Buy Malwarebytes antimalware
Google
The Spykiller
  Home Help Search Calendar Login Register   *
Board Language: Deutsch English
Advertise on this site

Welcome to The Spykiller

You only need to register to  get help with malware cleaning on your computer or take part in the general discussion forums You DO NOT need to register to upload suspicious files for examination or download any of the tools or use any other part of this site.
It takes a very long time and a lot of hard work on our part to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare so a large part of our time is spent helping you

 INSTRUCTIONS - Read This Before Posting For Malware Removal Help
Digg This!
The Spykiller  > Spyware & Malware removal and General computer help > Malware removal and help > Topic: Msiexec.exe is Infected!!!
Pages: 1 2 3 4 5 [6] 7 8 9 10 11 ... 16   Go Down
« previous next »
  Print  
Author Topic: Msiexec.exe is Infected!!!  (Read 20271 times)
0 Members and 1 Guest are viewing this topic.
xblade12100
Guest
« Reply #50 on: February 16, 2008, 02:13:02 »
Hey, Is comboFix a trojan or somethin because In my scan it showed combofix.exe
Report to moderator   Logged
Ruby
Authorized Users
*****
Offline Offline

Posts: 1064



WWW
« Reply #51 on: February 16, 2008, 04:44:59 »
When you set your speakers off, you will not get any sound.

And, NO, ComboFix is NO malware, but many remover are detected as malware from a lot of antivirus programs, that are false positives and you may want to ignore these messages.
Report to moderator   Logged
      
xblade12100
Guest
« Reply #52 on: February 16, 2008, 14:20:35 »
ok because Avira detected it.
Report to moderator   Logged
Ruby
Authorized Users
*****
Offline Offline

Posts: 1064



WWW
« Reply #53 on: February 16, 2008, 18:55:58 »
once more:
Quote
And, NO, ComboFix is NO malware, but many remover are detected as malware from a lot of antivirus programs, that are false positives and you may want to ignore these messages.
Report to moderator   Logged
      
xblade12100
Guest
« Reply #54 on: February 17, 2008, 01:54:05 »
Here is the log

[attachment deleted by admin]
Report to moderator   Logged
Ruby
Authorized Users
*****
Offline Offline

Posts: 1064



WWW
« Reply #55 on: February 17, 2008, 15:25:42 »
Hello xblade12100

well now we have got your Avira AntiVir logfile. I want to see two more logs from Malwarebytes' Anti-Malware and F-Secure Online Virus Scanner.

You wrote that Msiexec is still there. What do you mean?
Quote
msiexec.exe belongs to the Windows Installer Component and is used to install new programs that use Windows Installer package files (MSI). This program is important for the stable and secure running of your computer and should not be terminated.

How does your computer behave now?
Report to moderator   Logged
      
xblade12100
Guest
« Reply #56 on: February 17, 2008, 16:44:15 »
What would happan that It would say from Zonealarm... msiexec.exe is a bad program or something like maleware. When I install A major or minor Item. It would say that Search settings Is being Installed.
I think this is from Vendio comp. Witch is malware that I didn't Know.

I was downloading a .flv Converter and I scaned it. and things. I got rid of it fast but things Have gotten better. Should I try to open it or download something to make It work so i can Tell You what happens?  Huh
Here are the logs

Scanning Report

Monday, February 18, 2008 09:29:00 - 11:19:17

Computer name: WYATTGAMING
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\

Result: 1 malware found

Possible Browser Hijack attempt (spyware)
System (Disinfected)
Statistics

Scanned:
Files: 85843
System: 4825
Not scanned: 18
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\ZLT00EAD.TMP
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\DRIVERS\FIDBOX.DAT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.TMP.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{43AB840D-E39B-40D8-8A2D-6BBBDA71A357}.BIN
Options

Scanning engines:
F-Secure AVP: 7.0.171, 2008-02-17
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 2008-02-13
F-Secure Libra: 2.4.2, 2008-02-13
F-Secure Orion: 1.2.37, 2008-02-17
F-Secure Pegasus: 1.20.0, 2008-01-13
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics
Malwarebytes' Anti-Malware 1.03
Database version: 369

Scan type: Full Scan (C:\|)
Objects scanned: 69841
Time elapsed: 1 hour(s), 8 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jim\Local Settings\Temp\GLC3.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jim\Local Settings\Temp\GLH4.tmp (Malware.Trace) -> Quarantined and deleted successfully.
Report to moderator   Logged
Ruby
Authorized Users
*****
Offline Offline

