adaware SE keeps finding win32.trojandownloader.zlob, it deletes it and it keeps coming back.
Here is my hyjack this log:
Logfile of HijackThis v1.99.1
Scan saved at 11:49:14 AM, on 11/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AIM6\aim6.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\WINDOWS\System32\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://searchportal.information.com/sp/pop...TVT1RXVgADFYJVQ
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - D:\WINDOWS\System32\khffdba.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: {6c0ff6d3-fa3e-bb1a-40c4-b3518e9f74d9} - {9d47f9e8-153b-4c04-a1bb-e3af3d6ff0c6} - D:\WINDOWS\System32\stwpinut.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - D:\WINDOWS\system32\gnyurxvw.dll
O2 - BHO: (no name) - {DFAB7674-1B60-4E19-AA6C-755E443D3791} - D:\WINDOWS\System32\sstqq.dll
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\gnyurxvw.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [winshow] "D:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [{31-1E-EE-E0-ZN}] D:\DOCUME~1\Jay\LOCALS~1\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [fojynila] rundll32.exe "D:\Program Files\qzaxurmv\sdyzsvct.dll",Init
O4 - HKLM\..\Run: [dajstyhy] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\dajstyhy.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\jffufwnm.dll",b
O4 - HKLM\..\Run: [Printer] D:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: autorun.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O20 - AppInit_DLLs: d:\windows\system32\ldcore.dll
O20 - Winlogon Notify: gnyurxvw - D:\WINDOWS\SYSTEM32\gnyurxvw.dll
O20 - Winlogon Notify: khffdba - D:\WINDOWS\SYSTEM32\khffdba.dll
O20 - Winlogon Notify: winxoo32 - D:\WINDOWS\SYSTEM32\winxoo32.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Full Version: Need help removing spyware
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Can you please attach an Ad-Aware log.
QUOTE(LS Atribune @ Nov 13 2007, 12:28 PM) 
Can you please attach an Ad-Aware log.
ArchiveData(auto-quarantine- 2007-11-13 12-27-13.bckp)
Referencefile : SE1R202 12.11.2007
======================================================
WIN32.TROJANDOWNLOADER.ZLOB
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=RegKey : clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}
obj[1]=RegKey : clsid\{a95b2816-1d7e-4561-a202-68c0de02353a}
obj[2]=RegKey : software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a}
obj[3]=RegValue : software\microsoft\internet explorer\toolbar "{11a69ae4-fbed-4832-a2bf-45af82825583}"
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=IECache Entry : Cookie:administrator@roiservice.com/
obj[5]=IECache Entry : Cookie:administrator@2o7.net/
obj[6]=IECache Entry : Cookie:administrator@overture.com/
obj[7]=IECache Entry : Cookie:administrator@adrevolver.com/
obj[8]=IECache Entry : Cookie:administrator@revenue.net/
obj[9]=IECache Entry : Cookie:administrator@doubleclick.net/
obj[10]=IECache Entry : Cookie:administrator@searchportal.information.com/
obj[11]=IECache Entry : Cookie:administrator@advertising.com/
obj[12]=IECache Entry : Cookie:administrator@media.adrevolver.com/
obj[13]=IECache Entry : Cookie:administrator@ad.yieldmanager.com/
obj[14]=IECache Entry : Cookie:administrator@ads.revsci.net/adserver
obj[15]=IECache Entry : Cookie:administrator@casalemedia.com/
You've got quite the mess there. Lets start just by doing some basic fixes with HijackThis. Please run hijackthis and place a check beside each of the following items, once done close all other windows and click the fix checked button.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://searchportal.information.com/sp/pop...TVT1RXVgADFYJVQ
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - D:\WINDOWS\System32\khffdba.dll
O2 - BHO: {6c0ff6d3-fa3e-bb1a-40c4-b3518e9f74d9} - {9d47f9e8-153b-4c04-a1bb-e3af3d6ff0c6} - D:\WINDOWS\System32\stwpinut.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - D:\WINDOWS\system32\gnyurxvw.dll
O2 - BHO: (no name) - {DFAB7674-1B60-4E19-AA6C-755E443D3791} - D:\WINDOWS\System32\sstqq.dll
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\gnyurxvw.dll
O4 - HKLM\..\Run: [winshow] "D:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [{31-1E-EE-E0-ZN}] D:\DOCUME~1\Jay\LOCALS~1\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [fojynila] rundll32.exe "D:\Program Files\qzaxurmv\sdyzsvct.dll",Init
O4 - HKLM\..\Run: [dajstyhy] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\dajstyhy.dll"
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\jffufwnm.dll",b
O4 - HKLM\..\Run: [Printer] D:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: autorun.exe
O20 - AppInit_DLLs: d:\windows\system32\ldcore.dll
O20 - Winlogon Notify: gnyurxvw - D:\WINDOWS\SYSTEM32\gnyurxvw.dll
O20 - Winlogon Notify: khffdba - D:\WINDOWS\SYSTEM32\khffdba.dll
O20 - Winlogon Notify: winxoo32 - D:\WINDOWS\SYSTEM32\winxoo32.dll
After HijackThis finsishes please reboot and post a new hijackthis log.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://searchportal.information.com/sp/pop...TVT1RXVgADFYJVQ
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - D:\WINDOWS\System32\khffdba.dll
O2 - BHO: {6c0ff6d3-fa3e-bb1a-40c4-b3518e9f74d9} - {9d47f9e8-153b-4c04-a1bb-e3af3d6ff0c6} - D:\WINDOWS\System32\stwpinut.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - D:\WINDOWS\system32\gnyurxvw.dll
O2 - BHO: (no name) - {DFAB7674-1B60-4E19-AA6C-755E443D3791} - D:\WINDOWS\System32\sstqq.dll
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\gnyurxvw.dll
O4 - HKLM\..\Run: [winshow] "D:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [{31-1E-EE-E0-ZN}] D:\DOCUME~1\Jay\LOCALS~1\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [fojynila] rundll32.exe "D:\Program Files\qzaxurmv\sdyzsvct.dll",Init
O4 - HKLM\..\Run: [dajstyhy] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\dajstyhy.dll"
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\jffufwnm.dll",b
O4 - HKLM\..\Run: [Printer] D:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: autorun.exe
O20 - AppInit_DLLs: d:\windows\system32\ldcore.dll
O20 - Winlogon Notify: gnyurxvw - D:\WINDOWS\SYSTEM32\gnyurxvw.dll
O20 - Winlogon Notify: khffdba - D:\WINDOWS\SYSTEM32\khffdba.dll
O20 - Winlogon Notify: winxoo32 - D:\WINDOWS\SYSTEM32\winxoo32.dll
After HijackThis finsishes please reboot and post a new hijackthis log.
heres the new log
Logfile of HijackThis v1.99.1
Scan saved at 6:15:18 PM, on 11/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\taskmgr.exe
C:\Hijack this\hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\shell.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\gnyurxvw.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [fyfcdirw] rundll32.exe "D:\Program Files\fyfcdirw\ngpmlqda.dll",Init
O4 - HKLM\..\Run: [lkjutsvw] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\lkjutsvw.dll"
O4 - HKLM\..\Run: [SC2] D:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [avp] D:\WINDOWS\TEMP\win282E.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] D:\WINDOWS\System32\printer.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Spoolsv] D:\WINDOWS\System32\spoolvs.exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O20 - AppInit_DLLs: d:\windows\system32\ldcore.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 6:15:18 PM, on 11/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\taskmgr.exe
C:\Hijack this\hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\shell.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\gnyurxvw.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [fyfcdirw] rundll32.exe "D:\Program Files\fyfcdirw\ngpmlqda.dll",Init
O4 - HKLM\..\Run: [lkjutsvw] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\lkjutsvw.dll"
O4 - HKLM\..\Run: [SC2] D:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [avp] D:\WINDOWS\TEMP\win282E.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] D:\WINDOWS\System32\printer.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Spoolsv] D:\WINDOWS\System32\spoolvs.exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O20 - AppInit_DLLs: d:\windows\system32\ldcore.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
im trying to post the new log file for the latest adaware scan but firefox wont let me paste it in for some reason. It keeps saying there is an error when i paste it and shutting down.
Don't worry about a new Ad-Aware log, the original didn't show us much.
Please download VundoFix.exe to your desktop
Please download VundoFix.exe to your desktop
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
QUOTE(LS Atribune @ Nov 14 2007, 12:10 AM)
Don't worry about a new Ad-Aware log, the original didn't show us much.
Please download VundoFix.exe to your desktop
Please download VundoFix.exe to your desktop
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
vundo could not remove the files, no log file came up
i let it reboot 3 times btw
The log from vundofix should be saved at D:\vundofix.txt
QUOTE(LS Atribune @ Nov 14 2007, 08:24 AM)
The log from vundofix should be saved at D:\vundofix.txt
found it
VundoFix V6.6.1
Checking Java version...
Scan started at 2:40:07 AM 11/14/2007
Listing files found while scanning....
D:\windows\system32\drvpupr.dll
D:\windows\system32\drvtokr.dll
D:\WINDOWS\system32\gnyurxvw.dll
D:\WINDOWS\System32\khffdba.dll
Beginning removal...
Attempting to delete D:\windows\system32\drvpupr.dll
D:\windows\system32\drvpupr.dll Has been deleted!
Attempting to delete D:\windows\system32\drvtokr.dll
D:\windows\system32\drvtokr.dll Has been deleted!
Attempting to delete D:\WINDOWS\system32\gnyurxvw.dll
D:\WINDOWS\system32\gnyurxvw.dll Could not be deleted.
Attempting to delete D:\WINDOWS\System32\khffdba.dll
D:\WINDOWS\System32\khffdba.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete D:\WINDOWS\system32\gnyurxvw.dll
D:\WINDOWS\system32\gnyurxvw.dll Could not be deleted.
Attempting to delete D:\WINDOWS\System32\khffdba.dll
D:\WINDOWS\System32\khffdba.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.6.1
Checking Java version...
Scan started at 2:58:52 AM 11/14/2007
Listing files found while scanning....
D:\WINDOWS\system32\gnyurxvw.dll
D:\WINDOWS\system32\khffdba.dll
Beginning removal...
Attempting to delete D:\WINDOWS\system32\gnyurxvw.dll
D:\WINDOWS\system32\gnyurxvw.dll Could not be deleted.
Attempting to delete D:\WINDOWS\system32\khffdba.dll
D:\WINDOWS\system32\khffdba.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete D:\WINDOWS\system32\gnyurxvw.dll
D:\WINDOWS\system32\gnyurxvw.dll Could not be deleted.
Attempting to delete D:\WINDOWS\system32\khffdba.dll
D:\WINDOWS\system32\khffdba.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
- Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
- In the Processes group click Non-Microsoft
- In the Win32 Services group click Non-Microsoft
- In the Driver Services group click Non-Microsoft
- In the Registry group click ALL
- In the Files Created Within group click 90 days Make sure Non-Microsoft only is CHECKED
- In the Files Modified Within group select 90 days Make sure Non-Microsoft only is CHECKED
- In the File String Search group select ALL
- Now click the Run Scan button on the toolbar.
- The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Save that notepad file
heres the log
WinPFind3 logfile created on: 11/15/2007 7:47:00 AM
WinPFind3U by OldTimer - Version 1.0.42 Folder = D:\Documents and Settings\Jay\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)
255.48 Mb Total Physical Memory | 188.73 Mb Available Physical Memory | 73.87% Memory free
618.59 Mb Paging File | 585.96 Mb Available in Paging File | 94.72% Paging File free
Paging file location(s): D:\pagefile.sys 384 768;
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 74.87 Gb Total Space | 24.55 Gb Free Space | 32.80% Space Free
Drive D: | 74.17 Gb Total Space | 32.92 Gb Free Space | 44.39% Space Free
Drive E: | 514.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded
Computer Name: HOME-XERDLALOSR
Current User Name: Administrator
Logged in as Administrator.
Cannot determine boot mode.
[Processes - Non-Microsoft Only]
winpfind3u.exe -> %SystemDrive%\Documents and Settings\Jay\Desktop\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Stopped] -> %System32%\hajjgxjs.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 3:22:50 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.5.0 [Kernel | Auto | Stopped] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.5.0 | Size = 21035 bytes | Modified Date = 10/7/2007 8:32:34 PM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(Belkin700F) Belkin Wireless G Desktop Card Service v7 [Kernel | On_Demand | Stopped] -> %System32%\drivers\BLKWGDv7.SYS -> Belkin Corporation. [Ver = 5.87.19.106 built by: WinDDK | Size = 303616 bytes | Modified Date = 10/19/2006 4:44:32 AM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(core) core [Kernel | System | Stopped] -> %System32%\drivers\core.sys -> [Ver = | Size = 72960 bytes | Modified Date = 11/4/2007 8:55:12 AM | Attr = ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 1:44:04 PM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ltmdmnt.sys -> LT [Ver = 8.23 | Size = 607360 bytes | Modified Date = 8/28/2002 6:34:36 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.396.0530.2001 | Size = 23070 bytes | Modified Date = 8/17/2001 7:12:42 AM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 3/25/2002 9:02:14 PM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TnIDriver) TnIDriver [Kernel | On_Demand | Stopped] -> %SystemDrive%\Documents and Settings\Jay\Local Settings\Temp\tni3B8.tmp -> [Ver = | Size = 76800 bytes | Modified Date = 11/4/2007 8:55:06 AM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\vinyl97.sys -> VIA Technologies, Inc. [Ver = 6.14.01.4150 built by: WinDDK | Size = 203776 bytes | Modified Date = 11/25/2005 1:39:06 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
[Registry - All]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
34d31e4f -> %System32%\cnrmrugo.dll [rundll32.exe "D:\WINDOWS\System32\cnrmrugo.dll",b] -> [Ver = | Size = 85056 bytes | Modified Date = 11/14/2007 6:58:44 PM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr = ]
fyfcdirw -> Files\fyfcdirw\ngpmlqda.DLL [rundll32.exe "%ProgramFiles%\fyfcdirw\ngpmlqda.dll",Init] -> File not found
IESet -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Modified Date = 11/8/2007 12:58:00 AM | Attr = ]
ifqxulan -> regsvr32 /u "%AllUsersAppData%\ifqxulan.dll [regsvr32 /u "D:\Documents and Settings\All Users\Application Data\ifqxulan.dll"] -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 1:42:04 PM | Attr = ]
lkjutsvw -> regsvr32 /u "%AllUsersAppData%\lkjutsvw.dll [regsvr32 /u "D:\Documents and Settings\All Users\Application Data\lkjutsvw.dll"] -> File not found
MCAgentExe -> C:\Program Files\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 6:29:08 PM | Attr = ]
MCUpdateExe -> C:\Program Files\McAfee.com\Agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Modified Date = 1/11/2006 12:05:42 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nwiz -> nwiz.exe -> File not found
Printer -> %System32%\printer.exe -> [Ver = | Size = 9728 bytes | Modified Date = 3/18/2005 1:37:34 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr = ]
SC2 -> %ProgramFiles%\SecCenter\scprot4.exe -> [Ver = | Size = 266240 bytes | Modified Date = 11/14/2007 6:52:50 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices ->
IESet -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Modified Date = 11/8/2007 12:58:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AIM -> C:\Program Files\AIM95\aim.exe -cnetwait.odl -> File not found
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 9/29/2007 3:22:36 PM | Attr = ]
DDC -> %System32%\hajjgxjs.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 3:22:50 AM | Attr = ]
Spoolsv -> %System32%\spoolvs.exe -> [Ver = | Size = 9728 bytes | Modified Date = 3/13/2005 8:45:18 PM | Attr = ]
Windows update loader -> C:\WINDOWS\xpupdate.exe -> [Ver = | Size = 30776 bytes | Modified Date = 11/13/2007 5:32:10 PM | Attr = ]
< Common Startup > -> D:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\autorun.exe -> [Ver = | Size = 9728 bytes | Modified Date = 3/13/2005 8:45:18 PM | Attr = ]
%AllUsersStartup%\Belkin Wireless G Desktop Card Client Utility.lnk -> %ProgramFiles%\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe -> Belkin [Ver = 1, 0, 0, 19 | Size = 1556480 bytes | Modified Date = 8/14/2006 1:09:30 PM | Attr = ]
< User Startup > -> D:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
-> %UserStartup%\findfast.exe -> [Ver = | Size = 9728 bytes | Modified Date = 3/18/2005 1:37:34 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
d:\windows\system32\ldcore.dll -> %System32%\ldcore.dll -> [Ver = | Size = 7713 bytes | Modified Date = 11/4/2007 8:55:50 AM | Attr = ]
< IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> %System32%\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 31744 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] -> %System32%\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
{7849596a-48ea-486e-8937-a2a3009f31a9} [HKLM] -> %System32%\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
{35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 117760 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 258048 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{634BBAB7-3F60-4426-944F-A62B9007F67F} [HKLM] -> Reg Data - Key not found [] -> File not found
{AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKLM] -> %System32%\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
{8C7461EF-2B13-11d2-BE35-3078302C2030} [HKLM] -> %System32%\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll -> %System32%\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 80128 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
schannel.dll -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 136704 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
digest.dll -> %System32%\digest.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 55296 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
msnsspc.dll -> %System32%\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 319760 bytes | Modified Date = 8/29/2002 4:41:06 AM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1004032 bytes | Modified Date = 8/29/2002 4:41:24 AM | Attr = ]
D:\WINDOWS\shell.exe -> %SystemRoot%\shell.exe -> [Ver = | Size = 9728 bytes | Modified Date = 3/13/2005 8:45:18 PM | Attr = ]
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
D:\WINDOWS\system32\userinit.exe -> %System32%\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 22016 bytes | Modified Date = 8/29/2002 4:41:28 AM | Attr = ]
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 -> %System32%\rundll32.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 31744 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
shell32 -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
"sysdm.cpl" -> %System32%\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 268288 bytes | Modified Date = 8/29/2002 4:41:28 AM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
crypt32chain -> %System32%\crypt32.dll -> Microsoft Corporation [Ver = 5.131.2600.1106 (xpsp1.020828-1920) | Size = 557568 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
cryptnet -> %System32%\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.2600.0 (xpclient.010817-1148) | Size = 53248 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
cscdll -> %System32%\cscdll.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 89600 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
