malware: help! i've tried many things!

[crafty_kd]

[Files/Folders - Created Within 30 days]
6c5d95b0f7a967861ce081828f -> %SystemDrive%\6c5d95b0f7a967861ce081828f ->  [Folder | Created Date = 08/10/2007 4:30:08 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1064763392 bytes | Created Date = 01/01/1601 8:00:00 AM | Attr =  HS]
qoobox -> %SystemDrive%\qoobox ->  [Folder | Created Date = 08/10/2007 3:10:54 PM | Attr =    ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 07/10/2007 10:35:49 PM | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 11:11:13 AM | Attr =  H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 3:24:38 PM | Attr =  H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 3:36:44 PM | Attr =  H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 5:51:31 PM | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 07/10/2007 10:35:49 PM | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 11:11:13 AM | Attr =  H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 3:24:37 PM | Attr =  H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 3:36:43 PM | Attr =  H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 5:51:31 PM | Attr =  H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 08/10/2007 12:01:15 AM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 08/10/2007 4:45:29 PM | Attr =    ]
$NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ ->  [Folder | Created Date = 08/10/2007 4:19:32 PM | Attr =  H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ ->  [Folder | Created Date = 08/10/2007 4:29:37 PM | Attr =  H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ ->  [Folder | Created Date = 08/10/2007 4:29:50 PM | Attr =  H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ ->  [Folder | Created Date = 08/10/2007 4:30:28 PM | Attr =  H ]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 135168 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 08/10/2007 3:09:20 PM | Attr =    ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 08/10/2007 2:15:56 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 08/10/2007 2:15:56 PM | Attr =  H ]
actskin4.ocx -> %System32%\actskin4.ocx ->  [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 08/10/2007 1:29:10 AM | Attr =    ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Created Date = 08/10/2007 1:29:10 AM | Attr =    ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Created Date = 08/10/2007 1:29:21 AM | Attr =    ]
rqtss.bak2 -> %System32%\rqtss.bak2 ->  [Ver =  | Size = 13179 bytes | Created Date = 08/10/2007 5:11:05 PM | Attr =  HS]
rqtss.ini -> %System32%\rqtss.ini ->  [Ver =  | Size = 387447 bytes | Created Date = 08/10/2007 3:33:39 PM | Attr =  HS]
rqtss.ini2 -> %System32%\rqtss.ini2 ->  [Ver =  | Size = 15548 bytes | Created Date = 08/10/2007 3:17:21 PM | Attr =  HS]
rqtss.tmp -> %System32%\rqtss.tmp ->  [Ver =  | Size = 394864 bytes | Created Date = 08/10/2007 3:08:30 PM | Attr =  HS]
sstqr.dll -> %System32%\sstqr.dll ->  [Ver =  | Size = 325728 bytes | Created Date = 06/10/2007 3:29:35 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
XPSViewer -> %System32%\XPSViewer ->  [Folder | Created Date = 08/10/2007 4:33:50 PM | Attr =    ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Created Date = 08/10/2007 1:29:25 AM | Attr =    ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Created Date = 08/10/2007 1:29:19 AM | Attr =    ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Created Date = 08/10/2007 1:29:19 AM | Attr =    ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Created Date = 08/10/2007 1:29:28 AM | Attr =    ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Created Date = 08/10/2007 1:29:26 AM | Attr =    ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 08/10/2007 2:18:01 AM | Attr =    ]

[crafty_kd]

[Files/Folders - Modified Within 30 days]
6c5d95b0f7a967861ce081828f -> %SystemDrive%\6c5d95b0f7a967861ce081828f ->  [Folder | Modified Date = 08/10/2007 5:30:26 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1064763392 bytes | Modified Date = 08/10/2007 6:08:56 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 08/10/2007 6:03:26 PM | Attr = R  ]
qoobox -> %SystemDrive%\qoobox ->  [Folder | Modified Date = 08/10/2007 4:38:00 PM | Attr =    ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 07/10/2007 11:35:50 PM | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 12:11:14 PM | Attr =  H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 4:24:40 PM | Attr =  H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 4:36:46 PM | Attr =  H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 6:51:32 PM | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 07/10/2007 11:35:50 PM | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 12:11:14 PM | Attr =  H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 4:24:40 PM | Attr =  H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 4:36:44 PM | Attr =  H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 6:51:32 PM | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 08/10/2007 4:07:26 PM | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 08/10/2007 1:01:16 AM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 08/10/2007 6:09:50 PM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 08/10/2007 5:45:30 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 08/10/2007 5:16:20 PM | Attr =  H ]
$NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ ->  [Folder | Modified Date = 08/10/2007 5:19:36 PM | Attr =  H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ ->  [Folder | Modified Date = 08/10/2007 5:29:40 PM | Attr =  H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ ->  [Folder | Modified Date = 08/10/2007 5:29:52 PM | Attr =  H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ ->  [Folder | Modified Date = 08/10/2007 5:30:30 PM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 08/10/2007 7:11:34 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 08/10/2007 6:08:58 PM | Attr =   S]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 135168 bytes | Modified Date = 28/09/2007 9:06:10 AM | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 08/10/2007 4:55:12 PM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 08/10/2007 4:30:30 PM | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 08/10/2007 5:33:44 PM | Attr = R S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 08/10/2007 5:30:08 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 08/10/2007 5:31:44 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 08/10/2007 5:39:56 PM | Attr =  HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 08/10/2007 7:11:40 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 08/10/2007 4:06:36 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 08/10/2007 3:15:58 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 08/10/2007 6:37:56 PM | Attr =  H ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 08/10/2007 4:56:16 PM | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 08/10/2007 7:40:32 PM | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 08/10/2007 6:21:00 PM | Attr =    ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 223 bytes | Modified Date = 08/10/2007 12:19:28 AM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 08/10/2007 5:24:58 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 08/10/2007 6:09:26 PM | Attr =  H ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 08/10/2007 5:29:48 PM | Attr =    ]
config -> %System32%\config ->  [Folder | Modified Date = 08/10/2007 4:31:40 PM | Attr =    ]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 08/10/2007 2:29:26 AM | Attr =    ]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 08/10/2007 5:31:18 PM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 08/10/2007 6:12:58 PM | Attr =    ]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 08/10/2007 5:33:48 PM | Attr =    ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 158752 bytes | Modified Date = 08/10/2007 6:08:56 PM | Attr =    ]
FxsTmp -> %System32%\FxsTmp ->  [Folder | Modified Date = 08/10/2007 6:24:32 PM | Attr =    ]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 71198 bytes | Modified Date = 08/10/2007 5:39:34 PM | Attr =    ]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 438270 bytes | Modified Date = 08/10/2007 5:39:34 PM | Attr =    ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 516442 bytes | Modified Date = 08/10/2007 5:39:34 PM | Attr =    ]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 08/10/2007 4:07:26 PM | Attr =    ]
rqtss.bak2 -> %System32%\rqtss.bak2 ->  [Ver =  | Size = 13179 bytes | Modified Date = 08/10/2007 6:19:50 PM | Attr =  HS]
rqtss.ini -> %System32%\rqtss.ini ->  [Ver =  | Size = 387447 bytes | Modified Date = 08/10/2007 1:50:12 PM | Attr =  HS]
rqtss.ini2 -> %System32%\rqtss.ini2 ->  [Ver =  | Size = 15548 bytes | Modified Date = 08/10/2007 7:40:32 PM | Attr =  HS]
rqtss.tmp -> %System32%\rqtss.tmp ->  [Ver =  | Size = 394864 bytes | Modified Date = 08/10/2007 4:17:20 PM | Attr =  HS]
spool -> %System32%\spool ->  [Folder | Modified Date = 08/10/2007 5:31:30 PM | Attr =    ]
sstqr.dll -> %System32%\sstqr.dll ->  [Ver =  | Size = 325728 bytes | Modified Date = 06/10/2007 4:29:50 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 05/10/2007 10:07:32 AM | Attr =    ]
usmt -> %System32%\usmt ->  [Folder | Modified Date = 08/10/2007 5:19:50 PM | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 08/10/2007 6:10:52 PM | Attr =    ]
XPSViewer -> %System32%\XPSViewer ->  [Folder | Modified Date = 08/10/2007 5:33:52 PM | Attr =    ]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 08/10/2007 4:34:08 PM | Attr =    ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 07/10/2007 2:18:38 PM | Attr =    ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 ,  -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 06/09/2007 3:09:50 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 07/10/2005 10:14:52 AM | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 04/08/2004 4:00:00 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 05/10/2007 10:07:32 AM | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 04/08/2004 4:00:00 AM | Attr =    ]

< End of report >

[mauserme]

That took a lot less time than I thought!

Yeah, running it isn't too bad but analysing it can take a little while.  I'll be back ...

[crafty_kd]

What, analysing hundreds of lines of information takes time?!!!!!   

Thank you!

[mauserme]

Well there is a tool to make it easier.  Not gone as long as you expected, was I? 


Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Files/Folders - Created Within 30 days]
NY -> rqtss.bak2 -> %System32%\rqtss.bak2
NY -> rqtss.ini -> %System32%\rqtss.ini
NY -> rqtss.ini2 -> %System32%\rqtss.ini2
NY -> rqtss.tmp -> %System32%\rqtss.tmp
NY -> sstqr.dll -> %System32%\sstqr.dll
[Files/Folders - Modified Within 30 days]
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
NY -> rqtss.bak2 -> %System32%\rqtss.bak2
NY -> rqtss.ini -> %System32%\rqtss.ini
NY -> rqtss.ini2 -> %System32%\rqtss.ini2
NY -> rqtss.tmp -> %System32%\rqtss.tmp
NY -> sstqr.dll -> %System32%\sstqr.dll

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix which you should post in your next response.  Don't worry if some of the files are not found - there are duplicates.

Also let me know of any problems you encounter performing these steps or any continuing problems you are having with the computer.



After running that fix download ERUNT from here and back up your entire registry

http://www.snapfiles.com/get/erunt.html

Now we will create a registry fix to delete the Vundo BHO. 

Copy and paste ALL of the information below in the quote box below to a notepad file.  Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE > ALL FILES
In the FILE NAME box type fix.reg and save the file - this will create a fix.reg file on your desktop.

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{84BB2E13-1A0A-4247-B9D1-735D06771FA8}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{84BB2E13-1A0A-4247-B9D1-735D06771FA8}]

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.


After merging this into your registry, reboot and post a new WinPFind log.

[crafty_kd]

WinPFind3U fix log: (the fix ended by prompting me for a reboot, which I followed)

[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\rqtss.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\rqtss.ini moved successfully.
C:\WINDOWS\SYSTEM32\rqtss.ini2 moved successfully.
C:\WINDOWS\SYSTEM32\rqtss.tmp moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\sstqr.dll scheduled to be moved on reboot.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\imsins.BAK moved successfully.
File C:\WINDOWS\SYSTEM32\rqtss.bak2 not found!
File C:\WINDOWS\SYSTEM32\rqtss.ini not found!
File C:\WINDOWS\SYSTEM32\rqtss.ini2 not found!
File C:\WINDOWS\SYSTEM32\rqtss.tmp not found!
File move failed. C:\WINDOWS\SYSTEM32\sstqr.dll scheduled to be moved on reboot.
< End of log >
Created on 10/08/2007 20:41:47

Now for ERUNT...

[crafty_kd]

WinPFind log:

WinPFind3 logfile created on: 08/10/2007 8:57:58 PM
WinPFind3U by OldTimer - Version 1.0.42   Folder = C:\Documents and Settings\Kimberley\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
 
1015.37 Mb Total Physical Memory | 606.00 Mb Available Physical Memory | 59.68% Memory free
2.39 Gb Paging File | 2.06 Gb Available in Paging File | 86.25% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 90.09 Gb Total Space | 24.23 Gb Free Space | 26.89% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MAGNETAR
Current User Name: Kimberley
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> Intel [Ver = 9, 0, 1, 33 | Size = 245760 bytes | Modified Date = 07/09/2004 3:03:40 PM | Attr =    ]
a2service.exe -> %ProgramFiles%\VirusCrap\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 31/08/2007 8:24:24 PM | Attr =    ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 25/09/2007 9:00:46 AM | Attr =    ]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.19 | Size = 45056 bytes | Modified Date = 19/08/2004 1:40:08 PM | Attr =    ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 13/09/2004 3:33:20 PM | Attr =    ]
ashdisp.exe -> %ProgramFiles%\VirusCrap\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 3:06:10 AM | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\VirusCrap\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 3:05:42 AM | Attr =    ]
ashserv.exe -> %ProgramFiles%\VirusCrap\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 3:06:04 AM | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\VirusCrap\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 3:04:44 AM | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\VirusCrap\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 2:54:58 AM | Attr =    ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29/10/2003 2:06:00 AM | Attr =    ]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 23/02/2005 3:19:56 PM | Attr =    ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 07/09/2004 3:02:40 PM | Attr =    ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 77824 bytes | Modified Date = 19/07/2005 10:06:12 PM | Attr =    ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 30/10/2004 1:59:54 PM | Attr =    ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 114688 bytes | Modified Date = 19/07/2005 10:10:06 PM | Attr =    ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 159744 bytes | Modified Date = 19/07/2005 10:06:04 PM | Attr =    ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 7:05:42 PM | Attr =    ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 3:50:18 PM | Attr =    ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 7:05:48 PM | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 19/11/2003 4:48:14 PM | Attr =    ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 09/06/2005 7:53:18 AM | Attr =    ]
pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611  | Size = 290816 bytes | Modified Date = 11/04/2004 7:15:14 PM | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 10:54:04 AM | Attr =    ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe ->  [Ver = 0, 5, 5, 0 | Size = 684032 bytes | Modified Date = 01/09/2005 4:24:08 PM | Attr =    ]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 10:05:26 PM | Attr =    ]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 30/12/2005 9:29:02 PM | Attr =    ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 07/09/2004 3:02:04 PM | Attr =    ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 07/09/2004 3:05:10 PM | Attr =    ]
superantispyware.exe -> %ProgramFiles%\VirusCrap\SuperAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 2:06:28 PM | Attr =    ]
tosbtmng1.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 22/12/2004 12:42:22 PM | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 AM | Attr =    ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 07/09/2004 3:12:32 PM | Attr =    ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 45 | Size = 389120 bytes | Modified Date = 07/09/2004 3:08:02 PM | Attr =    ]

[crafty_kd]

[Win32 Services - Non-Microsoft Only]
(a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\VirusCrap\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 31/08/2007 8:24:24 PM | Attr =    ]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 25/09/2007 9:00:46 AM | Attr =    ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 02/04/2006 3:10:34 PM | Attr =    ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\VirusCrap\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 2:54:58 AM | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\VirusCrap\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 3:06:04 AM | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\VirusCrap\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 3:05:42 AM | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\VirusCrap\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 3:04:44 AM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 4:00:00 AM | Attr =    ]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 07/09/2004 3:02:40 PM | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 1:41:10 AM | Attr =    ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 7:05:42 PM | Attr =    ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 09/06/2005 7:53:18 AM | Attr =    ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 07/09/2004 3:02:04 PM | Attr =    ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 07/09/2004 3:05:10 PM | Attr =    ]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 07/09/2004 3:12:32 PM | Attr =    ]

[crafty_kd]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 13/09/2004 3:33:20 PM | Attr =    ]
avast! -> %ProgramFiles%\VirusCrap\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 3:06:10 AM | Attr =    ]
Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe ->  [Ver = 0, 5, 5, 0 | Size = 684032 bytes | Modified Date = 01/09/2005 4:24:08 PM | Attr =    ]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 23/02/2005 3:19:56 PM | Attr =    ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 77824 bytes | Modified Date = 19/07/2005 10:06:12 PM | Attr =    ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 114688 bytes | Modified Date = 19/07/2005 10:10:06 PM | Attr =    ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 94208 bytes | Modified Date = 19/07/2005 10:09:26 PM | Attr =    ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 30/10/2004 1:59:54 PM | Attr =    ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 27/07/2004 3:50:42 PM | Attr =    ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 3:50:18 PM | Attr =    ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 7:05:48 PM | Attr =    ]
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Modified Date = 12/08/2005 5:16:44 PM | Attr =    ]
NeroCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 12:50:42 PM | Attr =    ]
PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611  | Size = 290816 bytes | Modified Date = 11/04/2004 7:15:14 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 10:54:04 AM | Attr =    ]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 30/12/2005 9:29:02 PM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 19/11/2003 4:48:14 PM | Attr =    ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\VirusCrap\SuperAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 2:06:28 PM | Attr =    ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 8:16:50 PM | Attr =    ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 10:05:26 PM | Attr =    ]
%AllUsersStartup%\Bluetooth Manager.lnk -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 22/12/2004 12:42:22 PM | Attr =    ]
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29/10/2003 2:06:00 AM | Attr =    ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\VirusCrap\SuperAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 1:55:48 PM | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\VirusCrap\SuperAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 1:41:36 PM | Attr =    ]
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4363 | Size = 135168 bytes | Modified Date = 19/07/2005 10:05:16 PM | Attr =    ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 1, 0 | Size = 110592 bytes | Modified Date = 07/09/2004 3:08:06 PM | Attr =    ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ ->  ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1       localhost ->  ->

[crafty_kd]

< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.globeandmail.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> File not found
{1A031B59-131C-462C-B461-5B0C517B570B} [HKLM] -> %System32%\sstqr.dll [Reg Data - Value does not exist] ->  [Ver =  | Size = 325728 bytes | Modified Date = 06/10/2007 4:29:50 PM | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 2:04:00 AM | Attr =    ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 05/08/2005 3:08:26 PM | Attr =    ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel ->  -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{71B36D95-4FB0-4D5F-BBE3-714F9CF67B4F} ->    (Intel(R) PRO/Wireless 2915ABG Network Connection) ->
{932326F7-8F71-45F0-AF82-8A7F3E47BF6D} ->    (1394 Net Adapter) ->
{D72795FF-6CCF-4907-B6CA-431643361D19} ->    (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ->  - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by137fd.bay137.hotmail.msn.com/resources/MsnPUpld.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -> Solitaire Showdown Class - CodeBase = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab ->

[crafty_kd]

[Files/Folders - Created Within 30 days]
6c5d95b0f7a967861ce081828f -> %SystemDrive%\6c5d95b0f7a967861ce081828f ->  [Folder | Created Date = 08/10/2007 4:30:08 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1064763392 bytes | Created Date = 01/01/1601 8:00:00 AM | Attr =  HS]
qoobox -> %SystemDrive%\qoobox ->  [Folder | Created Date = 08/10/2007 3:10:54 PM | Attr =    ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 07/10/2007 10:35:49 PM | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 11:11:13 AM | Attr =  H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 3:24:38 PM | Attr =  H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 3:36:44 PM | Attr =  H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 5:51:31 PM | Attr =  H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 7:55:34 PM | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 07/10/2007 10:35:49 PM | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 11:11:13 AM | Attr =  H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 3:24:37 PM | Attr =  H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 3:36:43 PM | Attr =  H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 5:51:31 PM | Attr =  H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 7:55:34 PM | Attr =  H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 08/10/2007 12:01:15 AM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 08/10/2007 4:45:29 PM | Attr =    ]
$NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ ->  [Folder | Created Date = 08/10/2007 4:19:32 PM | Attr =  H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ ->  [Folder | Created Date = 08/10/2007 4:29:37 PM | Attr =  H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ ->  [Folder | Created Date = 08/10/2007 4:29:50 PM | Attr =  H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ ->  [Folder | Created Date = 08/10/2007 4:30:28 PM | Attr =  H ]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 135168 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 08/10/2007 3:09:20 PM | Attr =    ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 08/10/2007 2:15:56 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 08/10/2007 2:15:56 PM | Attr =  H ]
actskin4.ocx -> %System32%\actskin4.ocx ->  [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 08/10/2007 1:29:10 AM | Attr =    ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Created Date = 08/10/2007 1:29:10 AM | Attr =    ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Created Date = 08/10/2007 1:29:21 AM | Attr =    ]
rqtss.ini -> %System32%\rqtss.ini ->  [Ver =  | Size = 21374 bytes | Created Date = 08/10/2007 7:46:24 PM | Attr =  HS]
rqtss.ini2 -> %System32%\rqtss.ini2 ->  [Ver =  | Size = 20129 bytes | Created Date = 08/10/2007 3:17:21 PM | Attr =  HS]
sstqr.dll -> %System32%\sstqr.dll ->  [Ver =  | Size = 325728 bytes | Created Date = 06/10/2007 3:29:35 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
XPSViewer -> %System32%\XPSViewer ->  [Folder | Created Date = 08/10/2007 4:33:50 PM | Attr =    ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Created Date = 08/10/2007 1:29:25 AM | Attr =    ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Created Date = 08/10/2007 1:29:19 AM | Attr =    ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Created Date = 08/10/2007 1:29:19 AM | Attr =    ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Created Date = 08/10/2007 1:29:28 AM | Attr =    ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Created Date = 08/10/2007 1:29:26 AM | Attr =    ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 08/10/2007 2:18:01 AM | Attr =    ]

[crafty_kd]

[Files/Folders - Modified Within 30 days]
6c5d95b0f7a967861ce081828f -> %SystemDrive%\6c5d95b0f7a967861ce081828f ->  [Folder | Modified Date = 08/10/2007 5:30:26 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1064763392 bytes | Modified Date = 08/10/2007 8:56:30 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 08/10/2007 6:03:26 PM | Attr = R  ]
qoobox -> %SystemDrive%\qoobox ->  [Folder | Modified Date = 08/10/2007 4:38:00 PM | Attr =    ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 07/10/2007 11:35:50 PM | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 12:11:14 PM | Attr =  H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 4:24:40 PM | Attr =  H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 4:36:46 PM | Attr =  H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 6:51:32 PM | Attr =  H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 8:55:36 PM | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 07/10/2007 11:35:50 PM | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 12:11:14 PM | Attr =  H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 4:24:40 PM | Attr =  H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 4:36:44 PM | Attr =  H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 6:51:32 PM | Attr =  H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 8:55:36 PM | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 08/10/2007 4:07:26 PM | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 08/10/2007 1:01:16 AM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 08/10/2007 8:41:48 PM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 08/10/2007 5:45:30 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 08/10/2007 5:16:20 PM | Attr =  H ]
$NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ ->  [Folder | Modified Date = 08/10/2007 5:19:36 PM | Attr =  H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ ->  [Folder | Modified Date = 08/10/2007 5:29:40 PM | Attr =  H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ ->  [Folder | Modified Date = 08/10/2007 5:29:52 PM | Attr =  H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ ->  [Folder | Modified Date = 08/10/2007 5:30:30 PM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 08/10/2007 7:11:36 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 08/10/2007 8:56:32 PM | Attr =   S]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 135168 bytes | Modified Date = 28/09/2007 9:06:10 AM | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 08/10/2007 4:55:12 PM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 08/10/2007 8:53:04 PM | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 08/10/2007 5:33:44 PM | Attr = R S]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 08/10/2007 5:31:44 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 08/10/2007 5:39:56 PM | Attr =  HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 08/10/2007 7:11:40 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 08/10/2007 4:06:36 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 08/10/2007 3:15:58 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 08/10/2007 6:37:56 PM | Attr =  H ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 08/10/2007 4:56:16 PM | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 08/10/2007 8:58:18 PM | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 08/10/2007 8:58:20 PM | Attr =    ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 223 bytes | Modified Date = 08/10/2007 12:19:28 AM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 08/10/2007 5:24:58 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 08/10/2007 8:56:52 PM | Attr =  H ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 08/10/2007 5:29:48 PM | Attr =    ]
config -> %System32%\config ->  [Folder | Modified Date = 08/10/2007 4:31:40 PM | Attr =    ]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 08/10/2007 2:29:26 AM | Attr =    ]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 08/10/2007 5:31:18 PM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 08/10/2007 6:12:58 PM | Attr =    ]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 08/10/2007 5:33:48 PM | Attr =    ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 158752 bytes | Modified Date = 08/10/2007 6:08:56 PM | Attr =    ]
FxsTmp -> %System32%\FxsTmp ->  [Folder | Modified Date = 08/10/2007 6:24:32 PM | Attr =    ]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 71198 bytes | Modified Date = 08/10/2007 5:39:34 PM | Attr =    ]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 438270 bytes | Modified Date = 08/10/2007 5:39:34 PM | Attr =    ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 516442 bytes | Modified Date = 08/10/2007 5:39:34 PM | Attr =    ]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 08/10/2007 4:07:26 PM | Attr =    ]
rqtss.ini -> %System32%\rqtss.ini ->  [Ver =  | Size = 21374 bytes | Modified Date = 08/10/2007 8:58:18 PM | Attr =  HS]
rqtss.ini2 -> %System32%\rqtss.ini2 ->  [Ver =  | Size = 20129 bytes | Modified Date = 08/10/2007 8:44:52 PM | Attr =  HS]
spool -> %System32%\spool ->  [Folder | Modified Date = 08/10/2007 5:31:30 PM | Attr =    ]
sstqr.dll -> %System32%\sstqr.dll ->  [Ver =  | Size = 325728 bytes | Modified Date = 06/10/2007 4:29:50 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 05/10/2007 10:07:32 AM | Attr =    ]
usmt -> %System32%\usmt ->  [Folder | Modified Date = 08/10/2007 5:19:50 PM | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 08/10/2007 8:57:40 PM | Attr =    ]
XPSViewer -> %System32%\XPSViewer ->  [Folder | Modified Date = 08/10/2007 5:33:52 PM | Attr =    ]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 08/10/2007 4:34:08 PM | Attr =    ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 07/10/2007 2:18:38 PM | Attr =    ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 ,  -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 06/09/2007 3:09:50 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 07/10/2005 10:14:52 AM | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 04/08/2004 4:00:00 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 05/10/2007 10:07:32 AM | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 04/08/2004 4:00:00 AM | Attr =    ]

< End of report >

[mauserme]

I think these are still on your computer

[Files/Folders - Created Within 30 days]
NY -> rqtss.ini -> %System32%\rqtss.ini
NY -> rqtss.ini2 -> %System32%\rqtss.ini2
NY -> sstqr.dll -> %System32%\sstqr.dll

so lets try moving them again and see if that's the case.

Copy/Paste the information in the quotebox into the pane where it says "Paste fix here" and then click the Run Fix button.  Then post the results.

[crafty_kd]

[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\rqtss.ini moved successfully.
C:\WINDOWS\SYSTEM32\rqtss.ini2 moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\sstqr.dll scheduled to be moved on reboot.
< End of log >
Created on 10/08/2007 21:25:57

...sstqr.dll!!!

Should I reboot again and see if it works this time?

[mauserme]

Yes, reboot.  But I'm going to need to research this more.  For now let's at least remove the old Java that allowed Vundo in.

Download and install the latest version of Java from here

http://filehippo.com/download_java_runtime/

Then boot into safe mode (restart you computer and contunally hit F8 until you see the option for Safe Mode).  In safe mode open Add/Remove Programs in the Control Panel and uninstall any versions of Java older than the one you just installed.  You need to uninstall manually as the update will not do this.

I'll post again tomorrow.