Posts: 1064



WWW
« Reply #57 on: February 17, 2008, 18:12:51 »
Hello xblade12100

please STOP downloading programs from unknown sites on the Internet ! Otherwise I won't ever get your system clean. Please read


Download Oldtimer's WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

* Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
* In the Files Created Within group click 30 days
* In the Files Modified Within group select 30 days
* In the File String Search group select Non-Microsoft
* Now click the Run Scan button on the toolbar.
* When the scan is complete Notepad will open with the report file loaded in it.
* Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post back the contents of that report file.
Report to moderator   Logged
      
xblade12100
Guest
« Reply #58 on: February 17, 2008, 18:39:25 »
Hey Ruby, Here is the log but For the sake for me...
Do you know what is wrong?
Please tell me If you know or not BEFORE we move on
Thank You! Grin
WinPFind3 logfile created on: 2/18/2008 1:27:59 PM
WinPFind3U by OldTimer - Version 1.0.44   Folder = C:\Documents and Settings\Jim\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)
 
1023.48 Mb Total Physical Memory | 426.13 Mb Available Physical Memory | 41.64% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 95.57 Gb Free Space | 64.12% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: WYATTGAMING
Current User Name: Jim
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/13/2008 11:41:36 AM | Attr =    ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =    ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/3/2008 8:56:54 PM | Attr =    ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =    ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/3/2008 8:56:54 PM | Attr =    ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/3/2008 8:56:54 PM | Attr =    ]
avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.16 | Size = 249896 bytes | Modified Date = 2/12/2008 3:42:26 PM | Attr =    ]
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 2/12/2008 3:42:26 PM | Attr =    ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/3/2008 2:49:40 PM | Attr =    ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr =    ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr =    ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =    ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =    ]
safari.exe -> %ProgramFiles%\Safari\Safari.exe -> Apple Inc. [Ver = 3.0.4 (523.15) | Size = 3337000 bytes | Modified Date = 12/20/2007 6:51:02 PM | Attr =    ]
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 8/28/2007 1:16:24 PM | Attr =    ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr =    ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/13/2008 11:41:36 AM | Attr =    ]
(AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 8/28/2007 1:16:24 PM | Attr =    ]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 2/12/2008 3:42:26 PM | Attr =    ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/3/2008 8:56:54 PM | Attr =    ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/3/2008 2:49:40 PM | Attr =    ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/3/2008 8:56:54 PM | Attr =    ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =    ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/9/2008 5:48:38 PM | Attr =    ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr =    ]
(MEL) MEL [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Jim\LOCALS~1\Temp\MEL.exe -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =    ]
(StarWindServiceAE) StarWind AE Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> File not found
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr =    ]
(WSUB) WSUB [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Jim\LOCALS~1\Temp\WSUB.exe -> File not found
(YPCService) YPCService [Win32_Own | Disabled | Stopped] -> %System32%\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 3:07:38 PM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =    ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/3/2008 8:56:54 PM | Attr =    ]
avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.16 | Size = 249896 bytes | Modified Date = 2/12/2008 3:42:26 PM | Attr =    ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr =    ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =    ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =    ]
nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1626112 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =    ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr =    ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMBgMonitor.exe -> File not found
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> File not found
Steam ->  -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ ->  ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ ->  ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1       localhost ->  ->
< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://rogers.my.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> *.local ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr =    ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =    ]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.45 | Size = 370296 bytes | Modified Date = 2/1/2008 9:48:36 AM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =    ]
Report to moderator   Logged
xblade12100
Guest
« Reply #59 on: February 17, 2008, 18:39:45 »
Part 2

{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{B8A7839C-51E8-4067-ADA3-CA74BABC1976} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKLM] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker BHO] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 2/16/2008 4:08:02 PM | Attr =    ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr =    ]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKLM] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 2/16/2008 4:08:02 PM | Attr =    ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 2/16/2008 4:08:02 PM | Attr =    ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =    ]
{7F9DB11C-E358-4ca6-A83D-ACC663939424} -> Reg Data - Value does not exist [ButtonText: Bonjour] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel ->  -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
YPC 3.2.0 -> Yahoo! Parental Controls ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =    ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0B79F48A-E8D6-11DB-9283-E25056D89593} -> F-Secure Online Scanner 3.1 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> Installation Support - CodeBase = C:\Program Files\Yahoo!\Common\Yinsthelper.dll ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} -> DivXBrowserPlugin Object - CodeBase = http://download.divx.com/player/DivXBrowserPlugin.cab ->
{8167C273-DF59-4416-B647-C8BB2C7EE83E} -> WebSDev Control - CodeBase = http://liveupdate.msi.com.tw/autobios/LOnline/install.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ->  - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -> Virtools WebPlayer Class - CodeBase = http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe ->


