-
ComboFix 08-08-09.06 - Owner 2008-08-10 9:27:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.653 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
/wow section - STAGE 40
pv: No matching processes found
The syntax of the command is incorrect.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\lsass.exe
C:\WINDOWS\17PHolmes1188.exe
C:\WINDOWS\BM3b1f74fb.txt
C:\WINDOWS\BM3b1f74fb.xml
C:\WINDOWS\system32\aombbmkt.dll
C:\WINDOWS\system32\ctjmdz.dll
C:\WINDOWS\system32\dipgumfu.exe
C:\WINDOWS\system32\djvythqt.exe
C:\WINDOWS\system32\iifcCurP.dll
C:\WINDOWS\system32\ljJaawVO.dll
C:\WINDOWS\system32\mqdnimea.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nnnMgfFu.dll
C:\WINDOWS\system32\ocujlfaw.dll
C:\WINDOWS\system32\OVwaaJjl.ini
C:\WINDOWS\system32\OVwaaJjl.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\sokpej.dll
C:\WINDOWS\system32\sqjawspc.dll
C:\WINDOWS\system32\tkmbbmoa.ini
C:\WINDOWS\system32\vtUonmKd.dll
C:\WINDOWS\system32\wafljuco.ini
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-09 14:13 . 2008-08-09 14:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-09 14:13 . 2008-08-09 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-09 13:29 . 2008-08-09 13:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 13:29 . 2008-08-09 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 13:19 . 2008-08-09 13:19 <DIR> d-------- C:\Program Files\FireTrust
2008-08-09 13:19 . 2008-08-09 13:19 <DIR> d-------- C:\Program Files\BillP Studios
2008-08-09 13:19 . 2008-08-09 13:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\WinPatrol
2008-08-09 13:19 . 2008-08-10 08:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteHound
2008-08-08 23:54 . 2008-08-08 23:54 <DIR> d-------- C:\WINDOWS\system32\kBin02
2008-08-08 23:54 . 2008-08-08 23:54 <DIR> d-------- C:\Temp\epr1
2008-08-08 23:54 . 2008-08-10 08:54 190,398 --a------ C:\Temp\nbU103h.exe
2008-08-08 23:54 . 2008-08-08 23:54 77 --a------ C:\Documents and Settings\Owner\8124.bat
2008-08-08 20:36 . 2008-08-08 20:36 <DIR> d-------- C:\WINDOWS\Sun
2008-08-08 20:29 . 2008-08-08 20:29 <DIR> d-------- C:\Program Files\Java
2008-08-08 20:29 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-08 20:27 . 2008-08-08 20:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-07 20:40 . 2008-08-07 20:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 20:40 . 2008-08-07 20:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-07 20:40 . 2008-08-07 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 20:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 20:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-06 20:27 . 2008-08-06 20:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-06 17:05 . 2008-08-06 17:05 <DIR> d-------- C:\Program Files\100% Free Hearts Toolbar
2008-08-03 11:52 . 2008-08-09 14:16 <DIR> d-------- C:\Program Files\iTunes
2008-08-03 11:52 . 2008-08-03 11:52 <DIR> d-------- C:\Program Files\iPod
2008-08-03 11:52 . 2008-08-03 11:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-08-03 11:51 . 2008-08-09 14:14 <DIR> d-------- C:\Program Files\QuickTime
2008-08-03 11:51 . 2008-08-09 14:15 <DIR> d-------- C:\Program Files\Bonjour
2008-08-03 11:50 . 2008-08-03 11:50 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-03 11:50 . 2008-08-09 14:13 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-03 11:50 . 2008-08-06 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-31 18:57 . 2008-07-31 18:57 <DIR> d-------- C:\Program Files\DreamQuest
2008-07-26 22:51 . 2008-07-26 22:51 0 --a------ C:\WINDOWS\system32\SigUpdRequest_1217127097.tmp
2008-07-26 21:38 . 2008-08-10 09:21 247,716 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-07-26 21:38 . 2008-08-10 09:21 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-07-26 21:36 . 2008-08-10 09:21 247,716 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-07-26 21:36 . 2007-07-11 11:39 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 132,920 --a------ C:\WINDOWS\system32\drivers\NETFLTDI.SYS
2008-07-26 21:36 . 2007-05-11 09:33 71,736 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2008-07-26 21:36 . 2007-05-11 09:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 22,072 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2008-07-26 21:36 . 2008-08-10 09:21 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-07-26 21:20 . 2008-07-26 21:20 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-07-26 21:19 . 2007-07-12 08:42 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll
2008-07-26 21:19 . 2007-03-13 18:01 161,328 --a------ C:\WINDOWS\system32\TpUtil.dll
2008-07-26 21:19 . 2007-02-08 11:53 107,568 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2008-07-26 21:19 . 2007-02-28 18:04 63,024 --a------ C:\WINDOWS\system32\pavipc.dll
2008-07-26 21:19 . 2007-03-15 19:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-07-26 21:19 . 2007-06-08 08:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2008-07-26 21:18 . 2008-07-26 21:18 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-07-26 21:16 . 2007-07-12 08:49 178,872 -ra------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-07-26 21:16 . 2007-05-23 10:40 38,968 -ra------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-07-26 20:24 . 2008-08-09 09:55 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-07-26 20:14 . 2007-06-06 05:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-07-26 20:13 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2008-07-26 20:13 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2008-07-26 20:12 . 2003-10-22 18:23 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2008-07-26 20:12 . 2007-04-24 15:43 142,128 --a------ C:\WINDOWS\system32\drivers\netimflt.sys
2008-07-26 20:12 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-07-26 20:12 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-26 20:12 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
2008-07-26 19:55 . 2008-07-26 19:55 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2008-07-26 19:40 . 2008-07-26 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-07-26 18:58 . 2008-07-26 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-07-26 18:55 . 2008-07-26 18:55 <DIR> d-------- C:\Program Files\Panda Security
2008-07-26 18:55 . 2008-07-26 18:55 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-26 17:59 . 2008-07-26 21:16 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-07-26 17:13 . 2008-08-09 23:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-26 17:04 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-07-26 17:03 . 2008-07-26 17:03 <DIR> d-------- C:\Program Files\MSBuild
2008-07-26 17:00 . 2008-07-26 17:00 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-26 16:59 . 2008-07-26 16:59 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-26 16:59 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-07-21 19:08 . 2008-07-21 19:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 18:32 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-21 18:32 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-21 18:32 . 2008-04-13 14:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-21 18:32 . 2008-04-13 14:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-20 08:31 . 2008-07-20 08:31 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-07-20 08:28 . 2008-07-20 08:32 <DIR> d-------- C:\Program Files\AutoCAD 2006
2008-07-20 08:28 . 2008-07-26 17:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Autodesk
2008-07-20 08:28 . 2008-07-20 08:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-20 08:27 . 2008-07-26 23:44 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-20 08:26 . 2008-07-20 08:26 <DIR> d-------- C:\Program Files\Autodesk
2008-07-20 07:48 . 2008-08-06 17:05 <DIR> d-------- C:\Documents and Settings\Administrator.ROBANDSHE
2008-07-19 17:33 . 2008-07-20 07:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-18 12:06 . 2008-07-29 19:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-18 09:46 . 2008-07-18 09:46 <DIR> d-------- C:\Program Files\Real
2008-07-18 09:45 . 2008-07-19 16:58 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-17 09:38 . 2008-07-20 08:25 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-07-16 22:26 . 2008-07-16 22:26 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-16 22:26 . 2008-07-16 22:26 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-16 22:25 . 2008-07-16 22:25 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-16 22:25 . 2008-07-16 22:25 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-16 22:23 . 2008-07-16 22:23 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-16 22:15 . 2008-07-16 22:15 <DIR> d-------- C:\WINDOWS\EHome
2008-07-16 22:08 . 2008-04-13 20:12 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-07-16 21:50 . 2008-07-16 21:50 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-16 21:11 . 2008-04-13 20:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-16 21:09 . 2008-07-16 21:09 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-16 21:07 . 2004-08-12 09:57 1,361 --a------ C:\WINDOWS\system32\fxscount.h
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 03:47 --------- d-----w C:\Program Files\Verizon
2008-07-27 03:45 --------- d-----w C:\Program Files\Common Files\Motive
2008-07-27 00:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-20 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 20:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-19 20:57 --------- d-----w C:\Program Files\NOS
2008-07-18 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-18 16:07 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-14 23:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Motive
2008-07-14 23:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Motive
2008-07-10 23:36 --------- d-----w C:\Program Files\GVC Modem User Guide
2008-07-09 22:40 --------- d-----w C:\Program Files\Intel
2008-07-09 22:22 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-09 22:21 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-06 15:55 --------- d-----w C:\Program Files\Motive
2008-07-05 22:12 --------- d-----w C:\Program Files\Common Files\Authentium
2008-07-04 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 23:02 --------- d-----w C:\Program Files\Lavasoft
2008-07-04 23:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-07-04 15:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-02 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-07-02 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-28 14:17 155,995 ----a-w C:\WINDOWS\java\Packages\9RHJBLVB.ZIP
2008-06-28 12:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37 936960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 12:58 333120]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ljJaawVO
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 10:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 CPoint;Panda CPoint Driver.;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 08:49]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 14:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7871d40-65c2-11dd-8e27-001111437762}]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder
2008-07-18 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 09:42]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wlxtuf1c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://finance.yahoo.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 09:33:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\avciman.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe
.
**************************************************************************
.
Completion time: 2008-08-10 9:37:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-10 13:37:11
ComboFix2.txt 2008-08-06 22:48:20
Pre-Run: 71,905,415,168 bytes free
Post-Run: 71,826,567,168 bytes free
262 --- E O F --- 2008-08-10 13:36:16
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:28 AM, on 8/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\Firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVJOBS.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\ActHosp.exe
C:\Program Files\Trend Micro\HijackThis\Finder.exe.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
--
End of file - 6201 bytes
-
Hi mxmstrs
1 - Run CFScript
Open Notepad and copy/paste the text in the box into the window:
Code:
File::
C:\Documents and Settings\Owner\8124.bat
Folder::
C:\WINDOWS\system32\kBin02
C:\Temp
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\ lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v6...FScriptB-4.gif
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
2- Status Check
Please reply with
1. the ComboFix log
2 a fresh HijackThis log
Thanks peku006
-
Spybot scans before and after the latest combofix and HJT scans show NO VIRTUMONDE OR SMITFRAUD.
Repeat: NO VIRTUMONDE OR SMITFRAUD or any malware of any kind.
I can't thank you enough but I will remain vigil.
here are the latest log files.
ComboFix 08-08-09.06 - Owner 2008-08-10 14:00:40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.663 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\Owner\8124.bat
.