kikxchia -> %System32%\kikxchia.dll -> [Ver = | Size = 144480 bytes | Modified Date = 11/14/2007 7:02:04 PM | Attr = ]
ScCertProp -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
Schedule -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
sclgntfy -> %System32%\sclgntfy.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18432 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
SensLogn -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
termsrv -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
winxoo32 -> %System32%\winxoo32.dll -> [Ver = | Size = 19968 bytes | Modified Date = 11/4/2007 8:58:14 AM | Attr = ]
wlballoon -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Userinit -> D:\WINDOWS\System32\inf\svchost.exe D:\WINDOWS\System32\lwisys16_071111.dll start ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 1 ->
< HOSTS File > (3195 bytes) -> D:\WINDOWS\System32\drivers\etc\Hosts ->
10.18.250.4 ad.doubleclick.net -> ->
10.18.250.4 ad.fastclick.net -> ->
10.18.250.4 ads.fastclick.net -> ->
10.18.250.4 ar.atwola.com -> ->
10.18.250.4 atdmt.com -> ->
10.18.250.4 avp.ch -> ->
10.18.250.4 avp.com -> ->
10.18.250.4 avp.ru -> ->
10.18.250.4 awaps.net -> ->
10.18.250.4 banner.fastclick.net -> ->
10.18.250.4 banners.fastclick.net -> ->
10.18.250.4 ca.com -> ->
10.18.250.4 click.atdmt.com -> ->
10.18.250.4 clicks.atdmt.com -> ->
10.18.250.4 customer.symantec.com -> ->
10.18.250.4 dispatch.mcafee.com -> ->
10.18.250.4 download.mcafee.com -> ->
10.18.250.4 download.microsoft.com -> ->
10.18.250.4 downloads-us1.kaspersky-labs.com -> ->
10.18.250.4 downloads-us2.kaspersky-labs.com -> ->
10.18.250.4 downloads-us3.kaspersky-labs.com -> ->
10.18.250.4 downloads.microsoft.com -> ->
10.18.250.4 downloads1.kaspersky-labs.com -> ->
10.18.250.4 downloads2.kaspersky-labs.com -> ->
10.18.250.4 downloads3.kaspersky-labs.com -> ->
10.18.250.4 downloads4.kaspersky-labs.com -> ->
10.18.250.4 engine.awaps.net -> ->
10.18.250.4 f-secure.com -> ->
10.18.250.4 fastclick.net -> ->
10.18.250.4 ftp.avp.ch -> ->
10.18.250.4 ftp.downloads1.kaspersky-labs.com -> ->
10.18.250.4 ftp.downloads2.kaspersky-labs.com -> ->
10.18.250.4 ftp.downloads3.kaspersky-labs.com -> ->
10.18.250.4 ftp.f-secure.com -> ->
10.18.250.4 ftp.kasperskylab.ru -> ->
10.18.250.4 ftp.sophos.com -> ->
10.18.250.4 go.microsoft.com -> ->
10.18.250.4 ids.kaspersky-labs.com -> ->
10.18.250.4 kaspersky-labs.com -> ->
10.18.250.4 kaspersky.com -> ->
10.18.250.4 liveupdate.symantec.com -> ->
10.18.250.4 liveupdate.symantecliveupdate.com -> ->
10.18.250.4 mast.mcafee.com -> ->
10.18.250.4 mcafee.com -> ->
10.18.250.4 media.fastclick.net -> ->
10.18.250.4 microsoft.com -> ->
10.18.250.4 msdn.microsoft.com -> ->
10.18.250.4 my-etrust.com -> ->
10.18.250.4 nai.com -> ->
10.18.250.4 networkassociates.com -> ->
10.18.250.4 norton.com -> ->
10.18.250.4 office.microsoft.com -> ->
10.18.250.4 pandasoftware.com -> ->
10.18.250.4 phx.corporate-ir.net -> ->
10.18.250.4 rads.mcafee.com -> ->
10.18.250.4 secure.nai.com -> ->
10.18.250.4 securityresponse.symantec.com -> ->
10.18.250.4 service1.symantec.com -> ->
10.18.250.4 sophos.com -> ->
10.18.250.4 spd.atdmt.com -> ->
10.18.250.4 support.microsoft.com -> ->
10.18.250.4 symantec.com -> ->
10.18.250.4 trendmicro.com -> ->
10.18.250.4 update.symantec.com -> ->
10.18.250.4 updates.symantec.com -> ->
10.18.250.4 updates1.kaspersky-labs.com -> ->
10.18.250.4 updates2.kaspersky-labs.com -> ->
10.18.250.4 updates3.kaspersky-labs.com -> ->
10.18.250.4 updates4.kaspersky-labs.com -> ->
10.18.250.4 updates5.kaspersky-labs.com -> ->
10.18.250.4 us.mcafee.com -> ->
10.18.250.4 vil.nai.com -> ->
10.18.250.4 viruslist.com -> ->
10.18.250.4 viruslist.ru -> ->
10.18.250.4 virusscan.jotti.org -> ->
10.18.250.4 virustotal.com -> ->
10.18.250.4 windowsupdate.microsoft.com -> ->
10.18.250.4 www.avp.ch -> ->
10.18.250.4 www.avp.com -> ->
10.18.250.4 www.avp.ru -> ->
10.18.250.4 www.awaps.net -> ->
10.18.250.4 www.ca.com -> ->
10.18.250.4 www.f-secure.com -> ->
10.18.250.4 www.fastclick.net -> ->
10.18.250.4 www.grisoft.com -> ->
10.18.250.4 www.kaspersky-labs.com -> ->
10.18.250.4 www.kaspersky.com -> ->
10.18.250.4 www.kaspersky.ru -> ->
10.18.250.4 www.mcafee.com -> ->
10.18.250.4 www.microsoft.com -> ->
10.18.250.4 www.my-etrust.com -> ->
10.18.250.4 www.nai.com -> ->
10.18.250.4 www.networkassociates.com -> ->
10.18.250.4 www.pandasoftware.com -> ->
10.18.250.4 www.sophos.com -> ->
10.18.250.4 www.symantec.com -> ->
10.18.250.4 www.trendmicro.com -> ->
10.18.250.4 www.viruslist.com -> ->
10.18.250.4 www.viruslist.ru -> ->
10.18.250.4 www.virustotal.com -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> D:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Start Page -> about:blank ->
HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\shdocvw.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1341440 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{002a8be0-ee51-446b-b8f1-dd1c0cb93d48} [HKLM] -> %System32%\ihmucegi.dll [Reg Data - Value does not exist] -> [Ver = | Size = 79424 bytes | Modified Date = 11/14/2007 6:55:46 PM | Attr = ]
{061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} [HKLM] -> %ProgramFiles%\MSN\mexola4444.dll [] -> [Ver = | Size = 282624 bytes | Modified Date = 8/2/2007 8:44:00 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{200D0AAD-71B1-51C9-DDB0-092BA4662A54} [HKLM] -> %ProgramFiles%\Hrlfrkjd\vcbgsjtt.dll [Reg Data - Value does not exist] -> [Ver = | Size = 114688 bytes | Modified Date = 11/14/2007 6:52:48 PM | Attr = ]
{36D6B116-22C8-44E1-B76F-E4A227EE7340} [HKLM] -> %System32%\sstqq.dll [Reg Data - Value does not exist] -> [Ver = | Size = 319584 bytes | Modified Date = 11/4/2007 9:01:00 AM | Attr = ]
{391B174C-A6B7-C9D7-6743-01F7A0D663D6} [HKLM] -> %ProgramFiles%\Alrzvghu\jmdurkme.dll [Reg Data - Value does not exist] -> [Ver = | Size = 106496 bytes | Modified Date = 11/4/2007 9:01:08 AM | Attr = ]
{5C2A9795-B130-4622-B036-BDCAD28602DC} [HKLM] -> %ProgramFiles%\Cool\Cool.dll [CoolBHO Class] -> Cool [Ver = 1.0.0.0 | Size = 397312 bytes | Modified Date = 11/12/2007 11:50:22 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
{A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\kikxchia.dll [Reg Data - Value does not exist] -> [Ver = | Size = 144480 bytes | Modified Date = 11/14/2007 7:02:04 PM | Attr = ]
{E04FA56D-749D-4D53-B33F-D64C13E65212} [HKLM] -> %System32%\jkhhi.dll [Reg Data - Value does not exist] -> [Ver = | Size = 319072 bytes | Modified Date = 11/13/2007 4:37:58 PM | Attr = ]
{E729E55E-EABE-4FF0-B4B4-0DA26E91272C} [HKLM] -> %ProgramFiles%\MSN\mexola83122.dll [] -> [Ver = | Size = 282624 bytes | Modified Date = 8/2/2007 8:44:00 AM | Attr = ]
{ec63883c-79cb-48e9-aad0-67ee0b21b209} [HKLM] -> %System32%\rjiuhhn.dll [Reg Data - Value does not exist] -> File not found
{FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} [HKLM] -> %ProgramFiles%\MSN\mexola555077.dll [] -> [Ver = | Size = 282624 bytes | Modified Date = 8/2/2007 8:44:00 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4D5C8C25-D075-11d0-B416-00C04FB90376} [HKLM] -> %System32%\shdocvw.dll [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1341440 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> %System32%\browseui.dll [Media Band] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\kikxchia.dll [Security Toolbar] -> [Ver = | Size = 144480 bytes | Modified Date = 11/14/2007 7:02:04 PM | Attr = ]
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 4:40:12 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKLM] -> %System32%\shell32.dll [&Links] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM95\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 4.8.2790 | Size = 57344 bytes | Modified Date = 5/22/2002 10:57:16 AM | Attr = ]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> %SystemRoot%\Web\related.htm [ButtonText: @shdoclc.dll,-866] -> [Ver = | Size = 654 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{577C2E1C-B600-468C-910F-13211CEC83E2} -> (Belkin Wireless G Desktop Card) ->
{BEC51E50-E083-4302-B6F4-17F1CFCDD72C} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries�0000000001 [Tcpip] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
NameSpace_Catalog5\Catalog_Entries�0000000002 [NTDS] -> %System32%\winrnr.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 14848 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
NameSpace_Catalog5\Catalog_Entries�0000000003 [Network Location Awareness (NLA) Namespace] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000001 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000002 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000003 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000004 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000005 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000006 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000007 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000008 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000009 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000010 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000011 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000012 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000013 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
cdl -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
dvd -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.00001.900 built by: DIRECTX | Size = 1230336 bytes | Modified Date = 7/9/2004 3:26:38 AM | Attr = ]
file -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
ftp -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
gopher -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
http -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
httpx00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
http\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
https -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
httpsx00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
https\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
ippx00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3644.0 | Size = 122368 bytes | Modified Date = 8/29/2002 4:40:58 AM | Attr = ]
javascript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
local -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
mailto -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
mhtml -> %System32%\inetcomm.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 587776 bytes | Modified Date = 8/29/2002 4:40:56 AM | Attr = ]
mk -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
msdaipp -> Reg Data - Key not found -> File not found
msdaippx00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
msdaipp\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
ms-its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3644.0 | Size = 122368 bytes | Modified Date = 8/29/2002 4:40:58 AM | Attr = ]
res -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
sysimage -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
tv -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.00001.900 built by: DIRECTX | Size = 1230336 bytes | Modified Date = 7/9/2004 3:26:38 AM | Attr = ]
vbscript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 4:40:12 AM | Attr = ]
wia -> %System32%\wiascr.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 70656 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
< Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
Class Install Handler -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
deflate -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
gzip -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
lzdhtml -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
text/webviewhtml -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab ->
{48DD0448-9209-4F81-9F6D-D83562940134} -> MySpace Uploader Control - CodeBase = http://lads.myspace.com/upload/MySpaceUploader.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://D:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://D:\WINDOWS\Java\classes\xmldso.cab ->
[Files/Folders - Created Within 90 days]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 9/19/2007 5:08:24 AM | Attr = ]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 442 bytes | Created Date = 10/8/2007 4:14:11 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Created Date = 9/19/2007 5:09:15 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 9/23/2007 10:39:59 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 12/20/1747 12:15:29 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 11/14/2007 2:40:07 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
WUTemp -> %SystemDrive%\WUTemp -> [Folder | Created Date = 10/7/2007 9:44:56 PM | Attr = ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 11/5/2007 8:04:33 PM | Attr = H ]
addins -> %SystemRoot%\addins -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 9/19/2007 9:21:37 AM | Attr = S]
bXVzdGFuZw -> %SystemRoot%\bXVzdGFuZw -> [Folder | Created Date = 11/4/2007 8:55:22 AM | Attr = HS]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Config -> %SystemRoot%\Config -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 9/19/2007 9:18:46 AM | Attr = ]
cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 2135 bytes | Created Date = 11/8/2007 12:45:50 AM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 11/13/2007 11:28:51 AM | Attr = HS]
Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 9/19/2007 9:17:06 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 9/19/2007 9:17:53 AM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = R S]
Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico -> [Ver = | Size = 1150 bytes | Created Date = 11/4/2007 7:34:20 PM | Attr = ]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1917 bytes | Created Date = 9/19/2007 5:09:21 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 9/19/2007 10:12:44 AM | Attr = HS]
java -> %SystemRoot%\java -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
mgrs.exe -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Created Date = 11/13/2007 5:33:14 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1156 bytes | Created Date = 11/8/2007 5:06:58 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
mui -> %SystemRoot%\mui -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 9/19/2007 10:16:01 AM | Attr = ]
nview -> %SystemRoot%\nview -> [Folder | Created Date = 10/8/2007 5:38:06 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Created Date = 9/19/2007 5:09:18 AM | Attr = ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 9/19/2007 9:17:53 AM | Attr = R ]
OPTIONS -> %SystemRoot%\OPTIONS -> [Folder | Created Date = 10/7/2007 8:31:32 PM | Attr = ]
PCHealth -> %SystemRoot%\PCHealth -> [Folder | Created Date = 9/19/2007 9:16:43 AM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 10/7/2007 11:45:28 PM | Attr = H ]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 9/19/2007 10:11:53 AM | Attr = ]
pwisys.ini -> %SystemRoot%\pwisys.ini -> [Ver = | Size = 442 bytes | Created Date = 11/11/2007 9:36:25 AM | Attr = ]
quit.exe -> %SystemRoot%\quit.exe -> Microsoft [Ver = 3.65.0002 | Size = 20480 bytes | Created Date = 11/8/2007 12:57:26 AM | Attr = ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 10/7/2007 11:33:31 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 9/19/2007 9:16:07 AM | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 9/19/2007 10:11:39 AM | Attr = ]
repair -> %SystemRoot%\repair -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
SET3.tmp -> %SystemRoot%\SET3.tmp -> [Ver = | Size = 1086182 bytes | Created Date = 9/19/2007 5:08:50 AM | Attr = R ]
SETA.tmp -> %SystemRoot%\SETA.tmp -> [Ver = | Size = 13608 bytes | Created Date = 9/19/2007 5:08:53 AM | Attr = R ]
shell.exe -> %SystemRoot%\shell.exe -> [Ver = | Size = 9728 bytes | Created Date = 11/12/2007 5:57:54 PM | Attr = ]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 11/9/2007 4:54:41 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 9/19/2007 9:16:48 AM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 11/7/2007 6:50:27 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
system32 -> %System32% -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 9/19/2007 9:16:54 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
TTC-4444.exe -> %SystemRoot%\TTC-4444.exe -> [Ver = | Size = 169147 bytes | Created Date = 11/4/2007 8:56:10 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
uninstall_nmon.vbs -> %SystemRoot%\uninstall_nmon.vbs -> [Ver = | Size = 1989 bytes | Created Date = 11/4/2007 8:55:25 AM | Attr = ]
vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 9/19/2007 9:16:08 AM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 9/19/2007 9:16:08 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = R ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 58 bytes | Created Date = 10/7/2007 9:42:17 PM | Attr = ]
winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 9/19/2007 9:17:06 AM | Attr = HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 9/19/2007 9:17:06 AM | Attr = HS]
winshow.exe -> %SystemRoot%\winshow.exe -> [Ver = 23.03.0026 | Size = 35840 bytes | Created Date = 11/8/2007 1:11:30 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
WMSysPrx.prx -> %SystemRoot%\WMSysPrx.prx -> [Ver = | Size = 299552 bytes | Created Date = 9/19/2007 9:18:43 AM | Attr = ]
yahooo.exe -> %SystemRoot%\yahooo.exe -> Microsoft [Ver = 4.30.0004 | Size = 32768 bytes | Created Date = 11/8/2007 12:57:54 AM | Attr = ]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
?icrosoft -> %SystemRoot%\?icrosoft -> [Folder | Created Date = 1/24/1749 7:29:01 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 10/7/2007 10:09:15 PM | Attr = ]
desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 9/19/2007 9:16:55 AM | Attr = RH ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 9/19/2007 9:18:40 AM | Attr = H ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 9/18/2007 8:15:54 PM | Attr = ]
1025 -> %System32%\1025 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1028 -> %System32%\1028 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1031 -> %System32%\1031 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1033 -> %System32%\1033 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1037 -> %System32%\1037 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1041 -> %System32%\1041 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1042 -> %System32%\1042 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1054 -> %System32%\1054 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
2052 -> %System32%\2052 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
3076 -> %System32%\3076 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
3com_dmi -> %System32%\3com_dmi -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
a1 -> %System32%\a1 -> [Folder | Created Date = 11/4/2007 8:55:00 AM | Attr = ]
accttlmc.dll -> %System32%\accttlmc.dll -> [Ver = | Size = 85056 bytes | Created Date = 11/10/2007 6:55:38 PM | Attr = ]
actskn45.ocx -> %System32%\actskn45.ocx -> SoftShape Development [Ver = 4, 50, 0, 0 | Size = 483328 bytes | Created Date = 11/4/2007 7:22:54 AM | Attr = ]
aivskurq.dll -> %System32%\aivskurq.dll -> Microsoft [Ver = 1.00.0091 | Size = 21504 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 9/19/2007 9:18:44 AM | Attr = ]
amstream.dll -> %System32%\amstream.dll -> [Ver = | Size = 64512 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
AUTOEXEC.NT -> %System32%\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 9/19/2007 5:09:01 AM | Attr = ]
