Vundo variant hijacks winlogon...

Hi

Please uninstall Spybot for now to make sure TeaTimer won't interfere fixing. You may reinstall it after system is clean :)

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here
 
log.txt

ComboFix 08-06-20.4 - pauld99 2008-06-22 8:12:54.1 - NTFSx86
Running from: Z:\DOWNLOADS\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\cookies.ini
C:\Windows\system32\CdMTuBeg.ini
C:\Windows\system32\cfeOrBeg.ini
C:\Windows\system32\cyylyxlv.ini
C:\Windows\system32\dKnTCcdd.ini
C:\Windows\system32\gsnmbndt.ini
C:\Windows\system32\ltvgljub.ini
C:\Windows\system32\MabryObj.dll
C:\Windows\system32\npWGNqss.ini
C:\Windows\system32\rbuptxpl.ini
C:\Windows\system32\sxadygxb.ini
C:\Windows\system32\txvuperq.ini
C:\Windows\system32\uvixxifj.ini
C:\Windows\system32\whosloyh.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-21 20:14 . 2008-06-21 20:19 98 --a--c--- C:\WINDOWS\detected.cmd
2008-06-21 19:37 . 2008-06-21 19:37 94 --a--c--- C:\WINDOWS\bdlog.cmd
2008-06-19 15:28 . 2008-06-19 15:28 <DIR> d----c--- C:\Documents and Settings\Administrator
2008-06-19 15:09 . 2008-06-19 15:09 39,424 --a--c--- C:\WINDOWS\zipinst.exe
2008-06-19 15:08 . 2008-06-19 15:08 <DIR> d----c--- C:\Deckard
2008-06-19 14:14 . 2008-06-19 14:14 <DIR> d--h-c--- C:\WINDOWS\$hf_mig$
2008-06-19 13:39 . 2008-06-19 13:39 <DIR> d----c--- C:\WINDOWS\l2schemas
2008-06-19 13:36 . 2006-12-29 00:31 19,569 --a--c--- C:\WINDOWS\000001_.tmp
2008-06-19 11:23 . 2008-06-19 11:23 <DIR> d----c--- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-06-18 22:58 . 2008-06-19 15:12 <DIR> d----c--- C:\WINDOWS\tmp
2008-06-18 15:13 . 2008-06-18 15:13 <DIR> d----c--- C:\Documents and Settings\aaerison\Application Data\Bitdefender
2008-06-18 13:41 . 2008-06-18 13:41 <DIR> d----c--- C:\Documents and Settings\pauld99\Application Data\Bitdefender
2008-06-18 12:27 . 2008-06-22 09:31 81,984 --a--c--- C:\WINDOWS\system32\bdod.bin
2008-06-18 12:22 . 2008-06-18 12:22 <DIR> d----c--- C:\Program Files\Softwin
2008-06-18 12:22 . 2008-06-18 12:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-18 12:20 . 2008-06-18 12:22 <DIR> d----c--- C:\Program Files\Common Files\Softwin
2008-06-18 10:23 . 2008-06-18 10:23 <DIR> d----c--- C:\Program Files\Trend Micro
2008-06-18 07:58 . 2008-06-18 13:51 <DIR> d----c--- C:\Program Files\RegScanner
2008-06-17 20:34 . 2008-06-17 20:34 66 --a--c--- C:\WINDOWS\ws40.ini
2008-06-17 13:36 . 2008-06-17 13:36 118 --a--c--- C:\WINDOWS\taplog.cmd
2008-06-17 11:09 . 2008-04-14 05:42 13,824 -----c--- C:\WINDOWS\system32\wscntfy.exe
2008-06-17 10:47 . 2008-06-17 10:47 8,887 --a--c--- C:\windows_protection.png
2008-06-17 09:26 . 2008-06-17 09:26 23,644 --a--c--- C:\tuvtmnhx.dll.bad.zip
2008-06-16 13:49 . 2008-06-16 13:48 173,456 --a--c--- C:\FixVundo.exe
2008-06-16 11:02 . 2008-06-18 15:47 <DIR> d----c--- C:\Documents and Settings\ntadmin
2008-06-15 13:41 . 2008-06-15 20:41 665 --ahsc--- C:\WINDOWS\system32\SrCKlRqr.ini
2008-06-15 12:21 . 2008-06-18 15:10 <DIR> d----c--- C:\Documents and Settings\aaerison
2008-06-13 08:08 . 2008-06-13 08:08 <DIR> d----c--- C:\WINDOWS\system32\scripting
2008-06-13 07:57 . 2008-04-13 22:06 144,384 --a--c--- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-06-13 07:57 . 2008-04-14 00:10 10,240 --a--c--- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-06-13 07:46 . 2008-06-13 07:46 99 --a--c--- C:\WINDOWS\rdc.cmd
2008-06-12 22:12 . 2008-05-07 00:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-06-12 22:12 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-12 22:11 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-30 10:16 . 2008-06-12 21:35 1,542 --ahsc--- C:\WINDOWS\system32\FgQBdMoq.ini
2008-05-29 14:07 . 2008-06-16 11:39 614 --a--c--- C:\WINDOWS\wininit.ini
2008-05-29 12:51 . 2008-06-17 17:53 126 --a--c--- C:\WINDOWS\regtask.cmd
2008-05-29 11:35 . 2008-05-29 11:57 1,387 --ahsc--- C:\WINDOWS\system32\bLkkmnnn.ini
2008-05-22 20:26 . 2008-05-22 21:15 35 --a--c--- C:\WINDOWS\iltwain.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 13:01 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-06-22 12:59 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-22 01:11 --------- dc----w C:\Documents and Settings\pauld99\Application Data\AdobeUM
2008-06-22 00:53 --------- dc----w C:\Program Files\Dell AIO Printer A920
2008-06-19 20:29 --------- dc----w C:\Program Files\Google
2008-06-18 03:02 --------- dc----w C:\Program Files\Microsoft Silverlight
2008-06-13 14:41 --------- dc----w C:\Documents and Settings\pauld99\Application Data\DNA
2008-06-13 11:05 272,128 -c--a-w C:\Windows\system32\drivers\bthport.sys
2008-05-23 11:52 --------- dc----w C:\Documents and Settings\pauld99\Application Data\BitTorrent
2008-05-08 14:02 203,136 -c--a-w C:\Windows\system32\drivers\rmcast.sys
2008-04-23 13:01 --------- dc----w C:\Program Files\DNA
2008-04-14 10:42 69,120 -c----w C:\Windows\notepad.exe
2008-04-14 10:42 50,688 -c--a-w C:\Windows\twain_32.dll
2008-04-14 10:42 32,866 -c----w C:\Windows\slrundll.exe
2008-04-14 10:42 283,648 -c----w C:\Windows\winhlp32.exe
2008-04-14 10:42 146,432 -c----w C:\Windows\regedit.exe
2008-04-14 10:42 10,752 -c----w C:\Windows\hh.exe
2008-04-14 10:42 1,033,728 -c--a-w C:\Windows\explorer.exe
2008-04-14 10:41 451,072 -c--a-w C:\Windows\AppPatch\aclayers.dll
2008-04-14 10:41 39,424 -c--a-w C:\Windows\AppPatch\acadproc.dll
2008-04-14 10:41 245,248 -c--a-w C:\Windows\AppPatch\acspecfc.dll
2008-04-14 10:41 141,312 -c--a-w C:\Windows\AppPatch\aclua.dll
2008-04-14 10:41 116,224 -c--a-w C:\Windows\AppPatch\acxtrnal.dll
2008-04-14 10:41 1,852,928 -c--a-w C:\Windows\AppPatch\acgenral.dll
2007-01-31 23:36 233,424 -c--a-w C:\Documents and Settings\pauld99\Application Data\GDIPFONTCACHEV1.DAT
2007-03-04 14:58 80 -csha-r C:\Windows\system32\6B7A0F6512.dll
2005-07-14 19:31 27,648 -csha-w C:\Windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 23:32 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"Jet Detection"="c:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 13:25 270336]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [ ]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-08-11 22:43 7630848]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-08-11 22:43 86016]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SchedulingAgent"="C:\Windows\system32\mstask.exe" [ ]

C:\Documents and Settings\pauld99\Start Menu\Programs\Startup\
SDK Tray Menu.lnk.disabled [2007-03-01 18:50:43 793]
Trillian.lnk.disabled [2006-11-05 17:25:06 702]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - Z:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 03:19:50 217193]
Acrobat Assistant.lnk.disabled [2007-02-02 12:53:10 1677]
Adobe Gamma Loader.exe.lnk.disabled [2006-10-10 01:12:01 896]
AutoStart IR.lnk.disabled [2006-11-29 16:15:20 588]
HOTSYNCSHORTCUTNAME.lnk.disabled [2007-08-21 21:21:26 661]
Microsoft Office.lnk.disabled [2007-02-22 16:35:19 1580]
WinZip Quick Pick.lnk.disabled [2007-01-19 13:30:26 1524]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPublishingWizard"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= ctwdm32.dll
"msvideo"= o100vc.dll
"VIDC.I420"= i263_32.drv
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Nero DriveSpeed"=C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
"NeroCheck"=C:\Windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"z:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP 135

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 SVKP;SVKP;C:\Windows\system32\SVKP.sys [2006-11-20 00:32]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\Windows\system32\drivers\HCWBT8XX.sys [2006-01-25 18:14]
S3 scsiscan;SCSI Scanner Driver;C:\Windows\system32\DRIVERS\scsiscan.sys [2008-04-14 00:15]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 06:00:00 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-06-22 14:35:00 C:\Windows\Tasks\User_Feed_Synchronization-{5678D393-1137-432C-86AC-EBF0BB7EA42C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 09:31:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
.
**************************************************************************
.
Completion time: 2008-06-22 9:38:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-22 14:38:40

Pre-Run: 20,650,868,736 bytes free
Post-Run: 20,983,570,432 bytes free

207 --- E O F --- 2008-06-18 02:40:12
 
Hi

Do you recognize following files? If not upload them to http://virusscan.jotti.org and post back the results:
C:\windows_protection.png
C:\WINDOWS\regtask.cmd
C:\WINDOWS\taplog.cmd


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\000001_.tmp
C:\tuvtmnhx.dll.bad.zip
C:\FixVundo.exe
C:\WINDOWS\system32\SrCKlRqr.ini
C:\WINDOWS\system32\FgQBdMoq.ini
C:\WINDOWS\system32\bLkkmnnn.ini


Save this as
CFScript


CFScript.gif


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings and select the following:
Scan using the following Anti-Virus database:​
  • Extended (If available, otherwise Standard)
Scan Options:​
  • Scan Archives
  • Scan Mail Bases
  • Click OK.
  • Under
    select a target to scan
    , select My Computer.
  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
Once the scan is complete:
  • Click on the Save as Text button.
  • Save the file to your desktop.
  • Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt log (without forgetting above meantioned ComboFix resultant log) too.


Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.
 
Blade81 said:
Hi
C:\windows_protection.png
Click to expand...
That is the image file that I made for the popup anytime I use IE to download a fix, I uploaded it in one of my messages earlier...

Blade81 said:
Hi
C:\WINDOWS\regtask.cmd
Click to expand...
Code: 
@echo example: REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
Blade81 said:
Hi
C:\WINDOWS\taplog.cmd
Click to expand...
Code: 
tail -f "C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt"
 
log.txt

Blade81 said:
Hi
Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\000001_.tmp
C:\tuvtmnhx.dll.bad.zip
C:\FixVundo.exe
C:\WINDOWS\system32\SrCKlRqr.ini
C:\WINDOWS\system32\FgQBdMoq.ini
C:\WINDOWS\system32\bLkkmnnn.ini


Save this as
CFScript


CFScript.gif


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Click to expand...

ComboFix 08-06-20.4 - pauld99 2008-06-22 16:15:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.158 [GMT -5:00]
Running from: Z:\DOWNLOADS\ComboFix.exe
Command switches used :: Z:\DOWNLOADS\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\FixVundo.exe
C:\WINDOWS\000001_.tmp
C:\WINDOWS\system32\bLkkmnnn.ini
C:\WINDOWS\system32\FgQBdMoq.ini
C:\WINDOWS\system32\SrCKlRqr.ini
.

((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-22 15:16 . 2008-06-22 15:16 <DIR> d----c--- C:\Program Files\Pro Imaging Powertoys
2008-06-22 15:16 . 2008-06-22 15:16 <DIR> d----c--- C:\Program Files\Common Files\Nikon
2008-06-22 15:02 . 2008-06-22 15:02 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab
2008-06-22 15:02 . 2008-06-22 15:02 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-22 15:01 . 2008-06-22 15:01 <DIR> d----c--- C:\WINDOWS\LastGood
2008-06-22 14:09 . 2003-06-25 16:05 266,360 --a--c--- C:\WINDOWS\system32\TweakUI.exe
2008-06-22 14:09 . 2002-06-21 15:09 160,217 --a--c--- C:\WINDOWS\system32\PowerToysLicense.rtf
2008-06-22 12:55 . 2008-06-22 12:55 <DIR> d----c--- C:\Documents and Settings\sqlwriter
2008-06-22 12:55 . 2008-06-22 12:55 <DIR> d----c--- C:\Documents and Settings\sqlservr
2008-06-22 12:54 . 2008-06-22 12:54 <DIR> d----c--- C:\Documents and Settings\sqlbrowser
2008-06-22 11:42 . 2008-06-22 12:39 <DIR> d----c--- C:\Documents and Settings\pauld99\SecurityScans
2008-06-22 11:01 . 2008-03-25 02:37 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2008-06-22 11:00 . 2008-06-22 11:01 <DIR> d----c--- C:\Program Files\Java
2008-06-22 10:59 . 2008-06-22 10:59 <DIR> d----c--- C:\Program Files\Common Files\Java
2008-06-21 20:14 . 2008-06-21 20:19 98 --a--c--- C:\WINDOWS\detected.cmd
2008-06-21 19:37 . 2008-06-21 19:37 94 --a--c--- C:\WINDOWS\bdlog.cmd
2008-06-19 15:28 . 2008-06-19 15:28 <DIR> d----c--- C:\Documents and Settings\Administrator
2008-06-19 15:09 . 2008-06-19 15:09 39,424 --a--c--- C:\WINDOWS\zipinst.exe
2008-06-19 15:08 . 2008-06-19 15:08 <DIR> d----c--- C:\Deckard
2008-06-19 14:14 . 2008-06-19 14:14 <DIR> d--h-c--- C:\WINDOWS\$hf_mig$
2008-06-19 13:39 . 2008-06-19 13:39 <DIR> d----c--- C:\WINDOWS\l2schemas
2008-06-19 11:23 . 2008-06-19 11:23 <DIR> d----c--- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-06-18 22:58 . 2008-06-19 15:12 <DIR> d----c--- C:\WINDOWS\tmp
2008-06-18 15:13 . 2008-06-18 15:13 <DIR> d----c--- C:\Documents and Settings\aaerison\Application Data\Bitdefender
2008-06-18 13:41 . 2008-06-18 13:41 <DIR> d----c--- C:\Documents and Settings\pauld99\Application Data\Bitdefender
2008-06-18 12:27 . 2008-06-22 16:17 81,984 --a--c--- C:\WINDOWS\system32\bdod.bin
2008-06-18 12:22 . 2008-06-18 12:22 <DIR> d----c--- C:\Program Files\Softwin
2008-06-18 12:22 . 2008-06-18 12:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-18 12:20 . 2008-06-18 12:22 <DIR> d----c--- C:\Program Files\Common Files\Softwin
2008-06-18 10:23 . 2008-06-18 10:23 <DIR> d----c--- C:\Program Files\Trend Micro
2008-06-18 07:58 . 2008-06-18 13:51 <DIR> d----c--- C:\Program Files\RegScanner
2008-06-17 20:34 . 2008-06-17 20:34 66 --a--c--- C:\WINDOWS\ws40.ini
2008-06-17 13:36 . 2008-06-17 13:36 118 --a--c--- C:\WINDOWS\taplog.cmd
2008-06-17 11:09 . 2008-04-14 05:42 13,824 -----c--- C:\WINDOWS\system32\wscntfy.exe
2008-06-17 10:47 . 2008-06-17 10:47 8,887 --a--c--- C:\windows_protection.png
2008-06-16 11:02 . 2008-06-18 15:47 <DIR> d----c--- C:\Documents and Settings\ntadmin
2008-06-15 12:21 . 2008-06-18 15:10 <DIR> d----c--- C:\Documents and Settings\aaerison
2008-06-13 08:08 . 2008-06-13 08:08 <DIR> d----c--- C:\WINDOWS\system32\scripting
2008-06-13 07:57 . 2008-04-13 22:06 144,384 --a--c--- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-06-13 07:57 . 2008-04-14 00:10 10,240 --a--c--- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-06-13 07:46 . 2008-06-13 07:46 99 --a--c--- C:\WINDOWS\rdc.cmd
2008-06-12 22:12 . 2008-05-07 00:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-06-12 22:12 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-12 22:11 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-29 14:07 . 2008-06-16 11:39 614 --a--c--- C:\WINDOWS\wininit.ini
2008-05-29 12:51 . 2008-06-17 17:53 126 --a--c--- C:\WINDOWS\regtask.cmd
2008-05-22 20:26 . 2008-05-22 21:15 35 --a--c--- C:\WINDOWS\iltwain.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 16:40 --------- dc----w C:\Program Files\Common Files\Network Associates
2008-06-22 13:01 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-06-22 12:59 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-22 01:11 --------- dc----w C:\Documents and Settings\pauld99\Application Data\AdobeUM
2008-06-22 00:53 --------- dc----w C:\Program Files\Dell AIO Printer A920
2008-06-19 20:29 --------- dc----w C:\Program Files\Google
2008-06-18 03:02 --------- dc----w C:\Program Files\Microsoft Silverlight
2008-06-13 14:41 --------- dc----w C:\Documents and Settings\pauld99\Application Data\DNA
2008-06-13 11:05 272,128 -c--a-w C:\Windows\system32\drivers\bthport.sys
2008-05-23 11:52 --------- dc----w C:\Documents and Settings\pauld99\Application Data\BitTorrent
2008-05-08 14:02 203,136 -c--a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 -c--a-w C:\Windows\system32\quartz.dll
2008-04-23 13:01 --------- dc----w C:\Program Files\DNA
2008-04-23 04:16 826,368 -c--a-w C:\Windows\system32\wininet.dll
2008-04-14 10:55 1,804 -c--a-w C:\Windows\system32\dcache.bin
2008-04-14 10:46 329,728 -c--a-w C:\Windows\system32\netsetup.exe
2008-04-14 10:43 92,424 -c--a-w C:\Windows\system32\rdpdd.dll
2008-04-14 10:43 87,176 -c--a-w C:\Windows\system32\rdpwsx.dll
2008-04-14 10:43 12,168 -c--a-w C:\Windows\system32\tsddd.dll
2008-04-14 10:41 98,304 -c--a-w C:\Windows\system32\actxprxy.dll
2008-04-14 10:40 53,279 -c--a-w C:\Windows\system32\odbcji32.dll
2008-04-14 10:40 4,126 -c--a-w C:\Windows\system32\msdxmlc.dll
2008-04-14 10:40 3,584 -c--a-w C:\Windows\system32\msafd.dll
2008-04-14 06:00 1,845,632 -c--a-w C:\Windows\system32\win32k.sys
2008-04-14 05:57 2,188,928 -c--a-w C:\Windows\system32\ntoskrnl.exe
2008-04-14 05:15 17,664 -c--a-w C:\Windows\system32\watchdog.sys
2008-04-14 05:13 9,728 -c--a-w C:\Windows\system32\comsdupd.exe
2008-04-14 05:13 12,800 -c--a-w C:\Windows\system32\spiisupd.exe
2008-04-14 05:01 7,424 -c--a-w C:\Windows\system32\kd1394.dll
2008-04-14 05:01 2,065,792 -c--a-w C:\Windows\system32\ntkrnlpa.exe
2008-04-14 05:00 61,440 -c--a-w C:\Windows\system32\msvcrt40.dll
2008-04-14 04:45 76,800 -c--a-w C:\Windows\system32\msshavmsg.dll
2008-04-14 04:09 438,784 -c--a-w C:\Windows\system32\xpob2res.dll
2008-04-14 04:09 2,897,920 -c--a-w C:\Windows\system32\xpsp2res.dll
2008-04-14 04:09 187,392 -c--a-w C:\Windows\system32\xpsp1res.dll
2008-04-14 04:07 208,384 -c--a-w C:\Windows\system32\rsaenh.dll
2008-04-14 04:07 138,752 -c--a-w C:\Windows\system32\dssenh.dll
2008-04-14 03:57 79,872 -c--a-w C:\Windows\system32\msxml6r.dll
2008-04-14 03:56 94,208 -c--a-w C:\Windows\system32\odbcint.dll
2008-04-14 03:56 12,288 -c--a-w C:\Windows\system32\odbcp32r.dll
2008-04-14 03:56 12,288 -c--a-w C:\Windows\system32\mscpx32r.dll
2008-04-14 03:54 20,480 -c--a-w C:\Windows\system32\msorc32r.dll
2008-04-14 03:51 733,696 -c--a-w C:\Windows\system32\qedwipes.dll
2008-04-14 03:39 4,096 -c--a-w C:\Windows\system32\dsprpres.dll
2008-04-14 03:33 63,488 -c--a-w C:\Windows\system32\browselc.dll
2008-04-14 03:33 549,376 -c--a-w C:\Windows\system32\shdoclc.dll
2008-04-14 03:18 1,647,616 -c--a-w C:\Windows\system32\winbrand.dll
2008-04-14 03:15 216,064 -c--a-w C:\Windows\system32\moricons.dll
2008-04-14 02:53 48,128 -c--a-w C:\Windows\system32\msprivs.dll
2008-04-14 02:52 48,128 -c--a-w C:\Windows\system32\inetres.dll
2008-04-14 02:09 884,736 -c--a-w C:\Windows\system32\msimsg.dll
2007-01-31 23:36 233,424 -c--a-w C:\Documents and Settings\pauld99\Application Data\GDIPFONTCACHEV1.DAT
2007-03-04 14:58 80 -csha-r C:\Windows\system32\6B7A0F6512.dll
2005-07-14 19:31 27,648 -csha-w C:\Windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-22_ 9.38.09.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 13:17:58 2,048 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-22 18:41:33 2,048 --s-a-w C:\Windows\bootstat.dat
+ 2007-03-23 01:07:56 91,488 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-03-23 01:07:54 80,224 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-04-19 19:53:52 137,568 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 19:41:06 10,352,472 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 20:09:30 167,256 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 19:53:52 127,328 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 19:54:04 183,136 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-06-18 23:16:32 12,259,160 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 19:43:46 7,613,280 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 19:53:44 106,336 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 19:42:14 200,032 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 19:53:56 149,856 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 19:53:24 69,984 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-23 01:07:10 41,824 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 01:07:54 78,168 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 01:22:02 103,264 -c--a-r C:\Windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2008-06-22 19:56:11 25,214 -c--a-r C:\Windows\Installer\{4E475FD4-4513-4B1D-8DDA-43912B068C99}\ARPPRODUCTICON.exe
+ 2008-06-22 19:56:11 25,214 -c--a-r C:\Windows\Installer\{4E475FD4-4513-4B1D-8DDA-43912B068C99}\startmenu.exe
- 2008-02-15 09:12:12 167,936 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-06-22 20:55:05 167,936 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-02-15 09:12:12 2,560 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-06-22 20:55:05 2,560 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-02-15 09:12:12 34,304 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-06-22 20:55:05 34,304 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-02-15 09:12:12 8,192 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-06-22 20:55:05 8,192 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-02-15 09:12:12 3,584 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-06-22 20:55:05 3,584 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-02-15 09:12:13 114,688 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-06-22 20:55:05 114,688 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-02-15 09:12:12 16,384 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-06-22 20:55:05 16,384 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-02-15 09:12:12 30,720 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-06-22 20:55:05 30,720 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-02-15 09:12:13 22,528 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-06-22 20:55:05 22,528 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-02-15 09:12:12 45,056 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-06-22 20:55:05 45,056 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-02-15 09:12:12 90,112 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-06-22 20:55:05 90,112 -c--a-r C:\Windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-03-03 03:17:27 12,288 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-22 20:56:31 12,288 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-03 03:17:27 135,168 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-22 20:56:31 135,168 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-03 03:17:27 11,264 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-22 20:56:31 11,264 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-03 03:17:27 27,136 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-22 20:56:31 27,136 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-03 03:17:27 4,096 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-22 20:56:31 4,096 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-03 03:17:28 794,624 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-22 20:56:31 794,624 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-03 03:17:28 23,040 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-22 20:56:31 23,040 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-03 03:17:27 286,720 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-22 20:56:31 286,720 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-03 03:17:27 409,600 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-22 20:56:31 409,600 -c--a-r C:\Windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-22 19:58:25 23,558 -c--a-r C:\Windows\Installer\{B37C842A-B624-46B8-A727-654E72F1C91A}\ARPPRODUCTICON.exe
+ 2008-06-22 19:58:25 23,558 -c--a-r C:\Windows\Installer\{B37C842A-B624-46B8-A727-654E72F1C91A}\PowerCalc.exe
+ 2008-06-22 19:54:37 42,166 -c--a-r C:\Windows\Installer\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}\ARPPRODUCTICON.exe
+ 2002-03-19 22:30:00 11,328 -c--a-w C:\Windows\system32\cmdhere.dll
+ 2004-07-15 21:47:48 616,960 -c--a-w C:\Windows\system32\htmlgen.exe
+ 2008-03-25 06:28:39 135,168 -c--a-w C:\Windows\system32\java.exe
+ 2008-03-25 06:28:43 135,168 -c--a-w C:\Windows\system32\javaw.exe
+ 2008-03-25 07:37:01 139,264 -c--a-w C:\Windows\system32\javaws.exe
+ 2005-05-24 17:27:16 213,048 -c--a-w C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 -c--a-w C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 -c--a-w C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2002-03-19 22:30:00 21,504 -c--a-w C:\Windows\system32\phototoys.dll
+ 2002-03-19 22:30:00 216,576 -c--a-w C:\Windows\system32\PowerCalc.exe
+ 2002-03-19 22:30:00 90,112 -c--a-w C:\Windows\system32\slideshow.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 23:32 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"Jet Detection"="c:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 13:25 270336]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [ ]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-08-11 22:43 7630848]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-08-11 22:43 86016]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SchedulingAgent"="C:\Windows\system32\mstask.exe" [ ]