[Files/Folders - Created Within 30 days]
aidualc3 -> %SystemDrive%\aidualc3 ->  [Folder | Created Date = 1/20/2008 5:41:56 PM | Attr =    ]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 2/9/2008 9:10:06 AM | Attr = RHS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 2/8/2008 5:29:18 PM | Attr =    ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2/8/2008 5:40:49 PM | Attr =    ]
rollback.ini -> %SystemDrive%\rollback.ini ->  [Ver =  | Size = 2544 bytes | Created Date = 1/30/2008 4:04:11 PM | Attr =    ]
SICKO -> %SystemDrive%\SICKO ->  [Folder | Created Date = 1/31/2008 8:21:22 PM | Attr =    ]
$NtUninstallKB943055$ -> %SystemRoot%\$NtUninstallKB943055$ ->  [Folder | Created Date = 2/13/2008 5:00:54 PM | Attr =  H ]
$NtUninstallKB946026$ -> %SystemRoot%\$NtUninstallKB946026$ ->  [Folder | Created Date = 2/13/2008 5:02:17 PM | Attr =  H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ ->  [Folder | Created Date = 2/7/2008 8:20:55 AM | Attr =  H ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 2/8/2008 5:41:23 PM | Attr =    ]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14116 | Size = 819200 bytes | Created Date = 2/11/2008 1:06:47 PM | Attr =    ]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Created Date = 2/11/2008 1:06:47 PM | Attr =    ]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Created Date = 2/11/2008 1:06:49 PM | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Created Date = 2/11/2008 1:06:47 PM | Attr =    ]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 2/18/2008 9:26:16 AM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 2/3/2008 9:51:13 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 2/3/2008 9:51:13 AM | Attr =  H ]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Created Date = 2/9/2008 9:10:02 AM | Attr =    ]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Created Date = 2/9/2008 9:09:44 AM | Attr =    ]
WMSysPr8.prx -> %SystemRoot%\WMSysPr8.prx ->  [Ver =  | Size = 156910 bytes | Created Date = 2/3/2008 11:03:20 AM | Attr =    ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75248 bytes | Created Date = 2/16/2008 4:07:03 PM | Attr =    ]
AC3ACM.acm -> %System32%\AC3ACM.acm -> fccHandler [Ver = 0, 7, 0, 0 | Size = 81920 bytes | Created Date = 2/3/2008 11:03:19 AM | Attr =    ]
alf2cd.acm -> %System32%\alf2cd.acm -> NCT Company [Ver = 2.03 | Size = 38912 bytes | Created Date = 2/3/2008 11:03:19 AM | Attr =    ]
camcodec.dll -> %System32%\camcodec.dll -> RenderSoft Software. [Ver = 1.0.0 | Size = 51200 bytes | Created Date = 2/7/2008 10:58:17 AM | Attr =    ]
ControlSubX.ocx -> %System32%\ControlSubX.ocx ->  [Ver = 1.00.0007 | Size = 24576 bytes | Created Date = 1/31/2008 10:35:31 PM | Attr =    ]
divx.dll -> %System32%\divx.dll -> DivXNetworks, Inc. [Ver = 5.0.5.830 | Size = 638976 bytes | Created Date = 2/3/2008 11:03:20 AM | Attr =    ]
divxdec.ax -> %System32%\divxdec.ax -> DivXNetworks, Inc. [Ver = 5.0.5.830 | Size = 221215 bytes | Created Date = 2/3/2008 11:03:20 AM | Attr =    ]
fdsv.exe -> %System32%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 2/8/2008 5:40:38 PM | Attr =    ]
grep.exe -> %System32%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 2/8/2008 5:40:38 PM | Attr =    ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll ->  [Ver =  | Size = 796048 bytes | Created Date = 2/16/2008 4:06:37 PM | Attr =    ]
mcdvd_32.dll -> %System32%\mcdvd_32.dll -> MainConcept [Ver = 2.0.4 | Size = 261632 bytes | Created Date = 2/3/2008 11:03:19 AM | Attr =    ]
PropertyGrid.ocx -> %System32%\PropertyGrid.ocx ->  [Ver = 1.00 | Size = 364544 bytes | Created Date = 1/31/2008 10:35:34 PM | Attr =    ]
ReyXpBasics.tlb -> %System32%\ReyXpBasics.tlb ->  [Ver =  | Size = 208500 bytes | Created Date = 1/31/2008 10:35:34 PM | Attr =    ]
rrMon.sys -> %System32%\rrMon.sys -> Resplendence Software Projects Sp [Ver = 2.02 built by: WinDDK | Size = 31280 bytes | Created Date = 2/12/2008 5:15:35 PM | Attr =    ]
rrsec.dll -> %System32%\rrsec.dll ->  [Ver =  | Size = 119728 bytes | Created Date = 2/12/2008 3:37:12 PM | Attr =    ]
rrsec2k.exe -> %System32%\rrsec2k.exe ->  [Ver =  | Size = 97240 bytes | Created Date = 2/12/2008 3:37:12 PM | Attr =    ]
Scg726.acm -> %System32%\Scg726.acm -> SHARP Corporation [Ver = 1, 0, 0, 3 | Size = 13239 bytes | Created Date = 2/3/2008 11:03:19 AM | Attr =    ]
sed.exe -> %System32%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 2/8/2008 5:40:38 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2/8/2008 5:40:39 PM | Attr =    ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2/8/2008 5:40:38 PM | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2/8/2008 5:40:38 PM | Attr =    ]