awavyhad.dll -> %System32%\awavyhad.dll -> [Ver = | Size = 86080 bytes | Created Date = 11/7/2007 11:16:52 PM | Attr = ]
bbaplkxx.dll -> %System32%\bbaplkxx.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/10/2007 5:55:32 PM | Attr = ]
bnkijbcv.ini -> %System32%\bnkijbcv.ini -> [Ver = | Size = 668993 bytes | Created Date = 11/14/2007 3:25:42 AM | Attr = HS]
bopomofo.uce -> %System32%\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
bvgevqai -> %System32%\bvgevqai -> [Folder | Created Date = 11/4/2007 9:01:21 AM | Attr = ]
bxokvvve.ini -> %System32%\bxokvvve.ini -> [Ver = | Size = 671187 bytes | Created Date = 11/14/2007 5:44:19 PM | Attr = HS]
byxwwts.dll -> %System32%\byxwwts.dll -> [Ver = | Size = 36352 bytes | Created Date = 11/8/2007 1:11:57 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Created Date = 9/19/2007 5:08:45 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Created Date = 9/19/2007 5:08:45 AM | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
ckffoxxq.dll -> %System32%\ckffoxxq.dll -> [Ver = | Size = 87104 bytes | Created Date = 11/7/2007 10:19:51 PM | Attr = ]
cmlttcca.ini -> %System32%\cmlttcca.ini -> [Ver = | Size = 584776 bytes | Created Date = 11/10/2007 6:55:40 PM | Attr = HS]
cnrmrugo.dll -> %System32%\cnrmrugo.dll -> [Ver = | Size = 85056 bytes | Created Date = 11/14/2007 6:58:42 PM | Attr = ]
Com -> %System32%\Com -> [Folder | Created Date = 9/19/2007 9:15:23 AM | Attr = ]
config -> %System32%\config -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2578 bytes | Created Date = 9/19/2007 9:18:46 AM | Attr = ]
CONFIG.TMP -> %System32%\CONFIG.TMP -> [Ver = | Size = 2577 bytes | Created Date = 9/19/2007 5:09:01 AM | Attr = ]
c_10006.nls -> %System32%\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:09 AM | Attr = ]
c_10007.nls -> %System32%\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:11 AM | Attr = ]
c_10010.nls -> %System32%\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:06 AM | Attr = ]
c_10017.nls -> %System32%\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:11 AM | Attr = ]
c_10029.nls -> %System32%\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:06 AM | Attr = ]
c_10081.nls -> %System32%\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:13 AM | Attr = ]
c_10082.nls -> %System32%\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:06 AM | Attr = ]
c_20127.nls -> %System32%\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:05 AM | Attr = ]
C_28594.NLS -> %System32%\C_28594.NLS -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:08 AM | Attr = ]
C_28595.NLS -> %System32%\C_28595.NLS -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:11 AM | Attr = ]
C_28597.NLS -> %System32%\C_28597.NLS -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:09 AM | Attr = ]
c_28599.nls -> %System32%\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:13 AM | Attr = ]
c_28603.nls -> %System32%\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:14 AM | Attr = ]
c_737.nls -> %System32%\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:09 AM | Attr = ]
c_852.nls -> %System32%\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:06 AM | Attr = ]
c_855.nls -> %System32%\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:08 AM | Attr = ]
c_857.nls -> %System32%\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:13 AM | Attr = ]
c_866.nls -> %System32%\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:08 AM | Attr = ]
c_869.nls -> %System32%\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:09 AM | Attr = ]
c_875.nls -> %System32%\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:09 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 1324 bytes | Created Date = 10/7/2007 11:50:42 PM | Attr = ]
dahyvawa.ini -> %System32%\dahyvawa.ini -> [Ver = | Size = 570249 bytes | Created Date = 11/7/2007 11:16:54 PM | Attr = HS]
desktop.ini -> %System32%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 9/19/2007 9:17:06 AM | Attr = ]
devenum.dll -> %System32%\devenum.dll -> [Ver = | Size = 132608 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 9/19/2007 5:09:04 AM | Attr = ]
dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 9/19/2007 5:09:04 AM | Attr = ]
dhcp -> %System32%\dhcp -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Created Date = 9/19/2007 9:17:32 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = RHS]
dlpsrqpd.dll -> %System32%\dlpsrqpd.dll -> [Ver = | Size = 144480 bytes | Created Date = 11/12/2007 3:10:49 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
efcyyya.dll -> %System32%\efcyyya.dll -> [Ver = | Size = 36864 bytes | Created Date = 11/4/2007 9:00:26 AM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Created Date = 9/19/2007 9:16:09 AM | Attr = ]
EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 9/19/2007 5:09:03 AM | Attr = ]
explorer.exe -> %System32%\explorer.exe -> Microsoft [Ver = 724.06.0034 | Size = 40960 bytes | Created Date = 11/13/2007 11:39:16 AM | Attr = ]
export -> %System32%\export -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
eyjjyebo.dll -> %System32%\eyjjyebo.dll -> [Ver = | Size = 88128 bytes | Created Date = 11/10/2007 5:49:32 PM | Attr = ]
fdqdntmr.exe -> %System32%\fdqdntmr.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/10/2007 6:46:33 PM | Attr = ]
fibagbia -> %System32%\fibagbia -> [Folder | Created Date = 11/13/2007 5:32:11 PM | Attr = ]
fisuxmel.dll -> %System32%\fisuxmel.dll -> [Ver = | Size = 87104 bytes | Created Date = 11/6/2007 10:16:53 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 90296 bytes | Created Date = 9/19/2007 5:08:23 AM | Attr = ]
fvetsnri.ini -> %System32%\fvetsnri.ini -> [Ver = | Size = 584776 bytes | Created Date = 11/9/2007 5:46:53 PM | Attr = HS]
g2 -> %System32%\g2 -> [Folder | Created Date = 11/4/2007 8:55:00 AM | Attr = ]
gb2312.uce -> %System32%\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
ghginomi.dll -> %System32%\ghginomi.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/7/2007 10:16:51 PM | Attr = ]
gnyurxvw.dllbox -> %System32%\gnyurxvw.dllbox -> [Ver = | Size = 20768 bytes | Created Date = 11/12/2007 3:11:21 PM | Attr = HS]
guxehavv.exe -> %System32%\guxehavv.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 11/6/2007 8:27:44 PM | Attr = ]
gvrxieni.dll -> %System32%\gvrxieni.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/8/2007 11:13:52 PM | Attr = ]
h1 -> %System32%\h1 -> [Folder | Created Date = 11/4/2007 8:55:00 AM | Attr = ]
hajjgxjs.exe -> %System32%\hajjgxjs.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/14/2007 3:22:47 AM | Attr = ]
hfdxkfui.ini -> %System32%\hfdxkfui.ini -> [Ver = | Size = 569962 bytes | Created Date = 11/5/2007 8:38:54 PM | Attr = HS]
hggdefd.dll -> %System32%\hggdefd.dll -> [Ver = | Size = 36352 bytes | Created Date = 11/13/2007 5:32:10 PM | Attr = ]
hkofdxud.dll -> %System32%\hkofdxud.dll -> [Ver = | Size = 78912 bytes | Created Date = 11/4/2007 8:34:57 PM | Attr = ]
hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 9/19/2007 9:15:49 AM | Attr = ]
htoanngi.exe -> %System32%\htoanngi.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 11/5/2007 8:26:57 PM | Attr = ]
hvoywdws.dll -> %System32%\hvoywdws.dll -> [Ver = | Size = 79424 bytes | Created Date = 11/14/2007 5:47:08 PM | Attr = ]
hwtoffev.dll -> %System32%\hwtoffev.dll -> [Ver = | Size = 80448 bytes | Created Date = 11/13/2007 4:50:06 PM | Attr = ]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 489984 bytes | Created Date = 9/19/2007 9:15:49 AM | Attr = ]
ias -> %System32%\ias -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
ideograf.uce -> %System32%\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
IExplorer.dll .dbt -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Created Date = 11/8/2007 12:57:59 AM | Attr = ]
igtwcwkt.dll -> %System32%\igtwcwkt.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/6/2007 10:14:00 PM | Attr = ]
ihhkj.bak1 -> %System32%\ihhkj.bak1 -> [Ver = | Size = 6470 bytes | Created Date = 11/13/2007 4:38:12 PM | Attr = HS]
ihhkj.ini -> %System32%\ihhkj.ini -> [Ver = | Size = 34210 bytes | Created Date = 11/13/2007 4:37:58 PM | Attr = HS]
ihmucegi.dll -> %System32%\ihmucegi.dll -> [Ver = | Size = 79424 bytes | Created Date = 11/14/2007 6:55:42 PM | Attr = ]
IME -> %System32%\IME -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
inf -> %System32%\inf -> [Folder | Created Date = 11/11/2007 9:36:25 AM | Attr = ]
insfmkdh.dll -> %System32%\insfmkdh.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/14/2007 3:25:37 AM | Attr = ]
irnstevf.dll -> %System32%\irnstevf.dll -> [Ver = | Size = 88128 bytes | Created Date = 11/9/2007 5:46:41 PM | Attr = ]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 28672 bytes | Created Date = 9/19/2007 9:17:00 AM | Attr = ]
iufkxdfh.dll -> %System32%\iufkxdfh.dll -> [Ver = | Size = 85568 bytes | Created Date = 11/5/2007 8:38:44 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 11/4/2007 7:29:30 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 11/4/2007 7:29:30 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 11/4/2007 7:29:30 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 11/4/2007 7:29:30 AM | Attr = ]
jffufwnm.dll -> %System32%\jffufwnm.dll -> [Ver = | Size = 89664 bytes | Created Date = 11/12/2007 3:08:01 PM | Attr = ]
jkhhi.dll -> %System32%\jkhhi.dll -> [Ver = | Size = 319072 bytes | Created Date = 11/13/2007 4:37:48 PM | Attr = ]
jkklllj.dll -> %System32%\jkklllj.dll -> [Ver = | Size = 36352 bytes | Created Date = 11/8/2007 1:17:04 AM | Attr = ]
kanji_1.uce -> %System32%\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
kanji_2.uce -> %System32%\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
keystone.exe -> %System32%\keystone.exe -> [Ver = | Size = 425984 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
kgcdpudj.dll -> %System32%\kgcdpudj.dll -> [Ver = | Size = 144480 bytes | Created Date = 11/14/2007 7:01:42 PM | Attr = ]
kikxchia.dll -> %System32%\kikxchia.dll -> [Ver = | Size = 144480 bytes | Created Date = 11/14/2007 7:02:03 PM | Attr = ]
kikxchia.dllbox -> %System32%\kikxchia.dllbox -> [Ver = | Size = 20810 bytes | Created Date = 11/14/2007 7:02:07 PM | Attr = HS]
korean.uce -> %System32%\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
l3codecx.ax -> %System32%\l3codecx.ax -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 5, 0, 50 | Size = 83456 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
lcpmoqxo.dll -> %System32%\lcpmoqxo.dll -> [Ver = | Size = 78912 bytes | Created Date = 11/4/2007 8:34:39 PM | Attr = ]
ldcore.dll -> %System32%\ldcore.dll -> [Ver = | Size = 7713 bytes | Created Date = 11/4/2007 8:55:49 AM | Attr = ]
ldinfo.ldr -> %System32%\ldinfo.ldr -> [Ver = | Size = 399 bytes | Created Date = 11/4/2007 8:57:57 AM | Attr = ]
lemxusif.ini -> %System32%\lemxusif.ini -> [Ver = | Size = 570101 bytes | Created Date = 11/6/2007 10:16:55 PM | Attr = HS]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 9/19/2007 9:17:53 AM | Attr = RH ]
lwisys16_071111.dll -> %System32%\lwisys16_071111.dll -> [Ver = | Size = 23040 bytes | Created Date = 11/11/2007 9:36:29 AM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Created Date = 9/19/2007 9:16:47 AM | Attr = ]
mciqtz32.dll -> %System32%\mciqtz32.dll -> [Ver = | Size = 34304 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
mevpgvwp.ini -> %System32%\mevpgvwp.ini -> [Ver = | Size = 668993 bytes | Created Date = 11/13/2007 4:53:18 PM | Attr = HS]
Microsoft -> %System32%\Microsoft -> [Folder | Created Date = 10/7/2007 8:33:00 PM | Attr = S]
mndmhsjc.ini -> %System32%\mndmhsjc.ini -> [Ver = | Size = 576845 bytes | Created Date = 11/4/2007 8:37:58 PM | Attr = HS]
mnwfuffj.ini -> %System32%\mnwfuffj.ini -> [Ver = | Size = 590476 bytes | Created Date = 11/12/2007 3:08:15 PM | Attr = HS]
mp43.exe -> %System32%\mp43.exe -> Microsoft [Ver = 4.30.0004 | Size = 32768 bytes | Created Date = 11/8/2007 12:57:54 AM | Attr = ]
mpeg2data.ax -> %System32%\mpeg2data.ax -> [Ver = | Size = 57856 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
mpg2splt.ax -> %System32%\mpg2splt.ax -> [Ver = | Size = 136192 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
msdmo.dll -> %System32%\msdmo.dll -> [Ver = | Size = 13312 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
MsDtc -> %System32%\MsDtc -> [Folder | Created Date = 9/19/2007 9:15:23 AM | Attr = ]
msdtcprf.h -> %System32%\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 9/19/2007 9:15:39 AM | Attr = ]
msdtcprf.ini -> %System32%\msdtcprf.ini -> [Ver = | Size = 1931 bytes | Created Date = 9/19/2007 9:15:39 AM | Attr = ]
msdvbnp.ax -> %System32%\msdvbnp.ax -> [Ver = | Size = 52224 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
msnav32.ax -> %System32%\msnav32.ax -> [Ver = | Size = 17 bytes | Created Date = 11/4/2007 8:58:10 AM | Attr = ]
mtdrnqgu.exe -> %System32%\mtdrnqgu.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/7/2007 9:04:52 PM | Attr = ]
mtoewqjd.dll -> %System32%\mtoewqjd.dll -> [Ver = | Size = 83008 bytes | Created Date = 11/5/2007 8:41:43 PM | Attr = ]
mui -> %System32%\mui -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
mwisys32_071111.dll -> %System32%\mwisys32_071111.dll -> [Ver = | Size = 203264 bytes | Created Date = 11/11/2007 9:36:29 AM | Attr = ]
mywehit.ini -> %System32%\mywehit.ini -> [Ver = | Size = 188 bytes | Created Date = 11/11/2007 9:39:12 AM | Attr = ]
Mz08r -> %System32%\Mz08r -> [Folder | Created Date = 11/4/2007 8:54:51 AM | Attr = ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
npp -> %System32%\npp -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 9/19/2007 9:18:44 AM | Attr = ]
nv4_disp.dll -> %System32%\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 5783040 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvapi.dll -> %System32%\nvapi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 364544 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvappbar.exe -> %System32%\nvappbar.exe -> [Ver = | Size = 442368 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 138893 bytes | Created Date = 10/8/2007 5:38:06 PM | Attr = ]
nvcod.dll -> %System32%\nvcod.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcodins.dll -> %System32%\nvcodins.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcolor.exe -> %System32%\nvcolor.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 147456 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcpl.cpl -> %System32%\nvcpl.cpl -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 413696 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcpl.dll -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcplui.exe -> %System32%\nvcplui.exe -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 753664 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvdisp.nvu -> %System32%\nvdisp.nvu -> [Ver = | Size = 17525 bytes | Created Date = 10/8/2007 5:38:06 PM | Attr = ]
nvdisps.dll -> %System32%\nvdisps.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6344704 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvdspsch.exe -> %System32%\nvdspsch.exe -> [Ver = | Size = 1339392 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvexpbar.dll -> %System32%\nvexpbar.dll -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 307200 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvgames.dll -> %System32%\nvgames.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3334144 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nview.dll -> %System32%\nview.dll -> [Ver = | Size = 1478656 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccs.dll -> %System32%\nvmccs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 229376 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccsrs.dll -> %System32%\nvmccsrs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 45056 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccss.dll -> %System32%\nvmccss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 188416 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmctray.dll -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmobls.dll -> %System32%\nvmobls.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 1150976 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvnt4cpl.dll -> %System32%\nvnt4cpl.dll -> [Ver = | Size = 286720 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvoglnt.dll -> %System32%\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6746112 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvshell.dll -> %System32%\nvshell.dll -> [Ver = | Size = 466944 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvtuicpl.cpl -> %System32%\nvtuicpl.cpl -> [Ver = | Size = 73728 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvudisp.exe -> %System32%\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 10/8/2007 5:38:06 PM | Attr = ]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 10/8/2007 5:37:25 PM | Attr = ]
nvvitvs.dll -> %System32%\nvvitvs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3551232 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwddi.dll -> %System32%\nvwddi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwdmcpl.dll -> %System32%\nvwdmcpl.dll -> [Ver = | Size = 1703936 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwimg.dll -> %System32%\nvwimg.dll -> [Ver = | Size = 1019904 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwss.dll -> %System32%\nvwss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 2371584 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
nxxdtwcy.dll -> %System32%\nxxdtwcy.dll -> [Ver = | Size = 86080 bytes | Created Date = 11/8/2007 11:19:52 PM | Attr = ]
obeyjjye.ini -> %System32%\obeyjjye.ini -> [Ver = | Size = 584776 bytes | Created Date = 11/10/2007 5:49:32 PM | Attr = HS]
ogurmrnc.ini -> %System32%\ogurmrnc.ini -> [Ver = | Size = 671247 bytes | Created Date = 11/14/2007 6:58:43 PM | Attr = HS]
ogurmrnc.ini2 -> %System32%\ogurmrnc.ini2 -> [Ver = | Size = 671265 bytes | Created Date = 11/14/2007 6:58:54 PM | Attr = HS]
ogurmrnc.tmp -> %System32%\ogurmrnc.tmp -> [Ver = | Size = 671247 bytes | Created Date = 11/14/2007 6:58:54 PM | Attr = HS]
oobe -> %System32%\oobe -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Created Date = 9/19/2007 5:09:19 AM | Attr = ]
pnhxsisu.exe -> %System32%\pnhxsisu.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/14/2007 6:52:59 PM | Attr = ]
printer.exe -> %System32%\printer.exe -> [Ver = | Size = 9728 bytes | Created Date = 11/12/2007 5:57:53 PM | Attr = ]
psisdecd.dll -> %System32%\psisdecd.dll -> [Ver = | Size = 354816 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
psisrndr.ax -> %System32%\psisrndr.ax -> [Ver = | Size = 30208 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
puhmcwdy.dll -> %System32%\puhmcwdy.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/7/2007 11:10:52 PM | Attr = ]
pwvgpvem.dll -> %System32%\pwvgpvem.dll -> [Ver = | Size = 85056 bytes | Created Date = 11/13/2007 4:53:07 PM | Attr = ]
qasf.dll -> %System32%\qasf.dll -> [Ver = | Size = 173056 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qcap.dll -> %System32%\qcap.dll -> [Ver = | Size = 257024 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qdv.dll -> %System32%\qdv.dll -> [Ver = | Size = 316928 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qdvd.dll -> %System32%\qdvd.dll -> [Ver = | Size = 470528 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qedit.dll -> %System32%\qedit.dll -> [Ver = | Size = 1798144 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qedwipes.dll -> %System32%\qedwipes.dll -> [Ver = | Size = 733184 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qmdlwpln.exe -> %System32%\qmdlwpln.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/9/2007 5:43:32 PM | Attr = ]
