %ProgramFiles%\OpenOffice.org 2.1\program\soffice.bin -> OpenOffice.org [Ver = 1.09.9090 | Size = 2486272 bytes | Modified Date = 30/11/2006 16:54:50 | Attr = ]
soffice.exe -> %ProgramFiles%\OpenOffice.org 2.1\program\soffice.exe -> OpenOffice.org [Ver = 1.09.9090 | Size = 2334720 bytes | Modified Date = 30/11/2006 16:54:34 | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 14:06:28 | Attr = ]
winpfind3u.exe -> %SystemDrive%\Users\David\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 23/06/2007 15:15:54 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 561152 bytes | Modified Date = 19/01/2007 00:53:02 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 20/04/2007 16:18:38 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 16/02/2007 15:48:30 | Attr = ]
(AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.474 | Size = 352768 bytes | Modified Date = 25/06/2007 16:25:42 | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 04/01/2007 02:40:22 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 03:06:32 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 20/04/2007 16:18:40 | Attr = ]
Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.36.60 | Size = 366400 bytes | Modified Date = 16/06/2007 00:15:04 | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 08/12/2003 18:35:14 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14/03/2007 03:43:44 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 27/03/2007 08:45:44 | Attr = ]
Windows Defender -> MSASCui.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
messengerskinner -> %ProgramFiles%\MessengerSkinner\MessengerSkinner.exe -> [Ver = 1, 0, 0, 6 | Size = 159232 bytes | Modified Date = 13/12/2006 17:13:02 | Attr = ]
msnmsgr -> ~"%ProgramFiles%\MSN Messenger\msnmsgr.exe -> File not found
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 10/11/2006 13:35:24 | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 14:06:28 | Attr = ]
< Common Startup > -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup ->
-> %AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\VTAgentReboot.exe -> [Ver = 1, 0, 0, 2 | Size = 143360 bytes | Modified Date = 07/10/2001 20:11:30 | Attr = R ]
< User Startup > -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ->
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 29/09/2006 10:57:36 | Attr = ]
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\MouseTool.lnk -> %ProgramFiles%\MouseTool\MouseTool.exe -> [Ver = 3, 1, 3, 0 | Size = 405504 bytes | Modified Date = 15/08/2000 13:44:50 | Attr = ]
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk -> %ProgramFiles%\OpenOffice.org 2.1\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 27/11/2006 17:45:48 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr = ]
{F49ED2B3-08F5-4BA3-8536-2DAEE8C8409B} [HKLM] -> Reg Data - Key not found [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\!!6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\!!0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
::1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Search_URL -> http://www.google.com/ie ->
HKCU: Local Page -> C:\Windows\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.visagecomputers.com/ ->
HKCU: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 11, 29, 1 | Size = 436288 bytes | Modified Date = 29/11/2006 17:35:00 | Attr = ]
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
!!02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 11, 29, 1 | Size = 436288 bytes | Modified Date = 29/11/2006 17:35:00 | Attr = ]
!!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr = ]
!!53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
!!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
!!7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 11, 29, 1 | Size = 436288 bytes | Modified Date = 29/11/2006 17:35:00 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\!!2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
!!08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
!!78161C01-01DC-485E-9FA1-9F643BBF5683} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about -> Reg Data - Key not found -> File not found
dvd -> Reg Data - Key not found -> File not found
its -> Reg Data - Key not found -> File not found
mhtml -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
tv -> Reg Data - Key not found -> File not found
vbscript -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
!!166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
!!20A60F0D-9AFA-4515-A0FD-83BD84642501} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab ->
!!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
!!8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab ->0 -
[Files/Folders - Created Within 90 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 29/04/2007 11:08:40 | Attr = RH ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 20/07/2007 14:49:10 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073078272 bytes | Created Date = 01/01/1601 | Attr = HS]
perflogs -> %SystemDrive%\perflogs -> [Folder | Created Date = 15/07/2007 16:26:17 | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 232 bytes | Created Date = 09/06/2007 21:04:36 | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Created Date = 09/06/2007 21:53:56 | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 09/06/2007 21:04:36 | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 09/06/2007 21:53:56 | Attr = H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 14/07/2007 07:33:48 | Attr = ]
FLV Player -> %SystemRoot%\FLV Player -> [Folder | Created Date = 16/06/2007 12:07:45 | Attr = ]
Replay Media Catcher -> %SystemRoot%\Replay Media Catcher -> [Folder | Created Date = 16/06/2007 12:35:03 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 18/07/2007 21:04:23 | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Created Date = 01/06/2007 09:34:42 | Attr = ]