vct3216.acm -> %System32%\vct3216.acm -> Voxware, Inc. [Ver = 1.6.0.17 | Size = 82944 bytes | Created Date = 2/3/2008 11:03:19 AM | Attr =    ]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2/8/2008 5:40:38 PM | Attr =    ]
vsconfig.xml -> %System32%\vsconfig.xml ->  [Ver =  | Size = 353366 bytes | Created Date = 2/16/2008 4:06:23 PM | Attr =    ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 83432 bytes | Created Date = 2/16/2008 4:05:09 PM | Attr =    ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Created Date = 2/16/2008 4:06:23 PM | Attr =    ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 157160 bytes | Created Date = 2/16/2008 4:05:09 PM | Attr =    ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 103912 bytes | Created Date = 2/16/2008 4:06:24 PM | Attr =    ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 275944 bytes | Created Date = 2/16/2008 4:06:24 PM | Attr =    ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Created Date = 2/16/2008 4:06:37 PM | Attr =    ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 472552 bytes | Created Date = 2/16/2008 4:05:09 PM | Attr =    ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 46568 bytes | Created Date = 2/16/2008 4:06:26 PM | Attr =    ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 99816 bytes | Created Date = 2/16/2008 4:06:25 PM | Attr =    ]
xvid.ax -> %System32%\xvid.ax ->  [Ver =  | Size = 53248 bytes | Created Date = 2/3/2008 11:03:20 AM | Attr =    ]
xvidcore.dll -> %System32%\xvidcore.dll ->  [Ver =  | Size = 524288 bytes | Created Date = 2/3/2008 11:03:20 AM | Attr =    ]
xvidvfw.dll -> %System32%\xvidvfw.dll ->  [Ver =  | Size = 139264 bytes | Created Date = 2/3/2008 11:03:20 AM | Attr =    ]
zip.exe -> %System32%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 2/8/2008 5:40:39 PM | Attr =    ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 83432 bytes | Created Date = 2/16/2008 4:06:34 PM | Attr =    ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Created Date = 2/16/2008 4:06:34 PM | Attr =    ]
ZoneLabs -> %System32%\ZoneLabs ->  [Folder | Created Date = 1/29/2008 7:35:55 PM | Attr =    ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 2/16/2008 4:06:25 PM | Attr =    ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2/14/2008 7:10:26 PM | Attr =    ]
avgntdd.sys -> %System32%\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.02 | Size = 40768 bytes | Created Date = 2/12/2008 3:40:26 PM | Attr =    ]
avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.01 | Size = 21312 bytes | Created Date = 2/12/2008 3:40:26 PM | Attr =    ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Created Date = 2/12/2008 3:40:22 PM | Attr =    ]
camcodec.inf -> %System32%\drivers\camcodec.inf ->  [Ver =  | Size = 1461 bytes | Created Date = 2/7/2008 10:58:18 AM | Attr =    ]
fidbox.dat -> %System32%\drivers\fidbox.dat ->  [Ver =  | Size = 15743008 bytes | Created Date = 2/16/2008 4:10:12 PM | Attr =  HS]
fidbox.idx -> %System32%\drivers\fidbox.idx ->  [Ver =  | Size = 142124 bytes | Created Date = 2/16/2008 4:10:12 PM | Attr =  HS]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Created Date = 2/11/2008 1:06:47 PM | Attr =    ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 2/16/2008 4:06:56 PM | Attr =    ]
pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Created Date = 1/28/2008 5:53:57 PM | Attr =    ]
ssmdrv.sys -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 2/12/2008 3:40:25 PM | Attr =    ]
hosts.20080120-200533.backup -> %System32%\drivers\etc\hosts.20080120-200533.backup ->  [Ver =  | Size = 223027 bytes | Created Date = 1/20/2008 8:05:33 PM | Attr = R  ]
hosts.20080129-190002.backup -> %System32%\drivers\etc\hosts.20080129-190002.backup ->  [Ver =  | Size = 223027 bytes | Created Date = 1/29/2008 7:00:02 PM | Attr = R  ]
hosts.20080129-190010.backup -> %System32%\drivers\etc\hosts.20080129-190010.backup ->  [Ver =  | Size = 223955 bytes | Created Date = 1/29/2008 7:00:10 PM | Attr = R  ]
hosts.20080129-190014.backup -> %System32%\drivers\etc\hosts.20080129-190014.backup ->  [Ver =  | Size = 223955 bytes | Created Date = 1/29/2008 7:00:14 PM | Attr = R  ]
hosts.20080129-190019.backup -> %System32%\drivers\etc\hosts.20080129-190019.backup ->  [Ver =  | Size = 223955 bytes | Created Date = 1/29/2008 7:00:19 PM | Attr = R  ]
hosts.20080129-190025.backup -> %System32%\drivers\etc\hosts.20080129-190025.backup ->  [Ver =  | Size = 223955 bytes | Created Date = 1/29/2008 7:00:25 PM | Attr = R  ]
hosts.20080204-204653.backup -> %System32%\drivers\etc\hosts.20080204-204653.backup ->  [Ver =  | Size = 223955 bytes | Created Date = 2/4/2008 8:46:53 PM | Attr = R  ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 2/10/2008 6:58:30 PM | Attr = RH ]