/wow section - STAGE 40
pv: No matching processes found
The syntax of the command is incorrect.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\8124.bat
C:\Temp
C:\Temp\nbU103h.exe
C:\Temp\syschk3\tdirp5.log
C:\WINDOWS\system32\kBin02
C:\WINDOWS\system32\kBin02\kBin022328.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-09 14:13 . 2008-08-09 14:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-09 14:13 . 2008-08-09 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-09 13:29 . 2008-08-09 13:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 13:29 . 2008-08-09 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 13:19 . 2008-08-09 13:19 <DIR> d-------- C:\Program Files\FireTrust
2008-08-09 13:19 . 2008-08-09 13:19 <DIR> d-------- C:\Program Files\BillP Studios
2008-08-09 13:19 . 2008-08-09 13:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\WinPatrol
2008-08-09 13:19 . 2008-08-10 08:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteHound
2008-08-08 20:36 . 2008-08-08 20:36 <DIR> d-------- C:\WINDOWS\Sun
2008-08-08 20:29 . 2008-08-08 20:29 <DIR> d-------- C:\Program Files\Java
2008-08-08 20:29 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-08 20:27 . 2008-08-08 20:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-07 20:40 . 2008-08-07 20:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 20:40 . 2008-08-07 20:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-07 20:40 . 2008-08-07 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 20:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 20:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-06 20:27 . 2008-08-06 20:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-06 17:05 . 2008-08-06 17:05 <DIR> d-------- C:\Program Files\100% Free Hearts Toolbar
2008-08-03 11:52 . 2008-08-09 14:16 <DIR> d-------- C:\Program Files\iTunes
2008-08-03 11:52 . 2008-08-03 11:52 <DIR> d-------- C:\Program Files\iPod
2008-08-03 11:52 . 2008-08-03 11:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-08-03 11:51 . 2008-08-09 14:14 <DIR> d-------- C:\Program Files\QuickTime
2008-08-03 11:51 . 2008-08-09 14:15 <DIR> d-------- C:\Program Files\Bonjour
2008-08-03 11:50 . 2008-08-03 11:50 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-03 11:50 . 2008-08-09 14:13 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-03 11:50 . 2008-08-06 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-31 18:57 . 2008-07-31 18:57 <DIR> d-------- C:\Program Files\DreamQuest
2008-07-26 22:51 . 2008-07-26 22:51 0 --a------ C:\WINDOWS\system32\SigUpdRequest_1217127097.tmp
2008-07-26 21:38 . 2008-08-10 14:04 245,544 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-07-26 21:38 . 2008-08-10 14:04 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-07-26 21:36 . 2008-08-10 14:04 245,544 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-07-26 21:36 . 2007-07-11 11:39 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 132,920 --a------ C:\WINDOWS\system32\drivers\NETFLTDI.SYS
2008-07-26 21:36 . 2007-05-11 09:33 71,736 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2008-07-26 21:36 . 2007-05-11 09:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 22,072 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2008-07-26 21:36 . 2008-08-10 14:04 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-07-26 21:20 . 2008-07-26 21:20 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-07-26 21:19 . 2007-07-12 08:42 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll
2008-07-26 21:19 . 2007-03-13 18:01 161,328 --a------ C:\WINDOWS\system32\TpUtil.dll
2008-07-26 21:19 . 2007-02-08 11:53 107,568 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2008-07-26 21:19 . 2007-02-28 18:04 63,024 --a------ C:\WINDOWS\system32\pavipc.dll
2008-07-26 21:19 . 2007-03-15 19:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-07-26 21:19 . 2007-06-08 08:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2008-07-26 21:18 . 2008-07-26 21:18 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-07-26 21:16 . 2007-07-12 08:49 178,872 -ra------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-07-26 21:16 . 2007-05-23 10:40 38,968 -ra------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-07-26 20:24 . 2008-08-10 09:42 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-07-26 20:14 . 2007-06-06 05:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-07-26 20:13 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2008-07-26 20:13 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2008-07-26 20:12 . 2003-10-22 18:23 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2008-07-26 20:12 . 2007-04-24 15:43 142,128 --a------ C:\WINDOWS\system32\drivers\netimflt.sys
2008-07-26 20:12 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-07-26 20:12 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-26 20:12 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
2008-07-26 19:55 . 2008-07-26 19:55 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2008-07-26 19:40 . 2008-07-26 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-07-26 18:58 . 2008-07-26 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-07-26 18:55 . 2008-07-26 18:55 <DIR> d-------- C:\Program Files\Panda Security
2008-07-26 18:55 . 2008-07-26 18:55 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-26 17:59 . 2008-07-26 21:16 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-07-26 17:13 . 2008-08-09 23:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-26 17:04 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-07-26 17:03 . 2008-07-26 17:03 <DIR> d-------- C:\Program Files\MSBuild
2008-07-26 17:00 . 2008-07-26 17:00 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-26 16:59 . 2008-07-26 16:59 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-26 16:59 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-07-21 19:08 . 2008-07-21 19:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 18:32 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-21 18:32 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-21 18:32 . 2008-04-13 14:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-21 18:32 . 2008-04-13 14:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-20 08:31 . 2008-07-20 08:31 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-07-20 08:28 . 2008-07-20 08:32 <DIR> d-------- C:\Program Files\AutoCAD 2006
2008-07-20 08:28 . 2008-07-26 17:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Autodesk
2008-07-20 08:28 . 2008-07-20 08:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-20 08:27 . 2008-07-26 23:44 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-20 08:26 . 2008-07-20 08:26 <DIR> d-------- C:\Program Files\Autodesk
2008-07-20 07:48 . 2008-08-06 17:05 <DIR> d-------- C:\Documents and Settings\Administrator.ROBANDSHE
2008-07-19 17:33 . 2008-07-20 07:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-18 12:06 . 2008-07-29 19:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-18 09:46 . 2008-07-18 09:46 <DIR> d-------- C:\Program Files\Real
2008-07-18 09:45 . 2008-07-19 16:58 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-17 09:38 . 2008-07-20 08:25 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-07-16 22:26 . 2008-07-16 22:26 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-16 22:26 . 2008-07-16 22:26 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-16 22:25 . 2008-07-16 22:25 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-16 22:25 . 2008-07-16 22:25 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-16 22:23 . 2008-07-16 22:23 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-16 22:15 . 2008-07-16 22:15 <DIR> d-------- C:\WINDOWS\EHome
2008-07-16 22:08 . 2008-04-13 20:12 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-07-16 21:50 . 2008-07-16 21:50 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-16 21:11 . 2008-04-13 20:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-16 21:09 . 2008-07-16 21:09 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-16 21:07 . 2004-08-12 09:57 1,361 --a------ C:\WINDOWS\system32\fxscount.h
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 03:47 --------- d-----w C:\Program Files\Verizon
2008-07-27 03:45 --------- d-----w C:\Program Files\Common Files\Motive
2008-07-27 00:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-20 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 20:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-19 20:57 --------- d-----w C:\Program Files\NOS
2008-07-18 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-18 16:07 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-14 23:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Motive
2008-07-14 23:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Motive
2008-07-10 23:36 --------- d-----w C:\Program Files\GVC Modem User Guide
2008-07-09 22:40 --------- d-----w C:\Program Files\Intel
2008-07-09 22:22 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-09 22:21 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-06 15:55 --------- d-----w C:\Program Files\Motive
2008-07-05 22:12 --------- d-----w C:\Program Files\Common Files\Authentium
2008-07-04 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 23:02 --------- d-----w C:\Program Files\Lavasoft
2008-07-04 23:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-07-04 15:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-02 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-07-02 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-28 14:17 155,995 ----a-w C:\WINDOWS\java\Packages\9RHJBLVB.ZIP
2008-06-28 12:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 12:58 333120]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 10:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 CPoint;Panda CPoint Driver.;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 08:49]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 14:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7871d40-65c2-11dd-8e27-001111437762}]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder
2008-07-18 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 09:42]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 14:04:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
.
**************************************************************************
.
Completion time: 2008-08-10 14:07:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-10 18:07:03
ComboFix2.txt 2008-08-10 13:37:19
ComboFix3.txt 2008-08-06 22:48:20
Pre-Run: 71,758,393,344 bytes free
Post-Run: 71,758,016,512 bytes free
233 --- E O F --- 2008-08-10 17:04:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:18 PM, on 8/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\Firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Finder.exe.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\Upgrader.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
--
End of file - 5921 bytes
-
Hi mxmstrs
Logs, looks good but let's run one online scan to be sure........
Please go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
- Please post this log in your next reply.
Thanks peku006
-
virtumonde seems to have reappeared.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 12, 2008 00:22:13
Records in database: 1083893
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
F:\
Scan statistics:
Files scanned: 46762
Threat name: 7
Infected objects: 25
Suspicious objects: 0
Duration of the scan: 00:52:52
File name / Threat name / Threats count
C:\WINDOWS\system32\mhymaqbl.dll/C:\WINDOWS\system32\mhymaqbl.dll Infected: Trojan.Win32.Monder.etn 6
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\A1B3MEXG\kb456456[1] Infected: Trojan.Win32.Monder.etn 1
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U7WBCNSJ\kb767887[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.cko 1
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U7WBCNSJ\nbU103h[1].exe Infected: Trojan-Downloader.Win32.Small.buy 1
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U7WBCNSJ\nbU103h[1].exe Infected: Trojan-Downloader.Win32.Small.yxa 1
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U7WBCNSJ\nbU103h[1].exe Infected: Trojan.Win32.Agent.lom 1
C:\QooBox\Quarantine\C\Temp\nbU103h.exe.vir Infected: Trojan-Downloader.Win32.Small.buy 1
C:\QooBox\Quarantine\C\Temp\nbU103h.exe.vir Infected: Trojan-Downloader.Win32.Small.yxa 1
C:\QooBox\Quarantine\C\Temp\nbU103h.exe.vir Infected: Trojan.Win32.Agent.lom 1
C:\Temp\nbU103h.exe Infected: Trojan-Downloader.Win32.Small.buy 1
C:\Temp\nbU103h.exe Infected: Trojan-Downloader.Win32.Small.yxa 1
C:\Temp\nbU103h.exe Infected: Trojan.Win32.Agent.lom 1
C:\WINDOWS\system32\effeebvt.dll Infected: Trojan.Win32.Monder.etn 1
C:\WINDOWS\system32\gnsmylwi.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cko 1
C:\WINDOWS\system32\kBin02\kBin022328.exe Infected: Trojan-Downloader.Win32.VB.fen 1
C:\WINDOWS\system32\mhymaqbl.dll Infected: Trojan.Win32.Monder.etn 1
C:\WINDOWS\system32\syvaib.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cko 1
C:\WINDOWS\system32\wyicsc.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cko 1
C:\WINDOWS\system32\xwbounql.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cko 1
F:\System Volume Information\_restore{0F152EFF-99A1-46C7-A57D-4ACA7E7D730E}\RP102\A0023258.exe Infected: Trojan.Win32.VB.cng 1
The selected area was scanned.
-
Hi mxmstrs
You’ve done a good job so far..........
1 - Run CFScript
Open Notepad and copy/paste the text in the box into the window:
Code:
File::
C:\WINDOWS\system32\mhymaqbl.dll
C:\Temp\nbU103h.exe
C:\WINDOWS\system32\effeebvt.dll
C:\WINDOWS\system32\gnsmylwi.dll
C:\WINDOWS\system32\kBin02\kBin022328.exe
C:\WINDOWS\system32\syvaib.dll
C:\WINDOWS\system32\wyicsc.dll
C:\WINDOWS\system32\xwbounql.dll
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v6...FScriptB-4.gif
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
2- Status Check
Please reply with
1. the ComboFix log
2 a fresh HijackThis log
Thanks peku006
-
ComboFix 08-08-12.01 - Owner 2008-08-12 18:37:33.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.580 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Temp\nbU103h.exe
C:\WINDOWS\system32\effeebvt.dll
C:\WINDOWS\system32\gnsmylwi.dll
C:\WINDOWS\system32\kBin02\kBin022328.exe
C:\WINDOWS\system32\mhymaqbl.dll
C:\WINDOWS\system32\syvaib.dll
C:\WINDOWS\system32\wyicsc.dll
C:\WINDOWS\system32\xwbounql.dll
.
/wow section - STAGE 40
pv: No matching processes found
The syntax of the command is incorrect.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\nbU103h.exe
C:\WINDOWS\17PHolmes1188.exe
C:\WINDOWS\BM3b1f74fb.txt
C:\WINDOWS\BM3b1f74fb.xml
C:\WINDOWS\system32\DNpponnn.ini
C:\WINDOWS\system32\DNpponnn.ini2
C:\WINDOWS\system32\effeebvt.dll
C:\WINDOWS\system32\ghaqlsxv.dll
C:\WINDOWS\system32\gnsmylwi.dll
C:\WINDOWS\system32\jkkICtrs.dll
C:\WINDOWS\system32\kBin02\kBin022328.exe
C:\WINDOWS\system32\lbqamyhm.ini
C:\WINDOWS\system32\mhymaqbl.dll
C:\WINDOWS\system32\mlfilvcm.dll
C:\WINDOWS\system32\mmnudujd.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\myueyvys.exe
C:\WINDOWS\system32\nnnllMeE.dll
C:\WINDOWS\system32\nnnoppND.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qodijbtc.exe
C:\WINDOWS\system32\srtCIkkj.ini
C:\WINDOWS\system32\srtCIkkj.ini2
C:\WINDOWS\system32\ssqNEusR.dll
C:\WINDOWS\system32\suohbg.dll
C:\WINDOWS\system32\syvaib.dll
C:\WINDOWS\system32\tvbeeffe.ini
C:\WINDOWS\system32\wyicsc.dll
C:\WINDOWS\system32\xwbounql.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.
2008-08-11 14:04 . 2008-08-12 18:37 <DIR> d-------- C:\WINDOWS\system32\kBin02
2008-08-11 14:04 . 2008-08-11 14:04 <DIR> d-------- C:\Temp\epr1
2008-08-11 14:04 . 2008-08-12 18:37 <DIR> d-------- C:\Temp
2008-08-09 14:13 . 2008-08-09 14:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-09 14:13 . 2008-08-09 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-09 13:29 . 2008-08-09 13:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 13:29 . 2008-08-11 17:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 13:19 . 2008-08-09 13:19 <DIR> d-------- C:\Program Files\FireTrust
2008-08-09 13:19 . 2008-08-09 13:19 <DIR> d-------- C:\Program Files\BillP Studios
2008-08-09 13:19 . 2008-08-09 13:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\WinPatrol
2008-08-09 13:19 . 2008-08-10 08:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteHound
2008-08-08 20:36 . 2008-08-08 20:36 <DIR> d-------- C:\WINDOWS\Sun
2008-08-08 20:29 . 2008-08-08 20:29 <DIR> d-------- C:\Program Files\Java
2008-08-08 20:29 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-08 20:27 . 2008-08-08 20:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-07 20:40 . 2008-08-07 20:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 20:40 . 2008-08-07 20:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-07 20:40 . 2008-08-07 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 20:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 20:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-06 20:27 . 2008-08-06 20:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-06 17:05 . 2008-08-06 17:05 <DIR> d-------- C:\Program Files\100% Free Hearts Toolbar
2008-08-03 11:52 . 2008-08-09 14:16 <DIR> d-------- C:\Program Files\iTunes
2008-08-03 11:52 . 2008-08-03 11:52 <DIR> d-------- C:\Program Files\iPod
2008-08-03 11:52 . 2008-08-03 11:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-08-03 11:51 . 2008-08-09 14:14 <DIR> d-------- C:\Program Files\QuickTime
2008-08-03 11:51 . 2008-08-09 14:15 <DIR> d-------- C:\Program Files\Bonjour
2008-08-03 11:50 . 2008-08-03 11:50 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-03 11:50 . 2008-08-09 14:13 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-03 11:50 . 2008-08-06 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-31 18:57 . 2008-07-31 18:57 <DIR> d-------- C:\Program Files\DreamQuest
2008-07-26 22:51 . 2008-07-26 22:51 0 --a------ C:\WINDOWS\system32\SigUpdRequest_1217127097.tmp
2008-07-26 21:38 . 2008-08-12 18:44 247,716 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-07-26 21:38 . 2008-08-12 18:44 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-07-26 21:36 . 2008-08-12 18:44 247,716 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-07-26 21:36 . 2007-07-11 11:39 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 132,920 --a------ C:\WINDOWS\system32\drivers\NETFLTDI.SYS
2008-07-26 21:36 . 2007-05-11 09:33 71,736 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2008-07-26 21:36 . 2007-05-11 09:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2008-07-26 21:36 . 2007-05-11 09:33 22,072 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2008-07-26 21:36 . 2008-08-12 18:44 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-07-26 21:20 . 2008-07-26 21:20 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-07-26 21:19 . 2007-07-12 08:42 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll
2008-07-26 21:19 . 2007-03-13 18:01 161,328 --a------ C:\WINDOWS\system32\TpUtil.dll
2008-07-26 21:19 . 2007-02-08 11:53 107,568 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2008-07-26 21:19 . 2007-02-28 18:04 63,024 --a------ C:\WINDOWS\system32\pavipc.dll
2008-07-26 21:19 . 2007-03-15 19:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-07-26 21:19 . 2007-06-08 08:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2008-07-26 21:18 . 2008-07-26 21:18 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-07-26 21:16 . 2007-07-12 08:49 178,872 -ra------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-07-26 21:16 . 2007-05-23 10:40 38,968 -ra------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-07-26 20:24 . 2008-08-12 14:48 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-07-26 20:14 . 2007-06-06 05:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-07-26 20:13 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2008-07-26 20:13 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2008-07-26 20:12 . 2003-10-22 18:23 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2008-07-26 20:12 . 2007-04-24 15:43 142,128 --a------ C:\WINDOWS\system32\drivers\netimflt.sys
2008-07-26 20:12 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-07-26 20:12 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-26 20:12 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
2008-07-26 19:55 . 2008-07-26 19:55 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2008-07-26 19:40 . 2008-07-26 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-07-26 18:58 . 2008-07-26 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-07-26 18:55 . 2008-07-26 18:55 <DIR> d-------- C:\Program Files\Panda Security
2008-07-26 18:55 . 2008-07-26 18:55 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-26 17:59 . 2008-07-26 21:16 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-07-26 17:13 . 2008-08-12 15:07 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-26 17:04 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-07-26 17:03 . 2008-07-26 17:03 <DIR> d-------- C:\Program Files\MSBuild
2008-07-26 17:00 . 2008-07-26 17:00 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-26 16:59 . 2008-07-26 16:59 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-26 16:59 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-07-21 19:08 . 2008-07-21 19:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 18:32 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-21 18:32 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-21 18:32 . 2008-04-13 14:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-21 18:32 . 2008-04-13 14:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-20 08:31 . 2008-07-20 08:31 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-07-20 08:28 . 2008-07-20 08:32 <DIR> d-------- C:\Program Files\AutoCAD 2006
2008-07-20 08:28 . 2008-07-26 17:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Autodesk
2008-07-20 08:28 . 2008-07-20 08:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-20 08:27 . 2008-07-26 23:44 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-20 08:26 . 2008-07-20 08:26 <DIR> d-------- C:\Program Files\Autodesk
2008-07-20 07:48 . 2008-08-06 17:05 <DIR> d-------- C:\Documents and Settings\Administrator.ROBANDSHE
2008-07-19 17:33 . 2008-07-20 07:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-18 12:06 . 2008-07-29 19:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-18 09:46 . 2008-07-18 09:46 <DIR> d-------- C:\Program Files\Real
2008-07-18 09:45 . 2008-07-19 16:58 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-17 09:38 . 2008-07-20 08:25 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-07-16 22:26 . 2008-07-16 22:26 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-16 22:26 . 2008-07-16 22:26 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-16 22:25 . 2008-07-16 22:25 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-16 22:25 . 2008-07-16 22:25 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-16 22:23 . 2008-07-16 22:23 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-16 22:15 . 2008-07-16 22:15 <DIR> d-------- C:\WINDOWS\EHome
2008-07-16 22:08 . 2008-04-13 20:12 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-07-16 21:50 . 2008-07-16 21:50 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-16 21:11 . 2008-04-13 20:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-16 21:09 . 2008-07-16 21:09 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-16 21:09 . 2008-07-16 21:09 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-16 21:07 . 2004-08-12 09:57 1,361 --a------ C:\WINDOWS\system32\fxscount.h
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 03:47 --------- d-----w C:\Program Files\Verizon
2008-07-27 03:45 --------- d-----w C:\Program Files\Common Files\Motive
2008-07-27 00:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-20 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 20:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-19 20:57 --------- d-----w C:\Program Files\NOS
2008-07-18 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-18 16:07 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-14 23:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Motive
2008-07-14 23:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Motive
2008-07-10 23:36 --------- d-----w C:\Program Files\GVC Modem User Guide
2008-07-09 22:40 --------- d-----w C:\Program Files\Intel
2008-07-09 22:22 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-09 22:21 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-06 15:55 --------- d-----w C:\Program Files\Motive
2008-07-05 22:12 --------- d-----w C:\Program Files\Common Files\Authentium
2008-07-04 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 23:02 --------- d-----w C:\Program Files\Lavasoft
2008-07-04 23:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-07-04 15:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-02 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-07-02 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-28 12:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 12:58 333120]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\nnnoppND
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 10:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 CPoint;Panda CPoint Driver.;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 08:49]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 14:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7871d40-65c2-11dd-8e27-001111437762}]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-11 C:\WINDOWS\Tasks\Basic clean-up.job
- C:\Program Files\Panda Security\Panda Internet Security 2008\PlaTasks.exe [2007-07-17 15:13]
2008-07-18 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 09:42]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 18:43:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
.
**************************************************************************
.
Completion time: 2008-08-12 18:47:16 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-08-12 22:47:12
ComboFix2.txt 2008-08-10 18:07:08
Pre-Run: 71,911,784,448 bytes free
Post-Run: 71,840,456,704 bytes free
268 --- E O F --- 2008-08-12 22:46:40
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:35 PM, on 8/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\Firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Finder.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
--
End of file - 5836 bytes
-
Hi mxmstrs
- Please download OTScanIt.exe from Bleeping Computer by OldTimer and save it to your desktop.
- Double click on OTScanIt.exe to run it.
- Click on Extract. Once done, you will be prompted. Click OK and click Close.
- Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
- Under Drivers section, select Non-Microsoft.
- Click on the Run Scan button at the top left hand corner.
- OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.
Thanks peku006
-
hello, peku006. thanks for your help.
I am being notified that this file is too long so I will send it in 2 posts
[code]
OTScanIt logfile created on: 8/13/2008 6:02:20 PM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.08 Mb Total Physical Memory | 591.92 Mb Available Physical Memory | 58.37% Memory free
2.39 Gb Paging File | 2.07 Gb Available in Paging File | 86.77% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 67.01 Gb Free Space | 89.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.64 Gb Total Space | 421.28 Gb Free Space | 90.47% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROBANDSHE
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
[Processes - Non-Microsoft Only]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe -> BillP Studios [Ver = 15, 5, 2008, 0 | Size = 333120 bytes | Modified Date = 7/4/2008 12:58:06 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr = ]
psctrls.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PsCtrlS.exe -> Panda Software International [Ver = 3.06.02.00 | Size = 169264 bytes | Modified Date = 7/12/2007 11:47:30 AM | Attr = ]
pavfnsvr.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE -> Panda Software International [Ver = 8.14.02.00 | Size = 173360 bytes | Modified Date = 7/12/2007 11:47:26 AM | Attr = ]
pavprsrv.exe -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.3.0 | Size = 63024 bytes | Modified Date = 6/14/2007 11:38:02 AM | Attr = R ]
pavsrv51.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE -> Panda Software International [Ver = 2, 1, 26, 0 | Size = 148272 bytes | Modified Date = 7/16/2007 3:14:22 PM | Attr = ]
pskmssvc.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 4, 3, 1 | Size = 67120 bytes | Modified Date = 1/15/2007 2:42:16 PM | Attr = ]
avengine.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\AVENGINE.EXE -> Panda Software International [Ver = 2, 1, 29, 0 | Size = 96560 bytes | Modified Date = 7/6/2007 2:14:10 PM | Attr = ]
pshost.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe -> Panda Software International [Ver = 1, 0, 0, 20 | Size = 226864 bytes | Modified Date = 4/4/2007 11:45:08 AM | Attr = ]
psimsvc.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PsImSvc.exe -> Panda Software International [Ver = 2, 8, 8, 0 | Size = 108592 bytes | Modified Date = 5/24/2007 10:31:26 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr = ]
apvxdwin.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\apvxdwin.exe -> Panda Software International [Ver = 8.07.07.12 | Size = 406832 bytes | Modified Date = 7/23/2007 6:30:42 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 7/20/2008 3:58:48 PM | Attr = ]
srvload.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\SrvLoad.exe -> Panda Software International [Ver = 8,07.06.01 | Size = 91440 bytes | Modified Date = 6/20/2007 12:32:28 PM | Attr = ]
webproxy.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\WebProxy.exe -> Panda Software International [Ver = 7, 6, 29, 502 | Size = 83504 bytes | Modified Date = 6/7/2007 4:29:22 PM | Attr = ]
psimreal.exe -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\psimreal.exe -> Panda Software International [Ver = 2, 8, 8, 0 | Size = 60976 bytes | Modified Date = 5/24/2007 10:31:24 AM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 7/4/2008 7:03:07 PM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr = ]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 7/26/2008 5:09:02 PM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr = ]
(Panda Software Controller) Panda Software Controller [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PsCtrlS.exe -> Panda Software International [Ver = 3.06.02.00 | Size = 169264 bytes | Modified Date = 7/12/2007 11:47:30 AM | Attr = ]
(PAVFNSVR) Panda Function Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE -> Panda Software International [Ver = 8.14.02.00 | Size = 173360 bytes | Modified Date = 7/12/2007 11:47:26 AM | Attr = ]
(PavPrSrv) Panda Process Protection Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.3.0 | Size = 63024 bytes | Modified Date = 6/14/2007 11:38:02 AM | Attr = R ]
(PAVSRV) Panda anti-virus service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE -> Panda Software International [Ver = 2, 1, 26, 0 | Size = 148272 bytes | Modified Date = 7/16/2007 3:14:22 PM | Attr = ]
(pmshellsrv) Panda Antispam Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 4, 3, 1 | Size = 67120 bytes | Modified Date = 1/15/2007 2:42:16 PM | Attr = ]
(PSHost) Panda Host Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe -> Panda Software International [Ver = 1, 0, 0, 20 | Size = 226864 bytes | Modified Date = 4/4/2007 11:45:08 AM | Attr = ]
(PSIMSVC) Panda IManager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\PsImSvc.exe -> Panda Software International [Ver = 2, 8, 8, 0 | Size = 108592 bytes | Modified Date = 5/24/2007 10:31:26 AM | Attr = ]
[Driver Services - Non-Microsoft Only]
(APPFLT) App Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPFLT.SYS -> Panda Software [Ver = 2.2.0.44 | Size = 71736 bytes | Modified Date = 5/11/2007 9:33:04 AM | Attr = ]
(CPoint) Panda CPoint Driver. [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\cpoint.sys -> Panda Software [Ver = 1, 2, 0, 50 | Size = 24760 bytes | Modified Date = 6/8/2007 8:44:06 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 2:44:48 PM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 2:44:46 PM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/12/2004 9:56:57 AM | Attr = ]
(DSAFLT) DSA Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\dsaflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 51256 bytes | Modified Date = 5/11/2007 9:33:06 AM | Attr = ]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 7.1.12.0 built by: WinDDK | Size = 154112 bytes | Modified Date = 2/10/2004 3:49:14 PM | Attr = ]
(FNETMON) NetMon Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fnetmon.sys -> Panda Software [Ver = 2.2.0.27 | Size = 22072 bytes | Modified Date = 5/11/2007 9:33:18 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ]
(IDSFLT) Ids Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\idsflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 191672 bytes | Modified Date = 7/11/2007 11:39:48 AM | Attr = ]
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MREMPR5.sys -> Motive, Inc. [Ver = 503.1658.1 | Size = 19345 bytes | Modified Date = 3/11/2007 5:37:19 PM | Attr = ]
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 3/11/2007 5:37:20 PM | Attr = ]
(NETFLTDI) Panda Net Driver [TDI Layer] [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NETFLTDI.SYS -> Panda Software [Ver = 2.2.0.26 | Size = 132920 bytes | Modified Date = 5/11/2007 9:33:24 AM | Attr = ]
(NETIMFLT) PANDA NDIS IM Filter Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\netimflt.sys -> Panda Software [Ver = 1, 5, 0, 0 | Size = 142128 bytes | Modified Date = 4/24/2007 3:43:56 PM | Attr = ]
(OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 8/22/2001 8:42:58 AM | Attr = ]
(PAVDRV) PAVDRV [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\pavdrv51.sys -> Panda Software International [Ver = 7.1.1.0 (av07_rtm.070323-1018) | Size = 83640 bytes | Modified Date = 6/6/2007 5:43:32 AM | Attr = ]
(PavProc) Panda Process Protection Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PavProc.sys -> Panda Software International [Ver = 1.1.7.0 | Size = 178872 bytes | Modified Date = 7/12/2007 8:49:38 AM | Attr = R ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/12/2004 10:03:49 AM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:47:45 AM | Attr = ]
(ShldDrv) Panda File Shield Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ShlDrv51.sys -> Panda Software [Ver = 1.3.12.0 | Size = 38968 bytes | Modified Date = 5/23/2007 10:40:30 AM | Attr = R ]
(SMSFLT) SMS Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\smsflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 37304 bytes | Modified Date = 5/11/2007 9:33:32 AM | Attr = ]
(WNMFLT) Wifi Monitor Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wnmflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 30648 bytes | Modified Date = 5/11/2007 9:33:34 AM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 9.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 9.0.0.2008061200 | Size = 34672 bytes | Modified Date = 6/12/2008 2:38:00 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe [C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot] -> BillP Studios [Ver = 15, 5, 2008, 0 | Size = 333120 bytes | Modified Date = 7/4/2008 12:58:06 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk -> %CommonProgramFiles%\Autodesk Shared\acstart16.exe -> Autodesk, Inc [Ver = 16.2.54.0 | Size = 10872 bytes | Modified Date = 3/5/2005 4:18:22 PM | Attr = ]
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 8:12:19 PM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 8:12:24 PM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 8:12:41 PM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
avldr -> %SystemRoot%\system32\avldr.dll -> Panda Software International [Ver = 2, 1, 0, 2 | Size = 50736 bytes | Modified Date = 2/15/2007 8:02:20 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_CD-RW_GCE-8483B________________B105____\5&1ce3bd75&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 6/25/2008 7:04:18 PM | Attr = ]
autorun [] -> F:\autorun [ FAT32 ] -> [Folder | Modified Date = 5/8/2007 10:55:04 AM | Attr = ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://finance.yahoo.com/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;*.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3500 domain(s) found. ->
finance_yahoo.com [https] -> Trusted sites ->
27 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{852B91E9-841D-4922-9EF5-0F96E8EFC204} -> (Intel(R) PRO/100 VE Network Connection) ->
{F14DE070-8797-4F1B-BF5F-ECA87CA6EF90} -> () ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %ProgramFiles%\Panda Security\Panda Internet Security 2008\pavlsp.dll -> Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> ->
[Files/Folders - Created Within 30 days]
Boot.bak -> %SystemDrive%\Boot.bak -> [Ver = | Size = 211 bytes | Created Date = 8/6/2008 6:39:47 PM | Attr = ]
cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 8/6/2008 6:39:42 PM | Attr = ]
cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 260272 bytes | Created Date = 8/6/2008 6:39:43 PM | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 8/12/2008 6:53:13 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 8/10/2008 9:25:58 AM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 8/11/2008 2:04:01 PM | Attr = ]
big5.nls -> %SystemRoot%\System32\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 7/16/2008 9:11:04 PM | Attr = ]
bktrh.gif -> %SystemRoot%\System32\dllcache\bktrh.gif -> [Ver = | Size = 999 bytes | Created Date = 7/16/2008 10:08:19 PM | Attr = ]
bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 7/16/2008 9:11:05 PM | Attr = ]
cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 7/16/2008 9:11:11 PM | Attr = ]
chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 7/16/2008 9:11:14 PM | Attr = ]
cloapp.gif -> %SystemRoot%\System32\dllcache\cloapp.gif -> [Ver = | Size = 717 bytes | Created Date = 7/16/2008 10:08:20 PM | Attr = ]
cloapph.gif -> %SystemRoot%\System32\dllcache\cloapph.gif -> [Ver = | Size = 760 bytes | Created Date = 7/16/2008 10:08:20 PM | Attr = ]
cnt.gif -> %SystemRoot%\System32\dllcache\cnt.gif -> [Ver = | Size = 773 bytes | Created Date = 7/16/2008 10:08:21 PM | Attr = ]
cntd.gif -> %SystemRoot%\System32\dllcache\cntd.gif -> [Ver = | Size = 772 bytes | Created Date = 7/16/2008 10:08:21 PM | Attr = ]
cnth.gif -> %SystemRoot%\System32\dllcache\cnth.gif -> [Ver = | Size = 773 bytes | Created Date = 7/16/2008 10:08:21 PM | Attr = ]
compact.wmz -> %SystemRoot%\System32\dllcache\compact.wmz -> [Ver = | Size = 184959 bytes | Created Date = 7/16/2008 10:08:21 PM | Attr = ]
contents.htm -> %SystemRoot%\System32\dllcache\contents.htm -> [Ver = | Size = 8298 bytes | Created Date = 7/16/2008 10:08:21 PM | Attr = ]
controls.css -> %SystemRoot%\System32\dllcache\controls.css -> [Ver = | Size = 9585 bytes | Created Date = 7/16/2008 10:08:21 PM | Attr = ]
controls.js -> %SystemRoot%\System32\dllcache\controls.js -> [Ver = | Size = 6878 bytes | Created Date = 7/16/2008 10:08:21 PM | Attr = ]
copycd.wmv -> %SystemRoot%\System32\dllcache\copycd.wmv -> [Ver = | Size = 381425 bytes | Created Date = 7/16/2008 10:08:21 PM | Attr = ]
c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 7/16/2008 9:11:05 PM | Attr = ]
c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 7/16/2008 9:11:05 PM | Attr = ]
c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 7/16/2008 9:11:05 PM | Attr = ]
c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:05 PM | Attr = ]
c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:05 PM | Attr = ]
c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 7/16/2008 9:11:05 PM | Attr = ]
c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:06 PM | Attr = ]
c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 7/16/2008 9:11:07 PM | Attr = ]
c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 7/16/2008 9:11:07 PM | Attr = ]
c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 7/16/2008 9:11:07 PM | Attr = ]
c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 7/16/2008 9:11:07 PM | Attr = ]
c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 7/16/2008 9:11:07 PM | Attr = ]
c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 7/16/2008 9:11:07 PM | Attr = ]
c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 7/16/2008 9:11:07 PM | Attr = ]
c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:07 PM | Attr = ]
c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:07 PM | Attr = ]
c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:08 PM | Attr = ]
c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:09 PM | Attr = ]
c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:09 PM | Attr = ]
c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:09 PM | Attr = ]
c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:09 PM | Attr = ]
c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 7/16/2008 9:11:09 PM | Attr = ]
c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 7/16/2008 9:11:09 PM | Attr = ]
c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 7/16/2008 9:11:09 PM | Attr = ]
c_21025.nls -> %SystemRoot%\System32\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:09 PM | Attr = ]
c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:09 PM | Attr = ]
c_28596.nls -> %SystemRoot%\System32\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:09 PM | Attr = ]
c_708.nls -> %SystemRoot%\System32\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:10 PM | Attr = ]
c_720.nls -> %SystemRoot%\System32\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 7/16/2008 9:11:10 PM | Attr = ]
c_858.nls -> %SystemRoot%\System32\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 7/16/2008 9:11:10 PM | Attr = ]
c_862.nls -> %SystemRoot%\System32\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 7/16/2008 9:11:10 PM | Attr = ]
c_864.nls -> %SystemRoot%\System32\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 7/16/2008 9:11:10 PM | Attr = ]
c_870.nls -> %SystemRoot%\System32\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/16/2008 9:11:10 PM | Attr = ]
esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 7/16/2008 9:11:23 PM | Attr = ]
esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 7/16/2008 9:11:23 PM | Attr = ]
esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 7/16/2008 9:11:23 PM | Attr = ]
events.js -> %SystemRoot%\System32\dllcache\events.js -> [Ver = | Size = 5971 bytes | Created Date = 7/16/2008 10:08:24 PM | Attr = ]
hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 7/16/2008 9:11:28 PM | Attr = ]
HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 7/16/2008 8:55:37 PM | Attr = ]
htrn_jis.dll -> %SystemRoot%\System32\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 7/16/2008 9:11:29 PM | Attr = ]
hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 7/16/2008 9:11:32 PM | Attr = ]
IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 7/16/2008 8:55:37 PM | Attr = ]
imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 7/16/2008 9:11:41 PM | Attr = ]
imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 7/16/2008 9:11:43 PM | Attr = ]
imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 7/16/2008 9:11:43 PM | Attr = ]
korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 7/16/2008 9:11:51 PM | Attr = ]
ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 7/16/2008 9:11:51 PM | Attr = ]
l3codeca.acm -> %SystemRoot%\System32\dllcache\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Created Date = 7/16/2008 10:08:32 PM | Attr = ]
MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 7/16/2008 8:55:37 PM | Attr = ]
-
this is part 2 of the logfile.
mdlib.wmv -> %SystemRoot%\System32\dllcache\mdlib.wmv -> [Ver = | Size = 457607 bytes | Created Date = 7/16/2008 10:08:40 PM | Attr = ]
mplayer2.cnt -> %SystemRoot%\System32\dllcache\mplayer2.cnt -> [Ver = | Size = 1885 bytes | Created Date = 7/16/2008 10:08:43 PM | Attr = ]
mplayer2.hlp -> %SystemRoot%\System32\dllcache\mplayer2.hlp -> [Ver = | Size = 97117 bytes | Created Date = 7/16/2008 10:08:43 PM | Attr = ]
mplayer2.inf -> %SystemRoot%\System32\dllcache\mplayer2.inf -> [Ver = | Size = 18286 bytes | Created Date = 7/16/2008 10:08:43 PM | Attr = ]
mplogo.gif -> %SystemRoot%\System32\dllcache\mplogo.gif -> [Ver = | Size = 2545 bytes | Created Date = 7/16/2008 10:08:43 PM | Attr = ]
mplogoh.gif -> %SystemRoot%\System32\dllcache\mplogoh.gif -> [Ver = | Size = 2778 bytes | Created Date = 7/16/2008 10:08:43 PM | Attr = ]
MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 7/16/2008 8:55:37 PM | Attr = ]
npdrmv2.zip -> %SystemRoot%\System32\dllcache\npdrmv2.zip -> [Ver = | Size = 403 bytes | Created Date = 7/16/2008 10:08:56 PM | Attr = ]
npds.zip -> %SystemRoot%\System32\dllcache\npds.zip -> [Ver = | Size = 22060 bytes | Created Date = 7/16/2008 10:08:56 PM | Attr = ]
NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 7/16/2008 8:55:37 PM | Attr = ]
nuskin.wmv -> %SystemRoot%\System32\dllcache\nuskin.wmv -> [Ver = | Size = 375519 bytes | Created Date = 7/16/2008 10:08:58 PM | Attr = ]
OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7710 bytes | Created Date = 7/16/2008 8:55:37 PM | Attr = ]
pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 7/16/2008 9:12:11 PM | Attr = ]
plylst1.wpl -> %SystemRoot%\System32\dllcache\plylst1.wpl -> [Ver = | Size = 1250 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst10.wpl -> %SystemRoot%\System32\dllcache\plylst10.wpl -> [Ver = | Size = 787 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst11.wpl -> %SystemRoot%\System32\dllcache\plylst11.wpl -> [Ver = | Size = 789 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst12.wpl -> %SystemRoot%\System32\dllcache\plylst12.wpl -> [Ver = | Size = 1451 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst13.wpl -> %SystemRoot%\System32\dllcache\plylst13.wpl -> [Ver = | Size = 783 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst14.wpl -> %SystemRoot%\System32\dllcache\plylst14.wpl -> [Ver = | Size = 775 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst15.wpl -> %SystemRoot%\System32\dllcache\plylst15.wpl -> [Ver = | Size = 733 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst2.wpl -> %SystemRoot%\System32\dllcache\plylst2.wpl -> [Ver = | Size = 1049 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst3.wpl -> %SystemRoot%\System32\dllcache\plylst3.wpl -> [Ver = | Size = 1474 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst4.wpl -> %SystemRoot%\System32\dllcache\plylst4.wpl -> [Ver = | Size = 1448 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst5.wpl -> %SystemRoot%\System32\dllcache\plylst5.wpl -> [Ver = | Size = 1477 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst6.wpl -> %SystemRoot%\System32\dllcache\plylst6.wpl -> [Ver = | Size = 1477 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst7.wpl -> %SystemRoot%\System32\dllcache\plylst7.wpl -> [Ver = | Size = 1046 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst8.wpl -> %SystemRoot%\System32\dllcache\plylst8.wpl -> [Ver = | Size = 1036 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plylst9.wpl -> %SystemRoot%\System32\dllcache\plylst9.wpl -> [Ver = | Size = 784 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
plyr_err.chm -> %SystemRoot%\System32\dllcache\plyr_err.chm -> [Ver = | Size = 77307 bytes | Created Date = 7/16/2008 10:09:02 PM | Attr = ]
prc.nls -> %SystemRoot%\System32\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 7/16/2008 9:12:12 PM | Attr = ]
prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 7/16/2008 9:12:12 PM | Attr = ]
revert.wmz -> %SystemRoot%\System32\dllcache\revert.wmz -> [Ver = | Size = 66725 bytes | Created Date = 7/16/2008 10:09:06 PM | Attr = ]
rtuner.wmv -> %SystemRoot%\System32\dllcache\rtuner.wmv -> [Ver = | Size = 572557 bytes | Created Date = 7/16/2008 10:09:07 PM | Attr = ]
rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 7/16/2008 9:12:18 PM | Attr = ]
rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 7/16/2008 9:12:18 PM | Attr = ]
skins.inf -> %SystemRoot%\System32\dllcache\skins.inf -> [Ver = | Size = 908 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
sl_anet.acm -> %SystemRoot%\System32\dllcache\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
snd.htm -> %SystemRoot%\System32\dllcache\snd.htm -> [Ver = | Size = 1148 bytes | Created Date = 7/16/2008 10:09:13 PM | Attr = ]
SP2.CAT -> %SystemRoot%\System32\dllcache\SP2.CAT -> [Ver = | Size = 1042903 bytes | Created Date = 7/16/2008 8:55:37 PM | Attr = ]
spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 7/16/2008 8:55:54 PM | Attr = ]
taoff.gif -> %SystemRoot%\System32\dllcache\taoff.gif -> [Ver = | Size = 1380 bytes | Created Date = 7/16/2008 10:09:18 PM | Attr = ]
taoffh.gif -> %SystemRoot%\System32\dllcache\taoffh.gif -> [Ver = | Size = 1367 bytes | Created Date = 7/16/2008 10:09:18 PM | Attr = ]
taon.gif -> %SystemRoot%\System32\dllcache\taon.gif -> [Ver = | Size = 1398 bytes | Created Date = 7/16/2008 10:09:18 PM | Attr = ]
taonh.gif -> %SystemRoot%\System32\dllcache\taonh.gif -> [Ver = | Size = 1380 bytes | Created Date = 7/16/2008 10:09:18 PM | Attr = ]
tour.js -> %SystemRoot%\System32\dllcache\tour.js -> [Ver = | Size = 3187 bytes | Created Date = 7/16/2008 10:09:19 PM | Attr = ]
tourbg.gif -> %SystemRoot%\System32\dllcache\tourbg.gif -> [Ver = | Size = 23829 bytes | Created Date = 7/16/2008 10:09:19 PM | Attr = ]
tpause.gif -> %SystemRoot%\System32\dllcache\tpause.gif -> [Ver = | Size = 2450 bytes | Created Date = 7/16/2008 10:09:19 PM | Attr = ]
tpauseh.gif -> %SystemRoot%\System32\dllcache\tpauseh.gif -> [Ver = | Size = 2371 bytes | Created Date = 7/16/2008 10:09:19 PM | Attr = ]
tplay.gif -> %SystemRoot%\System32\dllcache\tplay.gif -> [Ver = | Size = 2469 bytes | Created Date = 7/16/2008 10:09:19 PM | Attr = ]
tplayh.gif -> %SystemRoot%\System32\dllcache\tplayh.gif -> [Ver = | Size = 2375 bytes | Created Date = 7/16/2008 10:09:19 PM | Attr = ]
videobg.gif -> %SystemRoot%\System32\dllcache\videobg.gif -> [Ver = | Size = 17489 bytes | Created Date = 7/16/2008 10:09:25 PM | Attr = ]
vidsamp.gif -> %SystemRoot%\System32\dllcache\vidsamp.gif -> [Ver = | Size = 5290 bytes | Created Date = 7/16/2008 10:09:25 PM | Attr = ]
viz.wmv -> %SystemRoot%\System32\dllcache\viz.wmv -> [Ver = | Size = 300969 bytes | Created Date = 7/16/2008 10:09:25 PM | Attr = ]
wm1.gif -> %SystemRoot%\System32\dllcache\wm1.gif -> [Ver = | Size = 5789 bytes | Created Date = 7/16/2008 10:09:29 PM | Attr = ]
wm2.gif -> %SystemRoot%\System32\dllcache\wm2.gif -> [Ver = | Size = 7636 bytes | Created Date = 7/16/2008 10:09:29 PM | Attr = ]
wm3.gif -> %SystemRoot%\System32\dllcache\wm3.gif -> [Ver = | Size = 6241 bytes | Created Date = 7/16/2008 10:09:29 PM | Attr = ]
wm4.gif -> %SystemRoot%\System32\dllcache\wm4.gif -> [Ver = | Size = 7369 bytes | Created Date = 7/16/2008 10:09:29 PM | Attr = ]
wm5.gif -> %SystemRoot%\System32\dllcache\wm5.gif -> [Ver = | Size = 2477 bytes | Created Date = 7/16/2008 10:09:29 PM | Attr = ]
wm6.gif -> %SystemRoot%\System32\dllcache\wm6.gif -> [Ver = | Size = 6060 bytes | Created Date = 7/16/2008 10:09:29 PM | Attr = ]
wm7.gif -> %SystemRoot%\System32\dllcache\wm7.gif -> [Ver = | Size = 8677 bytes | Created Date = 7/16/2008 10:09:29 PM | Attr = ]
wm8.gif -> %SystemRoot%\System32\dllcache\wm8.gif -> [Ver = | Size = 4193 bytes | Created Date = 7/16/2008 10:09:29 PM | Attr = ]
wm9.gif -> %SystemRoot%\System32\dllcache\wm9.gif -> [Ver = | Size = 7892 bytes | Created Date = 7/16/2008 10:09:29 PM | Attr = ]
wmdm.inf -> %SystemRoot%\System32\dllcache\wmdm.inf -> [Ver = | Size = 17272 bytes | Created Date = 7/16/2008 10:09:29 PM | Attr = ]
wmfsdk.inf -> %SystemRoot%\System32\dllcache\wmfsdk.inf -> [Ver = | Size = 6769 bytes | Created Date = 7/16/2008 10:09:29 PM | Attr = ]
wmp.inf -> %SystemRoot%\System32\dllcache\wmp.inf -> [Ver = | Size = 29070 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmpaud1.wav -> %SystemRoot%\System32\dllcache\wmpaud1.wav -> [Ver = | Size = 354468 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmpaud2.wav -> %SystemRoot%\System32\dllcache\wmpaud2.wav -> [Ver = | Size = 86180 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmpaud3.wav -> %SystemRoot%\System32\dllcache\wmpaud3.wav -> [Ver = | Size = 172196 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmpaud4.wav -> %SystemRoot%\System32\dllcache\wmpaud4.wav -> [Ver = | Size = 86180 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmpaud5.wav -> %SystemRoot%\System32\dllcache\wmpaud5.wav -> [Ver = | Size = 86196 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmpaud6.wav -> %SystemRoot%\System32\dllcache\wmpaud6.wav -> [Ver = | Size = 343204 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmpaud7.wav -> %SystemRoot%\System32\dllcache\wmpaud7.wav -> [Ver = | Size = 343204 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmpaud8.wav -> %SystemRoot%\System32\dllcache\wmpaud8.wav -> [Ver = | Size = 172196 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmpaud9.wav -> %SystemRoot%\System32\dllcache\wmpaud9.wav -> [Ver = | Size = 172196 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmplay.chm -> %SystemRoot%\System32\dllcache\wmplay.chm -> [Ver = | Size = 23195 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmplayer.adm -> %SystemRoot%\System32\dllcache\wmplayer.adm -> [Ver = | Size = 67374 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmplayer.chm -> %SystemRoot%\System32\dllcache\wmplayer.chm -> [Ver = | Size = 613334 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmploc.js -> %SystemRoot%\System32\dllcache\wmploc.js -> [Ver = | Size = 420 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmpocm.inf -> %SystemRoot%\System32\dllcache\wmpocm.inf -> [Ver = | Size = 855 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmptour.css -> %SystemRoot%\System32\dllcache\wmptour.css -> [Ver = | Size = 1771 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
wmptour.hta -> %SystemRoot%\System32\dllcache\wmptour.hta -> [Ver = | Size = 10457 bytes | Created Date = 7/16/2008 10:09:31 PM | Attr = ]
xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 7/16/2008 9:12:49 PM | Attr = ]
adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 7/16/2008 10:08:17 PM | Attr = ]
adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 7/16/2008 10:08:17 PM | Attr = ]
adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 7/16/2008 10:08:17 PM | Attr = ]
adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 7/16/2008 10:08:17 PM | Attr = ]
adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 7/16/2008 10:08:17 PM | Attr = ]
adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 7/16/2008 10:08:17 PM | Attr = ]
adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 7/16/2008 10:08:17 PM | Attr = ]
APPFCONT.DAT -> %SystemRoot%\System32\drivers\APPFCONT.DAT -> [Ver = | Size = 245544 bytes | Created Date = 7/26/2008 9:36:50 PM | Attr = ]
APPFCONT.DAT.bck -> %SystemRoot%\System32\drivers\APPFCONT.DAT.bck -> [Ver = | Size = 245544 bytes | Created Date = 7/26/2008 9:38:59 PM | Attr = ]
APPFLT.SYS -> %SystemRoot%\System32\drivers\APPFLT.SYS -> Panda Software [Ver = 2.2.0.44 | Size = 71736 bytes | Created Date = 7/26/2008 9:36:38 PM | Attr = ]
APPFLTR.CFG -> %SystemRoot%\System32\drivers\APPFLTR.CFG -> [Ver = | Size = 1204 bytes | Created Date = 7/26/2008 9:36:50 PM | Attr = ]
APPFLTR.CFG.bck -> %SystemRoot%\System32\drivers\APPFLTR.CFG.bck -> [Ver = | Size = 1204 bytes | Created Date = 7/26/2008 9:38:50 PM | Attr = ]
ati1btxx.sys -> %SystemRoot%\System32\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati1mdxx.sys -> %SystemRoot%\System32\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati1pdxx.sys -> %SystemRoot%\System32\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati1raxx.sys -> %SystemRoot%\System32\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati1rvxx.sys -> %SystemRoot%\System32\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati1snxx.sys -> %SystemRoot%\System32\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati1ttxx.sys -> %SystemRoot%\System32\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati1tuxx.sys -> %SystemRoot%\System32\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati1xbxx.sys -> %SystemRoot%\System32\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati1xsxx.sys -> %SystemRoot%\System32\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [Ver = | Size = 64352 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Created Date = 7/16/2008 10:08:19 PM | Attr = ]
atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Created Date = 7/16/2008 10:08:19 PM | Attr = ]
atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 7/16/2008 10:08:19 PM | Attr = ]
atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Created Date = 7/16/2008 10:08:19 PM | Attr = ]
atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Created Date = 7/16/2008 10:08:19 PM | Attr = ]
ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Created Date = 7/16/2008 10:08:20 PM | Attr = ]
cpoint.sys -> %SystemRoot%\System32\drivers\cpoint.sys -> Panda Software [Ver = 1, 2, 0, 50 | Size = 24760 bytes | Created Date = 7/26/2008 9:19:03 PM | Attr = ]
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [Ver = | Size = 129045 bytes | Created Date = 7/16/2008 10:08:21 PM | Attr = ]
dsaflt.sys -> %SystemRoot%\System32\drivers\dsaflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 51256 bytes | Created Date = 7/26/2008 9:36:45 PM | Attr = ]
fnetmon.sys -> %SystemRoot%\System32\drivers\fnetmon.sys -> Panda Software [Ver = 2.2.0.27 | Size = 22072 bytes | Created Date = 7/26/2008 9:36:38 PM | Attr = ]
hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 7/16/2008 10:08:26 PM | Attr = ]
hsfbs2s2.sys -> %SystemRoot%\System32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 7/16/2008 10:08:26 PM | Attr = ]
hsfcxts2.sys -> %SystemRoot%\System32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 7/16/2008 10:08:26 PM | Attr = ]
hsfdpsp2.sys -> %SystemRoot%\System32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 7/16/2008 10:08:27 PM | Attr = ]
idsflt.sys -> %SystemRoot%\System32\drivers\idsflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 191672 bytes | Created Date = 7/26/2008 9:36:45 PM | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/7/2008 8:40:48 PM | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/7/2008 8:40:47 PM | Attr = ]
mdmxsdk.sys -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Created Date = 7/16/2008 10:08:40 PM | Attr = ]
mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 7/16/2008 10:08:52 PM | Attr = ]
mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 7/16/2008 10:08:52 PM | Attr = ]
mtxparhm.sys -> %SystemRoot%\System32\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 7/16/2008 10:08:53 PM | Attr = ]
NETFLTDI.SYS -> %SystemRoot%\System32\drivers\NETFLTDI.SYS -> Panda Software [Ver = 2.2.0.26 | Size = 132920 bytes | Created Date = 7/26/2008 9:36:37 PM | Attr = ]
netimflt.sys -> %SystemRoot%\System32\drivers\netimflt.sys -> Panda Software [Ver = 1, 5, 0, 0 | Size = 142128 bytes | Created Date = 7/26/2008 8:12:16 PM | Attr = ]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Created Date = 7/16/2008 10:08:55 PM | Attr = ]
net_m32.inf -> %SystemRoot%\System32\drivers\net_m32.inf -> [Ver = | Size = 1990 bytes | Created Date = 7/26/2008 8:12:16 PM | Attr = ]
ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 7/16/2008 10:08:57 PM | Attr = ]
nv4_mini.sys -> %SystemRoot%\System32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 7/16/2008 10:08:58 PM | Attr = ]
pavdrv51.sys -> %SystemRoot%\System32\drivers\pavdrv51.sys -> Panda Software International [Ver = 7.1.1.0 (av07_rtm.070323-1018) | Size = 83640 bytes | Created Date = 7/26/2008 8:14:05 PM | Attr = ]
PavProc.sys -> %SystemRoot%\System32\drivers\PavProc.sys -> Panda Software International [Ver = 1.1.7.0 | Size = 178872 bytes | Created Date = 7/26/2008 9:16:37 PM | Attr = R ]
recagent.sys -> %SystemRoot%\System32\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 7/16/2008 10:09:06 PM | Attr = ]
s3gnbm.sys -> %SystemRoot%\System32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 7/16/2008 10:09:08 PM | Attr = ]
ShlDrv51.sys -> %SystemRoot%\System32\drivers\ShlDrv51.sys -> Panda Software [Ver = 1.3.12.0 | Size = 38968 bytes | Created Date = 7/26/2008 9:16:38 PM | Attr = R ]
siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Created Date = 7/16/2008 10:09:11 PM | Attr = ]
slnt7554.sys -> %SystemRoot%\System32\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
smsflt.sys -> %SystemRoot%\System32\drivers\smsflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 37304 bytes | Created Date = 7/26/2008 9:36:46 PM | Attr = ]
vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Created Date = 7/16/2008 10:09:24 PM | Attr = ]
wadv07nt.sys -> %SystemRoot%\System32\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 7/16/2008 10:09:25 PM | Attr = ]
wadv08nt.sys -> %SystemRoot%\System32\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 7/16/2008 10:09:25 PM | Attr = ]
wadv09nt.sys -> %SystemRoot%\System32\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 7/16/2008 10:09:25 PM | Attr = ]
wadv11nt.sys -> %SystemRoot%\System32\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 7/16/2008 10:09:25 PM | Attr = ]
watv06nt.sys -> %SystemRoot%\System32\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 7/16/2008 10:09:25 PM | Attr = ]
watv10nt.sys -> %SystemRoot%\System32\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 7/16/2008 10:09:25 PM | Attr = ]
wnmflt.sys -> %SystemRoot%\System32\drivers\wnmflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 30648 bytes | Created Date = 7/26/2008 9:36:46 PM | Attr = ]
wnmsav.dat -> %SystemRoot%\System32\drivers\wnmsav.dat -> [Ver = | Size = 0 bytes | Created Date = 7/26/2008 7:55:18 PM | Attr = ]
ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Created Date = 7/16/2008 10:08:18 PM | Attr = ]
avldr.dll -> %SystemRoot%\System32\avldr.dll -> Panda Software International [Ver = 2, 1, 0, 2 | Size = 50736 bytes | Created Date = 7/26/2008 8:12:07 PM | Attr = ]
bits -> %SystemRoot%\System32\bits -> [Folder | Created Date = 7/16/2008 10:25:59 PM | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 8/6/2008 8:27:49 PM | Attr = ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 7/26/2008 5:13:07 PM | Attr = ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 8/9/2008 2:13:16 PM | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Created Date = 7/16/2008 10:25:59 PM | Attr = ]
fxscount.h -> %SystemRoot%\System32\fxscount.h -> [Ver = | Size = 1361 bytes | Created Date = 7/16/2008 9:07:58 PM | Attr = ]
HHActiveX.dll -> %SystemRoot%\System32\HHActiveX.dll -> eHelp Corporation. [Ver = 9.20.566 | Size = 446464 bytes | Created Date = 7/26/2008 8:12:56 PM | Attr = ]
hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 7/16/2008 10:08:26 PM | Attr = ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/8/2008 8:29:57 PM | Attr = ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Created Date = 8/8/2008 8:29:57 PM | Attr = ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/8/2008 8:29:57 PM | Attr = ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 8/8/2008 8:29:57 PM | Attr = ]
kBin02 -> %SystemRoot%\System32\kBin02 -> [Folder | Created Date = 8/11/2008 2:04:02 PM | Attr = ]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 7/16/2008 9:09:37 PM | Attr = RH ]
mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 7/16/2008 10:08:40 PM | Attr = ]
mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 7/16/2008 10:08:53 PM | Attr = ]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 7/16/2008 9:09:31 PM | Attr = RH ]
nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Created Date = 7/16/2008 10:08:58 PM | Attr = ]
PAV -> %SystemRoot%\System32\PAV -> [Folder | Created Date = 7/26/2008 9:18:38 PM | Attr = ]
pavcpl.cpl -> %SystemRoot%\System32\pavcpl.cpl -> Panda Software [Ver = 1, 0, 2, 0 | Size = 54832 bytes | Created Date = 7/26/2008 9:19:56 PM | Attr = ]
PavCPL.dat -> %SystemRoot%\System32\PavCPL.dat -> [Ver = | Size = 261 bytes | Created Date = 7/26/2008 9:20:15 PM | Attr = ]
pavipc.dll -> %SystemRoot%\System32\pavipc.dll -> Panda Software International [Ver = 8, 0, 0, 0 | Size = 63024 bytes | Created Date = 7/26/2008 9:19:01 PM | Attr = ]
PavSHook.dll -> %SystemRoot%\System32\PavSHook.dll -> Panda Software International [Ver = 8, 0, 0, 0 | Size = 292144 bytes | Created Date = 7/26/2008 9:19:02 PM | Attr = ]
PAV_FOG.OPC -> %SystemRoot%\System32\PAV_FOG.OPC -> [Ver = | Size = 8627 bytes | Created Date = 7/26/2008 8:24:22 PM | Attr = ]
pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 1261 bytes | Created Date = 7/16/2008 10:08:29 PM | Attr = ]
s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 7/16/2008 10:09:08 PM | Attr = ]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 7/16/2008 9:09:31 PM | Attr = RH ]
scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 7/16/2008 10:26:00 PM | Attr = ]
slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 7/16/2008 8:55:54 PM | Attr = ]
SYSTOOLS.DLL -> %SystemRoot%\System32\SYSTOOLS.DLL -> Panda Software [Ver = 7.0.2.0 | Size = 107568 bytes | Created Date = 7/26/2008 9:19:02 PM | Attr = ]
TpUtil.dll -> %SystemRoot%\System32\TpUtil.dll -> Panda Software International [Ver = 8, 0, 0, 0 | Size = 161328 bytes | Created Date = 7/26/2008 9:19:02 PM | Attr = ]
URTTemp -> %SystemRoot%\System32\URTTemp -> [Folder | Created Date = 7/17/2008 9:38:28 AM | Attr = ]
wpa.bak -> %SystemRoot%\System32\wpa.bak -> [Ver = | Size = 13646 bytes | Created Date = 7/16/2008 9:50:26 PM | Attr = ]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 7/16/2008 9:09:31 PM | Attr = RH ]
XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Created Date = 7/26/2008 5:00:15 PM | Attr = ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 7/16/2008 10:15:25 PM | Attr = H ]
7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 7/20/2008 8:24:42 AM | Attr = R S]
EHome -> %SystemRoot%\EHome -> [Folder | Created Date = 7/16/2008 10:15:23 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 8/6/2008 6:39:03 PM | Attr = ]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 7/16/2008 10:26:00 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Created Date = 7/17/2008 9:38:28 AM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 7/16/2008 10:20:47 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 7/16/2008 10:32:01 PM | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 7/16/2008 10:23:31 PM | Attr = ]
setup.pss -> %SystemRoot%\setup.pss -> [Folder | Created Date = 7/16/2008 8:44:46 PM | Attr = ]
slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 7/16/2008 10:09:12 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 7/14/2008 9:24:39 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 8/8/2008 8:36:00 PM | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 7/19/2008 5:33:48 PM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 8/12/2008 6:47:18 PM | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 7/16/2008 9:09:31 PM | Attr = RH ]
Basic clean-up.job -> %SystemRoot%\tasks\Basic clean-up.job -> [Ver = | Size = 496 bytes | Created Date = 8/11/2008 5:13:49 PM | Attr = ]
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 280 bytes | Created Date = 7/17/2008 10:31:30 AM | Attr = ]
[Files/Folders - Modified Within 30 days]
A_SYGAR -> %SystemDrive%\A_SYGAR -> [Folder | Modified Date = 8/11/2008 8:52:06 PM | Attr = ]
Boot.bak -> %SystemDrive%\Boot.bak -> [Ver = | Size = 211 bytes | Modified Date = 7/16/2008 9:07:13 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 281 bytes | Modified Date = 8/6/2008 6:39:47 PM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 8/6/2008 6:39:47 PM | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 8/12/2008 6:53:22 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/9/2008 2:17:05 PM | Attr = ]
DELL -> %SystemDrive%\DELL -> [Folder | Modified Date = 7/18/2008 5:55:08 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 7/20/2008 7:48:14 AM | Attr = ]
drvrtmp -> %SystemDrive%\drvrtmp -> [Folder | Modified Date = 7/16/2008 9:40:18 PM | Attr = ]
ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 7/16/2008 10:20:07 PM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/9/2008 1:29:29 PM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 8/12/2008 6:53:19 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/12/2008 6:53:23 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 8/12/2008 6:37:49 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/13/2008 5:54:20 PM | Attr = ]
APPFCONT.DAT -> %SystemRoot%\System32\drivers\APPFCONT.DAT -> [Ver = | Size = 245544 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
APPFCONT.DAT.bck -> %SystemRoot%\System32\drivers\APPFCONT.DAT.bck -> [Ver = | Size = 245544 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
APPFLTR.CFG -> %SystemRoot%\System32\drivers\APPFLTR.CFG -> [Ver = | Size = 1204 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
APPFLTR.CFG.bck -> %SystemRoot%\System32\drivers\APPFLTR.CFG.bck -> [Ver = | Size = 1204 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/13/2008 5:54:45 PM | Attr = ]
DsaFlt.cfg -> %SystemRoot%\System32\drivers\etc\DsaFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 8/13/2008 5:54:45 PM | Attr = ]
DsaFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\DsaFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 8/13/2008 5:54:45 PM | Attr = ]
DsaFlt.rls -> %SystemRoot%\System32\drivers\etc\DsaFlt.rls -> [Ver = | Size = 272836 bytes | Modified Date = 8/13/2008 5:54:45 PM | Attr = ]
DsaFlt.rls.bck -> %SystemRoot%\System32\drivers\etc\DsaFlt.rls.bck -> [Ver = | Size = 272836 bytes | Modified Date = 8/13/2008 5:54:45 PM | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 8/12/2008 6:43:45 PM | Attr = ]
IdsFlt.cfg -> %SystemRoot%\System32\drivers\etc\IdsFlt.cfg -> [Ver = | Size = 252 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
IdsFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\IdsFlt.cfg.bck -> [Ver = | Size = 252 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
NetAR.wlt -> %SystemRoot%\System32\drivers\etc\NetAR.wlt -> [Ver = | Size = 60 bytes | Modified Date = 8/13/2008 5:54:22 PM | Attr = ]
NetAR.wlt.bck -> %SystemRoot%\System32\drivers\etc\NetAR.wlt.bck -> [Ver = | Size = 60 bytes | Modified Date = 8/13/2008 5:54:22 PM | Attr = ]
NetAV.alt -> %SystemRoot%\System32\drivers\etc\NetAV.alt -> [Ver = | Size = 956 bytes | Modified Date = 8/13/2008 5:54:22 PM | Attr = ]
NetAV.alt.bck -> %SystemRoot%\System32\drivers\etc\NetAV.alt.bck -> [Ver = | Size = 956 bytes | Modified Date = 8/13/2008 5:54:22 PM | Attr = ]
NetFlt.cfg -> %SystemRoot%\System32\drivers\etc\NetFlt.cfg -> [Ver = | Size = 64 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
NetFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\NetFlt.cfg.bck -> [Ver = | Size = 64 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
SmsFlt.cfg -> %SystemRoot%\System32\drivers\etc\SmsFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
SmsFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\SmsFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
WnmFlt.cfg -> %SystemRoot%\System32\drivers\etc\WnmFlt.cfg -> [Ver = | Size = 56 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
WnmFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\WnmFlt.cfg.bck -> [Ver = | Size = 56 bytes | Modified Date = 8/13/2008 5:54:42 PM | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/30/2008 8:07:52 PM | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 7/30/2008 8:07:56 PM | Attr = ]
wnmsav.dat -> %SystemRoot%\System32\drivers\wnmsav.dat -> [Ver = | Size = 0 bytes | Modified Date = 7/26/2008 7:55:18 PM | Attr = ]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 12678 bytes | Modified Date = 7/16/2008 9:13:16 PM | Attr = ]
1033 -> %SystemRoot%\System32\1033 -> [Folder | Modified Date = 7/16/2008 4:48:35 PM | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 7/16/2008 9:10:29 PM | Attr = ]
bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 7/16/2008 10:25:59 PM | Attr = ]
CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 8/8/2008 6:00:43 PM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/13/2008 5:59:03 PM | Attr = ]
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 7/16/2008 9:09:31 PM | Attr = RH ]
Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 7/16/2008 10:23:14 PM | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 8/12/2008 6:42:01 PM | Attr = ]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 8/6/2008 8:27:49 PM | Attr = ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 8/13/2008 12:19:30 AM | Attr = ]
DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 7/26/2008 5:04:53 PM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 7/26/2008 4:59:29 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/13/2008 6:01:29 PM | Attr = ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 8/9/2008 2:13:16 PM | Attr = ]
emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 22720 bytes | Modified Date = 7/16/2008 9:08:52 PM | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 7/16/2008 10:25:59 PM | Attr = ]
en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 7/26/2008 5:00:14 PM | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 195368 bytes | Modified Date = 7/26/2008 7:39:01 PM | Attr = ]
ias -> %SystemRoot%\System32\ias -> [Folder | Modified Date = 7/16/2008 9:10:04 PM | Attr = ]
icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Modified Date = 7/16/2008 4:49:04 PM | Attr = ]
kBin02 -> %SystemRoot%\System32\kBin02 -> [Folder | Modified Date = 8/12/2008 6:37:51 PM | Attr = ]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 7/16/2008 9:09:37 PM | Attr = RH ]
mapisvc.inf -> %SystemRoot%\System32\mapisvc.inf -> [Ver = | Size = 535 bytes | Modified Date = 7/16/2008 9:08:01 PM | Attr = ]
mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 7/20/2008 8:24:52 AM | Attr = ]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 7/16/2008 9:09:31 PM | Attr = RH ]
npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 7/16/2008 10:23:21 PM | Attr = ]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 7/16/2008 9:10:29 PM | Attr = ]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 7/16/2008 9:09:31 PM | Attr = RH ]
oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 7/16/2008 10:22:42 PM | Attr = ]
PAV -> %SystemRoot%\System32\PAV -> [Folder | Modified Date = 7/26/2008 9:18:38 PM | Attr = ]
PavCPL.dat -> %SystemRoot%\System32\PavCPL.dat -> [Ver = | Size = 261 bytes | Modified Date = 7/26/2008 9:20:15 PM | Attr = ]
PAV_FOG.OPC -> %SystemRoot%\System32\PAV_FOG.OPC -> [Ver = | Size = 8627 bytes | Modified Date = 8/13/2008 6:00:41 PM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 85186 bytes | Modified Date = 8/8/2008 4:48:38 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 509882 bytes | Modified Date = 8/8/2008 4:48:38 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 606098 bytes | Modified Date = 8/8/2008 4:48:38 PM | Attr = ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 7/16/2008 10:18:40 PM | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/12/2008 6:53:23 PM | Attr = ]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 7/16/2008 9:09:31 PM | Attr = RH ]
scripting -> %SystemRoot%\System32\scripting -> [Folder | Modified Date = 7/16/2008 10:26:00 PM | Attr = ]
Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 7/16/2008 10:31:27 PM | Attr = ]
spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 7/26/2008 4:59:36 PM | Attr = ]
URTTemp -> %SystemRoot%\System32\URTTemp -> [Folder | Modified Date = 7/20/2008 8:25:20 AM | Attr = ]
usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 7/16/2008 10:26:01 PM | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 8/6/2008 5:05:47 PM | Attr = ]
WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 7/16/2008 9:09:37 PM | Attr = RH ]
wpa.bak -> %SystemRoot%\System32\wpa.bak -> [Ver = | Size = 13646 bytes | Modified Date = 7/16/2008 9:50:25 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 8/7/2008 7:57:01 PM | Attr = ]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 7/16/2008 9:09:31 PM | Attr = RH ]
XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 7/26/2008 5:00:15 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 7/24/2008 7:56:39 PM | Attr = H ]
7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 7/16/2008 10:18:10 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 8/12/2008 6:39:28 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 7/26/2008 11:50:14 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/13/2008 5:53:56 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 7/16/2008 9:53:39 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 7/26/2008 5:08:12 PM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 7/16/2008 4:47:35 PM | Attr = ]
EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 7/16/2008 10:15:23 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 8/12/2008 6:53:20 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 7/31/2008 6:57:30 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/10/2008 1:58:41 PM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 7/16/2008 10:26:11 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1917 bytes | Modified Date = 7/17/2008 7:42:56 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/13/2008 12:56:27 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/9/2008 2:17:06 PM | Attr = HS]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 7/16/2008 10:26:00 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 7/16/2008 4:53:05 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 7/26/2008 11:50:14 PM | Attr = ]
Motive -> %SystemRoot%\Motive -> [Folder | Modified Date = 7/14/2008 7:17:43 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 7/16/2008 10:23:19 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 7/26/2008 8:32:36 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 7/16/2008 9:10:19 PM | Attr = ]
PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 7/16/2008 10:25:59 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/13/2008 6:01:37 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/6/2008 5:05:47 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 7/16/2008 10:30:56 PM | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 7/16/2008 10:23:31 PM | Attr = ]
setup.pss -> %SystemRoot%\setup.pss -> [Folder | Modified Date = 7/16/2008 8:44:46 PM | Attr = ]
setupapi.old -> %SystemRoot%\setupapi.old -> [Ver = | Size = 515864 bytes | Modified Date = 7/16/2008 8:41:22 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 7/26/2008 11:58:34 PM | Attr = ]
SoftwareDistributionOLD -> %SystemRoot%\SoftwareDistributionOLD -> [Folder | Modified Date = 7/16/2008 8:34:58 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 7/16/2008 10:23:17 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 8/8/2008 8:36:00 PM | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 7/20/2008 7:47:37 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 7/16/2008 10:22:38 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/12/2008 6:43:54 PM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/13/2008 12:19:30 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/11/2008 5:13:49 PM | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 8/13/2008 6:01:46 PM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 7/16/2008 4:49:52 PM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 7/16/2008 9:09:40 PM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 534 bytes | Modified Date = 7/26/2008 7:40:36 PM | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 7/16/2008 9:09:31 PM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 3443 bytes | Modified Date = 8/12/2008 6:24:36 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 7/26/2008 4:57:23 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 7/16/2008 10:33:09 PM | Attr = ]
Basic clean-up.job -> %SystemRoot%\tasks\Basic clean-up.job -> [Ver = | Size = 496 bytes | Modified Date = 8/11/2008 5:13:49 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/13/2008 5:53:58 PM | Attr = H ]
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 280 bytes | Modified Date = 7/18/2008 5:20:39 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 7/26/2008 11:30:13 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 17076 bytes | Modified Date = 8/13/2008 5:55:10 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 17076 bytes | Modified Date = 8/13/2008 5:55:10 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 7/4/2008 2:37:11 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11062 bytes | Modified Date = 7/4/2008 2:37:27 PM | Attr = ]
< End of report >
[/code]