qqtss.bak1 -> %System32%\qqtss.bak1 -> [Ver = | Size = 642062 bytes | Created Date = 11/12/2007 3:05:48 PM | Attr = HS]
qqtss.bak2 -> %System32%\qqtss.bak2 -> [Ver = | Size = 443995 bytes | Created Date = 11/13/2007 4:38:46 PM | Attr = HS]
qqtss.ini -> %System32%\qqtss.ini -> [Ver = | Size = 445959 bytes | Created Date = 11/12/2007 11:55:54 PM | Attr = HS]
qqtss.ini2 -> %System32%\qqtss.ini2 -> [Ver = | Size = 479823 bytes | Created Date = 11/12/2007 11:55:54 PM | Attr = HS]
qqtss.tmp -> %System32%\qqtss.tmp -> [Ver = | Size = 452379 bytes | Created Date = 11/12/2007 11:41:22 PM | Attr = HS]
quartz.dll -> %System32%\quartz.dll -> [Ver = | Size = 1962496 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qxrijllm.exe -> %System32%\qxrijllm.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/12/2007 3:05:53 PM | Attr = ]
qxxoffkc.ini -> %System32%\qxxoffkc.ini -> [Ver = | Size = 570161 bytes | Created Date = 11/7/2007 10:19:51 PM | Attr = HS]
r2 -> %System32%\r2 -> [Folder | Created Date = 11/4/2007 8:55:01 AM | Attr = ]
ras -> %System32%\ras -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Created Date = 9/19/2007 9:16:42 AM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
Setup -> %System32%\Setup -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
shiftjis.uce -> %System32%\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
sijkdvbv.dll -> %System32%\sijkdvbv.dll -> [Ver = | Size = 77888 bytes | Created Date = 11/9/2007 5:52:32 PM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Created Date = 11/9/2007 4:55:59 PM | Attr = ]
spool -> %System32%\spool -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
spoolvs.exe -> %System32%\spoolvs.exe -> [Ver = | Size = 9728 bytes | Created Date = 11/12/2007 5:57:54 PM | Attr = ]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 9/19/2007 5:09:03 AM | Attr = ]
ssqpqqr.dll -> %System32%\ssqpqqr.dll -> [Ver = | Size = 36864 bytes | Created Date = 11/4/2007 8:42:22 PM | Attr = ]
sstqq.dll -> %System32%\sstqq.dll -> [Ver = | Size = 319584 bytes | Created Date = 11/4/2007 9:00:53 AM | Attr = ]
stgqofpe.exe -> %System32%\stgqofpe.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/7/2007 11:07:52 PM | Attr = ]
stwpinut.dll -> %System32%\stwpinut.dll -> [Ver = | Size = 80448 bytes | Created Date = 11/13/2007 11:41:06 AM | Attr = ]
subrange.uce -> %System32%\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
S?mantec -> %System32%\S?mantec -> [Folder | Created Date = 12/31/1747 10:15:04 AM | Attr = ]
tslabels.h -> %System32%\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 9/19/2007 9:15:41 AM | Attr = ]
tslabels.ini -> %System32%\tslabels.ini -> [Ver = | Size = 13223 bytes | Created Date = 9/19/2007 9:15:41 AM | Attr = ]
tsuxipcy.dll -> %System32%\tsuxipcy.dll -> [Ver = | Size = 88128 bytes | Created Date = 11/11/2007 6:52:46 PM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
usrlogon.cmd -> %System32%\usrlogon.cmd -> [Ver = | Size = 1161 bytes | Created Date = 9/19/2007 9:15:41 AM | Attr = ]
uyrbktrd.exe -> %System32%\uyrbktrd.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/14/2007 5:41:25 PM | Attr = ]
v8 -> %System32%\v8 -> [Folder | Created Date = 11/4/2007 8:55:01 AM | Attr = ]
vcbjiknb.dll -> %System32%\vcbjiknb.dll -> [Ver = | Size = 85056 bytes | Created Date = 11/14/2007 3:25:31 AM | Attr = ]
vdcymkly.exe -> %System32%\vdcymkly.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/8/2007 11:10:52 PM | Attr = ]
visxigyp.exe -> %System32%\visxigyp.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/14/2007 6:32:56 PM | Attr = ]
vvgeowbv.exe -> %System32%\vvgeowbv.exe -> [Ver = | Size = 0 bytes | Created Date = 11/4/2007 8:59:13 AM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
WhoisCL.exe -> %System32%\WhoisCL.exe -> NirSoft [Ver = 1.20 | Size = 10752 bytes | Created Date = 10/17/2007 8:42:08 AM | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 9/19/2007 9:17:53 AM | Attr = RH ]
wins -> %System32%\wins -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
winxoo32.dll -> %System32%\winxoo32.dll -> [Ver = | Size = 19968 bytes | Created Date = 11/4/2007 8:58:22 AM | Attr = ]
wmimgmt.msc -> %System32%\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 9/19/2007 9:15:31 AM | Attr = ]
wmpscheme.xml -> %System32%\wmpscheme.xml -> [Ver = | Size = 25065 bytes | Created Date = 9/19/2007 9:18:44 AM | Attr = ]
wnscpisv32.exe -> %System32%\wnscpisv32.exe -> [Ver = | Size = 2 bytes | Created Date = 11/8/2007 1:13:24 AM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
xircom -> %System32%\xircom -> [Folder | Created Date = 9/19/2007 9:19:03 AM | Attr = ]
xjoatova.exe -> %System32%\xjoatova.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/10/2007 5:43:32 PM | Attr = ]
ycpixust.ini -> %System32%\ycpixust.ini -> [Ver = | Size = 585038 bytes | Created Date = 11/11/2007 6:52:49 PM | Attr = HS]
ycwtdxxn.ini -> %System32%\ycwtdxxn.ini -> [Ver = | Size = 584179 bytes | Created Date = 11/8/2007 11:19:53 PM | Attr = HS]
?asks -> %System32%\?asks -> [Folder | Created Date = 6/6/1749 9:01:50 PM | Attr = ]
amstream.dll -> %System32%\dllcache\amstream.dll -> [Ver = | Size = 64512 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 9/19/2007 9:19:32 AM | Attr = ]
chtskf.dll -> %System32%\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 9/19/2007 9:19:35 AM | Attr = ]
CLASSES.CAT -> %System32%\dllcache\CLASSES.CAT -> [Ver = | Size = 657548 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
DAJAVAC.CAT -> %System32%\dllcache\DAJAVAC.CAT -> [Ver = | Size = 56081 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
devenum.dll -> %System32%\dllcache\devenum.dll -> [Ver = | Size = 132608 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 9/19/2007 5:09:04 AM | Attr = ]
dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 9/19/2007 5:09:04 AM | Attr = ]
DX3.CAT -> %System32%\dllcache\DX3.CAT -> [Ver = | Size = 52311 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 9/19/2007 5:09:03 AM | Attr = ]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 9/19/2007 9:19:44 AM | Attr = ]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 9/19/2007 9:19:44 AM | Attr = ]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 9/19/2007 9:19:44 AM | Attr = ]
FP4.CAT -> %System32%\dllcache\FP4.CAT -> [Ver = | Size = 31405 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
fpencode.dll -> %System32%\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 9/19/2007 9:19:49 AM | Attr = ]
hanja.lex -> %System32%\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 9/19/2007 9:19:55 AM | Attr = ]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 9/19/2007 9:15:49 AM | Attr = ]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 9/19/2007 9:20:02 AM | Attr = ]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
imekr.lex -> %System32%\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 9/19/2007 9:20:16 AM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196666 bytes | Created Date = 9/19/2007 9:20:20 AM | Attr = ]
IMS.CAT -> %System32%\dllcache\IMS.CAT -> [Ver = | Size = 13608 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
imscinst.exe -> %System32%\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 9/19/2007 9:20:22 AM | Attr = ]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 28672 bytes | Created Date = 9/19/2007 9:17:00 AM | Attr = ]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 9/19/2007 9:20:36 AM | Attr = ]
ltts1033.lxa -> %System32%\dllcache\ltts1033.lxa -> [Ver = | Size = 643717 bytes | Created Date = 9/19/2007 5:09:16 AM | Attr = ]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 9/19/2007 5:08:55 AM | Attr = ]
mciqtz32.dll -> %System32%\dllcache\mciqtz32.dll -> [Ver = | Size = 34304 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
mediactr.cat -> %System32%\dllcache\mediactr.cat -> [Ver = | Size = 22399 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
mpg2splt.ax -> %System32%\dllcache\mpg2splt.ax -> [Ver = | Size = 136192 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 9/19/2007 9:16:42 AM | Attr = ]
msdmo.dll -> %System32%\dllcache\msdmo.dll -> [Ver = | Size = 13312 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
msdvbnp.ax -> %System32%\dllcache\msdvbnp.ax -> [Ver = | Size = 52224 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
msinfo.dll -> %System32%\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 348160 bytes | Created Date = 9/19/2007 9:17:08 AM | Attr = ]
MSJDBC.CAT -> %System32%\dllcache\MSJDBC.CAT -> [Ver = | Size = 14031 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT -> [Ver = | Size = 10881 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7369 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
MW770.CAT -> %System32%\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
nls302en.lex -> %System32%\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 9/19/2007 9:17:38 AM | Attr = ]
NT5.CAT -> %System32%\dllcache\NT5.CAT -> [Ver = | Size = 2049999 bytes | Created Date = 9/19/2007 5:08:55 AM | Attr = ]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 9/19/2007 5:08:55 AM | Attr = ]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT -> [Ver = | Size = 451856 bytes | Created Date = 9/19/2007 5:08:55 AM | Attr = ]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086182 bytes | Created Date = 9/19/2007 5:08:55 AM | Attr = ]
nv4_disp.dll -> %System32%\dllcache\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 5783040 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nv4_mini.sys -> %System32%\dllcache\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 272896 bytes | Created Date = 9/19/2007 9:15:55 AM | Attr = ]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 9/19/2007 9:20:55 AM | Attr = ]
psisdecd.dll -> %System32%\dllcache\psisdecd.dll -> [Ver = | Size = 354816 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
psisrndr.ax -> %System32%\dllcache\psisrndr.ax -> [Ver = | Size = 30208 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
qasf.dll -> %System32%\dllcache\qasf.dll -> [Ver = | Size = 173056 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qcap.dll -> %System32%\dllcache\qcap.dll -> [Ver = | Size = 257024 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qdv.dll -> %System32%\dllcache\qdv.dll -> [Ver = | Size = 316928 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qdvd.dll -> %System32%\dllcache\qdvd.dll -> [Ver = | Size = 470528 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qedit.dll -> %System32%\dllcache\qedit.dll -> [Ver = | Size = 1798144 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qedwipes.dll -> %System32%\dllcache\qedwipes.dll -> [Ver = | Size = 733184 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
quartz.dll -> %System32%\dllcache\quartz.dll -> [Ver = | Size = 1962496 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
r1033tts.lxa -> %System32%\dllcache\r1033tts.lxa -> [Ver = | Size = 605050 bytes | Created Date = 9/19/2007 5:09:16 AM | Attr = ]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 9/19/2007 9:21:02 AM | Attr = ]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 9/19/2007 9:21:02 AM | Attr = ]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 9/19/2007 9:21:02 AM | Attr = ]
sam.sdf -> %System32%\dllcache\sam.sdf -> [Ver = | Size = 888 bytes | Created Date = 9/19/2007 5:09:17 AM | Attr = ]
sam.spd -> %System32%\dllcache\sam.spd -> [Ver = | Size = 1685606 bytes | Created Date = 9/19/2007 5:09:17 AM | Attr = ]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 9/19/2007 5:09:03 AM | Attr = ]
srframe.mmf -> %System32%\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 9/19/2007 9:17:01 AM | Attr = ]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat -> [Ver = | Size = 93044 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
TCLASSES.CAT -> %System32%\dllcache\TCLASSES.CAT -> [Ver = | Size = 22151 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
WFC.CAT -> %System32%\dllcache\WFC.CAT -> [Ver = | Size = 390168 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
XMLDSOC.CAT -> %System32%\dllcache\XMLDSOC.CAT -> [Ver = | Size = 21281 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
AegisP.sys -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.5.0 | Size = 21035 bytes | Created Date = 10/7/2007 8:32:32 PM | Attr = ]
blank.gif -> %System32%\drivers\blank.gif -> [Ver = | Size = 837 bytes | Created Date = 11/4/2007 8:58:50 AM | Attr = ]
BLKWGDv7.SYS -> %System32%\drivers\BLKWGDv7.SYS -> Belkin Corporation. [Ver = 5.87.19.106 built by: WinDDK | Size = 303616 bytes | Created Date = 10/7/2007 8:32:42 PM | Attr = ]
box_1.gif -> %System32%\drivers\box_1.gif -> [Ver = | Size = 12313 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
box_2.gif -> %System32%\drivers\box_2.gif -> [Ver = | Size = 11927 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
box_3.gif -> %System32%\drivers\box_3.gif -> [Ver = | Size = 12326 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
button_buynow.gif -> %System32%\drivers\button_buynow.gif -> [Ver = | Size = 1619 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
button_freescan.gif -> %System32%\drivers\button_freescan.gif -> [Ver = | Size = 1647 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
cell_bg.gif -> %System32%\drivers\cell_bg.gif -> [Ver = | Size = 1342 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
cell_footer.gif -> %System32%\drivers\cell_footer.gif -> [Ver = | Size = 1373 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
cell_header_block.gif -> %System32%\drivers\cell_header_block.gif -> [Ver = | Size = 3313 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
cell_header_remove.gif -> %System32%\drivers\cell_header_remove.gif -> [Ver = | Size = 3552 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
cell_header_scan.gif -> %System32%\drivers\cell_header_scan.gif -> [Ver = | Size = 3479 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 166945 bytes | Created Date = 11/4/2007 8:55:15 AM | Attr = ]
core.sys -> %System32%\drivers\core.sys -> [Ver = | Size = 72960 bytes | Created Date = 11/4/2007 8:55:10 AM | Attr = ]
detect.htm -> %System32%\drivers\detect.htm -> [Ver = | Size = 12461 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
disdn -> %System32%\drivers\disdn -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
download_box.gif -> %System32%\drivers\download_box.gif -> [Ver = | Size = 2238 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
download_btn.jpg -> %System32%\drivers\download_btn.jpg -> [Ver = | Size = 8852 bytes | Created Date = 11/4/2007 8:58:53 AM | Attr = ]
download_now_btn.gif -> %System32%\drivers\download_now_btn.gif -> [Ver = | Size = 4448 bytes | Created Date = 11/4/2007 8:58:53 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
footer_back.jpg -> %System32%\drivers\footer_back.jpg -> [Ver = | Size = 2922 bytes | Created Date = 11/4/2007 8:58:53 AM | Attr = ]
header_1.gif -> %System32%\drivers\header_1.gif -> [Ver = | Size = 28459 bytes | Created Date = 11/4/2007 8:58:53 AM | Attr = ]
header_2.gif -> %System32%\drivers\header_2.gif -> [Ver = | Size = 15421 bytes | Created Date = 11/4/2007 8:58:57 AM | Attr = ]
header_3.gif -> %System32%\drivers\header_3.gif -> [Ver = | Size = 10193 bytes | Created Date = 11/4/2007 8:58:57 AM | Attr = ]
header_4.gif -> %System32%\drivers\header_4.gif -> [Ver = | Size = 11077 bytes | Created Date = 11/4/2007 8:58:57 AM | Attr = ]
header_red_bg.gif -> %System32%\drivers\header_red_bg.gif -> [Ver = | Size = 877 bytes | Created Date = 11/4/2007 8:58:57 AM | Attr = ]
header_red_free_scan.gif -> %System32%\drivers\header_red_free_scan.gif -> [Ver = | Size = 3216 bytes | Created Date = 11/4/2007 8:58:58 AM | Attr = ]
header_red_free_scan_bg.gif -> %System32%\drivers\header_red_free_scan_bg.gif -> [Ver = | Size = 838 bytes | Created Date = 11/4/2007 8:58:58 AM | Attr = ]
header_red_protect_your_pc.gif -> %System32%\drivers\header_red_protect_your_pc.gif -> [Ver = | Size = 16977 bytes | Created Date = 11/4/2007 8:58:58 AM | Attr = ]
infected.gif -> %System32%\drivers\infected.gif -> [Ver = | Size = 1204 bytes | Created Date = 11/4/2007 8:58:58 AM | Attr = ]
ltmdmnt.sys -> %System32%\drivers\ltmdmnt.sys -> LT [Ver = 8.23 | Size = 607360 bytes | Created Date = 9/19/2007 5:10:15 AM | Attr = ]
main_back.gif -> %System32%\drivers\main_back.gif -> [Ver = | Size = 215 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
nv4_mini.sys -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
perfect_cleaner_box.jpg -> %System32%\drivers\perfect_cleaner_box.jpg -> [Ver = | Size = 10260 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
product_1_header.gif -> %System32%\drivers\product_1_header.gif -> [Ver = | Size = 2604 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
product_1_name_small.gif -> %System32%\drivers\product_1_name_small.gif -> [Ver = | Size = 1253 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
product_2_header.gif -> %System32%\drivers\product_2_header.gif -> [Ver = | Size = 2214 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
product_2_name_small.gif -> %System32%\drivers\product_2_name_small.gif -> [Ver = | Size = 979 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
product_3_header.gif -> %System32%\drivers\product_3_header.gif -> [Ver = | Size = 3080 bytes | Created Date = 11/4/2007 8:59:00 AM | Attr = ]
product_3_name_small.gif -> %System32%\drivers\product_3_name_small.gif -> [Ver = | Size = 1714 bytes | Created Date = 11/4/2007 8:59:00 AM | Attr = ]
product_features.gif -> %System32%\drivers\product_features.gif -> [Ver = | Size = 1330 bytes | Created Date = 11/4/2007 8:59:00 AM | Attr = ]
pt.htm -> %System32%\drivers\pt.htm -> [Ver = | Size = 36827 bytes | Created Date = 11/4/2007 8:59:00 AM | Attr = ]
rating.gif -> %System32%\drivers\rating.gif -> [Ver = | Size = 4008 bytes | Created Date = 11/4/2007 8:59:07 AM | Attr = ]
RTL8139.sys -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.396.0530.2001 | Size = 23070 bytes | Created Date = 9/19/2007 5:10:08 AM | Attr = ]
screenshot.jpg -> %System32%\drivers\screenshot.jpg -> [Ver = | Size = 26487 bytes | Created Date = 11/4/2007 8:59:07 AM | Attr = ]
sep_hor.gif -> %System32%\drivers\sep_hor.gif -> [Ver = | Size = 65 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
sep_vert.gif -> %System32%\drivers\sep_vert.gif -> [Ver = | Size = 53 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
shadow.jpg -> %System32%\drivers\shadow.jpg -> [Ver = | Size = 2798 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
shadow_bg.gif -> %System32%\drivers\shadow_bg.gif -> [Ver = | Size = 821 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
SjyPkt.sys -> %System32%\drivers\SjyPkt.sys -> Windows ® 2000 DDK provider [Ver = 5.00.2195.1 | Size = 13532 bytes | Created Date = 10/7/2007 8:31:33 PM | Attr = ]
spacer.gif -> %System32%\drivers\spacer.gif -> [Ver = | Size = 49 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
spy_away_box.jpg -> %System32%\drivers\spy_away_box.jpg -> [Ver = | Size = 13618 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
star.gif -> %System32%\drivers\star.gif -> [Ver = | Size = 639 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
star_gray.gif -> %System32%\drivers\star_gray.gif -> [Ver = | Size = 425 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
star_gray_small.gif -> %System32%\drivers\star_gray_small.gif -> [Ver = | Size = 223 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
star_small.gif -> %System32%\drivers\star_small.gif -> [Ver = | Size = 550 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
style.css -> %System32%\drivers\style.css -> [Ver = | Size = 835 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