aidualc3 -> %SystemDrive%\aidualc3 ->  [Folder | Modified Date = 1/21/2008 8:19:40 PM | Attr =    ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 282 bytes | Modified Date = 2/10/2008 8:30:08 PM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 2/9/2008 9:10:50 AM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/4/2008 7:26:02 PM | Attr =  H ]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 2/8/2008 5:29:20 PM | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/18/2008 1:27:42 PM | Attr =   S]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2/15/2008 3:52:26 PM | Attr =    ]
rollback.ini -> %SystemDrive%\rollback.ini ->  [Ver =  | Size = 2544 bytes | Modified Date = 2/14/2008 6:50:10 PM | Attr =    ]
SICKO -> %SystemDrive%\SICKO ->  [Folder | Modified Date = 1/31/2008 8:21:24 PM | Attr =    ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2/17/2008 11:57:14 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/18/2008 9:26:18 AM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 4:33:38 PM | Attr =  H ]
$NtUninstallKB943055$ -> %SystemRoot%\$NtUninstallKB943055$ ->  [Folder | Modified Date = 2/13/2008 5:00:56 PM | Attr =  H ]
$NtUninstallKB946026$ -> %SystemRoot%\$NtUninstallKB946026$ ->  [Folder | Modified Date = 2/13/2008 5:02:20 PM | Attr =  H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ ->  [Folder | Modified Date = 2/7/2008 8:20:56 AM | Attr =  H ]
ALCFDRTM.VER -> %SystemRoot%\ALCFDRTM.VER -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 60416 bytes | Modified Date = 1/27/2008 10:30:38 AM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/18/2008 8:35:46 AM | Attr =   S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini ->  [Ver =  | Size = 4934 bytes | Modified Date = 1/22/2008 4:33:02 PM | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/18/2008 11:44:04 AM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2/11/2008 8:42:44 AM | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2/3/2008 11:03:34 AM | Attr = R S]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14116 | Size = 819200 bytes | Modified Date = 2/11/2008 1:06:48 PM | Attr =    ]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 2/11/2008 3:13:16 PM | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 2/11/2008 1:06:48 PM | Attr =    ]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2/17/2008 8:52:38 PM | Attr =    ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/13/2008 5:01:34 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 5:01:54 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/17/2008 8:52:22 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/5/2008 3:42:22 PM | Attr =  HS]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Modified Date = 2/18/2008 1:24:58 PM | Attr =    ]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 2/18/2008 9:26:18 AM | Attr =    ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP ->  [Ver =  | Size = 1073299456 bytes | Modified Date = 2/8/2008 7:13:38 PM | Attr =    ]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2/8/2008 7:13:44 PM | Attr =    ]
nview -> %SystemRoot%\nview ->  [Folder | Modified Date = 2/17/2008 10:21:26 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/18/2008 1:27:20 PM | Attr =    ]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 2/9/2008 9:01:16 AM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/3/2008 9:51:14 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/18/2008 1:16:32 PM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 1/31/2008 3:46:06 PM | Attr =    ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/10/2008 11:25:50 PM | Attr =    ]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Modified Date = 2/9/2008 9:10:04 AM | Attr =    ]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Modified Date = 2/9/2008 9:09:58 AM | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 327 bytes | Modified Date = 2/15/2008 3:52:42 PM | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 2/17/2008 10:21:28 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/18/2008 8:38:52 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/18/2008 1:27:56 PM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1225 bytes | Modified Date = 2/10/2008 8:30:08 PM | Attr =    ]
Ad-Aware SE Personal.job -> %SystemRoot%\tasks\Ad-Aware SE Personal.job ->  [Ver =  | Size = 348 bytes | Modified Date = 2/16/2008 8:00:02 PM | Attr =    ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 2/18/2008 8:38:52 AM | Attr =  H ]
Norton Security Online - Run Full System Scan - Wyatt.job -> %SystemRoot%\tasks\Norton Security Online - Run Full System Scan - Wyatt.job ->  [Ver =  | Size = 576 bytes | Modified Date = 2/4/2008 8:00:02 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/18/2008 8:35:58 AM | Attr =  H ]
Spybot - Search & Destroy -  Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy -  Scheduled Task.job ->  [Ver =  | Size = 440 bytes | Modified Date = 2/15/2008 5:30:02 PM | Attr =    ]