User_Feed_Synchronization-{AB6B2466-293A-4EB1-825F-4031F7274834}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{AB6B2466-293A-4EB1-825F-4031F7274834}.job -> [Ver = | Size = 418 bytes | Created Date = 03/06/2007 10:26:23 | Attr = H ]
DSKernel2.dll -> %System32%\DSKernel2.dll -> LEAD Technologies, Inc. [Ver = 1.0.0.060 | Size = 135168 bytes | Created Date = 16/06/2007 12:36:01 | Attr = ]
GameUXLegacyGDFs.dll -> %System32%\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Created Date = 16/07/2007 20:51:40 | Attr = ]
Ikeext.etl -> %System32%\Ikeext.etl -> [Ver = | Size = 16384 bytes | Created Date = 19/07/2007 19:15:29 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 29/04/2007 10:50:33 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 29/04/2007 10:50:33 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 29/04/2007 10:50:34 | Attr = ]
ltmm15.dll -> %System32%\ltmm15.dll -> [Ver = 15.1.0.002 | Size = 1936528 bytes | Created Date = 16/06/2007 12:36:02 | Attr = ]
px.dll -> %System32%\px.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 514808 bytes | Created Date = 17/07/2007 17:25:37 | Attr = ]
pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.01.95a | Size = 477944 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.41a | Size = 68344 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
pxmas.dll -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 183032 bytes | Created Date = 17/07/2007 17:25:37 | Attr = ]
pxwave.dll -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 379640 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Created Date = 29/04/2007 11:29:24 | Attr = ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Created Date = 14/07/2007 07:39:42 | Attr = ]
vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.72a | Size = 39672 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
WNASPI32.DLL -> %System32%\WNASPI32.DLL -> Adaptec [Ver = 4.71 (0001) | Size = 45056 bytes | Created Date = 15/07/2007 15:36:11 | Attr = ]
ASPI32.SYS -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0001) | Size = 17005 bytes | Created Date = 15/07/2007 15:36:11 | Attr = ]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 17/07/2007 17:25:38 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1049 | Size = 94480 bytes | Created Date = 18/07/2007 21:04:55 | Attr = ]
[Files/Folders - Modified Within 90 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 12/06/2007 18:43:16 | Attr = RH ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 20/07/2007 16:05:56 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 16/07/2007 22:00:48 | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073078272 bytes | Modified Date = 22/07/2007 10:14:02 | Attr = HS]
perflogs -> %SystemDrive%\perflogs -> [Folder | Modified Date = 15/07/2007 17:26:18 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 19/07/2007 21:04:14 | Attr = R ]
ProgramData -> %AllUsersAppData% -> [Folder | Modified Date = 17/07/2007 17:48:12 | Attr = H ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 232 bytes | Modified Date = 09/06/2007 22:04:38 | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Modified Date = 09/06/2007 22:53:58 | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 09/06/2007 22:04:38 | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 09/06/2007 22:53:58 | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 20/07/2007 17:40:00 | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 14/07/2007 09:08:40 | Attr = ]
Windows -> %SystemRoot% -> [Folder | Modified Date = 20/07/2007 19:26:02 | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 16/07/2007 21:53:32 | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 16/07/2007 22:24:28 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 22/07/2007 10:14:04 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 20/07/2007 18:54:50 | Attr = ]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 16/07/2007 21:53:28 | Attr = ]
FLV Player -> %SystemRoot%\FLV Player -> [Folder | Modified Date = 16/06/2007 13:07:46 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 22/07/2007 10:18:24 | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 16/07/2007 22:00:48 | Attr = HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 16/06/2007 13:34:30 | Attr = ]
Logs -> %SystemRoot%\Logs -> [Folder | Modified Date = 15/07/2007 17:32:14 | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 16/07/2007 22:24:28 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 22/07/2007 09:54:26 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 29/04/2007 12:32:46 | Attr = ]
Replay Media Catcher -> %SystemRoot%\Replay Media Catcher -> [Folder | Modified Date = 16/06/2007 13:35:04 | Attr = ]
rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 16/07/2007 21:55:14 | Attr = ]
servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 26/06/2007 21:38:54 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 18/07/2007 22:04:24 | Attr = ]
System32 -> %System32% -> [Folder | Modified Date = 22/07/2007 10:18:24 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 03/06/2007 11:26:24 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 22/07/2007 10:39:18 | Attr = ]
tracing -> %SystemRoot%\tracing -> [Folder | Modified Date = 22/07/2007 10:16:24 | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 16/07/2007 21:55:20 | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 21/07/2007 16:41:02 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 22/07/2007 10:14:08 | Attr = H ]
User_Feed_Synchronization-!!794349F5-F2A8-41FF-9F77-020E3B91F1A1}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-!!794349F5-F2A8-41FF-9F77-020E3B91F1A1}.job -> [Ver = | Size = 420 bytes | Modified Date = 22/07/2007 10:35:02 | Attr = H ]
User_Feed_Synchronization-!!7B6512D8-8FFA-4DA5-8770-D53DA07E55DE}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-!!7B6512D8-8FFA-4DA5-8770-D53DA07E55DE}.job -> [Ver = | Size = 418 bytes | Modified Date = 22/07/2007 10:35:02 | Attr = H ]