s_detect.htm -> %System32%\drivers\s_detect.htm -> [Ver = | Size = 1024 bytes | Created Date = 11/4/2007 8:59:07 AM | Attr = ]
v.gif -> %System32%\drivers\v.gif -> [Ver = | Size = 291 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
warning_icon.gif -> %System32%\drivers\warning_icon.gif -> [Ver = | Size = 3877 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
win_logo.gif -> %System32%\drivers\win_logo.gif -> [Ver = | Size = 1791 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
x.gif -> %System32%\drivers\x.gif -> [Ver = | Size = 283 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
[Files/Folders - Modified Within 90 days]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 11/13/2007 11:32:26 AM | Attr = ]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 442 bytes | Modified Date = 10/8/2007 4:15:18 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/14/2007 6:52:50 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 11/14/2007 5:44:24 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 11/9/2007 7:02:04 AM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 11/14/2007 6:45:54 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 11/15/2007 7:27:30 AM | Attr = ]
WUTemp -> %SystemDrive%\WUTemp -> [Folder | Modified Date = 10/7/2007 9:49:02 PM | Attr = ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Modified Date = 11/5/2007 8:04:38 PM | Attr = H ]
addins -> %SystemRoot%\addins -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 9/18/2007 8:15:48 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/15/2007 7:45:38 AM | Attr = S]
bXVzdGFuZw -> %SystemRoot%\bXVzdGFuZw -> [Folder | Modified Date = 11/4/2007 8:39:16 PM | Attr = HS]
Config -> %SystemRoot%\Config -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 9/19/2007 9:18:48 AM | Attr = ]
cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 2135 bytes | Modified Date = 11/14/2007 7:54:32 PM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 11/14/2007 6:32:24 PM | Attr = HS]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 9/19/2007 9:15:56 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 11/14/2007 6:52:38 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/28/2007 6:41:10 PM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 9/19/2007 5:09:16 AM | Attr = R S]
Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico -> [Ver = | Size = 1150 bytes | Modified Date = 11/13/2007 5:33:26 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 11/9/2007 4:56:20 PM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 9/19/2007 9:19:04 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1917 bytes | Modified Date = 11/9/2007 7:04:52 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 11/9/2007 4:56:02 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/5/2007 8:06:08 PM | Attr = HS]
java -> %SystemRoot%\java -> [Folder | Modified Date = 9/19/2007 9:18:38 AM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 9/18/2007 8:14:10 PM | Attr = ]
mgrs.exe -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 11/13/2007 5:33:16 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1156 bytes | Modified Date = 11/8/2007 5:07:00 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 9/18/2007 8:13:38 PM | Attr = ]
msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
mui -> %SystemRoot%\mui -> [Folder | Modified Date = 9/18/2007 8:15:46 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 9/19/2007 10:16:02 AM | Attr = ]
nview -> %SystemRoot%\nview -> [Folder | Modified Date = 10/8/2007 5:38:08 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 9/19/2007 9:18:38 AM | Attr = ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 9/19/2007 9:17:54 AM | Attr = R ]
OPTIONS -> %SystemRoot%\OPTIONS -> [Folder | Modified Date = 10/7/2007 8:31:34 PM | Attr = ]
PCHealth -> %SystemRoot%\PCHealth -> [Folder | Modified Date = 9/19/2007 9:17:10 AM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 10/7/2007 11:45:30 PM | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/14/2007 9:55:02 PM | Attr = ]
pwisys.ini -> %SystemRoot%\pwisys.ini -> [Ver = | Size = 442 bytes | Modified Date = 11/14/2007 6:53:00 PM | Attr = ]
quit.exe -> %SystemRoot%\quit.exe -> Microsoft [Ver = 3.65.0002 | Size = 20480 bytes | Modified Date = 11/8/2007 12:57:38 AM | Attr = ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 10/7/2007 11:33:32 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 11/12/2007 11:45:36 PM | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 9/19/2007 10:11:40 AM | Attr = ]
repair -> %SystemRoot%\repair -> [Folder | Modified Date = 9/19/2007 9:19:04 AM | Attr = ]
Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 11/5/2007 4:44:16 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 11/9/2007 4:56:20 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 9/19/2007 9:17:40 AM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 11/7/2007 6:50:28 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 11/11/2007 9:36:28 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 9/19/2007 5:09:16 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 11/15/2007 7:45:24 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 10/8/2007 5:58:54 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 11/15/2007 7:31:22 AM | Attr = ]
TTC-4444.exe -> %SystemRoot%\TTC-4444.exe -> [Ver = | Size = 169147 bytes | Modified Date = 11/4/2007 8:56:12 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 9/18/2007 8:14:08 PM | Attr = ]
vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 9/19/2007 9:16:10 AM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 9/19/2007 9:16:10 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 9/19/2007 9:17:56 AM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 472 bytes | Modified Date = 9/19/2007 9:18:48 AM | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 58 bytes | Modified Date = 10/7/2007 9:42:18 PM | Attr = ]
winshow.exe -> %SystemRoot%\winshow.exe -> [Ver = 23.03.0026 | Size = 35840 bytes | Modified Date = 11/8/2007 1:11:28 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 11/5/2007 8:05:36 PM | Attr = ]
WMSysPrx.prx -> %SystemRoot%\WMSysPrx.prx -> [Ver = | Size = 299552 bytes | Modified Date = 9/19/2007 9:18:44 AM | Attr = ]
yahooo.exe -> %SystemRoot%\yahooo.exe -> Microsoft [Ver = 4.30.0004 | Size = 32768 bytes | Modified Date = 11/8/2007 12:57:56 AM | Attr = ]
?icrosoft -> %SystemRoot%\?icrosoft -> [Folder | Modified Date = 11/4/2007 9:41:34 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 11/10/2007 2:17:04 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/15/2007 7:31:52 AM | Attr = H ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Modified Date = 9/19/2007 9:21:38 AM | Attr = ]
1025 -> %System32%\1025 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1028 -> %System32%\1028 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1031 -> %System32%\1031 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1033 -> %System32%\1033 -> [Folder | Modified Date = 9/18/2007 8:13:24 PM | Attr = ]
1037 -> %System32%\1037 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1041 -> %System32%\1041 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1042 -> %System32%\1042 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1054 -> %System32%\1054 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
2052 -> %System32%\2052 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
3076 -> %System32%\3076 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
3com_dmi -> %System32%\3com_dmi -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
a1 -> %System32%\a1 -> [Folder | Modified Date = 11/4/2007 8:39:16 PM | Attr = ]
accttlmc.dll -> %System32%\accttlmc.dll -> [Ver = | Size = 85056 bytes | Modified Date = 11/10/2007 6:55:42 PM | Attr = ]
aivskurq.dll -> %System32%\aivskurq.dll -> Microsoft [Ver = 1.00.0091 | Size = 21504 bytes | Modified Date = 11/4/2007 8:42:26 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 9/19/2007 9:18:46 AM | Attr = ]
awavyhad.dll -> %System32%\awavyhad.dll -> [Ver = | Size = 86080 bytes | Modified Date = 11/7/2007 11:16:56 PM | Attr = ]
bbaplkxx.dll -> %System32%\bbaplkxx.dll -> [Ver = | Size = 81472 bytes | Modified Date = 11/10/2007 5:55:34 PM | Attr = ]
bnkijbcv.ini -> %System32%\bnkijbcv.ini -> [Ver = | Size = 668993 bytes | Modified Date = 11/14/2007 3:25:46 AM | Attr = HS]
bvgevqai -> %System32%\bvgevqai -> [Folder | Modified Date = 11/4/2007 9:01:30 AM | Attr = ]
bxokvvve.ini -> %System32%\bxokvvve.ini -> [Ver = | Size = 671187 bytes | Modified Date = 11/14/2007 6:52:58 PM | Attr = HS]
byxwwts.dll -> %System32%\byxwwts.dll -> [Ver = | Size = 36352 bytes | Modified Date = 11/8/2007 1:11:58 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 9/19/2007 5:08:48 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/15/2007 7:30:44 AM | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
ckffoxxq.dll -> %System32%\ckffoxxq.dll -> [Ver = | Size = 87104 bytes | Modified Date = 11/7/2007 10:19:52 PM | Attr = ]
cmlttcca.ini -> %System32%\cmlttcca.ini -> [Ver = | Size = 584776 bytes | Modified Date = 11/11/2007 9:36:02 AM | Attr = HS]
cnrmrugo.dll -> %System32%\cnrmrugo.dll -> [Ver = | Size = 85056 bytes | Modified Date = 11/14/2007 6:58:44 PM | Attr = ]
Com -> %System32%\Com -> [Folder | Modified Date = 9/19/2007 9:16:12 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 9/19/2007 10:11:32 AM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2578 bytes | Modified Date = 9/19/2007 9:18:48 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 1324 bytes | Modified Date = 10/14/2007 4:50:20 PM | Attr = ]
dahyvawa.ini -> %System32%\dahyvawa.ini -> [Ver = | Size = 570249 bytes | Modified Date = 11/8/2007 6:06:36 AM | Attr = HS]
dhcp -> %System32%\dhcp -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 10/7/2007 11:53:16 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 11/9/2007 4:56:06 PM | Attr = RHS]
dlpsrqpd.dll -> %System32%\dlpsrqpd.dll -> [Ver = | Size = 144480 bytes | Modified Date = 11/12/2007 3:10:52 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/4/2007 8:55:12 AM | Attr = ]
efcyyya.dll -> %System32%\efcyyya.dll -> [Ver = | Size = 36864 bytes | Modified Date = 11/4/2007 9:00:28 AM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Modified Date = 9/19/2007 9:16:10 AM | Attr = ]
explorer.exe -> %System32%\explorer.exe -> Microsoft [Ver = 724.06.0034 | Size = 40960 bytes | Modified Date = 11/14/2007 6:56:28 PM | Attr = ]
export -> %System32%\export -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
eyjjyebo.dll -> %System32%\eyjjyebo.dll -> [Ver = | Size = 88128 bytes | Modified Date = 11/10/2007 5:49:34 PM | Attr = ]
fdqdntmr.exe -> %System32%\fdqdntmr.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/10/2007 6:46:34 PM | Attr = ]
fibagbia -> %System32%\fibagbia -> [Folder | Modified Date = 11/13/2007 5:32:18 PM | Attr = ]
fisuxmel.dll -> %System32%\fisuxmel.dll -> [Ver = | Size = 87104 bytes | Modified Date = 11/6/2007 10:16:56 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 90296 bytes | Modified Date = 9/19/2007 10:11:34 AM | Attr = ]
fvetsnri.ini -> %System32%\fvetsnri.ini -> [Ver = | Size = 584776 bytes | Modified Date = 11/11/2007 9:36:02 AM | Attr = HS]
g2 -> %System32%\g2 -> [Folder | Modified Date = 11/4/2007 8:55:02 AM | Attr = ]
ghginomi.dll -> %System32%\ghginomi.dll -> [Ver = | Size = 81472 bytes | Modified Date = 11/7/2007 10:16:52 PM | Attr = ]
gnyurxvw.dllbox -> %System32%\gnyurxvw.dllbox -> [Ver = | Size = 20768 bytes | Modified Date = 11/14/2007 6:46:34 PM | Attr = HS]
guxehavv.exe -> %System32%\guxehavv.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 11/6/2007 8:27:46 PM | Attr = ]
gvrxieni.dll -> %System32%\gvrxieni.dll -> [Ver = | Size = 79936 bytes | Modified Date = 11/8/2007 11:13:54 PM | Attr = ]
h1 -> %System32%\h1 -> [Folder | Modified Date = 11/4/2007 7:25:08 PM | Attr = ]
hajjgxjs.exe -> %System32%\hajjgxjs.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 3:22:50 AM | Attr = ]
hfdxkfui.ini -> %System32%\hfdxkfui.ini -> [Ver = | Size = 569962 bytes | Modified Date = 11/6/2007 8:47:12 PM | Attr = HS]
hggdefd.dll -> %System32%\hggdefd.dll -> [Ver = | Size = 36352 bytes | Modified Date = 11/13/2007 5:32:12 PM | Attr = ]
hkofdxud.dll -> %System32%\hkofdxud.dll -> [Ver = | Size = 78912 bytes | Modified Date = 11/4/2007 8:35:00 PM | Attr = ]
htoanngi.exe -> %System32%\htoanngi.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 11/5/2007 8:26:58 PM | Attr = ]
hvoywdws.dll -> %System32%\hvoywdws.dll -> [Ver = | Size = 79424 bytes | Modified Date = 11/14/2007 5:47:10 PM | Attr = ]
hwtoffev.dll -> %System32%\hwtoffev.dll -> [Ver = | Size = 80448 bytes | Modified Date = 11/13/2007 4:50:08 PM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 9/19/2007 9:18:26 AM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Modified Date = 9/18/2007 8:13:52 PM | Attr = ]
IExplorer.dll .dbt -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Modified Date = 11/8/2007 12:58:00 AM | Attr = ]
igtwcwkt.dll -> %System32%\igtwcwkt.dll -> [Ver = | Size = 81472 bytes | Modified Date = 11/6/2007 10:14:08 PM | Attr = ]
ihhkj.bak1 -> %System32%\ihhkj.bak1 -> [Ver = | Size = 6470 bytes | Modified Date = 11/13/2007 4:38:14 PM | Attr = HS]
ihhkj.ini -> %System32%\ihhkj.ini -> [Ver = | Size = 34210 bytes | Modified Date = 11/13/2007 5:50:10 PM | Attr = HS]
ihmucegi.dll -> %System32%\ihmucegi.dll -> [Ver = | Size = 79424 bytes | Modified Date = 11/14/2007 6:55:46 PM | Attr = ]
IME -> %System32%\IME -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
inf -> %System32%\inf -> [Folder | Modified Date = 11/11/2007 9:36:30 AM | Attr = ]
insfmkdh.dll -> %System32%\insfmkdh.dll -> [Ver = | Size = 81472 bytes | Modified Date = 11/14/2007 3:25:40 AM | Attr = ]
irnstevf.dll -> %System32%\irnstevf.dll -> [Ver = | Size = 88128 bytes | Modified Date = 11/9/2007 5:46:44 PM | Attr = ]
iufkxdfh.dll -> %System32%\iufkxdfh.dll -> [Ver = | Size = 85568 bytes | Modified Date = 11/5/2007 8:38:46 PM | Attr = ]
jffufwnm.dll -> %System32%\jffufwnm.dll -> [Ver = | Size = 89664 bytes | Modified Date = 11/12/2007 3:08:04 PM | Attr = ]
jkhhi.dll -> %System32%\jkhhi.dll -> [Ver = | Size = 319072 bytes | Modified Date = 11/13/2007 4:37:58 PM | Attr = ]
jkklllj.dll -> %System32%\jkklllj.dll -> [Ver = | Size = 36352 bytes | Modified Date = 11/8/2007 1:17:06 AM | Attr = ]
keystone.exe -> %System32%\keystone.exe -> [Ver = | Size = 425984 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
kgcdpudj.dll -> %System32%\kgcdpudj.dll -> [Ver = | Size = 144480 bytes | Modified Date = 11/14/2007 7:01:44 PM | Attr = ]
kikxchia.dll -> %System32%\kikxchia.dll -> [Ver = | Size = 144480 bytes | Modified Date = 11/14/2007 7:02:04 PM | Attr = ]
kikxchia.dllbox -> %System32%\kikxchia.dllbox -> [Ver = | Size = 20810 bytes | Modified Date = 11/15/2007 7:45:54 AM | Attr = HS]
lcpmoqxo.dll -> %System32%\lcpmoqxo.dll -> [Ver = | Size = 78912 bytes | Modified Date = 11/4/2007 8:34:42 PM | Attr = ]
ldcore.dll -> %System32%\ldcore.dll -> [Ver = | Size = 7713 bytes | Modified Date = 11/4/2007 8:55:50 AM | Attr = ]
ldinfo.ldr -> %System32%\ldinfo.ldr -> [Ver = | Size = 399 bytes | Modified Date = 11/14/2007 5:43:12 PM | Attr = ]
lemxusif.ini -> %System32%\lemxusif.ini -> [Ver = | Size = 570101 bytes | Modified Date = 11/8/2007 1:02:24 AM | Attr = HS]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 9/19/2007 9:17:54 AM | Attr = RH ]
lwisys16_071111.dll -> %System32%\lwisys16_071111.dll -> [Ver = | Size = 23040 bytes | Modified Date = 11/11/2007 9:36:30 AM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 9/19/2007 9:16:48 AM | Attr = ]
mevpgvwp.ini -> %System32%\mevpgvwp.ini -> [Ver = | Size = 668993 bytes | Modified Date = 11/13/2007 4:53:22 PM | Attr = HS]
Microsoft -> %System32%\Microsoft -> [Folder | Modified Date = 10/7/2007 8:33:02 PM | Attr = S]
mndmhsjc.ini -> %System32%\mndmhsjc.ini -> [Ver = | Size = 576845 bytes | Modified Date = 11/4/2007 9:36:28 PM | Attr = HS]
mnwfuffj.ini -> %System32%\mnwfuffj.ini -> [Ver = | Size = 590476 bytes | Modified Date = 11/12/2007 11:58:00 PM | Attr = HS]
mp43.exe -> %System32%\mp43.exe -> Microsoft [Ver = 4.30.0004 | Size = 32768 bytes | Modified Date = 11/8/2007 12:57:56 AM | Attr = ]
MsDtc -> %System32%\MsDtc -> [Folder | Modified Date = 9/19/2007 9:16:08 AM | Attr = ]
msnav32.ax -> %System32%\msnav32.ax -> [Ver = | Size = 17 bytes | Modified Date = 11/4/2007 8:58:12 AM | Attr = ]
mtdrnqgu.exe -> %System32%\mtdrnqgu.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/7/2007 9:04:54 PM | Attr = ]
mtoewqjd.dll -> %System32%\mtoewqjd.dll -> [Ver = | Size = 83008 bytes | Modified Date = 11/5/2007 8:41:46 PM | Attr = ]
mui -> %System32%\mui -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
mwisys32_071111.dll -> %System32%\mwisys32_071111.dll -> [Ver = | Size = 203264 bytes | Modified Date = 11/14/2007 6:52:54 PM | Attr = ]
mywehit.ini -> %System32%\mywehit.ini -> [Ver = | Size = 188 bytes | Modified Date = 11/11/2007 9:39:42 AM | Attr = ]
Mz08r -> %System32%\Mz08r -> [Folder | Modified Date = 11/12/2007 11:55:34 PM | Attr = ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
npp -> %System32%\npp -> [Folder | Modified Date = 9/18/2007 8:15:22 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 9/19/2007 9:18:46 AM | Attr = ]
nv4_disp.dll -> %System32%\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 5783040 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvapi.dll -> %System32%\nvapi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 364544 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvappbar.exe -> %System32%\nvappbar.exe -> [Ver = | Size = 442368 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 138893 bytes | Modified Date = 10/8/2007 5:46:00 PM | Attr = ]
nvcod.dll -> %System32%\nvcod.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcodins.dll -> %System32%\nvcodins.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcolor.exe -> %System32%\nvcolor.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 147456 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcpl.cpl -> %System32%\nvcpl.cpl -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 413696 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcpl.dll -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcplui.exe -> %System32%\nvcplui.exe -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 753664 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvdisp.nvu -> %System32%\nvdisp.nvu -> [Ver = | Size = 17525 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvdisps.dll -> %System32%\nvdisps.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6344704 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvdspsch.exe -> %System32%\nvdspsch.exe -> [Ver = | Size = 1339392 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvexpbar.dll -> %System32%\nvexpbar.dll -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 307200 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvgames.dll -> %System32%\nvgames.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3334144 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nview.dll -> %System32%\nview.dll -> [Ver = | Size = 1478656 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccs.dll -> %System32%\nvmccs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 229376 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccsrs.dll -> %System32%\nvmccsrs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 45056 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccss.dll -> %System32%\nvmccss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 188416 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmctray.dll -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmobls.dll -> %System32%\nvmobls.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 1150976 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvnt4cpl.dll -> %System32%\nvnt4cpl.dll -> [Ver = | Size = 286720 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvoglnt.dll -> %System32%\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6746112 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvshell.dll -> %System32%\nvshell.dll -> [Ver = | Size = 466944 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvtuicpl.cpl -> %System32%\nvtuicpl.cpl -> [Ver = | Size = 73728 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvudisp.exe -> %System32%\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Modified Date = 9/17/2007 1:10:36 AM | Attr = ]
nvvitvs.dll -> %System32%\nvvitvs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3551232 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwddi.dll -> %System32%\nvwddi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwdmcpl.dll -> %System32%\nvwdmcpl.dll -> [Ver = | Size = 1703936 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwimg.dll -> %System32%\nvwimg.dll -> [Ver = | Size = 1019904 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwss.dll -> %System32%\nvwss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 2371584 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
nxxdtwcy.dll -> %System32%\nxxdtwcy.dll -> [Ver = | Size = 86080 bytes | Modified Date = 11/8/2007 11:19:54 PM | Attr = ]
obeyjjye.ini -> %System32%\obeyjjye.ini -> [Ver = | Size = 584776 bytes | Modified Date = 11/11/2007 9:36:02 AM | Attr = HS]
ogurmrnc.ini -> %System32%\ogurmrnc.ini -> [Ver = | Size = 671247 bytes | Modified Date = 11/14/2007 6:58:56 PM | Attr = HS]
ogurmrnc.ini2 -> %System32%\ogurmrnc.ini2 -> [Ver = | Size = 671265 bytes | Modified Date = 11/14/2007 7:54:26 PM | Attr = HS]
ogurmrnc.tmp -> %System32%\ogurmrnc.tmp -> [Ver = | Size = 671247 bytes | Modified Date = 11/14/2007 6:58:56 PM | Attr = HS]
oobe -> %System32%\oobe -> [Folder | Modified Date = 9/19/2007 9:17:20 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 39992 bytes | Modified Date = 10/30/2007 4:14:42 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 311604 bytes | Modified Date = 10/30/2007 4:14:42 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 10/30/2007 4:14:42 PM | Attr = ]
pnhxsisu.exe -> %System32%\pnhxsisu.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 6:53:00 PM | Attr = ]
puhmcwdy.dll -> %System32%\puhmcwdy.dll -> [Ver = | Size = 79936 bytes | Modified Date = 11/7/2007 11:10:56 PM | Attr = ]
pwvgpvem.dll -> %System32%\pwvgpvem.dll -> [Ver = | Size = 85056 bytes | Modified Date = 11/13/2007 4:53:10 PM | Attr = ]
qmdlwpln.exe -> %System32%\qmdlwpln.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/9/2007 5:43:34 PM | Attr = ]
qqtss.bak1 -> %System32%\qqtss.bak1 -> [Ver = | Size = 642062 bytes | Modified Date = 11/13/2007 5:56:16 PM | Attr = HS]
qqtss.bak2 -> %System32%\qqtss.bak2 -> [Ver = | Size = 443995 bytes | Modified Date = 11/14/2007 6:53:00 PM | Attr = HS]
qqtss.ini -> %System32%\qqtss.ini -> [Ver = | Size = 445959 bytes | Modified Date = 11/12/2007 3:05:50 PM | Attr = HS]
qqtss.ini2 -> %System32%\qqtss.ini2 -> [Ver = | Size = 479823 bytes | Modified Date = 11/15/2007 7:31:32 AM | Attr = HS]
qqtss.tmp -> %System32%\qqtss.tmp -> [Ver = | Size = 452379 bytes | Modified Date = 11/12/2007 11:42:24 PM | Attr = HS]
qxrijllm.exe -> %System32%\qxrijllm.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/12/2007 3:05:54 PM | Attr = ]
qxxoffkc.ini -> %System32%\qxxoffkc.ini -> [Ver = | Size = 570161 bytes | Modified Date = 11/8/2007 1:02:24 AM | Attr = HS]
r2 -> %System32%\r2 -> [Folder | Modified Date = 11/4/2007 8:55:02 AM | Attr = ]
ras -> %System32%\ras -> [Folder | Modified Date = 9/18/2007 8:14:00 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 11/9/2007 7:02:04 AM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
Setup -> %System32%\Setup -> [Folder | Modified Date = 9/18/2007 8:15:52 PM | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
sijkdvbv.dll -> %System32%\sijkdvbv.dll -> [Ver = | Size = 77888 bytes | Modified Date = 11/9/2007 5:52:36 PM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Modified Date = 11/9/2007 4:56:00 PM | Attr = ]
spool -> %System32%\spool -> [Folder | Modified Date = 9/19/2007 9:15:06 AM | Attr = ]
ssqpqqr.dll -> %System32%\ssqpqqr.dll -> [Ver = | Size = 36864 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
sstqq.dll -> %System32%\sstqq.dll -> [Ver = | Size = 319584 bytes | Modified Date = 11/4/2007 9:01:00 AM | Attr = ]
stgqofpe.exe -> %System32%\stgqofpe.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/7/2007 11:07:54 PM | Attr = ]
stwpinut.dll -> %System32%\stwpinut.dll -> [Ver = | Size = 80448 bytes | Modified Date = 11/13/2007 11:41:08 AM | Attr = ]
S?mantec -> %System32%\S?mantec -> [Folder | Modified Date = 11/9/2007 6:42:30 PM | Attr = ]
tsuxipcy.dll -> %System32%\tsuxipcy.dll -> [Ver = | Size = 88128 bytes | Modified Date = 11/11/2007 6:52:48 PM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Modified Date = 9/18/2007 8:15:50 PM | Attr = ]
uyrbktrd.exe -> %System32%\uyrbktrd.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 5:41:26 PM | Attr = ]
v8 -> %System32%\v8 -> [Folder | Modified Date = 11/4/2007 8:55:02 AM | Attr = ]
vcbjiknb.dll -> %System32%\vcbjiknb.dll -> [Ver = | Size = 85056 bytes | Modified Date = 11/14/2007 3:25:34 AM | Attr = ]
vdcymkly.exe -> %System32%\vdcymkly.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/8/2007 11:10:54 PM | Attr = ]
visxigyp.exe -> %System32%\visxigyp.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 6:32:58 PM | Attr = ]
vvgeowbv.exe -> %System32%\vvgeowbv.exe -> [Ver = | Size = 0 bytes | Modified Date = 11/4/2007 8:42:26 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 9/19/2007 9:19:04 AM | Attr = ]
WhoisCL.exe -> %System32%\WhoisCL.exe -> NirSoft [Ver = 1.20 | Size = 10752 bytes | Modified Date = 10/17/2007 8:42:08 AM | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 9/19/2007 9:17:54 AM | Attr = RH ]
wins -> %System32%\wins -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
winxoo32.dll -> %System32%\winxoo32.dll -> [Ver = | Size = 19968 bytes | Modified Date = 11/4/2007 8:58:14 AM | Attr = ]
wmpscheme.xml -> %System32%\wmpscheme.xml -> [Ver = | Size = 25065 bytes | Modified Date = 10/8/2007 4:05:12 PM | Attr = ]
wnscpisv32.exe -> %System32%\wnscpisv32.exe -> [Ver = | Size = 2 bytes | Modified Date = 11/12/2007 5:47:06 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/12/2007 11:55:42 PM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
xircom -> %System32%\xircom -> [Folder | Modified Date = 9/19/2007 9:19:04 AM | Attr = ]
xjoatova.exe -> %System32%\xjoatova.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/10/2007 5:43:34 PM | Attr = ]
ycpixust.ini -> %System32%\ycpixust.ini -> [Ver = | Size = 585038 bytes | Modified Date = 11/11/2007 7:14:56 PM | Attr = HS]
ycwtdxxn.ini -> %System32%\ycwtdxxn.ini -> [Ver = | Size = 584179 bytes | Modified Date = 11/8/2007 11:20:18 PM | Attr = HS]
?asks -> %System32%\?asks -> [Folder | Modified Date = 11/12/2007 5:47:04 PM | Attr = ]
nv4_disp.dll -> %System32%\dllcache\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 5783040 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nv4_mini.sys -> %System32%\dllcache\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
AegisP.sys -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.5.0 | Size = 21035 bytes | Modified Date = 10/7/2007 8:32:34 PM | Attr = ]
blank.gif -> %System32%\drivers\blank.gif -> [Ver = | Size = 837 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
box_1.gif -> %System32%\drivers\box_1.gif -> [Ver = | Size = 12313 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
box_2.gif -> %System32%\drivers\box_2.gif -> [Ver = | Size = 11927 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
box_3.gif -> %System32%\drivers\box_3.gif -> [Ver = | Size = 12326 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
button_buynow.gif -> %System32%\drivers\button_buynow.gif -> [Ver = | Size = 1619 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
button_freescan.gif -> %System32%\drivers\button_freescan.gif -> [Ver = | Size = 1647 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
cell_bg.gif -> %System32%\drivers\cell_bg.gif -> [Ver = | Size = 1342 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
cell_footer.gif -> %System32%\drivers\cell_footer.gif -> [Ver = | Size = 1373 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
cell_header_block.gif -> %System32%\drivers\cell_header_block.gif -> [Ver = | Size = 3313 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
cell_header_remove.gif -> %System32%\drivers\cell_header_remove.gif -> [Ver = | Size = 3552 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
cell_header_scan.gif -> %System32%\drivers\cell_header_scan.gif -> [Ver = | Size = 3479 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 166945 bytes | Modified Date = 11/4/2007 8:55:18 AM | Attr = ]
core.sys -> %System32%\drivers\core.sys -> [Ver = | Size = 72960 bytes | Modified Date = 11/4/2007 8:55:12 AM | Attr = ]
detect.htm -> %System32%\drivers\detect.htm -> [Ver = | Size = 12461 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
disdn -> %System32%\drivers\disdn -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
download_box.gif -> %System32%\drivers\download_box.gif -> [Ver = | Size = 2238 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
download_btn.jpg -> %System32%\drivers\download_btn.jpg -> [Ver = | Size = 8852 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
download_now_btn.gif -> %System32%\drivers\download_now_btn.gif -> [Ver = | Size = 4448 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 11/13/2007 6:40:18 PM | Attr = ]
footer_back.jpg -> %System32%\drivers\footer_back.jpg -> [Ver = | Size = 2922 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
header_1.gif -> %System32%\drivers\header_1.gif -> [Ver = | Size = 28459 bytes | Modified Date = 11/4/2007 8:42:14 PM | Attr = ]
header_2.gif -> %System32%\drivers\header_2.gif -> [Ver = | Size = 15421 bytes | Modified Date = 11/4/2007 8:42:14 PM | Attr = ]
header_3.gif -> %System32%\drivers\header_3.gif -> [Ver = | Size = 10193 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
header_4.gif -> %System32%\drivers\header_4.gif -> [Ver = | Size = 11077 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
header_red_bg.gif -> %System32%\drivers\header_red_bg.gif -> [Ver = | Size = 877 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
header_red_free_scan.gif -> %System32%\drivers\header_red_free_scan.gif -> [Ver = | Size = 3216 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
header_red_free_scan_bg.gif -> %System32%\drivers\header_red_free_scan_bg.gif -> [Ver = | Size = 838 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
header_red_protect_your_pc.gif -> %System32%\drivers\header_red_protect_your_pc.gif -> [Ver = | Size = 16977 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
infected.gif -> %System32%\drivers\infected.gif -> [Ver = | Size = 1204 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
main_back.gif -> %System32%\drivers\main_back.gif -> [Ver = | Size = 215 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
nv4_mini.sys -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
perfect_cleaner_box.jpg -> %System32%\drivers\perfect_cleaner_box.jpg -> [Ver = | Size = 10260 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_1_header.gif -> %System32%\drivers\product_1_header.gif -> [Ver = | Size = 2604 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_1_name_small.gif -> %System32%\drivers\product_1_name_small.gif -> [Ver = | Size = 1253 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_2_header.gif -> %System32%\drivers\product_2_header.gif -> [Ver = | Size = 2214 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_2_name_small.gif -> %System32%\drivers\product_2_name_small.gif -> [Ver = | Size = 979 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_3_header.gif -> %System32%\drivers\product_3_header.gif -> [Ver = | Size = 3080 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_3_name_small.gif -> %System32%\drivers\product_3_name_small.gif -> [Ver = | Size = 1714 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_features.gif -> %System32%\drivers\product_features.gif -> [Ver = | Size = 1330 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
pt.htm -> %System32%\drivers\pt.htm -> [Ver = | Size = 36827 bytes | Modified Date = 11/4/2007 8:42:20 PM | Attr = ]
rating.gif -> %System32%\drivers\rating.gif -> [Ver = | Size = 4008 bytes | Modified Date = 11/4/2007 8:42:20 PM | Attr = ]
screenshot.jpg -> %System32%\drivers\screenshot.jpg -> [Ver = | Size = 26487 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
sep_hor.gif -> %System32%\drivers\sep_hor.gif -> [Ver = | Size = 65 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
sep_vert.gif -> %System32%\drivers\sep_vert.gif -> [Ver = | Size = 53 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
shadow.jpg -> %System32%\drivers\shadow.jpg -> [Ver = | Size = 2798 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
shadow_bg.gif -> %System32%\drivers\shadow_bg.gif -> [Ver = | Size = 821 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
spacer.gif -> %System32%\drivers\spacer.gif -> [Ver = | Size = 49 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
spy_away_box.jpg -> %System32%\drivers\spy_away_box.jpg -> [Ver = | Size = 13618 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
star.gif -> %System32%\drivers\star.gif -> [Ver = | Size = 639 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
star_gray.gif -> %System32%\drivers\star_gray.gif -> [Ver = | Size = 425 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
star_gray_small.gif -> %System32%\drivers\star_gray_small.gif -> [Ver = | Size = 223 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
star_small.gif -> %System32%\drivers\star_small.gif -> [Ver = | Size = 550 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
style.css -> %System32%\drivers\style.css -> [Ver = | Size = 835 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
s_detect.htm -> %System32%\drivers\s_detect.htm -> [Ver = | Size = 1024 bytes | Modified Date = 11/4/2007 8:42:20 PM | Attr = ]
v.gif -> %System32%\drivers\v.gif -> [Ver = | Size = 291 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
warning_icon.gif -> %System32%\drivers\warning_icon.gif -> [Ver = | Size = 3877 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
win_logo.gif -> %System32%\drivers\win_logo.gif -> [Ver = | Size = 1791 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
x.gif -> %System32%\drivers\x.gif -> [Ver = | Size = 283 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
[File String Scan - All]
PEC2 , PECompact2 , -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 11/13/2007 5:33:16 PM | Attr = ]
UPX! , UPX0 , -> %System32%\aivskurq.dll -> Microsoft [Ver = 1.00.0091 | Size = 21504 bytes | Modified Date = 11/4/2007 8:42:26 PM | Attr = ]
aspack , -> %System32%\d3dx9_25.dll -> Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Modified Date = 3/18/2005 4:19:58 PM | Attr = ]
aspack , -> %System32%\d3dx9_26.dll -> Microsoft Corporation [Ver = 9.07.239.0000 | Size = 2297552 bytes | Modified Date = 5/26/2005 2:34:52 PM | Attr = ]
aspack , -> %System32%\d3dx9_27.dll -> Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Modified Date = 7/22/2005 6:59:04 PM | Attr = ]
aspack , -> %System32%\d3dx9_28.dll -> Microsoft Corporation [Ver = 9.10.455.0000 | Size = 2323664 bytes | Modified Date = 12/5/2005 5:09:18 PM | Attr = ]
aspack , -> %System32%\d3dx9_29.dll -> Microsoft Corporation [Ver = 9.11.519.0000 | Size = 2332368 bytes | Modified Date = 2/3/2006 7:43:16 AM | Attr = ]
aspack , -> %System32%\d3dx9_30.dll -> Microsoft Corporation [Ver = 9.12.589.0000 | Size = 2388176 bytes | Modified Date = 3/31/2006 11:40:58 AM | Attr = ]
aspack , -> %System32%\d3dx9_31.dll -> Microsoft Corporation [Ver = 9.15.779.0000 | Size = 2414360 bytes | Modified Date = 9/28/2006 3:05:20 PM | Attr = ]
aspack , -> %System32%\d3dx9_32.dll -> Microsoft Corporation [Ver = 9.16.843.0000 | Size = 3426072 bytes | Modified Date = 11/29/2006 12:06:18 PM | Attr = ]
aspack , -> %System32%\d3dx9_33.dll -> Microsoft Corporation [Ver = 9.18.904.0015 | Size = 3495784 bytes | Modified Date = 3/12/2007 3:42:30 PM | Attr = ]
aspack , -> %System32%\d3dx9_34.dll -> Microsoft Corporation [Ver = 9.19.949.0046 | Size = 3497832 bytes | Modified Date = 5/16/2007 3:45:16 PM | Attr = ]
aspack , -> %System32%\d3dx9_35.dll -> Microsoft Corporation [Ver = 9.19.949.1104 | Size = 3727720 bytes | Modified Date = 7/19/2007 5:14:42 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\guxehavv.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 11/6/2007 8:27:46 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\htoanngi.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 11/5/2007 8:26:58 PM | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%\initpki.dll -> Microsoft Corporation [Ver = 5.131.2600.0 (xpclient.010817-1148) | Size = 144896 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , -> %System32%\ntbackup.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 1135616 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , -> %System32%\nusrmgr.cpl -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Umonitor , -> %System32%\rasdlg.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 631808 bytes | Modified Date = 8/29/2002 4:41:10 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\WhoisCL.exe -> NirSoft [Ver = 1.20 | Size = 10752 bytes | Modified Date = 10/17/2007 8:42:08 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\winxoo32.dll -> [Ver = | Size = 19968 bytes | Modified Date = 11/4/2007 8:58:14 AM | Attr = ]
UPX! , -> %System32%\dllcache\hwxcht.dll -> Microsoft Corporation [Ver = 1.0.0304.0 | Size = 10096640 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
UPX! , WSUD , -> %System32%\dllcache\hwxkor.dll -> Microsoft Corporation [Ver = 1.0.1038.0 | Size = 10129408 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%\dllcache\initpki.dll -> Microsoft Corporation [Ver = 5.131.2600.0 (xpclient.010817-1148) | Size = 144896 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , -> %System32%\dllcache\ntbackup.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 1135616 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , -> %System32%\dllcache\nusrmgr.cpl -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Umonitor , -> %System32%\dllcache\rasdlg.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 631808 bytes | Modified Date = 8/29/2002 4:41:10 AM | Attr = ]
< End of report >
WinPFind3 logfile created on: 11/15/2007 7:47:00 AM
WinPFind3U by OldTimer - Version 1.0.42 Folder = D:\Documents and Settings\Jay\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)
255.48 Mb Total Physical Memory | 188.73 Mb Available Physical Memory | 73.87% Memory free
618.59 Mb Paging File | 585.96 Mb Available in Paging File | 94.72% Paging File free
Paging file location(s): D:\pagefile.sys 384 768;
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 74.87 Gb Total Space | 24.55 Gb Free Space | 32.80% Space Free
Drive D: | 74.17 Gb Total Space | 32.92 Gb Free Space | 44.39% Space Free
Drive E: | 514.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded
Computer Name: HOME-XERDLALOSR
Current User Name: Administrator
Logged in as Administrator.
Cannot determine boot mode.
[Processes - Non-Microsoft Only]
winpfind3u.exe -> %SystemDrive%\Documents and Settings\Jay\Desktop\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Stopped] -> %System32%\hajjgxjs.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 3:22:50 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.5.0 [Kernel | Auto | Stopped] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.5.0 | Size = 21035 bytes | Modified Date = 10/7/2007 8:32:34 PM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(Belkin700F) Belkin Wireless G Desktop Card Service v7 [Kernel | On_Demand | Stopped] -> %System32%\drivers\BLKWGDv7.SYS -> Belkin Corporation. [Ver = 5.87.19.106 built by: WinDDK | Size = 303616 bytes | Modified Date = 10/19/2006 4:44:32 AM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(core) core [Kernel | System | Stopped] -> %System32%\drivers\core.sys -> [Ver = | Size = 72960 bytes | Modified Date = 11/4/2007 8:55:12 AM | Attr = ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 1:44:04 PM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ltmdmnt.sys -> LT [Ver = 8.23 | Size = 607360 bytes | Modified Date = 8/28/2002 6:34:36 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.396.0530.2001 | Size = 23070 bytes | Modified Date = 8/17/2001 7:12:42 AM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 3/25/2002 9:02:14 PM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TnIDriver) TnIDriver [Kernel | On_Demand | Stopped] -> %SystemDrive%\Documents and Settings\Jay\Local Settings\Temp\tni3B8.tmp -> [Ver = | Size = 76800 bytes | Modified Date = 11/4/2007 8:55:06 AM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\vinyl97.sys -> VIA Technologies, Inc. [Ver = 6.14.01.4150 built by: WinDDK | Size = 203776 bytes | Modified Date = 11/25/2005 1:39:06 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
[Registry - All]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
34d31e4f -> %System32%\cnrmrugo.dll [rundll32.exe "D:\WINDOWS\System32\cnrmrugo.dll",b] -> [Ver = | Size = 85056 bytes | Modified Date = 11/14/2007 6:58:44 PM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr = ]
fyfcdirw -> Files\fyfcdirw\ngpmlqda.DLL [rundll32.exe "%ProgramFiles%\fyfcdirw\ngpmlqda.dll",Init] -> File not found
IESet -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Modified Date = 11/8/2007 12:58:00 AM | Attr = ]
ifqxulan -> regsvr32 /u "%AllUsersAppData%\ifqxulan.dll [regsvr32 /u "D:\Documents and Settings\All Users\Application Data\ifqxulan.dll"] -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 1:42:04 PM | Attr = ]
lkjutsvw -> regsvr32 /u "%AllUsersAppData%\lkjutsvw.dll [regsvr32 /u "D:\Documents and Settings\All Users\Application Data\lkjutsvw.dll"] -> File not found
MCAgentExe -> C:\Program Files\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 6:29:08 PM | Attr = ]
MCUpdateExe -> C:\Program Files\McAfee.com\Agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Modified Date = 1/11/2006 12:05:42 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nwiz -> nwiz.exe -> File not found
Printer -> %System32%\printer.exe -> [Ver = | Size = 9728 bytes | Modified Date = 3/18/2005 1:37:34 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr = ]
SC2 -> %ProgramFiles%\SecCenter\scprot4.exe -> [Ver = | Size = 266240 bytes | Modified Date = 11/14/2007 6:52:50 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices ->
IESet -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Modified Date = 11/8/2007 12:58:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AIM -> C:\Program Files\AIM95\aim.exe -cnetwait.odl -> File not found
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 9/29/2007 3:22:36 PM | Attr = ]
DDC -> %System32%\hajjgxjs.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 3:22:50 AM | Attr = ]
Spoolsv -> %System32%\spoolvs.exe -> [Ver = | Size = 9728 bytes | Modified Date = 3/13/2005 8:45:18 PM | Attr = ]
Windows update loader -> C:\WINDOWS\xpupdate.exe -> [Ver = | Size = 30776 bytes | Modified Date = 11/13/2007 5:32:10 PM | Attr = ]
< Common Startup > -> D:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\autorun.exe -> [Ver = | Size = 9728 bytes | Modified Date = 3/13/2005 8:45:18 PM | Attr = ]
%AllUsersStartup%\Belkin Wireless G Desktop Card Client Utility.lnk -> %ProgramFiles%\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe -> Belkin [Ver = 1, 0, 0, 19 | Size = 1556480 bytes | Modified Date = 8/14/2006 1:09:30 PM | Attr = ]
< User Startup > -> D:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
-> %UserStartup%\findfast.exe -> [Ver = | Size = 9728 bytes | Modified Date = 3/18/2005 1:37:34 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
d:\windows\system32\ldcore.dll -> %System32%\ldcore.dll -> [Ver = | Size = 7713 bytes | Modified Date = 11/4/2007 8:55:50 AM | Attr = ]
< IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> %System32%\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 31744 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] -> %System32%\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
{7849596a-48ea-486e-8937-a2a3009f31a9} [HKLM] -> %System32%\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
{35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 117760 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 258048 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{634BBAB7-3F60-4426-944F-A62B9007F67F} [HKLM] -> Reg Data - Key not found [] -> File not found
{AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKLM] -> %System32%\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
{8C7461EF-2B13-11d2-BE35-3078302C2030} [HKLM] -> %System32%\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll -> %System32%\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 80128 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
schannel.dll -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 136704 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
digest.dll -> %System32%\digest.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 55296 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
msnsspc.dll -> %System32%\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 319760 bytes | Modified Date = 8/29/2002 4:41:06 AM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1004032 bytes | Modified Date = 8/29/2002 4:41:24 AM | Attr = ]
D:\WINDOWS\shell.exe -> %SystemRoot%\shell.exe -> [Ver = | Size = 9728 bytes | Modified Date = 3/13/2005 8:45:18 PM | Attr = ]
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
D:\WINDOWS\system32\userinit.exe -> %System32%\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 22016 bytes | Modified Date = 8/29/2002 4:41:28 AM | Attr = ]
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 -> %System32%\rundll32.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 31744 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
shell32 -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
"sysdm.cpl" -> %System32%\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 268288 bytes | Modified Date = 8/29/2002 4:41:28 AM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
crypt32chain -> %System32%\crypt32.dll -> Microsoft Corporation [Ver = 5.131.2600.1106 (xpsp1.020828-1920) | Size = 557568 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
cryptnet -> %System32%\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.2600.0 (xpclient.010817-1148) | Size = 53248 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
cscdll -> %System32%\cscdll.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 89600 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
kikxchia -> %System32%\kikxchia.dll -> [Ver = | Size = 144480 bytes | Modified Date = 11/14/2007 7:02:04 PM | Attr = ]
ScCertProp -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
Schedule -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
sclgntfy -> %System32%\sclgntfy.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18432 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
SensLogn -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
termsrv -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
winxoo32 -> %System32%\winxoo32.dll -> [Ver = | Size = 19968 bytes | Modified Date = 11/4/2007 8:58:14 AM | Attr = ]
wlballoon -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Userinit -> D:\WINDOWS\System32\inf\svchost.exe D:\WINDOWS\System32\lwisys16_071111.dll start ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 1 ->
< HOSTS File > (3195 bytes) -> D:\WINDOWS\System32\drivers\etc\Hosts ->
10.18.250.4 ad.doubleclick.net -> ->
10.18.250.4 ad.fastclick.net -> ->
10.18.250.4 ads.fastclick.net -> ->
10.18.250.4 ar.atwola.com -> ->
10.18.250.4 atdmt.com -> ->
10.18.250.4 avp.ch -> ->
10.18.250.4 avp.com -> ->
10.18.250.4 avp.ru -> ->
10.18.250.4 awaps.net -> ->
10.18.250.4 banner.fastclick.net -> ->
10.18.250.4 banners.fastclick.net -> ->
10.18.250.4 ca.com -> ->
10.18.250.4 click.atdmt.com -> ->
10.18.250.4 clicks.atdmt.com -> ->
10.18.250.4 customer.symantec.com -> ->
10.18.250.4 dispatch.mcafee.com -> ->
10.18.250.4 download.mcafee.com -> ->
10.18.250.4 download.microsoft.com -> ->
10.18.250.4 downloads-us1.kaspersky-labs.com -> ->
10.18.250.4 downloads-us2.kaspersky-labs.com -> ->
10.18.250.4 downloads-us3.kaspersky-labs.com -> ->
10.18.250.4 downloads.microsoft.com -> ->
10.18.250.4 downloads1.kaspersky-labs.com -> ->
10.18.250.4 downloads2.kaspersky-labs.com -> ->
10.18.250.4 downloads3.kaspersky-labs.com -> ->
10.18.250.4 downloads4.kaspersky-labs.com -> ->
10.18.250.4 engine.awaps.net -> ->
10.18.250.4 f-secure.com -> ->
10.18.250.4 fastclick.net -> ->
10.18.250.4 ftp.avp.ch -> ->
10.18.250.4 ftp.downloads1.kaspersky-labs.com -> ->
10.18.250.4 ftp.downloads2.kaspersky-labs.com -> ->
10.18.250.4 ftp.downloads3.kaspersky-labs.com -> ->
10.18.250.4 ftp.f-secure.com -> ->
10.18.250.4 ftp.kasperskylab.ru -> ->
10.18.250.4 ftp.sophos.com -> ->
10.18.250.4 go.microsoft.com -> ->
10.18.250.4 ids.kaspersky-labs.com -> ->
10.18.250.4 kaspersky-labs.com -> ->
10.18.250.4 kaspersky.com -> ->
10.18.250.4 liveupdate.symantec.com -> ->
10.18.250.4 liveupdate.symantecliveupdate.com -> ->
10.18.250.4 mast.mcafee.com -> ->
10.18.250.4 mcafee.com -> ->
10.18.250.4 media.fastclick.net -> ->
10.18.250.4 microsoft.com -> ->
10.18.250.4 msdn.microsoft.com -> ->
10.18.250.4 my-etrust.com -> ->
10.18.250.4 nai.com -> ->
10.18.250.4 networkassociates.com -> ->
10.18.250.4 norton.com -> ->
10.18.250.4 office.microsoft.com -> ->
10.18.250.4 pandasoftware.com -> ->
10.18.250.4 phx.corporate-ir.net -> ->
10.18.250.4 rads.mcafee.com -> ->
10.18.250.4 secure.nai.com -> ->
10.18.250.4 securityresponse.symantec.com -> ->
10.18.250.4 service1.symantec.com -> ->
10.18.250.4 sophos.com -> ->
10.18.250.4 spd.atdmt.com -> ->
10.18.250.4 support.microsoft.com -> ->
10.18.250.4 symantec.com -> ->
10.18.250.4 trendmicro.com -> ->
10.18.250.4 update.symantec.com -> ->
10.18.250.4 updates.symantec.com -> ->
10.18.250.4 updates1.kaspersky-labs.com -> ->
10.18.250.4 updates2.kaspersky-labs.com -> ->
10.18.250.4 updates3.kaspersky-labs.com -> ->
10.18.250.4 updates4.kaspersky-labs.com -> ->
10.18.250.4 updates5.kaspersky-labs.com -> ->
10.18.250.4 us.mcafee.com -> ->
10.18.250.4 vil.nai.com -> ->
10.18.250.4 viruslist.com -> ->
10.18.250.4 viruslist.ru -> ->
10.18.250.4 virusscan.jotti.org -> ->
10.18.250.4 virustotal.com -> ->
10.18.250.4 windowsupdate.microsoft.com -> ->
10.18.250.4 www.avp.ch -> ->
10.18.250.4 www.avp.com -> ->
10.18.250.4 www.avp.ru -> ->
10.18.250.4 www.awaps.net -> ->
10.18.250.4 www.ca.com -> ->
10.18.250.4 www.f-secure.com -> ->
10.18.250.4 www.fastclick.net -> ->
10.18.250.4 www.grisoft.com -> ->
10.18.250.4 www.kaspersky-labs.com -> ->
10.18.250.4 www.kaspersky.com -> ->
10.18.250.4 www.kaspersky.ru -> ->
10.18.250.4 www.mcafee.com -> ->
10.18.250.4 www.microsoft.com -> ->
10.18.250.4 www.my-etrust.com -> ->
10.18.250.4 www.nai.com -> ->
10.18.250.4 www.networkassociates.com -> ->
10.18.250.4 www.pandasoftware.com -> ->
10.18.250.4 www.sophos.com -> ->
10.18.250.4 www.symantec.com -> ->
10.18.250.4 www.trendmicro.com -> ->
10.18.250.4 www.viruslist.com -> ->
10.18.250.4 www.viruslist.ru -> ->
10.18.250.4 www.virustotal.com -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> D:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Start Page -> about:blank ->
HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\shdocvw.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1341440 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{002a8be0-ee51-446b-b8f1-dd1c0cb93d48} [HKLM] -> %System32%\ihmucegi.dll [Reg Data - Value does not exist] -> [Ver = | Size = 79424 bytes | Modified Date = 11/14/2007 6:55:46 PM | Attr = ]
{061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} [HKLM] -> %ProgramFiles%\MSN\mexola4444.dll [] -> [Ver = | Size = 282624 bytes | Modified Date = 8/2/2007 8:44:00 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{200D0AAD-71B1-51C9-DDB0-092BA4662A54} [HKLM] -> %ProgramFiles%\Hrlfrkjd\vcbgsjtt.dll [Reg Data - Value does not exist] -> [Ver = | Size = 114688 bytes | Modified Date = 11/14/2007 6:52:48 PM | Attr = ]
{36D6B116-22C8-44E1-B76F-E4A227EE7340} [HKLM] -> %System32%\sstqq.dll [Reg Data - Value does not exist] -> [Ver = | Size = 319584 bytes | Modified Date = 11/4/2007 9:01:00 AM | Attr = ]
{391B174C-A6B7-C9D7-6743-01F7A0D663D6} [HKLM] -> %ProgramFiles%\Alrzvghu\jmdurkme.dll [Reg Data - Value does not exist] -> [Ver = | Size = 106496 bytes | Modified Date = 11/4/2007 9:01:08 AM | Attr = ]
{5C2A9795-B130-4622-B036-BDCAD28602DC} [HKLM] -> %ProgramFiles%\Cool\Cool.dll [CoolBHO Class] -> Cool [Ver = 1.0.0.0 | Size = 397312 bytes | Modified Date = 11/12/2007 11:50:22 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
{A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\kikxchia.dll [Reg Data - Value does not exist] -> [Ver = | Size = 144480 bytes | Modified Date = 11/14/2007 7:02:04 PM | Attr = ]
{E04FA56D-749D-4D53-B33F-D64C13E65212} [HKLM] -> %System32%\jkhhi.dll [Reg Data - Value does not exist] -> [Ver = | Size = 319072 bytes | Modified Date = 11/13/2007 4:37:58 PM | Attr = ]
{E729E55E-EABE-4FF0-B4B4-0DA26E91272C} [HKLM] -> %ProgramFiles%\MSN\mexola83122.dll [] -> [Ver = | Size = 282624 bytes | Modified Date = 8/2/2007 8:44:00 AM | Attr = ]
{ec63883c-79cb-48e9-aad0-67ee0b21b209} [HKLM] -> %System32%\rjiuhhn.dll [Reg Data - Value does not exist] -> File not found
{FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} [HKLM] -> %ProgramFiles%\MSN\mexola555077.dll [] -> [Ver = | Size = 282624 bytes | Modified Date = 8/2/2007 8:44:00 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4D5C8C25-D075-11d0-B416-00C04FB90376} [HKLM] -> %System32%\shdocvw.dll [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1341440 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> %System32%\browseui.dll [Media Band] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\kikxchia.dll [Security Toolbar] -> [Ver = | Size = 144480 bytes | Modified Date = 11/14/2007 7:02:04 PM | Attr = ]
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 4:40:12 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Modified Date = 8/29/2002 4:40:50 AM | Attr = ]
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKLM] -> %System32%\shell32.dll [&Links] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM95\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 4.8.2790 | Size = 57344 bytes | Modified Date = 5/22/2002 10:57:16 AM | Attr = ]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> %SystemRoot%\Web\related.htm [ButtonText: @shdoclc.dll,-866] -> [Ver = | Size = 654 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{577C2E1C-B600-468C-910F-13211CEC83E2} -> (Belkin Wireless G Desktop Card) ->
{BEC51E50-E083-4302-B6F4-17F1CFCDD72C} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries�0000000001 [Tcpip] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
NameSpace_Catalog5\Catalog_Entries�0000000002 [NTDS] -> %System32%\winrnr.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 14848 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
NameSpace_Catalog5\Catalog_Entries�0000000003 [Network Location Awareness (NLA) Namespace] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000001 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000002 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000003 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000004 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000005 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000006 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000007 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000008 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000009 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000010 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000011 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000012 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries�0000000013 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
cdl -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
dvd -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.00001.900 built by: DIRECTX | Size = 1230336 bytes | Modified Date = 7/9/2004 3:26:38 AM | Attr = ]
file -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
ftp -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
gopher -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
http -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
httpx00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
http\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
https -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
httpsx00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
https\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
ippx00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3644.0 | Size = 122368 bytes | Modified Date = 8/29/2002 4:40:58 AM | Attr = ]
javascript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
local -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
mailto -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
mhtml -> %System32%\inetcomm.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 587776 bytes | Modified Date = 8/29/2002 4:40:56 AM | Attr = ]
mk -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
msdaipp -> Reg Data - Key not found -> File not found
msdaippx00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
msdaipp\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 8.103.5219.0 | Size = 532480 bytes | Modified Date = 5/23/2002 9:22:16 PM | Attr = ]
ms-its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3644.0 | Size = 122368 bytes | Modified Date = 8/29/2002 4:40:58 AM | Attr = ]
res -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
sysimage -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
tv -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.00001.900 built by: DIRECTX | Size = 1230336 bytes | Modified Date = 7/9/2004 3:26:38 AM | Attr = ]
vbscript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 8/29/2002 4:41:04 AM | Attr = ]
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 4:40:12 AM | Attr = ]
wia -> %System32%\wiascr.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 70656 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
< Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
Class Install Handler -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
deflate -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
gzip -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
lzdhtml -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 455680 bytes | Modified Date = 8/29/2002 4:41:18 AM | Attr = ]