SpywareBlaster.job -> %SystemRoot%\tasks\SpywareBlaster.job ->  [Ver =  | Size = 264 bytes | Modified Date = 2/16/2008 8:00:02 PM | Attr =    ]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 2/7/2008 8:27:44 AM | Attr =    ]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 2/16/2008 4:07:02 PM | Attr =    ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/18/2008 8:38:56 AM | Attr =    ]
config -> %System32%\config ->  [Folder | Modified Date = 2/11/2008 8:43:04 AM | Attr =    ]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Modified Date = 2/15/2008 6:46:18 PM | Attr =    ]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 2/17/2008 8:52:36 PM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2/17/2008 8:52:28 PM | Attr =    ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 1449256 bytes | Modified Date = 2/3/2008 1:37:58 PM | Attr =    ]
mlfcache.dat -> %System32%\mlfcache.dat ->  [Ver =  | Size = 28608 bytes | Modified Date = 2/8/2008 8:40:26 PM | Attr =  H ]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 2/7/2008 8:27:44 AM | Attr =    ]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 161432 bytes | Modified Date = 2/17/2008 8:52:54 PM | Attr =    ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 2/1/2008 9:47:14 AM | Attr =    ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 2/1/2008 9:47:20 AM | Attr =    ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 2/1/2008 9:47:20 AM | Attr =    ]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Modified Date = 2/17/2008 8:52:38 PM | Attr =    ]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 2/17/2008 11:57:14 PM | Attr =    ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.45 | Size = 185944 bytes | Modified Date = 2/1/2008 9:48:16 AM | Attr =    ]
rrMon.sys -> %System32%\rrMon.sys -> Resplendence Software Projects Sp [Ver = 2.02 built by: WinDDK | Size = 31280 bytes | Modified Date = 2/9/2008 11:20:04 AM | Attr =    ]
rrsec.dll -> %System32%\rrsec.dll ->  [Ver =  | Size = 119728 bytes | Modified Date = 2/9/2008 11:20:08 AM | Attr =    ]
rrsec2k.exe -> %System32%\rrsec2k.exe ->  [Ver =  | Size = 97240 bytes | Modified Date = 2/9/2008 11:19:50 AM | Attr =    ]
vsconfig.xml -> %System32%\vsconfig.xml ->  [Ver =  | Size = 353366 bytes | Modified Date = 2/18/2008 8:36:34 AM | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 2/18/2008 1:16:18 PM | Attr =    ]
zllictbl.dat -> %System32%\zllictbl.dat ->  [Ver =  | Size = 4212 bytes | Modified Date = 2/17/2008 10:30:18 PM | Attr =  H ]
ZoneLabs -> %System32%\ZoneLabs ->  [Folder | Modified Date = 2/16/2008 4:07:08 PM | Attr =    ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 2/12/2008 3:42:26 PM | Attr =    ]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2/11/2008 8:45:44 AM | Attr =    ]
fidbox.dat -> %System32%\drivers\fidbox.dat ->  [Ver =  | Size = 15743008 bytes | Modified Date = 2/18/2008 1:22:32 PM | Attr =  HS]
fidbox.idx -> %System32%\drivers\fidbox.idx ->  [Ver =  | Size = 142124 bytes | Modified Date = 2/18/2008 12:01:02 AM | Attr =  HS]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 2/11/2008 1:06:48 PM | Attr =    ]
pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 1/28/2008 5:53:58 PM | Attr =    ]
hosts.20080129-190002.backup -> %System32%\drivers\etc\hosts.20080129-190002.backup ->  [Ver =  | Size = 223027 bytes | Modified Date = 1/20/2008 8:05:34 PM | Attr = R  ]
hosts.20080129-190010.backup -> %System32%\drivers\etc\hosts.20080129-190010.backup ->  [Ver =  | Size = 223955 bytes | Modified Date = 1/29/2008 7:00:04 PM | Attr = R  ]
hosts.20080129-190014.backup -> %System32%\drivers\etc\hosts.20080129-190014.backup ->  [Ver =  | Size = 223955 bytes | Modified Date = 1/29/2008 7:00:12 PM | Attr = R  ]
hosts.20080129-190019.backup -> %System32%\drivers\etc\hosts.20080129-190019.backup ->  [Ver =  | Size = 223955 bytes | Modified Date = 1/29/2008 7:00:16 PM | Attr = R  ]
hosts.20080129-190025.backup -> %System32%\drivers\etc\hosts.20080129-190025.backup ->  [Ver =  | Size = 223955 bytes | Modified Date = 1/29/2008 7:00:20 PM | Attr = R  ]
hosts.20080204-204653.backup -> %System32%\drivers\etc\hosts.20080204-204653.backup ->  [Ver =  | Size = 223955 bytes | Modified Date = 1/29/2008 7:00:26 PM | Attr = R  ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (1073299456 bytes) ->
UPX! , UPX0 ,  -> %SystemRoot%\screengenie.scr -> XMLAuthor Inc. [Ver = 6.1.55.0 | Size = 1559056 bytes | Modified Date = 10/31/2006 9:32:30 PM | Attr =    ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
WSUD ,  -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.37 | Size = 16166912 bytes | Modified Date = 12/1/2004 2:53:44 AM | Attr = R  ]
@Alternate Data Stream - 26 bytes -> %System32%\bdco1.dll:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\bdco1ins.dll:Zone.Identifier ->
aspack ,  -> %System32%\ControlSubX.ocx ->  [Ver = 1.00.0007 | Size = 24576 bytes | Modified Date = 9/28/2005 1:31:50 AM | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %System32%\fdco1.dll:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\fdco1ins.dll:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\idecoi.dll:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\idecoins.dll:Zone.Identifier ->
UPX! , UPX0 ,  -> %System32%\npmirage.dll -> XMLAuthor Inc. [Ver = 6, 1, 55, 0 | Size = 35344 bytes | Modified Date = 10/31/2006 9:32:40 PM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %System32%\NVCOI.DLL:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\nvconrm.dll:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\nvide.nvu:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\nvnrm.nvu:Zone.Identifier ->
PEC2 ,  -> %System32%\ReyXpBasics.tlb ->  [Ver =  | Size = 208500 bytes | Modified Date = 10/13/2005 1:42:22 PM | Attr =    ]
Thawte Consulting ,  -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.45 | Size = 185944 bytes | Modified Date = 2/1/2008 9:48:16 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\Uharc.exe ->  [Ver =  | Size = 111104 bytes | Modified Date = 12/3/2006 4:15:34 PM | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =    ]
Thawte Consulting ,  -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 5, 5, 0, 0 | Size = 42672 bytes | Modified Date = 5/26/2007 11:34:34 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\xmforgert.exe -> XMLAuthor Inc. [Ver = 6.1.55.0 | Size = 1559056 bytes | Modified Date = 10/31/2006 9:32:30 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\xmirage.ocx -> XMLAuthor Inc. [Ver = 6.1.55.0 | Size = 300560 bytes | Modified Date = 10/31/2006 9:32:36 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\xmirageu.ocx -> XMLAuthor Inc. www.mediaforge.com [Ver = 1, 0, 0, 3 | Size = 136208 bytes | Modified Date = 3/4/2006 5:19:58 AM | Attr =    ]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =    ]
UPX! , FSG! , PEC2 , aspack ,  -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 1/3/2008 8:56:48 PM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\nvata.sys:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\drivers\NVENETFD.sys:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\drivers\nvnetbus.sys:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\drivers\nvnrm.sys:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\drivers\nvsnpu.sys:Zone.Identifier ->
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080113-174037.backup ->  [Ver =  | Size = 222475 bytes | Modified Date = 1/4/2008 7:45:36 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080113-174044.backup ->  [Ver =  | Size = 223027 bytes | Modified Date = 1/13/2008 5:40:40 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080114-180837.backup ->  [Ver =  | Size = 223027 bytes | Modified Date = 1/13/2008 5:40:46 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080116-155044.backup ->  [Ver =  | Size = 223027 bytes | Modified Date = 1/14/2008 6:08:40 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080116-155453.backup ->  [Ver =  | Size = 223027 bytes | Modified Date = 1/16/2008 3:50:46 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080116-155459.backup ->  [Ver =  | Size = 223027 bytes | Modified Date = 1/16/2008 3:54:54 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080116-155506.backup ->  [Ver =  | Size = 223027 bytes | Modified Date = 1/16/2008 3:55:00 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080120-200533.backup ->  [Ver =  | Size = 223027 bytes | Modified Date = 1/16/2008 3:55:08 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080129-190002.backup ->  [Ver =  | Size = 223027 bytes | Modified Date = 1/20/2008 8:05:34 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080129-190010.backup ->  [Ver =  | Size = 223955 bytes | Modified Date = 1/29/2008 7:00:04 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080129-190014.backup ->  [Ver =  | Size = 223955 bytes | Modified Date = 1/29/2008 7:00:12 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080129-190019.backup ->  [Ver =  | Size = 223955 bytes | Modified Date = 1/29/2008 7:00:16 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080129-190025.backup ->  [Ver =  | Size = 223955 bytes | Modified Date = 1/29/2008 7:00:20 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.20080204-204653.backup ->  [Ver =  | Size = 223955 bytes | Modified Date = 1/29/2008 7:00:26 PM | Attr = R  ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\Hosts.bak ->  [Ver =  | Size = 210837 bytes | Modified Date = 11/10/2007 8:51:44 PM | Attr = RH ]

< End of report >
Report to moderator   Logged
Pages: 1 2 3 4 5 [6] 7 8 9 10 11 ... 16   Go Up
  Print  
The Spykiller  > Spyware & Malware removal and General computer help > Malware removal and help > Topic: Msiexec.exe is Infected!!!
 « previous next »
 
Jump to:  

Donations

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts


.

Useful Advice and Programs
  
  Information
   Security & Protection Blog
   Prevention
   Using Autoruns
     System Restore
  Rss feeds
     Microsoft at Home
     MSRC
     Malware blog
Kaspersky online scanner
Take the Kaspersky Challenge: See what your current antivirus is missing. Our free online virus scanner is a great way to find out if you have any viruses or spyware on your machine without having to uninstall your current antivirus software or install a new one.

Most importantly, you can see what viruses your current antivirus software let slip through! Now works with ANY Java enabled browser
Stop killing hedgehogs with strimmers
User
Welcome, Guest. Please login or register.
Did you miss your activation email?
August 01, 2010, 03:49:11

Login with username, password and session length
secunia Software inspector

Google ads
RoboForm: Learn more...

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware is so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you.
In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

I run this site to help raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the PayPal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running
Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
TinyPortal v0.9.8 © Bloc 		Valid XHTML 1.0! Valid CSS!
Page created in 0.184 seconds with 33 queries.

Google visited last this page June 05, 2010, 12:53:57