User_Feed_Synchronization-{AB6B2466-293A-4EB1-825F-4031F7274834}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{AB6B2466-293A-4EB1-825F-4031F7274834}.job -> [Ver = | Size = 418 bytes | Modified Date = 22/07/2007 10:35:02 | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3552 bytes | Modified Date = 22/07/2007 10:14:14 | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3552 bytes | Modified Date = 22/07/2007 10:14:14 | Attr = H ]
catroot -> %System32%\catroot -> [Folder | Modified Date = 16/07/2007 21:55:20 | Attr = ]
catroot2 -> %System32%\catroot2 -> [Folder | Modified Date = 20/07/2007 07:58:46 | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 18/07/2007 22:04:56 | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 16/07/2007 21:53:30 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 237392 bytes | Modified Date = 28/04/2007 06:41:02 | Attr = ]
GameUXLegacyGDFs.dll -> %System32%\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 16/07/2007 21:51:42 | Attr = ]
Ikeext.etl -> %System32%\Ikeext.etl -> [Ver = | Size = 16384 bytes | Modified Date = 22/07/2007 10:14:10 | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 17/05/2007 17:13:54 | Attr = ]
migration -> %System32%\migration -> [Folder | Modified Date = 13/06/2007 16:14:22 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 111812 bytes | Modified Date = 22/07/2007 10:18:24 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 631234 bytes | Modified Date = 22/07/2007 10:18:24 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 729436 bytes | Modified Date = 22/07/2007 10:18:24 | Attr = ]
SLUI -> %System32%\SLUI -> [Folder | Modified Date = 16/07/2007 21:53:30 | Attr = ]
Tasks -> %System32%\Tasks -> [Folder | Modified Date = 20/07/2007 15:50:52 | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Modified Date = 29/04/2007 12:29:26 | Attr = ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Modified Date = 14/07/2007 08:39:44 | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 16/07/2007 21:53:32 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.476 | Size = 820928 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 19904 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 19/07/2007 17:44:04 | Attr = ]
[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemDrive%\back_up.reg -> File size too big (344067696 bytes) ->
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 04/03/2007 12:55:32 | Attr = ]
UPX! , UPX0 , -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 123392 bytes | Modified Date = 25/11/2003 23:32:02 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 27/03/2007 08:45:58 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.476 | Size = 820928 bytes | Modified Date = 25/06/2007 16:25:38 | Attr = ]
< End of report >0 -
Noticed the basic scan in Winpfind3u the drivers, none are selected is this correct?
Problems with my computer.
AVG anti virus loads up ok on the bottom of the taskbar but after a couple of minutes the email scanner de-activates but after I re-active its ok until the next reboot.
My broadband after several minutes goes offline when I try to re-connect it attemps to go to a dial up connection so I have to close IE and start again sometimes though its ok.
Its been ok when carrying out the tasks advised in this thread.
My son says videos on you tube keep stopping and the computer is slower but the speed is not that bad in my opinion have downloaded spyware removal tools ok.
Been running AVG anti virus in the background dealt with viruses ok four in Virus Vault.
Ran AVG scan yesterday on full screen top of the page is this as the scan begins but no virus found.
File............................ Result/Infection........................................... Path
user32.dll..................... Change..................... C:\Windows\System32\user32.dll
This does not seem right to me
In windows security centre it states Defender is turned off but when I try to turn it on it goes to update then I get a error message come up.0 -
I left this file below out of the previous fix but it's more than a little suspect. A quick google reveals differing opinions with some deleting it and others believing it's connected to BT Broadband. I suspect this one may be malicious. The "modified date" is rather fishy considering you have Vista.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup ->
-> %AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\VTAgentReboot.exe
[Ver = 1, 0, 0, 2 | Size = 143360 bytes | Modified Date = 07/10/2001 20:11:30 | Attr = R ]
Can you upload this file to Jotti's Malware Scan please and report back the findings.
Try reinstalling AVG to see that rectifies the email scanner problem.
Can I also suggest you get a second anti-virus opinion. Taking into account your present connection issues, you're probably best with a downloadable on demand scanner such as DrWeb. This program doesn't need to be installed and won't disrupt AVG.
Download Dr.Web CureIt to your desktop:- Double-click the drweb-cureit.exe file and allow it to run the express scan.
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, select the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow > to the right and the scan will begin.
- At the first infection, select 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, click the "Select all/select none" toggle button (if available) next to the files found:
- Then click the green cup icon right below and select Move incurable as you'll see in next image:
This will move any infected files to the %userprofile%\DoctorWeb\quarantaine-folder that can't be cured (in case if we need samples). - Then, from the main Dr.Web CureIt menu (top left), click File and choose save report list
- Save the report to your desktop.
- Close Dr.Web Cureit and Restart your computer to completely remove any stubborn files in reboot.
- After the restart, post the contents of the Dr.Web log file.
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards