Trojans in my PC-Win32/Rootkit.Agent.DP
- Thread starter Mateja
- Start date
HiI thought that I'm so stupid that i can't do it.
ntkrnlmp.exe C:\WINDOWS\$NtServicePackUnistall$ 1,856 KB
ntkrnlmp.exe C:\WINDOWS\system32 0 KB
ntkrnlmp.exe C:\WINDOWS\Driver Cache\i386 2,086 KB
ntkrnlmp.exe C:\WINDOWS\ServicePackFiles\386 2,098
Error Message Ntkrnlmp.exe Could Not Be Loaded Error Code7 C:\Documents and
Settings\mateja\Favorites\RAČUNALNIK 1 KB
ntkrnlmp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2GDR 2,086 KB
ntkrnlmp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2QFE 2,086 KB
ntkrnlmp.exe C:\WINDOWS\mui\FALLBACK\0424 19 KB
ntkrnlmp.exe backups 0
ntkrnlmp.exe
c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2
gdr 2,086 KB
ntkrnlmp.exe
c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2
qfe 2,086
__________________________________________
__________________________________________
ntkrpamp.exe C:\WINDOWS\$NtServicePackUnistall$ 1,884 KB
ntkrpamp.exe C:\WINDOWS\system32 0 KB
ntkrpamp.exe C:\WINDOWS\Driver Cache\i386 1,968 KB
ntkrnlmp.exe C:\WINDOWS\ServicePackFiles\386 1,968 KB
ntkrnlmp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2GDR 1,968 KB
ntkrnlmp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2QFE 1,968 KB
ntkrnlmp.exe C:\WINDOWS\mui\FALLBACK\0424 19 KB
ntkrnlmp.exe backups 0
ntkrnlmp.exe c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr 1,969 KB
c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe 1,970 KB
Thanks for your patience.
Shaba
Security Expert: Emeritus
Hi
Then we try this:
Copy text below to Notepad and save it as movefiles.bat (save it as all files, *.*)
@ECHO OFF
copy /Y C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe C:\Windows\system32
copy /Y C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe C:\Windows\system32
It should look like this ->
Doubleclick movefiles.bat; black dos windows will flash, that's normal.
(In case you are unsure how to create a bat file, take a look here with screenshots.)
Do another search and post back results, please
Then we try this:
Copy text below to Notepad and save it as movefiles.bat (save it as all files, *.*)
@ECHO OFF
copy /Y C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe C:\Windows\system32
copy /Y C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe C:\Windows\system32
It should look like this ->
Doubleclick movefiles.bat; black dos windows will flash, that's normal.
(In case you are unsure how to create a bat file, take a look here with screenshots.)
Do another search and post back results, please
Last edited:
Hi
I think they are the same as in post before
ntkrnlmp.exe C:\WINDOWS\$NtServicePackUnistall$ 1,856 KB
ntkrnlmp.exe C:\WINDOWS\system32 0 KB
ntkrnlmp.exe C:\WINDOWS\Driver Cache\i386 2,086 KB
ntkrnlmp.exe C:\WINDOWS\ServicePackFiles\386 2,098
Error Message Ntkrnlmp.exe Could Not Be Loaded Error Code7 C:\Documents and
Settings\mateja\Favorites\RAČUNALNIK 1 KB
ntkrnlmp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2GDR 2,086 KB
ntkrnlmp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2QFE 2,086 KB
ntkrnlmp.exe C:\WINDOWS\mui\FALLBACK\0424 19 KB
ntkrnlmp.exe backups 0
ntkrnlmp.exe
c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2
gdr 2,086 KB
ntkrnlmp.exe
c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2
qfe 2,086
__________________________________________
__________________________________________
ntkrpamp.exe C:\WINDOWS\$NtServicePackUnistall$ 1,884 KB
ntkrpamp.exe C:\WINDOWS\system32 0 KB
ntkrpamp.exe C:\WINDOWS\Driver Cache\i386 1,968 KB
ntkrpamp.exe C:\WINDOWS\ServicePackFiles\386 1,968 KB
ntkrpamp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2GDR 1,968 KB
ntkrpamp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2QFE 1,968 KB
ntkrpamp.exe C:\WINDOWS\mui\FALLBACK\0424 19 KB
ntkrpamp.exe backups 0
ntkrpamp.exe c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr 1,969 KB
c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe 1,970 KB
I think they are the same as in post before
ntkrnlmp.exe C:\WINDOWS\$NtServicePackUnistall$ 1,856 KB
ntkrnlmp.exe C:\WINDOWS\system32 0 KB
ntkrnlmp.exe C:\WINDOWS\Driver Cache\i386 2,086 KB
ntkrnlmp.exe C:\WINDOWS\ServicePackFiles\386 2,098
Error Message Ntkrnlmp.exe Could Not Be Loaded Error Code7 C:\Documents and
Settings\mateja\Favorites\RAČUNALNIK 1 KB
ntkrnlmp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2GDR 2,086 KB
ntkrnlmp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2QFE 2,086 KB
ntkrnlmp.exe C:\WINDOWS\mui\FALLBACK\0424 19 KB
ntkrnlmp.exe backups 0
ntkrnlmp.exe
c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2
gdr 2,086 KB
ntkrnlmp.exe
c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2
qfe 2,086
__________________________________________
__________________________________________
ntkrpamp.exe C:\WINDOWS\$NtServicePackUnistall$ 1,884 KB
ntkrpamp.exe C:\WINDOWS\system32 0 KB
ntkrpamp.exe C:\WINDOWS\Driver Cache\i386 1,968 KB
ntkrpamp.exe C:\WINDOWS\ServicePackFiles\386 1,968 KB
ntkrpamp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2GDR 1,968 KB
ntkrpamp.exe C:\WINDOWS\$hf_mig$\KB890859\SP2QFE 1,968 KB
ntkrpamp.exe C:\WINDOWS\mui\FALLBACK\0424 19 KB
ntkrpamp.exe backups 0
ntkrpamp.exe c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr 1,969 KB
c:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe 1,970 KB
Shaba
Security Expert: Emeritus
Hi
Yes it failed.
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
Yes it failed.
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
- Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
- In the Files Created Within group click 30 days
- In the Files Modified Within group select 30 days
- In the File String Search group select Non-Microsoft
- Now click the Run Scan button on the toolbar.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Good evening
WinPFind3 logfile created on: 2007-10-25 21:06:21
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Namizje\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)
255.48 Mb Total Physical Memory | 45.29 Mb Available Physical Memory | 17.73% Memory free
617.09 Mb Paging File | 154.03 Mb Available in Paging File | 24.96% Paging File free
Paging file location(s): c:\pagefile.sys 384 768;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 14.41 Gb Free Space | 49.18% Space Free
Drive D: | 26.58 Gb Total Space | 1.26 Gb Free Space | 4.74% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: MATEJA-KNV8BCJW
Current User Name: mateja
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
emouse.exe -> %ProgramFiles%\TwinTouch LuxeMate\EMouse.exe -> [Ver = | Size = 98304 bytes | Modified Date = 2004-02-17 12:31:12 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 451136 bytes | Modified Date = 2006-09-12 01:58:50 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 229952 bytes | Modified Date = 2006-09-12 01:58:54 | Attr = ]
mouseelf.exe -> %ProgramFiles%\TwinTouch LuxeMate\MouseElf.exe -> [Ver = 1.00.00 | Size = 192512 bytes | Modified Date = 2004-08-26 02:45:18 | Attr = ]
nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 51, 30 | Size = 507904 bytes | Modified Date = 2007-09-15 17:37:10 | Attr = ]
nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 51, 30 | Size = 921600 bytes | Modified Date = 2007-09-15 17:37:10 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ]
pppoeservice.exe -> %ProgramFiles%\SiOL\ADSL\app\pppoeservice.exe -> [Ver = | Size = 49152 bytes | Modified Date = 2000-07-11 10:48:36 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 2007-09-04 10:47:26 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 2007-08-15 19:43:04 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 09:56:48 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-01-25 19:51:02 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 451136 bytes | Modified Date = 2006-09-12 01:58:50 | Attr = ]
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 51, 30 | Size = 507904 bytes | Modified Date = 2007-09-15 17:37:10 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ]
(PPPoEService) PPPoE Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiOL\ADSL\app\pppoeservice.exe -> [Ver = | Size = 49152 bytes | Modified Date = 2000-07-11 10:48:36 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Audio Device Manager -> winfp.exe -> File not found
AudioDeck -> %ProgramFiles%\VIAudioi\SBADeck\ADeck.exe -> VIA Technologies, Inc. [Ver = 6, 3, 2, 0 | Size = 540672 bytes | Modified Date = 2006-09-05 18:28:00 | Attr = R ]
CFG1400U -> Cfg1400U.exe -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 229952 bytes | Modified Date = 2006-09-12 01:58:54 | Attr = ]
mouseElf -> %ProgramFiles%\TwinTouch LuxeMate\MouseElf.exe -> [Ver = 1.00.00 | Size = 192512 bytes | Modified Date = 2004-08-26 02:45:18 | Attr = ]
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 51, 30 | Size = 921600 bytes | Modified Date = 2007-09-15 17:37:10 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1622016 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2007-01-03 13:57:02 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 2006-11-30 22:49:04 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{B778645D-B2A0-48E5-8E43-04B02CA3EA9D} [HKLM] -> %SystemRoot%\Help\425D8586.DLL [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://home.netscape.com/home/winsearch200.html ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 6, 6, 1 | Size = 439872 bytes | Modified Date = 2006-06-06 09:28:44 | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
www_rtvslo.si [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 6, 6, 1 | Size = 439872 bytes | Modified Date = 2006-06-06 09:28:44 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 04:16:42 | Attr = ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\Phone\IEPlugin\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 78 | Size = 722472 bytes | Modified Date = 2007-03-23 13:49:34 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 2006-10-31 16:29:16 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-07-04 20:23:38 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 6, 6, 1 | Size = 439872 bytes | Modified Date = 2006-06-06 09:28:44 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 6, 6, 1 | Size = 439872 bytes | Modified Date = 2006-06-06 09:28:44 | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
I&zvoz v Microsoft Excel -> -> File not found
WinPFind3 logfile created on: 2007-10-25 21:06:21
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\mateja.MATEJA-KNV8BCJW\Namizje\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)
255.48 Mb Total Physical Memory | 45.29 Mb Available Physical Memory | 17.73% Memory free
617.09 Mb Paging File | 154.03 Mb Available in Paging File | 24.96% Paging File free
Paging file location(s): c:\pagefile.sys 384 768;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 14.41 Gb Free Space | 49.18% Space Free
Drive D: | 26.58 Gb Total Space | 1.26 Gb Free Space | 4.74% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: MATEJA-KNV8BCJW
Current User Name: mateja
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
emouse.exe -> %ProgramFiles%\TwinTouch LuxeMate\EMouse.exe -> [Ver = | Size = 98304 bytes | Modified Date = 2004-02-17 12:31:12 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 451136 bytes | Modified Date = 2006-09-12 01:58:50 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 229952 bytes | Modified Date = 2006-09-12 01:58:54 | Attr = ]
mouseelf.exe -> %ProgramFiles%\TwinTouch LuxeMate\MouseElf.exe -> [Ver = 1.00.00 | Size = 192512 bytes | Modified Date = 2004-08-26 02:45:18 | Attr = ]
nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 51, 30 | Size = 507904 bytes | Modified Date = 2007-09-15 17:37:10 | Attr = ]
nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 51, 30 | Size = 921600 bytes | Modified Date = 2007-09-15 17:37:10 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ]
pppoeservice.exe -> %ProgramFiles%\SiOL\ADSL\app\pppoeservice.exe -> [Ver = | Size = 49152 bytes | Modified Date = 2000-07-11 10:48:36 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 2007-09-04 10:47:26 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 2007-08-15 19:43:04 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 09:56:48 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-01-25 19:51:02 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 451136 bytes | Modified Date = 2006-09-12 01:58:50 | Attr = ]
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 51, 30 | Size = 507904 bytes | Modified Date = 2007-09-15 17:37:10 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ]
(PPPoEService) PPPoE Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiOL\ADSL\app\pppoeservice.exe -> [Ver = | Size = 49152 bytes | Modified Date = 2000-07-11 10:48:36 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Audio Device Manager -> winfp.exe -> File not found
AudioDeck -> %ProgramFiles%\VIAudioi\SBADeck\ADeck.exe -> VIA Technologies, Inc. [Ver = 6, 3, 2, 0 | Size = 540672 bytes | Modified Date = 2006-09-05 18:28:00 | Attr = R ]
CFG1400U -> Cfg1400U.exe -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 229952 bytes | Modified Date = 2006-09-12 01:58:54 | Attr = ]
mouseElf -> %ProgramFiles%\TwinTouch LuxeMate\MouseElf.exe -> [Ver = 1.00.00 | Size = 192512 bytes | Modified Date = 2004-08-26 02:45:18 | Attr = ]
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 51, 30 | Size = 921600 bytes | Modified Date = 2007-09-15 17:37:10 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1622016 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2007-01-03 13:57:02 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 2006-11-30 22:49:04 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{B778645D-B2A0-48E5-8E43-04B02CA3EA9D} [HKLM] -> %SystemRoot%\Help\425D8586.DLL [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://home.netscape.com/home/winsearch200.html ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 6, 6, 1 | Size = 439872 bytes | Modified Date = 2006-06-06 09:28:44 | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
www_rtvslo.si [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 6, 6, 1 | Size = 439872 bytes | Modified Date = 2006-06-06 09:28:44 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 04:16:42 | Attr = ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\Phone\IEPlugin\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 78 | Size = 722472 bytes | Modified Date = 2007-03-23 13:49:34 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 2006-10-31 16:29:16 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-07-04 20:23:38 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 6, 6, 1 | Size = 439872 bytes | Modified Date = 2006-06-06 09:28:44 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-20 00:55:32 | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 6, 6, 1 | Size = 439872 bytes | Modified Date = 2006-06-06 09:28:44 | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
I&zvoz v Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3DF3FFA9-BB8C-4CD5-91B6-2680F0C6609B} -> (ADI USB Remote NDIS Network Device) ->
{5358E709-C60F-4CA0-8D95-CED99C005FE1} -> () ->
{7CF347F7-061D-4802-B61F-144D72A99B6F} -> () ->
{93927A6B-A601-4A07-A89C-21109F118D3D} -> (VIA PCI 10/100Mb Fast Ethernet Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000032 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 2007-01-12 12:50:48 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{00000055-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/fhg.CAB ->
{00000161-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/msaudio.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -> Cult3D ActiveX Player - CodeBase = http://www.cult3d.com/download/cult.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} -> - CodeBase = http://software-dl.real.com/262623ceedb9c32ffb05/netzip/RdxIE601.cab ->
{56393399-041A-4650-94C7-13DFCB1F4665} -> PSFormX Control - CodeBase = http://ca.com/us/securityadvisor/pestscan/pestscan.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177001410476 ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} -> WScanCtl Class - CodeBase = http://ca.com/us/securityadvisor/virusinfo/webscan.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> CamImage Class - CodeBase = http://paris.ville.orange.fr/CO/activex/AxisCamControl.cab ->
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -> Measurement Services Client v.3.11 - CodeBase = http://advisor.futuremark.com/global/msc311.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab ->
{E8F628B5-259A-4734-97EE-BA914D7BE941} -> Driver Agent ActiveX Control - CodeBase = http://driveragent.com/files/driveragent.cab ->
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -> Solitaire Showdown Class - CodeBase = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
[Files/Folders - Created Within 30 days]
47999ed27b6b3619973bc500e450a97a -> %SystemDrive%\47999ed27b6b3619973bc500e450a97a -> [Folder | Created Date = 2007-10-21 15:36:37 | Attr = ]
7262a8ee43e7f36fa7edf0 -> %SystemDrive%\7262a8ee43e7f36fa7edf0 -> [Folder | Created Date = 2007-10-21 15:32:18 | Attr = ]
91abc3f5e86774baf905 -> %SystemDrive%\91abc3f5e86774baf905 -> [Folder | Created Date = 2007-10-22 19:53:33 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-10-23 19:11:22 | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2007-10-24 16:11:48 | Attr = ]
DNS.EXE.MU_ -> %SystemDrive%\DNS.EXE.MU_ -> [Ver = | Size = 14748 bytes | Created Date = 2007-10-21 12:08:24 | Attr = ]
DNSAPI.DL_ -> %SystemDrive%\DNSAPI.DL_ -> [Ver = | Size = 73669 bytes | Created Date = 2007-10-21 12:07:16 | Attr = ]
DNSMGMT.MS_ -> %SystemDrive%\DNSMGMT.MS_ -> [Ver = | Size = 3688 bytes | Created Date = 2007-10-21 12:07:38 | Attr = ]
DNSMGR.CH_ -> %SystemDrive%\DNSMGR.CH_ -> [Ver = | Size = 19421 bytes | Created Date = 2007-10-21 12:06:02 | Attr = ]
DNSMGR.DLL.MU_ -> %SystemDrive%\DNSMGR.DLL.MU_ -> [Ver = | Size = 24785 bytes | Created Date = 2007-10-21 12:06:02 | Attr = ]
DNSRSLVR.DLL.MU_ -> %SystemDrive%\DNSRSLVR.DLL.MU_ -> [Ver = | Size = 1133 bytes | Created Date = 2007-10-21 12:09:37 | Attr = ]
DNSRSLVR.DL_ -> %SystemDrive%\DNSRSLVR.DL_ -> [Ver = | Size = 22771 bytes | Created Date = 2007-10-21 12:07:59 | Attr = ]
HANDNS.AN_ -> %SystemDrive%\HANDNS.AN_ -> [Ver = | Size = 495 bytes | Created Date = 2007-10-21 12:08:12 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267964416 bytes | Created Date = 1601-01-02 23:00:00 | Attr = HS]
Inetpub -> %SystemDrive%\Inetpub -> [Folder | Created Date = 2007-10-20 08:58:38 | Attr = ]
liprefs.js -> %SystemDrive%\liprefs.js -> [Ver = | Size = 151 bytes | Created Date = 2007-10-20 09:53:46 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-10-23 19:17:01 | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 2007-10-23 18:02:50 | Attr = ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 2007-10-21 16:09:32 | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 2007-10-21 16:08:36 | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 2007-10-21 15:35:32 | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 2007-10-19 13:52:23 | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Created Date = 2007-10-19 13:51:12 | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 2007-10-19 13:48:02 | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 2007-10-23 19:11:42 | Attr = ]
cd32.exe -> %SystemRoot%\cd32.exe -> [Ver = | Size = 633555 bytes | Created Date = 2007-10-20 09:43:27 | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2007-10-24 16:12:40 | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 2007-10-23 18:14:31 | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 2007-10-21 16:10:11 | Attr = H ]
Netscape.INI -> %SystemRoot%\Netscape.INI -> [Ver = | Size = 0 bytes | Created Date = 2007-10-20 14:36:08 | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> [Ver = | Size = 51200 bytes | Created Date = 2007-10-23 19:16:32 | Attr = ]
uninst.exe -> %SystemRoot%\uninst.exe -> InstallShield Corporation, Inc. [Ver = 2.20.926.0 | Size = 299520 bytes | Created Date = 2007-10-20 09:41:59 | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 2007-10-21 16:12:01 | Attr = ]
axctrnm.h -> %System32%\axctrnm.h -> [Ver = | Size = 2024 bytes | Created Date = 2007-10-20 08:59:11 | Attr = ]
axperf.ini -> %System32%\axperf.ini -> [Ver = | Size = 10225 bytes | Created Date = 2007-10-20 08:59:11 | Attr = ]
Cache -> %System32%\Cache -> [Folder | Created Date = 2007-10-20 17:22:48 | Attr = ]
en-US -> %System32%\en-US -> [Folder | Created Date = 2007-10-21 16:12:00 | Attr = ]
infoctrs.h -> %System32%\infoctrs.h -> [Ver = | Size = 3276 bytes | Created Date = 2007-10-20 08:59:06 | Attr = ]
infoctrs.ini -> %System32%\infoctrs.ini -> [Ver = | Size = 11435 bytes | Created Date = 2007-10-20 08:59:06 | Attr = ]
Logfiles -> %System32%\Logfiles -> [Folder | Created Date = 2007-10-20 17:22:39 | Attr = ]
nabapi32.dll -> %System32%\nabapi32.dll -> Netscape Communications Corporation [Ver = 4.70.0.27 | Size = 61952 bytes | Created Date = 2007-10-20 09:43:44 | Attr = ]
ntfsdrct.h -> %System32%\ntfsdrct.h -> [Ver = | Size = 773 bytes | Created Date = 2007-10-20 09:01:20 | Attr = ]
ntfsdrct.ini -> %System32%\ntfsdrct.ini -> [Ver = | Size = 1037 bytes | Created Date = 2007-10-20 09:01:20 | Attr = ]
ntkrnlmp.exe -> %System32%\ntkrnlmp.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-10-23 18:45:47 | Attr = ]
ntkrpamp.exe -> %System32%\ntkrpamp.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-10-23 18:45:47 | Attr = ]
NvApps.xml -> %System32%\NvApps.xml -> [Ver = | Size = 0 bytes | Created Date = 2007-10-19 12:29:34 | Attr = ]
smtpctrs.h -> %System32%\smtpctrs.h -> [Ver = | Size = 8002 bytes | Created Date = 2007-10-20 09:01:21 | Attr = ]
smtpctrs.ini -> %System32%\smtpctrs.ini -> [Ver = | Size = 21791 bytes | Created Date = 2007-10-20 09:01:21 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> [Ver = | Size = 139776 bytes | Created Date = 2007-10-23 19:11:41 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 370688 bytes | Created Date = 2007-10-23 19:11:41 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> [Ver = | Size = 212480 bytes | Created Date = 2007-10-23 19:11:41 | Attr = ]
SYSTEM32 -> %System32%\SYSTEM32 -> [Folder | Created Date = 2007-10-20 17:23:09 | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-10-23 19:11:41 | Attr = ]
w3ctrs.h -> %System32%\w3ctrs.h -> [Ver = | Size = 5379 bytes | Created Date = 2007-10-20 08:59:12 | Attr = ]
w3ctrs.ini -> %System32%\w3ctrs.ini -> [Ver = | Size = 38576 bytes | Created Date = 2007-10-20 08:59:12 | Attr = ]
{3DF3FFA9-BB8C-4CD5-91B6-2680F0C6609B} -> (ADI USB Remote NDIS Network Device) ->
{5358E709-C60F-4CA0-8D95-CED99C005FE1} -> () ->
{7CF347F7-061D-4802-B61F-144D72A99B6F} -> () ->
{93927A6B-A601-4A07-A89C-21109F118D3D} -> (VIA PCI 10/100Mb Fast Ethernet Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000032 -> %System32%\imon.dll -> Eset [Ver = 2, 51, 30 | Size = 274432 bytes | Modified Date = 2007-09-15 17:37:16 | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 2007-01-12 12:50:48 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{00000055-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/fhg.CAB ->
{00000161-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/msaudio.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -> Cult3D ActiveX Player - CodeBase = http://www.cult3d.com/download/cult.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} -> - CodeBase = http://software-dl.real.com/262623ceedb9c32ffb05/netzip/RdxIE601.cab ->
{56393399-041A-4650-94C7-13DFCB1F4665} -> PSFormX Control - CodeBase = http://ca.com/us/securityadvisor/pestscan/pestscan.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177001410476 ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} -> WScanCtl Class - CodeBase = http://ca.com/us/securityadvisor/virusinfo/webscan.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> CamImage Class - CodeBase = http://paris.ville.orange.fr/CO/activex/AxisCamControl.cab ->
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -> Measurement Services Client v.3.11 - CodeBase = http://advisor.futuremark.com/global/msc311.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab ->
{E8F628B5-259A-4734-97EE-BA914D7BE941} -> Driver Agent ActiveX Control - CodeBase = http://driveragent.com/files/driveragent.cab ->
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -> Solitaire Showdown Class - CodeBase = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
[Files/Folders - Created Within 30 days]
47999ed27b6b3619973bc500e450a97a -> %SystemDrive%\47999ed27b6b3619973bc500e450a97a -> [Folder | Created Date = 2007-10-21 15:36:37 | Attr = ]
7262a8ee43e7f36fa7edf0 -> %SystemDrive%\7262a8ee43e7f36fa7edf0 -> [Folder | Created Date = 2007-10-21 15:32:18 | Attr = ]
91abc3f5e86774baf905 -> %SystemDrive%\91abc3f5e86774baf905 -> [Folder | Created Date = 2007-10-22 19:53:33 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-10-23 19:11:22 | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2007-10-24 16:11:48 | Attr = ]
DNS.EXE.MU_ -> %SystemDrive%\DNS.EXE.MU_ -> [Ver = | Size = 14748 bytes | Created Date = 2007-10-21 12:08:24 | Attr = ]
DNSAPI.DL_ -> %SystemDrive%\DNSAPI.DL_ -> [Ver = | Size = 73669 bytes | Created Date = 2007-10-21 12:07:16 | Attr = ]
DNSMGMT.MS_ -> %SystemDrive%\DNSMGMT.MS_ -> [Ver = | Size = 3688 bytes | Created Date = 2007-10-21 12:07:38 | Attr = ]
DNSMGR.CH_ -> %SystemDrive%\DNSMGR.CH_ -> [Ver = | Size = 19421 bytes | Created Date = 2007-10-21 12:06:02 | Attr = ]
DNSMGR.DLL.MU_ -> %SystemDrive%\DNSMGR.DLL.MU_ -> [Ver = | Size = 24785 bytes | Created Date = 2007-10-21 12:06:02 | Attr = ]
DNSRSLVR.DLL.MU_ -> %SystemDrive%\DNSRSLVR.DLL.MU_ -> [Ver = | Size = 1133 bytes | Created Date = 2007-10-21 12:09:37 | Attr = ]
DNSRSLVR.DL_ -> %SystemDrive%\DNSRSLVR.DL_ -> [Ver = | Size = 22771 bytes | Created Date = 2007-10-21 12:07:59 | Attr = ]
HANDNS.AN_ -> %SystemDrive%\HANDNS.AN_ -> [Ver = | Size = 495 bytes | Created Date = 2007-10-21 12:08:12 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267964416 bytes | Created Date = 1601-01-02 23:00:00 | Attr = HS]
Inetpub -> %SystemDrive%\Inetpub -> [Folder | Created Date = 2007-10-20 08:58:38 | Attr = ]
liprefs.js -> %SystemDrive%\liprefs.js -> [Ver = | Size = 151 bytes | Created Date = 2007-10-20 09:53:46 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-10-23 19:17:01 | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 2007-10-23 18:02:50 | Attr = ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 2007-10-21 16:09:32 | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 2007-10-21 16:08:36 | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 2007-10-21 15:35:32 | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 2007-10-19 13:52:23 | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Created Date = 2007-10-19 13:51:12 | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 2007-10-19 13:48:02 | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 2007-10-23 19:11:42 | Attr = ]
cd32.exe -> %SystemRoot%\cd32.exe -> [Ver = | Size = 633555 bytes | Created Date = 2007-10-20 09:43:27 | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2007-10-24 16:12:40 | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 2007-10-23 18:14:31 | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 2007-10-21 16:10:11 | Attr = H ]
Netscape.INI -> %SystemRoot%\Netscape.INI -> [Ver = | Size = 0 bytes | Created Date = 2007-10-20 14:36:08 | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> [Ver = | Size = 51200 bytes | Created Date = 2007-10-23 19:16:32 | Attr = ]
uninst.exe -> %SystemRoot%\uninst.exe -> InstallShield Corporation, Inc. [Ver = 2.20.926.0 | Size = 299520 bytes | Created Date = 2007-10-20 09:41:59 | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 2007-10-21 16:12:01 | Attr = ]
axctrnm.h -> %System32%\axctrnm.h -> [Ver = | Size = 2024 bytes | Created Date = 2007-10-20 08:59:11 | Attr = ]
axperf.ini -> %System32%\axperf.ini -> [Ver = | Size = 10225 bytes | Created Date = 2007-10-20 08:59:11 | Attr = ]
Cache -> %System32%\Cache -> [Folder | Created Date = 2007-10-20 17:22:48 | Attr = ]
en-US -> %System32%\en-US -> [Folder | Created Date = 2007-10-21 16:12:00 | Attr = ]
infoctrs.h -> %System32%\infoctrs.h -> [Ver = | Size = 3276 bytes | Created Date = 2007-10-20 08:59:06 | Attr = ]
infoctrs.ini -> %System32%\infoctrs.ini -> [Ver = | Size = 11435 bytes | Created Date = 2007-10-20 08:59:06 | Attr = ]
Logfiles -> %System32%\Logfiles -> [Folder | Created Date = 2007-10-20 17:22:39 | Attr = ]
nabapi32.dll -> %System32%\nabapi32.dll -> Netscape Communications Corporation [Ver = 4.70.0.27 | Size = 61952 bytes | Created Date = 2007-10-20 09:43:44 | Attr = ]
ntfsdrct.h -> %System32%\ntfsdrct.h -> [Ver = | Size = 773 bytes | Created Date = 2007-10-20 09:01:20 | Attr = ]
ntfsdrct.ini -> %System32%\ntfsdrct.ini -> [Ver = | Size = 1037 bytes | Created Date = 2007-10-20 09:01:20 | Attr = ]
ntkrnlmp.exe -> %System32%\ntkrnlmp.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-10-23 18:45:47 | Attr = ]
ntkrpamp.exe -> %System32%\ntkrpamp.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-10-23 18:45:47 | Attr = ]
NvApps.xml -> %System32%\NvApps.xml -> [Ver = | Size = 0 bytes | Created Date = 2007-10-19 12:29:34 | Attr = ]
smtpctrs.h -> %System32%\smtpctrs.h -> [Ver = | Size = 8002 bytes | Created Date = 2007-10-20 09:01:21 | Attr = ]
smtpctrs.ini -> %System32%\smtpctrs.ini -> [Ver = | Size = 21791 bytes | Created Date = 2007-10-20 09:01:21 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> [Ver = | Size = 139776 bytes | Created Date = 2007-10-23 19:11:41 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 370688 bytes | Created Date = 2007-10-23 19:11:41 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> [Ver = | Size = 212480 bytes | Created Date = 2007-10-23 19:11:41 | Attr = ]
SYSTEM32 -> %System32%\SYSTEM32 -> [Folder | Created Date = 2007-10-20 17:23:09 | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-10-23 19:11:41 | Attr = ]
w3ctrs.h -> %System32%\w3ctrs.h -> [Ver = | Size = 5379 bytes | Created Date = 2007-10-20 08:59:12 | Attr = ]
w3ctrs.ini -> %System32%\w3ctrs.ini -> [Ver = | Size = 38576 bytes | Created Date = 2007-10-20 08:59:12 | Attr = ]
Files/Folders - Modified Within 30 days]
47999ed27b6b3619973bc500e450a97a -> %SystemDrive%\47999ed27b6b3619973bc500e450a97a -> [Folder | Modified Date = 2007-10-21 16:36:38 | Attr = ]
7262a8ee43e7f36fa7edf0 -> %SystemDrive%\7262a8ee43e7f36fa7edf0 -> [Folder | Modified Date = 2007-10-21 16:32:40 | Attr = ]
91abc3f5e86774baf905 -> %SystemDrive%\91abc3f5e86774baf905 -> [Folder | Modified Date = 2007-10-22 20:54:08 | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 2007-10-24 10:47:58 | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-10-25 13:41:24 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-10-20 16:02:36 | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2007-10-24 17:11:50 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267964416 bytes | Modified Date = 2007-10-25 13:45:26 | Attr = HS]
Inetpub -> %SystemDrive%\Inetpub -> [Folder | Modified Date = 2007-10-20 18:22:50 | Attr = ]
liprefs.js -> %SystemDrive%\liprefs.js -> [Ver = | Size = 151 bytes | Modified Date = 2007-10-20 15:32:36 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-10-22 23:23:18 | Attr = R ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-10-24 10:48:24 | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 2007-10-23 19:02:52 | Attr = ]
Slovarji -> %SystemDrive%\Slovarji -> [Folder | Modified Date = 2007-09-30 00:06:58 | Attr = ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 292 bytes | Modified Date = 2007-09-30 21:59:22 | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2007-09-30 21:59:22 | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-10-25 13:45:24 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-10-21 16:35:12 | Attr = H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 2007-10-21 17:09:34 | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 2007-10-21 17:08:38 | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Modified Date = 2007-10-21 16:35:34 | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 2007-10-19 14:52:26 | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Modified Date = 2007-10-19 14:51:22 | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 2007-10-19 14:48:04 | Attr = H ]
Album -> %SystemRoot%\Album -> [Folder | Modified Date = 2007-10-20 18:23:04 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-10-25 13:45:38 | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 2007-10-20 06:03:32 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-10-24 17:13:54 | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2007-10-24 17:12:42 | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 2007-10-23 19:14:48 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-10-21 17:14:30 | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 2007-10-21 17:11:22 | Attr = H ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 2007-10-21 17:09:52 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-10-22 13:28:40 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-10-20 18:23:10 | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 2007-10-21 17:11:50 | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 267993088 bytes | Modified Date = 2007-10-25 13:45:24 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2007-10-25 13:45:40 | Attr = ]
Netscape.INI -> %SystemRoot%\Netscape.INI -> [Ver = | Size = 0 bytes | Modified Date = 2007-10-20 15:36:10 | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 33914 bytes | Modified Date = 2007-10-20 22:08:08 | Attr = ]
ntsautodial.ini -> %SystemRoot%\ntsautodial.ini -> [Ver = | Size = 87 bytes | Modified Date = 2007-10-19 21:15:28 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-10-25 20:53:44 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-10-21 12:53:52 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-10-20 11:15:48 | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 2007-10-21 12:49:44 | Attr = H ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 2007-10-20 18:23:04 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 246 bytes | Modified Date = 2007-10-24 10:47:58 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2007-10-25 13:53:00 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-10-25 21:01:34 | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 2007-10-20 18:23:04 | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 2007-10-21 17:12:04 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1382 bytes | Modified Date = 2007-10-24 10:47:58 | Attr = ]
Disk Cleanup.job -> %SystemRoot%\tasks\Disk Cleanup.job -> [Ver = | Size = 262 bytes | Modified Date = 2007-10-25 15:39:02 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-10-25 13:45:50 | Attr = H ]
Cache -> %System32%\Cache -> [Folder | Modified Date = 2007-10-20 18:22:50 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-10-21 17:07:52 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-10-24 14:28:20 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-10-24 14:28:34 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-10-24 14:28:28 | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 2007-10-21 17:12:02 | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 2007-10-20 22:10:36 | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 2007-10-21 12:53:58 | Attr = ]
Logfiles -> %System32%\Logfiles -> [Folder | Modified Date = 2007-10-20 18:22:40 | Attr = ]
Microsoft -> %System32%\Microsoft -> [Folder | Modified Date = 2007-10-21 12:54:16 | Attr = S]
ntkrnlmp.exe -> %System32%\ntkrnlmp.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-10-23 19:45:48 | Attr = ]
ntkrpamp.exe -> %System32%\ntkrpamp.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-10-23 19:45:48 | Attr = ]
NvApps.xml -> %System32%\NvApps.xml -> [Ver = | Size = 0 bytes | Modified Date = 2007-10-25 13:47:32 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 67306 bytes | Modified Date = 2007-10-21 12:53:50 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 408144 bytes | Modified Date = 2007-10-21 12:53:50 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 525134 bytes | Modified Date = 2007-10-20 10:06:16 | Attr = ]
SYSTEM32 -> %System32%\SYSTEM32 -> [Folder | Modified Date = 2007-10-20 18:23:12 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-10-22 16:49:14 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-10-23 19:34:44 | Attr = ]
[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (267993088 bytes) ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2001-08-23 14:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 2007-03-27 09:49:00 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 2007-01-03 13:57:32 | Attr = ]
aspack , -> %System32%\Sase.ocx -> Sikander Soft [Ver = 2.3.6.1 | Size = 188416 bytes | Modified Date = 1999-12-23 00:42:42 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> [Ver = | Size = 139776 bytes | Modified Date = 2007-04-02 14:21:28 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2001-08-23 14:00:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2001-08-23 14:00:00 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 2004-08-04 07:41:38 | Attr = ]
< End of report >
47999ed27b6b3619973bc500e450a97a -> %SystemDrive%\47999ed27b6b3619973bc500e450a97a -> [Folder | Modified Date = 2007-10-21 16:36:38 | Attr = ]
7262a8ee43e7f36fa7edf0 -> %SystemDrive%\7262a8ee43e7f36fa7edf0 -> [Folder | Modified Date = 2007-10-21 16:32:40 | Attr = ]
91abc3f5e86774baf905 -> %SystemDrive%\91abc3f5e86774baf905 -> [Folder | Modified Date = 2007-10-22 20:54:08 | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 2007-10-24 10:47:58 | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-10-25 13:41:24 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-10-20 16:02:36 | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2007-10-24 17:11:50 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267964416 bytes | Modified Date = 2007-10-25 13:45:26 | Attr = HS]
Inetpub -> %SystemDrive%\Inetpub -> [Folder | Modified Date = 2007-10-20 18:22:50 | Attr = ]
liprefs.js -> %SystemDrive%\liprefs.js -> [Ver = | Size = 151 bytes | Modified Date = 2007-10-20 15:32:36 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-10-22 23:23:18 | Attr = R ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-10-24 10:48:24 | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 2007-10-23 19:02:52 | Attr = ]
Slovarji -> %SystemDrive%\Slovarji -> [Folder | Modified Date = 2007-09-30 00:06:58 | Attr = ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 292 bytes | Modified Date = 2007-09-30 21:59:22 | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2007-09-30 21:59:22 | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-10-25 13:45:24 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-10-21 16:35:12 | Attr = H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 2007-10-21 17:09:34 | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 2007-10-21 17:08:38 | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Modified Date = 2007-10-21 16:35:34 | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 2007-10-19 14:52:26 | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Modified Date = 2007-10-19 14:51:22 | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 2007-10-19 14:48:04 | Attr = H ]
Album -> %SystemRoot%\Album -> [Folder | Modified Date = 2007-10-20 18:23:04 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-10-25 13:45:38 | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 2007-10-20 06:03:32 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-10-24 17:13:54 | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2007-10-24 17:12:42 | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 2007-10-23 19:14:48 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-10-21 17:14:30 | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 2007-10-21 17:11:22 | Attr = H ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 2007-10-21 17:09:52 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-10-22 13:28:40 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-10-20 18:23:10 | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 2007-10-21 17:11:50 | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 267993088 bytes | Modified Date = 2007-10-25 13:45:24 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2007-10-25 13:45:40 | Attr = ]
Netscape.INI -> %SystemRoot%\Netscape.INI -> [Ver = | Size = 0 bytes | Modified Date = 2007-10-20 15:36:10 | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 33914 bytes | Modified Date = 2007-10-20 22:08:08 | Attr = ]
ntsautodial.ini -> %SystemRoot%\ntsautodial.ini -> [Ver = | Size = 87 bytes | Modified Date = 2007-10-19 21:15:28 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-10-25 20:53:44 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-10-21 12:53:52 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-10-20 11:15:48 | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 2007-10-21 12:49:44 | Attr = H ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 2007-10-20 18:23:04 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 246 bytes | Modified Date = 2007-10-24 10:47:58 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2007-10-25 13:53:00 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-10-25 21:01:34 | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 2007-10-20 18:23:04 | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 2007-10-21 17:12:04 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1382 bytes | Modified Date = 2007-10-24 10:47:58 | Attr = ]
Disk Cleanup.job -> %SystemRoot%\tasks\Disk Cleanup.job -> [Ver = | Size = 262 bytes | Modified Date = 2007-10-25 15:39:02 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-10-25 13:45:50 | Attr = H ]
Cache -> %System32%\Cache -> [Folder | Modified Date = 2007-10-20 18:22:50 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-10-21 17:07:52 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-10-24 14:28:20 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-10-24 14:28:34 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-10-24 14:28:28 | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 2007-10-21 17:12:02 | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 2007-10-20 22:10:36 | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 2007-10-21 12:53:58 | Attr = ]
Logfiles -> %System32%\Logfiles -> [Folder | Modified Date = 2007-10-20 18:22:40 | Attr = ]
Microsoft -> %System32%\Microsoft -> [Folder | Modified Date = 2007-10-21 12:54:16 | Attr = S]
ntkrnlmp.exe -> %System32%\ntkrnlmp.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-10-23 19:45:48 | Attr = ]
ntkrpamp.exe -> %System32%\ntkrpamp.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-10-23 19:45:48 | Attr = ]
NvApps.xml -> %System32%\NvApps.xml -> [Ver = | Size = 0 bytes | Modified Date = 2007-10-25 13:47:32 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 67306 bytes | Modified Date = 2007-10-21 12:53:50 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 408144 bytes | Modified Date = 2007-10-21 12:53:50 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 525134 bytes | Modified Date = 2007-10-20 10:06:16 | Attr = ]
SYSTEM32 -> %System32%\SYSTEM32 -> [Folder | Modified Date = 2007-10-20 18:23:12 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-10-22 16:49:14 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-10-23 19:34:44 | Attr = ]
[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (267993088 bytes) ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2001-08-23 14:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 2007-03-27 09:49:00 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 2007-01-03 13:57:32 | Attr = ]
aspack , -> %System32%\Sase.ocx -> Sikander Soft [Ver = 2.3.6.1 | Size = 188416 bytes | Modified Date = 1999-12-23 00:42:42 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> [Ver = | Size = 139776 bytes | Modified Date = 2007-04-02 14:21:28 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2001-08-23 14:00:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2001-08-23 14:00:00 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 2004-08-04 07:41:38 | Attr = ]
< End of report >
Shaba
Security Expert: Emeritus
Hi
Copy text below to Notepad and save it as delfiles.bat (save it as all files, *.*)
@ECHO OFF
attrib -h -r -s C:\Windows\system32\ntkrnlmp.exe
attrib -h -r -s C:\Windows\system32\ntkrpamp.exe
del /a /f /q C:\Windows\system32\ntkrnlmp.exe
del /a /f /q C:\Windows\system32\ntkrpamp.exe
copy /Y C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe C:\Windows\system32\ntkrnlmp.exe
copy /Y C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe C:\Windows\system32\ntkrpamp.exe
It should look like this ->
Doubleclick delfiles.bat; black dos windows will flash, that's normal.
(In case you are unsure how to create a bat file, take a look here with screenshots.)
Do another search and post back results, please
Copy text below to Notepad and save it as delfiles.bat (save it as all files, *.*)
@ECHO OFF
attrib -h -r -s C:\Windows\system32\ntkrnlmp.exe
attrib -h -r -s C:\Windows\system32\ntkrpamp.exe
del /a /f /q C:\Windows\system32\ntkrnlmp.exe
del /a /f /q C:\Windows\system32\ntkrpamp.exe
copy /Y C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe C:\Windows\system32\ntkrnlmp.exe
copy /Y C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe C:\Windows\system32\ntkrpamp.exe
It should look like this ->
Doubleclick delfiles.bat; black dos windows will flash, that's normal.
(In case you are unsure how to create a bat file, take a look here with screenshots.)
Do another search and post back results, please
Shaba
Security Expert: Emeritus
Hi
Please download Ntoskrnl_Check
Save to the Desktop.
Double click Ntoskrnl_check.exe and run it.
Please post the log produced in your reply.
Please download Ntoskrnl_Check
Save to the Desktop.
Double click Ntoskrnl_check.exe and run it.
Please post the log produced in your reply.