C:\Documents and Settings\pauld99\Start Menu\Programs\Startup\
SDK Tray Menu.lnk.disabled [2007-03-01 18:50:43 793]
Trillian.lnk.disabled [2006-11-05 17:25:06 702]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - Z:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 03:19:50 217193]
Acrobat Assistant.lnk.disabled [2007-02-02 12:53:10 1677]
Adobe Gamma Loader.exe.lnk.disabled [2006-10-10 01:12:01 896]
AutoStart IR.lnk.disabled [2006-11-29 16:15:20 588]
HOTSYNCSHORTCUTNAME.lnk.disabled [2007-08-21 21:21:26 661]
Microsoft Office.lnk.disabled [2007-02-22 16:35:19 1580]
WinZip Quick Pick.lnk.disabled [2007-01-19 13:30:26 1524]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPublishingWizard"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= ctwdm32.dll
"msvideo"= o100vc.dll
"VIDC.I420"= i263_32.drv
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Nero DriveSpeed"=C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
"NeroCheck"=C:\Windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"z:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP 135

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 SVKP;SVKP;C:\Windows\system32\SVKP.sys [2006-11-20 00:32]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\Windows\system32\drivers\HCWBT8XX.sys [2006-01-25 18:14]
S3 scsiscan;SCSI Scanner Driver;C:\Windows\system32\DRIVERS\scsiscan.sys [2008-04-14 00:15]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 06:00:00 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-06-22 21:20:00 C:\Windows\Tasks\User_Feed_Synchronization-{5678D393-1137-432C-86AC-EBF0BB7EA42C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 16:19:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-22 16:22:35
ComboFix-quarantined-files.txt 2008-06-22 21:22:21
ComboFix2.txt 2008-06-22 14:38:48

Pre-Run: 21,600,690,176 bytes free
Post-Run: 21,768,749,056 bytes free

296 --- E O F --- 2008-06-22 19:48:05
 
ack... only 6% so far...

I have over 500k files to scan... Although, I notcied in the BD scan that there are some new directories that I don't recognize, and most of the ones the BD identified were there... hopefully Kapersky finds the same stuff...
 
Hi

Yes, Kaspersky scan usually takes quite long. Let's see the log when ready :)
 
I wouldn't give up at this stage of process. We've done well so far :bigthumb:
 
I saw a poster like that once...

:funny:It had a picture of a cat with it's paws over a clothes line, and a caption that read "Hang in there kitty".

It was copyriight 1976. I'm pretty sure the cat is dead by now ;)
 
Crashed again....

OK! now i'm mad, i'm turning off everything that windows will let me turn off and trying this one more time before I format C:
 
Should I disable system restore...

and flush the cache? (knowing that if the registry crashes again, I have no backup)

:oops: Bit defender was still running... heh... ok, that's off now. Could explain why it was taking so long, any maybe why it crashed... :red:
 
Kapersky.20080625.1614.txt

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-06-25 16:13
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/06/2008
Kaspersky Anti-Virus database records: 881045
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
H:\
Z:\

Scan Statistics:
Total number of scanned objects: 369411
Number of viruses found: 28
Number of infected objects: 138
Number of suspicious objects: 76
Duration of the scan process: 20:14:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Documents\PAULD99\spoofmail.src.txt/[From aw-confirm@ebay.com][Date Thu, 27 May 2004 23:31:39 -0600]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Documents\PAULD99\spoofmail.src.txt Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Documents\PAULD99\_Urgent Fraud Prevention Group Notice_.eml/[From aw-confirm@ebay.com][Date Thu, 27 May 2004 23:31:39 -0600]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Documents\PAULD99\_Urgent Fraud Prevention Group Notice_.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\pauld99\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\pauld99\Favorites\Compaq Recommended Sites\AltaVista Live.URL Object is locked skipped
C:\Documents and Settings\pauld99\Favorites\Compaq Recommended Sites\AltaVista Search.URL Object is locked skipped
C:\Documents and Settings\pauld99\Favorites\Compaq Recommended Sites\AltaVista.URL Object is locked skipped
C:\Documents and Settings\pauld99\Favorites\Compaq Recommended Sites\Business Community.URL Object is locked skipped
C:\Documents and Settings\pauld99\Favorites\Compaq Recommended Sites\Compaq.URL Object is locked skipped
C:\Documents and Settings\pauld99\Favorites\Compaq Recommended Sites\eCommerce.URL Object is locked skipped
C:\Documents and Settings\pauld99\Local Settings\Application Data\Identities\{EED02091-47AD-4EDD-A0AA-0B2D9D1B9B0F}\Microsoft\Outlook Express\andtatt71@hotmail.com - Deleted Items.dbx/[From increase-si'ze <Brokenheart40@yahoo.com.mx>][Date Tue, 28 Mar 2006 17:15:15 -0800 (EST)]/Brokenheart40_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\pauld99\Local Settings\Application Data\Identities\{EED02091-47AD-4EDD-A0AA-0B2D9D1B9B0F}\Microsoft\Outlook Express\andtatt71@hotmail.com - Deleted Items.dbx MailMSOutlook5: infected - 1 skipped
C:\Documents and Settings\pauld99\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\pauld99\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\pauld99\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pauld99\Local Settings\History\History.IE5\MSHist012008062420080625\index.dat Object is locked skipped
C:\Documents and Settings\pauld99\Local Settings\Temp\hsperfdata_pauld99\3052 Object is locked skipped
C:\Documents and Settings\pauld99\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\pauld99\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pauld99\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\pauld99\ntuser.dat.LOG Object is locked skipped
C:\ipsec.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP461\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/eBay/Disputes/01 Jun 2004 14:53 from eBay Customer Support:RE: SP91011 - Your .eml/[From "paul aerison" <paulaerison@hotmail.com>][Date tue, 1 jun 2004 08:39:11 -0600]/spoofmail.src.txt/[From aw-confirm@ebay.com][Date thu, 27 may 2004 23:31:39 -0600]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/eBay/Disputes/01 Jun 2004 14:53 from eBay Customer Support:RE: SP91011 - Your .eml/[From "paul aerison" <paulaerison@hotmail.com>][Date tue, 1 jun 2004 08:39:11 -0600]/spoofmail.src.txt Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/eBay/Disputes/01 Jun 2004 14:53 from eBay Customer Support:RE: SP91011 - Your .eml/[From "paul aerison" <paulaerison@hotmail.com>][Date tue, 1 jun 2004 08:39:11 -0600]/_urgent/[From from 8bit to quoted-printable by][Date thu, 27 may 2004 23:31:39 -0600]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/eBay/Disputes/01 Jun 2004 14:53 from eBay Customer Support:RE: SP91011 - Your .eml/[From "paul aerison" <paulaerison@hotmail.com>][Date tue, 1 jun 2004 08:39:11 -0600]/_urgent Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/eBay/Disputes/01 Jun 2004 14:53 from eBay Customer Support:RE: SP91011 - Your .eml Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/STUFF/24 Mar 2004 02:14 to paulaerison@hotmail.com:Returned mail: see /24 Mar 2004 02:17 from paulaerison@hotmail.com:Mail Delivery (fa.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/STUFF/24 Mar 2004 02:14 to paulaerison@hotmail.com:Returned mail: see /24 Mar 2004 02:17 from paulaerison@hotmail.com:Mail Delivery (fa/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/STUFF/24 Mar 2004 02:14 to paulaerison@hotmail.com:Returned mail: see /24 Mar 2004 02:17 from paulaerison@hotmail.com:Mail Delivery (fa.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Inbox/STUFF/24 Mar 2004 02:14 to paulaerison@hotmail.com:Returned mail: see /24 Mar 2004 02:17 from paulaerison@hotmail.com:Mail Delivery (fa/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Sent Items/20 Jul 2006 19:53 from Paul Aerison:Fw: *Urgent Fraud Prevention/spoofmail.src.txt/[From aw-confirm@ebay.com][Date Thu, 27 May 2004 23:31:39 -0600]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Sent Items/20 Jul 2006 19:53 from Paul Aerison:Fw: *Urgent Fraud Prevention/spoofmail.src.txt Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Sent Items/20 Jul 2006 19:53 from Paul Aerison:Fw: *Urgent Fraud Prevention/28 May 2004 04:31 to paulaerison@hotmail.com:*Urgent Fraud Preve.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\BABS\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst MailMSMaill: infected - 2, suspicious - 10 skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\Archive.pst/Archive Folders/Sent Items/11 Feb 2002 19:10 to 'cwaite@sdcr.com':radman/radmin20.zip/RADMIN20.EXE/R_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\Archive.pst/Archive Folders/Sent Items/11 Feb 2002 19:10 to 'cwaite@sdcr.com':radman/radmin20.zip/RADMIN20.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\Archive.pst/Archive Folders/Sent Items/11 Feb 2002 19:10 to 'cwaite@sdcr.com':radman/radmin20.zip/RADMIN20.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\Archive.pst/Archive Folders/Sent Items/11 Feb 2002 19:10 to 'cwaite@sdcr.com':radman/radmin20.zip/RADMIN20.EXE/Radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\Archive.pst/Archive Folders/Sent Items/11 Feb 2002 19:10 to 'cwaite@sdcr.com':radman/radmin20.zip/RADMIN20.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\Archive.pst/Archive Folders/Sent Items/11 Feb 2002 19:10 to 'cwaite@sdcr.com':radman/radmin20.zip Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\Archive.pst MailMSMaill: infected - 6 skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/13 May 2002 14:39 from info:952.933.3188.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/14 May 2002 17:41 from info:Re:look,my beautiful girl friend.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/14 May 2002 21:42 from rickd:952.933.3188.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/22 May 2002 15:19 from bob:Language.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/22 May 2002 19:54 from generaldating:Learn more about how we use.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/23 May 2002 20:21 from joon-bj:CNET Networks, Inc. All rights re.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/25 May 2002 03:27 from Lewis:Welcome to my hometown.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/26 May 2002 16:14 from ADDRphishnbs:ONMOUSEOUT.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/27 May 2002 17:28 from welcome:VULGAR TEENS.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/28 May 2002 11:32 from sales:TARGET.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/28 May 2002 14:04 from info:A powful tool.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/29 May 2002 02:35 from mail:Don't drink too much.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/29 May 2002 18:39 from scarlett747:ACCESSKEY.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/29 May 2002 21:55 from Mail Delivery Subsystem:Returned mail: se/29 May 2002 21:51 from sales:Marginwidth.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/30 May 2002 03:18 from kmullall:Parent.frames.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/30 May 2002 15:45 from daryl:Background.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/30 May 2002 21:33 from Mbright13:So cool a flash,enjoy it.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/31 May 2002 02:21 from EYIWatchDogAP:Height.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/31 May 2002 14:12 from yamelis:Hi,sales,let's be friends.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/31 May 2002 17:01 from can:Welcome to my hometown.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/01 Jun 2002 08:08 from YogaStore:A funny website.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/02 Jun 2002 02:27 from bto4:Let's be friends.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/02 Jun 2002 21:06 from Cyberdetective:Fw:the Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/03 Jun 2002 02:54 from help:Welcome to my hometown.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/03 Jun 2002 22:47 from name:A good tool.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/04 Jun 2002 03:26 from bVen:A special powful tool.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/05 Jun 2002 02:58 from Munich:34, 291, 99.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/07 Jun 2002 02:40 from 20Prahlada:Honey.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/08 Jun 2002 12:02 from geography:Button to see the latest versio.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/10 Jun 2002 18:57 from xanajdu:Fw:sales,questionnaire.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/11 Jun 2002 16:44 from sales:CELLPADDING.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/11 Jun 2002 18:50 from BobCarlson:Meeting notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/12 Jun 2002 03:39 from LA-news:A new website.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/12 Jun 2002 15:49 from sjtincat1:Tabindex.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/13 Jun 2002 00:16 from kfa01:Happy Lady Day.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/13 Jun 2002 01:02 from askus:Navigator.userAgent.indexOf(.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Deleted Items/13 Jun 2002 05:16 from melaniemccormack:A WinXP patch.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Sent Items/29 Apr 2002 15:04 to 'westmarine':RE: Arrow and select a languag.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Sent Items/06 May 2002 14:20 to Paul Dinwiddio (pauld99@ncrscomplete.com):F.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Sent Items/06 May 2002 14:20 to Paul Dinwiddio (pauld99@ncrscomplete.com):F/05 May 2002 20:34 from Karina94:952.933.3188.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Sent Items/22 May 2002 15:40 to 'bob':RE: Language.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst/Personal Folders/Sent Items/30 May 2002 15:42 to 'daryl':RE: Background.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\Drive E\users\arte21\My Documents\mail\personal.pst MailMSMaill: suspicious - 42 skipped
Z:\BACKUPS\Drive E\users\davee94\Arts Portable.zip/NCRS_S.8.02.0033/NCRS-Pro 8.02.0033 source and support/radmin20.zip/RADMIN20.EXE/R_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\davee94\Arts Portable.zip/NCRS_S.8.02.0033/NCRS-Pro 8.02.0033 source and support/radmin20.zip/RADMIN20.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\davee94\Arts Portable.zip/NCRS_S.8.02.0033/NCRS-Pro 8.02.0033 source and support/radmin20.zip/RADMIN20.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\davee94\Arts Portable.zip/NCRS_S.8.02.0033/NCRS-Pro 8.02.0033 source and support/radmin20.zip/RADMIN20.EXE/Radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\davee94\Arts Portable.zip/NCRS_S.8.02.0033/NCRS-Pro 8.02.0033 source and support/radmin20.zip/RADMIN20.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\davee94\Arts Portable.zip/NCRS_S.8.02.0033/NCRS-Pro 8.02.0033 source and support/radmin20.zip Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\Drive E\users\davee94\Arts Portable.zip ZIP: infected - 6 skipped
Z:\BACKUPS\emallpos\-_downloads\Serv-U_3.1\susetup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.3103 skipped
Z:\BACKUPS\emallpos\-_downloads\Serv-U_3.1\susetup.exe ZIP: infected - 1 skipped
Z:\BACKUPS\emallpos\-_downloads\ServerSoftware\radmin21 + key.zip/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\emallpos\-_downloads\ServerSoftware\radmin21 + key.zip/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\emallpos\-_downloads\ServerSoftware\radmin21 + key.zip/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
Z:\BACKUPS\emallpos\-_downloads\ServerSoftware\radmin21 + key.zip/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
Z:\BACKUPS\emallpos\-_downloads\ServerSoftware\radmin21 + key.zip/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
Z:\BACKUPS\emallpos\-_downloads\ServerSoftware\radmin21 + key.zip ZIP: infected - 5 skipped
Z:\BACKUPS\emallpos\-_downloads\ServerSoftware\tightvnc-1.2.6-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
Z:\BACKUPS\emallpos\-_downloads\ServerSoftware\tightvnc-1.2.6-setup.exe Inno: infected - 1 skipped
Z:\BACKUPS\emallpos\-_inetpub\www\www.thecashdrawer.com\downloads\RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\emallpos\-_inetpub\www\www.thecashdrawer.com\downloads\RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\emallpos\-_inetpub\www\www.thecashdrawer.com\downloads\RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
Z:\BACKUPS\emallpos\-_inetpub\www\www.thecashdrawer.com\downloads\RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
Z:\BACKUPS\emallpos\-_inetpub\www\www.thecashdrawer.com\downloads\RADMIN21.EXE Gentee: infected - 4 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\susetup3.0.0.16.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.3016 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\susetup3.0.0.16.exe ZIP: infected - 1 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\susetup3.0.0.17.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.3017 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\susetup3.0.0.17.exe ZIP: infected - 1 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b12\ServU3b12.zip/Setup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b12\ServU3b12.zip/Setup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b12\ServU3b12.zip ZIP: infected - 2 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b13\ServU3b13.zip/Setup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b13\ServU3b13.zip/Setup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b13\ServU3b13.zip ZIP: infected - 2 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b15\ServU3b15.zip/Setup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.3015 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b15\ServU3b15.zip/Setup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.3015 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b15\ServU3b15.zip ZIP: infected - 2 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b9\serv-u (ftpD).zip/Setup.exe/SERV-U32.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b9\serv-u (ftpD).zip/Setup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b9\serv-u (ftpD).zip ZIP: infected - 2 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b9\ServU3b9.zip/Setup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.30 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b9\ServU3b9.zip/Setup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.30 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\FTP-SERV-U\v3b9\ServU3b9.zip ZIP: infected - 2 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin20.zip/RADMIN20.EXE/R_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin20.zip/RADMIN20.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin20.zip/RADMIN20.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin20.zip/RADMIN20.EXE/Radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin20.zip/RADMIN20.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin20.zip ZIP: infected - 5 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin21.zip/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin21.zip/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin21.zip/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin21.zip/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin21.zip/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\radmin21.zip ZIP: infected - 5 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\serv-u.ace/serv-u\ServUDaemon.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.30 skipped
Z:\BACKUPS\inetpub.bak\shared\ServerSoftware\serv-u.ace ACE: infected - 1 skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temp\RADMIN20.EXE/R_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temp\RADMIN20.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temp\RADMIN20.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temp\RADMIN20.EXE/Radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temp\RADMIN20.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temporary Internet Files\Content.IE5\KTATWL67\excursion[1].zip/Excursion/Excursion9.2.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temporary Internet Files\Content.IE5\KTATWL67\excursion[1].zip/Excursion/Addons/Nukenabber/protec.exe Infected: not-a-virus:NetTool.Win32.NukeNabber.21 skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temporary Internet Files\Content.IE5\KTATWL67\excursion[1].zip Infected: not-a-virus:NetTool.Win32.NukeNabber.21 skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temporary Internet Files\Content.IE5\4G2UJTNP\pc_tkct6[1].zip/TUTOR.EXE Infected: VirTool.Win32.Magazine skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temporary Internet Files\Content.IE5\4G2UJTNP\pc_tkct6[1].zip Infected: VirTool.Win32.Magazine skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temporary Internet Files\Content.IE5\4XMZW9U3\TMD.Recruit[1].zip/TMD_Recruit/MIRC32.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.591 skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace/Documents and Settings\ADMINISTRATOR.NCRSCOMPLETE\Local Settings\Temporary Internet Files\Content.IE5\4XMZW9U3\TMD.Recruit[1].zip Infected: not-a-virus:Client-IRC.Win32.mIRC.591 skipped
Z:\BACKUPS\ncrs\ncrs.MrWarner_Backup.Documents And Settings.ace ACE: infected - 12 skipped
Z:\BACKUPS\pauld99\angelsofwar.org.ace/bigvar\www\angelsofwar.org\files\irc\nnscript352.exe/data0004 Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped
Z:\BACKUPS\pauld99\angelsofwar.org.ace/bigvar\www\angelsofwar.org\files\irc\nnscript352.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped
Z:\BACKUPS\pauld99\angelsofwar.org.ace ACE: infected - 2 skipped
Z:\BACKUPS\pauld99\fastpush.ace/fastpush\TightVNC2\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
Z:\BACKUPS\pauld99\fastpush.ace/fastpush\vnc9\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
Z:\BACKUPS\pauld99\fastpush.ace/fastpush\vnc9\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
Z:\BACKUPS\pauld99\fastpush.ace/fastpush\vnc\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
Z:\BACKUPS\pauld99\fastpush.ace/fastpush\vnc9\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
Z:\BACKUPS\pauld99\fastpush.ace/fastpush\vnc\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
Z:\BACKUPS\pauld99\fastpush.ace ACE: infected - 6 skipped
Z:\BACKUPS\pauld99\Program Files.ace/Program Files\Serv-U\ServUDaemon.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.40 skipped
Z:\BACKUPS\pauld99\Program Files.ace ACE: infected - 1 skipped
Z:\BACKUPS\pauld99\techdev1.ace/techdev1\apache\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/R_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\pauld99\techdev1.ace/techdev1\apache\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\pauld99\techdev1.ace/techdev1\apache\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\pauld99\techdev1.ace/techdev1\apache\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/Radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\pauld99\techdev1.ace/techdev1\apache\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\pauld99\techdev1.ace/techdev1\apache\htdocs\Downloads\radmin\Radmin.ace Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\pauld99\techdev1.ace ACE: infected - 6 skipped
Z:\BACKUPS\pauld99\techdev1\apache\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/R_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\pauld99\techdev1\apache\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\pauld99\techdev1\apache\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\pauld99\techdev1\apache\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/Radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\pauld99\techdev1\apache\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\pauld99\techdev1\apache\htdocs\Downloads\radmin\Radmin.ace ACE: infected - 5 skipped
Z:\BACKUPS\techdev01\apache.techdev.ace/apache.techdev\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/R_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\techdev01\apache.techdev.ace/apache.techdev\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\techdev01\apache.techdev.ace/apache.techdev\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\techdev01\apache.techdev.ace/apache.techdev\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE/Radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\techdev01\apache.techdev.ace/apache.techdev\htdocs\Downloads\radmin\Radmin.ace/RADMIN20.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\techdev01\apache.techdev.ace/apache.techdev\htdocs\Downloads\radmin\Radmin.ace Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
Z:\BACKUPS\techdev01\apache.techdev.ace ACE: infected - 6 skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var\var\drweb\infected\drweb.quarantine.TWwXka/[From eBay Inc <custservice_9323895@ebay.com>][Date Fri, 22 Jul 2005 10:59:50 +0500]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var\var\drweb\infected\drweb.quarantine.TWwXka Mail: infected - 1 skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/drweb/infected/drweb.quarantine.TWwXka/[From eBay Inc <custservice_9323895@ebay.com>][Date Fri, 22 Jul 2005 10:59:50 +0500]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/drweb/infected/drweb.quarantine.TWwXka Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816050.M961863P2913V0000000000008215I1F0F012B_/[From mail.vanderhouwen.com [198.107.53.230]][Date Tue, 23 Mar 2004 21:17:26 -0500 (EST)]/UNNAMED/[From paulaerison@hotmail.com][Date Tue, 23 Mar 2004 18:14:00 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816050.M961863P2913V0000000000008215I1F0F012B_/[From mail.vanderhouwen.com [198.107.53.230]][Date Tue, 23 Mar 2004 21:17:26 -0500 (EST)]/UNNAMED/[From paulaerison@hotmail.com][Date Tue, 23 Mar 2004 18:14:00 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816050.M961863P2913V0000000000008215I1F0F012B_/[From mail.vanderhouwen.com [198.107.53.230]][Date Tue, 23 Mar 2004 21:17:26 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816050.M961863P2913V0000000000008215I1F0F012B_ Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816053.M537901P2913V0000000000008215I1F0F012C_ Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/real337/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/real337/winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/realb4/wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/tight128/VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/tight128/winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/tridia152/WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1540 skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/utils/xCmd.exe Infected: not-a-virus:RemoteAdmin.Win32.RemoteExec skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/vnc4/winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.403 skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/vnc4/wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.403 skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/vnc9/VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/vnc9/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip/vnc9/WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_/[From "Paul Aerison" <PAerison@alservices.com>][Date Mon, 8 Dec 2003 16:05:58 -0700]/vnc7.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/cur/1116816114.M392381P2913V0000000000008215I1F0F0169_ Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Mail.Ebay/cur/1116880654.M337076P20000V00000000000082/[From "paul aerison" <paulaerison@hotmail.com>][Date tue, 1 jun 2004 08:39:11 -0600]/spoofmail.src.txt/[From aw-confirm@ebay.com][Date thu, 27 may 2004 23:31:39 -0600]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Mail.Ebay/cur/1116880654.M337076P20000V00000000000082/[From "paul aerison" <paulaerison@hotmail.com>][Date tue, 1 jun 2004 08:39:11 -0600]/spoofmail.src.txt Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Mail.Ebay/cur/1116880654.M337076P20000V00000000000082/[From "paul aerison" <paulaerison@hotmail.com>][Date tue, 1 jun 2004 08:39:11 -0600]/_urgent/[From from 8bit to quoted-printable by][Date thu, 27 may 2004 23:31:39 -0600]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Mail.Ebay/cur/1116880654.M337076P20000V00000000000082/[From "paul aerison" <paulaerison@hotmail.com>][Date tue, 1 jun 2004 08:39:11 -0600]/_urgent Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Mail.Ebay/cur/1116880654.M337076P20000V00000000000082 Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.drafts/cur/1116994138.M181191P14626V0000000000008215I/[From aw-confirm@ebay.com][Date Thu, 27 May 2004 23:31:39 -0600]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.drafts/cur/1116994138.M181191P14626V0000000000008215I Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Sent Items-may-2005/cur/1116817059.M474111P8769V00000/[From "Paul Aerison" <paulaerison@hotmail.com>][Date Tue, 1 Jun 2004 08:39:11 -0600]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Sent Items-may-2005/cur/1116817059.M474111P8769V00000/[From "Paul Aerison" <paulaerison@hotmail.com>][Date Tue, 1 Jun 2004 08:39:11 -0600]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Sent Items-may-2005/cur/1116817059.M474111P8769V00000/[From "Paul Aerison" <paulaerison@hotmail.com>][Date Tue, 1 Jun 2004 08:39:11 -0600]/spoofmail.src.txt/[From aw-confirm@ebay.com][Date Thu, 27 May 2004 23:31:39 -0600]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Sent Items-may-2005/cur/1116817059.M474111P8769V00000/[From "Paul Aerison" <paulaerison@hotmail.com>][Date Tue, 1 Jun 2004 08:39:11 -0600]/spoofmail.src.txt Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Sent Items-may-2005/cur/1116817059.M474111P8769V00000/[From "Paul Aerison" <paulaerison@hotmail.com>][Date Tue, 1 Jun 2004 08:39:11 -0600]/_Urgent/[From aw-confirm@ebay.com][Date Thu, 27 May 2004 23:31:39 -0600]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Sent Items-may-2005/cur/1116817059.M474111P8769V00000/[From "Paul Aerison" <paulaerison@hotmail.com>][Date Tue, 1 Jun 2004 08:39:11 -0600]/_Urgent Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed/var/qmail/mailnames/gwzi.net/pauld99/Maildir/.Sent Items-may-2005/cur/1116817059.M474111P8769V00000 Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz/packed Infected: Trojan-Spy.HTML.Fraud.gen skipped
Z:\BACKUPS\YACKO\backups\vdshm1.gwzi.net\var.tar.gz GZIP: infected - 17, suspicious - 19 skipped
Z:\BACKUPS\YACKO\Program Files\Deerfield.com\DNS2Go\vncsetup.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped
Z:\BACKUPS\YACKO\Program Files\Deerfield.com\DNS2Go\vncsetup.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\BACKUPS\YACKO\Program Files\Deerfield.com\DNS2Go\vncsetup.exe Inno: infected - 2 skipped
Z:\BACKUPS\YACKO\Program Files\orl\vnc\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
Z:\DOWNLOADS\_INCOMING\[GAME][E-TOOLS]\Wizards of the Coast.ace/Wizards of the Coast\eTools\eTools.exe Infected: Virus.Win32.Parite.b skipped
Z:\DOWNLOADS\_INCOMING\[GAME][E-TOOLS]\Wizards of the Coast.ace ACE: infected - 1 skipped
Z:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Z:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP462\change.log Object is locked skipped

Scan process completed.
 
Backups...

Looks like I have a lot of stuff left over from the last software company I worked for in 2001 before they went bankrupt... Seemed like it was good idea at the time :oops:
 
main.txt

Deckard's System Scanner v20071014.68
Run by pauld99 on 2008-06-25 20:14:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 384 MiB (512 MiB recommended).


-- HijackThis (run as pauld99.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14, on 2008-06-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\nvsvc32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Windows\system32\devldr32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\WINDOWS\system32\mstsc.exe
Z:\DOWNLOADS\Copy of dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\pauld99.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Z:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - Z:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Z:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Jet Detection] "c:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart /waitmore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\Windows\system32\mstask.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: SDK Tray Menu.lnk.disabled
O4 - Startup: Trillian.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = Z:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: AutoStart IR.lnk.disabled
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1099059536327
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/J...43/&filename=jinstall-6u6-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47ECF58E-EE56-4535-A375-5BCBADE6F9B1}: NameServer = 192.168.64.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6881 bytes

-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-25 09:30:12 0 d------c- C:\temp
2008-06-25 07:17:44 0 d------c- C:\Windows\Symbols
2008-06-24 23:52:06 0 d------c- C:\Program Files\Debugging Tools for Windows (x86)
2008-06-24 09:51:36 0 d------c- C:\Windows\system32\Adobe
2008-06-22 15:16:40 0 d------c- C:\Program Files\Common Files\Nikon
2008-06-22 15:16:39 0 d------c- C:\Program Files\Pro Imaging Powertoys
2008-06-22 15:02:13 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-22 15:02:11 0 d------c- C:\Windows\system32\Kaspersky Lab
2008-06-22 15:01:46 0 d------c- C:\Windows\LastGood
2008-06-22 14:09:53 266360 --a----c- C:\Windows\system32\TweakUI.exe <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Shell PowerToys>
2008-06-22 12:55:18 0 dr-h---c- C:\Documents and Settings\sqlservr\SendTo
2008-06-22 12:55:18 0 dr-h---c- C:\Documents and Settings\sqlservr\Recent
2008-06-22 12:55:18 0 d--h---c- C:\Documents and Settings\sqlservr\PrintHood
2008-06-22 12:55:18 0 d--h---c- C:\Documents and Settings\sqlservr\NetHood
2008-06-22 12:55:18 0 dr-----c- C:\Documents and Settings\sqlservr\My Documents
2008-06-22 12:55:18 0 d--h---c- C:\Documents and Settings\sqlservr\Local Settings
2008-06-22 12:55:18 0 dr-----c- C:\Documents and Settings\sqlservr\Favorites
2008-06-22 12:55:18 0 d------c- C:\Documents and Settings\sqlservr\Desktop
2008-06-22 12:55:18 0 d---s--c- C:\Documents and Settings\sqlservr\Cookies
2008-06-22 12:55:18 0 dr-h---c- C:\Documents and Settings\sqlservr\Application Data
2008-06-22 12:55:18 0 d---s--c- C:\Documents and Settings\sqlservr\Application Data\Microsoft
2008-06-22 12:55:18 0 d------c- C:\Documents and Settings\sqlservr\Application Data\Identities
2008-06-22 12:55:17 0 d--h---c- C:\Documents and Settings\sqlservr\Templates
2008-06-22 12:55:17 0 dr-----c- C:\Documents and Settings\sqlservr\Start Menu
2008-06-22 12:55:17 524288 --ah----- C:\Documents and Settings\sqlservr\NTUSER.DAT
2008-06-22 12:55:05 0 d--h---c- C:\Documents and Settings\sqlwriter\Templates
2008-06-22 12:55:05 0 dr-----c- C:\Documents and Settings\sqlwriter\Start Menu
2008-06-22 12:55:05 0 dr-h---c- C:\Documents and Settings\sqlwriter\SendTo
2008-06-22 12:55:05 0 dr-h---c- C:\Documents and Settings\sqlwriter\Recent
2008-06-22 12:55:05 0 d--h---c- C:\Documents and Settings\sqlwriter\PrintHood
2008-06-22 12:55:05 524288 --ah----- C:\Documents and Settings\sqlwriter\NTUSER.DAT
2008-06-22 12:55:05 0 d--h---c- C:\Documents and Settings\sqlwriter\NetHood
2008-06-22 12:55:05 0 dr-----c- C:\Documents and Settings\sqlwriter\My Documents
2008-06-22 12:55:05 0 d--h---c- C:\Documents and Settings\sqlwriter\Local Settings
2008-06-22 12:55:05 0 dr-----c- C:\Documents and Settings\sqlwriter\Favorites
2008-06-22 12:55:05 0 d------c- C:\Documents and Settings\sqlwriter\Desktop
2008-06-22 12:55:05 0 d---s--c- C:\Documents and Settings\sqlwriter\Cookies
2008-06-22 12:55:05 0 dr-h---c- C:\Documents and Settings\sqlwriter\Application Data
2008-06-22 12:55:05 0 d---s--c- C:\Documents and Settings\sqlwriter\Application Data\Microsoft
2008-06-22 12:55:05 0 d------c- C:\Documents and Settings\sqlwriter\Application Data\Identities
2008-06-22 12:54:58 0 d---s--c- C:\Documents and Settings\sqlbrowser\Cookies
2008-06-22 12:54:58 0 dr-h---c- C:\Documents and Settings\sqlbrowser\Application Data
2008-06-22 12:54:58 0 d---s--c- C:\Documents and Settings\sqlbrowser\Application Data\Microsoft
2008-06-22 12:54:58 0 d------c- C:\Documents and Settings\sqlbrowser\Application Data\Identities
2008-06-22 12:54:57 0 d--h---c- C:\Documents and Settings\sqlbrowser\Templates
2008-06-22 12:54:57 0 dr-----c- C:\Documents and Settings\sqlbrowser\Start Menu
2008-06-22 12:54:57 0 dr-h---c- C:\Documents and Settings\sqlbrowser\SendTo
2008-06-22 12:54:57 0 dr-h---c- C:\Documents and Settings\sqlbrowser\Recent
2008-06-22 12:54:57 0 d--h---c- C:\Documents and Settings\sqlbrowser\PrintHood
2008-06-22 12:54:57 524288 --ah----- C:\Documents and Settings\sqlbrowser\NTUSER.DAT
2008-06-22 12:54:57 0 d--h---c- C:\Documents and Settings\sqlbrowser\NetHood
2008-06-22 12:54:57 0 dr-----c- C:\Documents and Settings\sqlbrowser\My Documents
2008-06-22 12:54:57 0 d--h---c- C:\Documents and Settings\sqlbrowser\Local Settings
2008-06-22 12:54:57 0 dr-----c- C:\Documents and Settings\sqlbrowser\Favorites
2008-06-22 12:54:57 0 d------c- C:\Documents and Settings\sqlbrowser\Desktop
2008-06-22 11:42:11 0 d------c- C:\Documents and Settings\pauld99\SecurityScans
2008-06-22 11:00:00 0 d------c- C:\Program Files\Java
2008-06-22 10:59:31 0 d------c- C:\Program Files\Common Files\Java
2008-06-22 08:12:00 68096 --a----c- C:\Windows\zip.exe
2008-06-22 08:12:00 49152 --a----c- C:\Windows\VFind.exe
2008-06-22 08:12:00 212480 --a----c- C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-22 08:12:00 136704 --a----c- C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-22 08:12:00 161792 --a----c- C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-22 08:12:00 98816 --a----c- C:\Windows\sed.exe
2008-06-22 08:12:00 80412 --a----c- C:\Windows\grep.exe
2008-06-22 08:12:00 89504 --a----c- C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-21 20:14:46 98 --a----c- C:\Windows\detected.cmd
2008-06-21 19:37:52 94 --a----c- C:\Windows\bdlog.cmd
2008-06-19 15:28:09 0 d------c- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-19 15:28:08 0 d--h---c- C:\Documents and Settings\Administrator\Templates
2008-06-19 15:28:08 0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2008-06-19 15:28:08 0 dr-h---c- C:\Documents and Settings\Administrator\SendTo
2008-06-19 15:28:08 0 dr-h---c- C:\Documents and Settings\Administrator\Recent
2008-06-19 15:28:08 0 d--h---c- C:\Documents and Settings\Administrator\PrintHood
2008-06-19 15:28:08 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-19 15:28:08 0 d--h---c- C:\Documents and Settings\Administrator\NetHood
2008-06-19 15:28:08 0 dr-----c- C:\Documents and Settings\Administrator\My Documents
2008-06-19 15:28:08 0 d--h---c- C:\Documents and Settings\Administrator\Local Settings
2008-06-19 15:28:08 0 dr-----c- C:\Documents and Settings\Administrator\Favorites
2008-06-19 15:28:08 0 d------c- C:\Documents and Settings\Administrator\Desktop
2008-06-19 15:28:08 0 d--hs--c- C:\Documents and Settings\Administrator\Cookies
2008-06-19 15:28:08 0 dr-h---c- C:\Documents and Settings\Administrator\Application Data
2008-06-19 15:28:08 0 d---s--c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-19 15:09:28 39424 --a----c- C:\Windows\zipinst.exe <Not Verified; NirSoft; ZipInstaller>
2008-06-19 14:14:03 0 d--h---c- C:\Windows\$hf_mig$
2008-06-19 13:45:00 0 d------c- C:\Windows\Prefetch
2008-06-19 13:39:02 0 d------c- C:\Windows\l2schemas
2008-06-19 11:23:41 0 d------c- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-06-19 09:14:46 0 d------c- C:\Program Files\msn gaming zone
2008-06-18 22:58:28 0 d------c- C:\Windows\tmp
2008-06-18 15:47:36 0 d--hs--c- C:\Documents and Settings\ntadmin\Cookies
2008-06-18 15:47:15 0 dr-----c- C:\Documents and Settings\ntadmin\Favorites
2008-06-18 15:47:14 0 d------c- C:\Documents and Settings\ntadmin\Start Menu
2008-06-18 15:47:14 0 dr-h---c- C:\Documents and Settings\ntadmin\Recent
2008-06-18 15:47:14 0 d------c- C:\Documents and Settings\ntadmin\Desktop
2008-06-18 15:46:05 0 d--h---c- C:\Documents and Settings\ntadmin\Local Settings
2008-06-18 15:46:05 0 d------c- C:\Documents and Settings\ntadmin\Application Data
2008-06-18 15:46:05 0 d------c- C:\Documents and Settings\ntadmin\Application Data\Microsoft
2008-06-18 15:13:20 0 d------c- C:\Documents and Settings\aaerison\Application Data\Bitdefender
2008-06-18 13:41:33 0 d------c- C:\Documents and Settings\pauld99\Application Data\Bitdefender
2008-06-18 12:27:36 81984 --a----c- C:\Windows\system32\bdod.bin
2008-06-18 12:22:07 0 d------c- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-18 10:23:01 0 d------c- C:\Program Files\Trend Micro
2008-06-18 07:58:28 0 d------c- C:\Program Files\RegScanner
2008-06-17 21:42:31 0 d--h---c- C:\Program Files\WindowsUpdate
2008-06-17 13:36:19 118 --a----c- C:\Windows\taplog.cmd
2008-06-16 11:02:18 2359296 --ah----- C:\Documents and Settings\ntadmin\NTUSER.DAT
2008-06-15 12:35:55 0 d------c- C:\Documents and Settings\aaerison\Application Data\Macromedia
2008-06-15 12:21:10 0 d--h---c- C:\Documents and Settings\aaerison\SendTo
2008-06-15 12:21:10 0 dr-h---c- C:\Documents and Settings\aaerison\Recent
2008-06-15 12:21:10 0 d--h---c- C:\Documents and Settings\aaerison\PrintHood
2008-06-15 12:21:10 0 d--h---c- C:\Documents and Settings\aaerison\NetHood
2008-06-15 12:21:10 0 dr-----c- C:\Documents and Settings\aaerison\My Documents
2008-06-15 12:21:10 0 d--h---c- C:\Documents and Settings\aaerison\Local Settings
2008-06-15 12:21:10 0 dr-----c- C:\Documents and Settings\aaerison\Favorites
2008-06-15 12:21:10 0 d------c- C:\Documents and Settings\aaerison\Desktop
2008-06-15 12:21:10 0 d--hs--c- C:\Documents and Settings\aaerison\Cookies
2008-06-15 12:21:10 0 d--h---c- C:\Documents and Settings\aaerison\Application Data
2008-06-15 12:21:10 0 d---s--c- C:\Documents and Settings\aaerison\Application Data\Microsoft
2008-06-15 12:21:10 0 d------c- C:\Documents and Settings\aaerison\Application Data\Identities
2008-06-15 12:21:09 0 d--h---c- C:\Documents and Settings\aaerison\Templates
2008-06-15 12:21:09 0 d------c- C:\Documents and Settings\aaerison\Start Menu
2008-06-15 12:21:09 2359296 --ah----- C:\Documents and Settings\aaerison\NTUSER.DAT
2008-06-13 08:08:37 0 d------c- C:\Windows\system32\scripting
2008-06-13 08:08:26 0 d------c- C:\Windows\system32\en
2008-06-13 07:46:02 99 --a----c- C:\Windows\rdc.cmd
2008-05-30 09:25:29 0 d------c- C:\Documents and Settings\LocalService\Desktop
2008-05-29 12:51:18 126 --a----c- C:\Windows\regtask.cmd


-- Find3M Report ---------------------------------------------------------------

2008-06-24 10:00:33 0 d------c- C:\Documents and Settings\pauld99\Application Data\Adobe
2008-06-22 15:16:40 0 d------c- C:\Program Files\Common Files
2008-06-22 11:40:10 0 d------c- C:\Program Files\Common Files\Network Associates
2008-06-21 20:11:57 0 d------c- C:\Documents and Settings\pauld99\Application Data\AdobeUM
2008-06-21 19:53:09 0 d------c- C:\Program Files\Dell AIO Printer A920
2008-06-20 09:58:03 95 --a----c- C:\Windows\system32\productregistry
2008-06-19 15:29:28 0 d------c- C:\Program Files\Google
2008-06-18 14:45:26 0 d------c- C:\Documents and Settings\pauld99\Application Data\Identities
2008-06-17 22:02:27 0 d------c- C:\Program Files\Microsoft Silverlight
2008-06-13 09:41:11 0 d------c- C:\Documents and Settings\pauld99\Application Data\DNA
2008-06-13 08:09:43 0 d------c- C:\Program Files\Messenger
2008-06-13 08:08:23 0 d------c- C:\Program Files\Movie Maker
2008-06-13 08:01:48 0 d------c- C:\Program Files\Windows NT
2008-05-23 06:52:01 0 d------c- C:\Documents and Settings\pauld99\Application Data\BitTorrent


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-08-11 22:43 C:\WINDOWS\system32\nwiz.exe]
"Jet Detection"="c:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 13:25]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" []
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-08-11 22:43]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-08-11 22:43]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 23:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"SchedulingAgent"=C:\Windows\system32\mstask.exe

C:\Documents and Settings\pauld99\Start Menu\Programs\Startup\
SDK Tray Menu.lnk.disabled [2007-03-01 18:50:43]
Trillian.lnk.disabled [2006-11-05 17:25:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - Z:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 03:19:50]
Acrobat Assistant.lnk.disabled [2007-02-02 12:53:10]
Adobe Gamma Loader.exe.lnk.disabled [2006-10-10 01:12:01]
AutoStart IR.lnk.disabled [2006-11-29 16:15:20]
HOTSYNCSHORTCUTNAME.lnk.disabled [2007-08-21 21:21:26]
Microsoft Office.lnk.disabled [2007-02-22 16:35:19]
WinZip Quick Pick.lnk.disabled [2007-01-19 13:30:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=1 (0x1)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPublishingWizard"=0 (0x0)
"NoWebServices"=0 (0x0)
"NoOnlinePrintsWizard"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\Windows\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Nero DriveSpeed"=C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
"NeroCheck"=C:\Windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-06-25 20:19:04 ------------
 
You must log in or register to reply here.
Back
Top