text/webviewhtml -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8336384 bytes | Modified Date = 8/29/2002 4:41:12 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab ->
{48DD0448-9209-4F81-9F6D-D83562940134} -> MySpace Uploader Control - CodeBase = http://lads.myspace.com/upload/MySpaceUploader.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://D:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://D:\WINDOWS\Java\classes\xmldso.cab ->
[Files/Folders - Created Within 90 days]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 9/19/2007 5:08:24 AM | Attr = ]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 442 bytes | Created Date = 10/8/2007 4:14:11 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Created Date = 9/19/2007 5:09:15 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 9/23/2007 10:39:59 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 12/20/1747 12:15:29 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 11/14/2007 2:40:07 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
WUTemp -> %SystemDrive%\WUTemp -> [Folder | Created Date = 10/7/2007 9:44:56 PM | Attr = ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 11/5/2007 8:04:33 PM | Attr = H ]
addins -> %SystemRoot%\addins -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 9/19/2007 9:21:37 AM | Attr = S]
bXVzdGFuZw -> %SystemRoot%\bXVzdGFuZw -> [Folder | Created Date = 11/4/2007 8:55:22 AM | Attr = HS]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Config -> %SystemRoot%\Config -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 9/19/2007 9:18:46 AM | Attr = ]
cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 2135 bytes | Created Date = 11/8/2007 12:45:50 AM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 11/13/2007 11:28:51 AM | Attr = HS]
Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 9/19/2007 9:17:06 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 9/19/2007 9:17:53 AM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = R S]
Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico -> [Ver = | Size = 1150 bytes | Created Date = 11/4/2007 7:34:20 PM | Attr = ]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1917 bytes | Created Date = 9/19/2007 5:09:21 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 9/19/2007 10:12:44 AM | Attr = HS]
java -> %SystemRoot%\java -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
mgrs.exe -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Created Date = 11/13/2007 5:33:14 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1156 bytes | Created Date = 11/8/2007 5:06:58 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
mui -> %SystemRoot%\mui -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 9/19/2007 10:16:01 AM | Attr = ]
nview -> %SystemRoot%\nview -> [Folder | Created Date = 10/8/2007 5:38:06 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Created Date = 9/19/2007 5:09:18 AM | Attr = ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 9/19/2007 9:17:53 AM | Attr = R ]
OPTIONS -> %SystemRoot%\OPTIONS -> [Folder | Created Date = 10/7/2007 8:31:32 PM | Attr = ]
PCHealth -> %SystemRoot%\PCHealth -> [Folder | Created Date = 9/19/2007 9:16:43 AM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 10/7/2007 11:45:28 PM | Attr = H ]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 9/19/2007 10:11:53 AM | Attr = ]
pwisys.ini -> %SystemRoot%\pwisys.ini -> [Ver = | Size = 442 bytes | Created Date = 11/11/2007 9:36:25 AM | Attr = ]
quit.exe -> %SystemRoot%\quit.exe -> Microsoft [Ver = 3.65.0002 | Size = 20480 bytes | Created Date = 11/8/2007 12:57:26 AM | Attr = ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 10/7/2007 11:33:31 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 9/19/2007 9:16:07 AM | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 9/19/2007 10:11:39 AM | Attr = ]
repair -> %SystemRoot%\repair -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
SET3.tmp -> %SystemRoot%\SET3.tmp -> [Ver = | Size = 1086182 bytes | Created Date = 9/19/2007 5:08:50 AM | Attr = R ]
SETA.tmp -> %SystemRoot%\SETA.tmp -> [Ver = | Size = 13608 bytes | Created Date = 9/19/2007 5:08:53 AM | Attr = R ]
shell.exe -> %SystemRoot%\shell.exe -> [Ver = | Size = 9728 bytes | Created Date = 11/12/2007 5:57:54 PM | Attr = ]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 11/9/2007 4:54:41 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 9/19/2007 9:16:48 AM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 11/7/2007 6:50:27 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
system32 -> %System32% -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 9/19/2007 9:16:54 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
TTC-4444.exe -> %SystemRoot%\TTC-4444.exe -> [Ver = | Size = 169147 bytes | Created Date = 11/4/2007 8:56:10 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
uninstall_nmon.vbs -> %SystemRoot%\uninstall_nmon.vbs -> [Ver = | Size = 1989 bytes | Created Date = 11/4/2007 8:55:25 AM | Attr = ]
vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 9/19/2007 9:16:08 AM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 9/19/2007 9:16:08 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = R ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 58 bytes | Created Date = 10/7/2007 9:42:17 PM | Attr = ]
winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 9/19/2007 9:17:06 AM | Attr = HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 9/19/2007 9:17:06 AM | Attr = HS]
winshow.exe -> %SystemRoot%\winshow.exe -> [Ver = 23.03.0026 | Size = 35840 bytes | Created Date = 11/8/2007 1:11:30 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
WMSysPrx.prx -> %SystemRoot%\WMSysPrx.prx -> [Ver = | Size = 299552 bytes | Created Date = 9/19/2007 9:18:43 AM | Attr = ]
yahooo.exe -> %SystemRoot%\yahooo.exe -> Microsoft [Ver = 4.30.0004 | Size = 32768 bytes | Created Date = 11/8/2007 12:57:54 AM | Attr = ]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 9/19/2007 9:15:44 AM | Attr = ]
?icrosoft -> %SystemRoot%\?icrosoft -> [Folder | Created Date = 1/24/1749 7:29:01 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 10/7/2007 10:09:15 PM | Attr = ]
desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 9/19/2007 9:16:55 AM | Attr = RH ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 9/19/2007 9:18:40 AM | Attr = H ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 9/18/2007 8:15:54 PM | Attr = ]
1025 -> %System32%\1025 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1028 -> %System32%\1028 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1031 -> %System32%\1031 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1033 -> %System32%\1033 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1037 -> %System32%\1037 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1041 -> %System32%\1041 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1042 -> %System32%\1042 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
1054 -> %System32%\1054 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
2052 -> %System32%\2052 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
3076 -> %System32%\3076 -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
3com_dmi -> %System32%\3com_dmi -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
a1 -> %System32%\a1 -> [Folder | Created Date = 11/4/2007 8:55:00 AM | Attr = ]
accttlmc.dll -> %System32%\accttlmc.dll -> [Ver = | Size = 85056 bytes | Created Date = 11/10/2007 6:55:38 PM | Attr = ]
actskn45.ocx -> %System32%\actskn45.ocx -> SoftShape Development [Ver = 4, 50, 0, 0 | Size = 483328 bytes | Created Date = 11/4/2007 7:22:54 AM | Attr = ]
aivskurq.dll -> %System32%\aivskurq.dll -> Microsoft [Ver = 1.00.0091 | Size = 21504 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 9/19/2007 9:18:44 AM | Attr = ]
amstream.dll -> %System32%\amstream.dll -> [Ver = | Size = 64512 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
AUTOEXEC.NT -> %System32%\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 9/19/2007 5:09:01 AM | Attr = ]
awavyhad.dll -> %System32%\awavyhad.dll -> [Ver = | Size = 86080 bytes | Created Date = 11/7/2007 11:16:52 PM | Attr = ]
bbaplkxx.dll -> %System32%\bbaplkxx.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/10/2007 5:55:32 PM | Attr = ]
bnkijbcv.ini -> %System32%\bnkijbcv.ini -> [Ver = | Size = 668993 bytes | Created Date = 11/14/2007 3:25:42 AM | Attr = HS]
bopomofo.uce -> %System32%\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
bvgevqai -> %System32%\bvgevqai -> [Folder | Created Date = 11/4/2007 9:01:21 AM | Attr = ]
bxokvvve.ini -> %System32%\bxokvvve.ini -> [Ver = | Size = 671187 bytes | Created Date = 11/14/2007 5:44:19 PM | Attr = HS]
byxwwts.dll -> %System32%\byxwwts.dll -> [Ver = | Size = 36352 bytes | Created Date = 11/8/2007 1:11:57 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Created Date = 9/19/2007 5:08:45 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Created Date = 9/19/2007 5:08:45 AM | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
ckffoxxq.dll -> %System32%\ckffoxxq.dll -> [Ver = | Size = 87104 bytes | Created Date = 11/7/2007 10:19:51 PM | Attr = ]
cmlttcca.ini -> %System32%\cmlttcca.ini -> [Ver = | Size = 584776 bytes | Created Date = 11/10/2007 6:55:40 PM | Attr = HS]
cnrmrugo.dll -> %System32%\cnrmrugo.dll -> [Ver = | Size = 85056 bytes | Created Date = 11/14/2007 6:58:42 PM | Attr = ]
Com -> %System32%\Com -> [Folder | Created Date = 9/19/2007 9:15:23 AM | Attr = ]
config -> %System32%\config -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2578 bytes | Created Date = 9/19/2007 9:18:46 AM | Attr = ]
CONFIG.TMP -> %System32%\CONFIG.TMP -> [Ver = | Size = 2577 bytes | Created Date = 9/19/2007 5:09:01 AM | Attr = ]
c_10006.nls -> %System32%\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:09 AM | Attr = ]
c_10007.nls -> %System32%\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:11 AM | Attr = ]
c_10010.nls -> %System32%\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:06 AM | Attr = ]
c_10017.nls -> %System32%\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:11 AM | Attr = ]
c_10029.nls -> %System32%\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:06 AM | Attr = ]
c_10081.nls -> %System32%\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:13 AM | Attr = ]
c_10082.nls -> %System32%\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:06 AM | Attr = ]
c_20127.nls -> %System32%\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:05 AM | Attr = ]
C_28594.NLS -> %System32%\C_28594.NLS -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:08 AM | Attr = ]
C_28595.NLS -> %System32%\C_28595.NLS -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:11 AM | Attr = ]
C_28597.NLS -> %System32%\C_28597.NLS -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:09 AM | Attr = ]
c_28599.nls -> %System32%\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:13 AM | Attr = ]
c_28603.nls -> %System32%\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:14 AM | Attr = ]
c_737.nls -> %System32%\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:09 AM | Attr = ]
c_852.nls -> %System32%\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:06 AM | Attr = ]
c_855.nls -> %System32%\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:08 AM | Attr = ]
c_857.nls -> %System32%\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:13 AM | Attr = ]
c_866.nls -> %System32%\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:08 AM | Attr = ]
c_869.nls -> %System32%\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 9/19/2007 5:09:09 AM | Attr = ]
c_875.nls -> %System32%\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 9/19/2007 5:09:09 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 1324 bytes | Created Date = 10/7/2007 11:50:42 PM | Attr = ]
dahyvawa.ini -> %System32%\dahyvawa.ini -> [Ver = | Size = 570249 bytes | Created Date = 11/7/2007 11:16:54 PM | Attr = HS]
desktop.ini -> %System32%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 9/19/2007 9:17:06 AM | Attr = ]
devenum.dll -> %System32%\devenum.dll -> [Ver = | Size = 132608 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 9/19/2007 5:09:04 AM | Attr = ]
dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 9/19/2007 5:09:04 AM | Attr = ]
dhcp -> %System32%\dhcp -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Created Date = 9/19/2007 9:17:32 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = RHS]
dlpsrqpd.dll -> %System32%\dlpsrqpd.dll -> [Ver = | Size = 144480 bytes | Created Date = 11/12/2007 3:10:49 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
efcyyya.dll -> %System32%\efcyyya.dll -> [Ver = | Size = 36864 bytes | Created Date = 11/4/2007 9:00:26 AM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Created Date = 9/19/2007 9:16:09 AM | Attr = ]
EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 9/19/2007 5:09:03 AM | Attr = ]
explorer.exe -> %System32%\explorer.exe -> Microsoft [Ver = 724.06.0034 | Size = 40960 bytes | Created Date = 11/13/2007 11:39:16 AM | Attr = ]
export -> %System32%\export -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
eyjjyebo.dll -> %System32%\eyjjyebo.dll -> [Ver = | Size = 88128 bytes | Created Date = 11/10/2007 5:49:32 PM | Attr = ]
fdqdntmr.exe -> %System32%\fdqdntmr.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/10/2007 6:46:33 PM | Attr = ]
fibagbia -> %System32%\fibagbia -> [Folder | Created Date = 11/13/2007 5:32:11 PM | Attr = ]
fisuxmel.dll -> %System32%\fisuxmel.dll -> [Ver = | Size = 87104 bytes | Created Date = 11/6/2007 10:16:53 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 90296 bytes | Created Date = 9/19/2007 5:08:23 AM | Attr = ]
fvetsnri.ini -> %System32%\fvetsnri.ini -> [Ver = | Size = 584776 bytes | Created Date = 11/9/2007 5:46:53 PM | Attr = HS]
g2 -> %System32%\g2 -> [Folder | Created Date = 11/4/2007 8:55:00 AM | Attr = ]
gb2312.uce -> %System32%\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
ghginomi.dll -> %System32%\ghginomi.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/7/2007 10:16:51 PM | Attr = ]
gnyurxvw.dllbox -> %System32%\gnyurxvw.dllbox -> [Ver = | Size = 20768 bytes | Created Date = 11/12/2007 3:11:21 PM | Attr = HS]
guxehavv.exe -> %System32%\guxehavv.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 11/6/2007 8:27:44 PM | Attr = ]
gvrxieni.dll -> %System32%\gvrxieni.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/8/2007 11:13:52 PM | Attr = ]
h1 -> %System32%\h1 -> [Folder | Created Date = 11/4/2007 8:55:00 AM | Attr = ]
hajjgxjs.exe -> %System32%\hajjgxjs.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/14/2007 3:22:47 AM | Attr = ]
hfdxkfui.ini -> %System32%\hfdxkfui.ini -> [Ver = | Size = 569962 bytes | Created Date = 11/5/2007 8:38:54 PM | Attr = HS]
hggdefd.dll -> %System32%\hggdefd.dll -> [Ver = | Size = 36352 bytes | Created Date = 11/13/2007 5:32:10 PM | Attr = ]
hkofdxud.dll -> %System32%\hkofdxud.dll -> [Ver = | Size = 78912 bytes | Created Date = 11/4/2007 8:34:57 PM | Attr = ]
hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 9/19/2007 9:15:49 AM | Attr = ]
htoanngi.exe -> %System32%\htoanngi.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 11/5/2007 8:26:57 PM | Attr = ]
hvoywdws.dll -> %System32%\hvoywdws.dll -> [Ver = | Size = 79424 bytes | Created Date = 11/14/2007 5:47:08 PM | Attr = ]
hwtoffev.dll -> %System32%\hwtoffev.dll -> [Ver = | Size = 80448 bytes | Created Date = 11/13/2007 4:50:06 PM | Attr = ]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 489984 bytes | Created Date = 9/19/2007 9:15:49 AM | Attr = ]
ias -> %System32%\ias -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
ideograf.uce -> %System32%\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
IExplorer.dll .dbt -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Created Date = 11/8/2007 12:57:59 AM | Attr = ]
igtwcwkt.dll -> %System32%\igtwcwkt.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/6/2007 10:14:00 PM | Attr = ]
ihhkj.bak1 -> %System32%\ihhkj.bak1 -> [Ver = | Size = 6470 bytes | Created Date = 11/13/2007 4:38:12 PM | Attr = HS]
ihhkj.ini -> %System32%\ihhkj.ini -> [Ver = | Size = 34210 bytes | Created Date = 11/13/2007 4:37:58 PM | Attr = HS]
ihmucegi.dll -> %System32%\ihmucegi.dll -> [Ver = | Size = 79424 bytes | Created Date = 11/14/2007 6:55:42 PM | Attr = ]
IME -> %System32%\IME -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
inf -> %System32%\inf -> [Folder | Created Date = 11/11/2007 9:36:25 AM | Attr = ]
insfmkdh.dll -> %System32%\insfmkdh.dll -> [Ver = | Size = 81472 bytes | Created Date = 11/14/2007 3:25:37 AM | Attr = ]
irnstevf.dll -> %System32%\irnstevf.dll -> [Ver = | Size = 88128 bytes | Created Date = 11/9/2007 5:46:41 PM | Attr = ]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 28672 bytes | Created Date = 9/19/2007 9:17:00 AM | Attr = ]
iufkxdfh.dll -> %System32%\iufkxdfh.dll -> [Ver = | Size = 85568 bytes | Created Date = 11/5/2007 8:38:44 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 11/4/2007 7:29:30 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 11/4/2007 7:29:30 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 11/4/2007 7:29:30 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 11/4/2007 7:29:30 AM | Attr = ]
jffufwnm.dll -> %System32%\jffufwnm.dll -> [Ver = | Size = 89664 bytes | Created Date = 11/12/2007 3:08:01 PM | Attr = ]
jkhhi.dll -> %System32%\jkhhi.dll -> [Ver = | Size = 319072 bytes | Created Date = 11/13/2007 4:37:48 PM | Attr = ]
jkklllj.dll -> %System32%\jkklllj.dll -> [Ver = | Size = 36352 bytes | Created Date = 11/8/2007 1:17:04 AM | Attr = ]
kanji_1.uce -> %System32%\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
kanji_2.uce -> %System32%\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
keystone.exe -> %System32%\keystone.exe -> [Ver = | Size = 425984 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
kgcdpudj.dll -> %System32%\kgcdpudj.dll -> [Ver = | Size = 144480 bytes | Created Date = 11/14/2007 7:01:42 PM | Attr = ]
kikxchia.dll -> %System32%\kikxchia.dll -> [Ver = | Size = 144480 bytes | Created Date = 11/14/2007 7:02:03 PM | Attr = ]
kikxchia.dllbox -> %System32%\kikxchia.dllbox -> [Ver = | Size = 20810 bytes | Created Date = 11/14/2007 7:02:07 PM | Attr = HS]
korean.uce -> %System32%\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
l3codecx.ax -> %System32%\l3codecx.ax -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 5, 0, 50 | Size = 83456 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
lcpmoqxo.dll -> %System32%\lcpmoqxo.dll -> [Ver = | Size = 78912 bytes | Created Date = 11/4/2007 8:34:39 PM | Attr = ]
ldcore.dll -> %System32%\ldcore.dll -> [Ver = | Size = 7713 bytes | Created Date = 11/4/2007 8:55:49 AM | Attr = ]
ldinfo.ldr -> %System32%\ldinfo.ldr -> [Ver = | Size = 399 bytes | Created Date = 11/4/2007 8:57:57 AM | Attr = ]
lemxusif.ini -> %System32%\lemxusif.ini -> [Ver = | Size = 570101 bytes | Created Date = 11/6/2007 10:16:55 PM | Attr = HS]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 9/19/2007 9:17:53 AM | Attr = RH ]
lwisys16_071111.dll -> %System32%\lwisys16_071111.dll -> [Ver = | Size = 23040 bytes | Created Date = 11/11/2007 9:36:29 AM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Created Date = 9/19/2007 9:16:47 AM | Attr = ]
mciqtz32.dll -> %System32%\mciqtz32.dll -> [Ver = | Size = 34304 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
mevpgvwp.ini -> %System32%\mevpgvwp.ini -> [Ver = | Size = 668993 bytes | Created Date = 11/13/2007 4:53:18 PM | Attr = HS]
Microsoft -> %System32%\Microsoft -> [Folder | Created Date = 10/7/2007 8:33:00 PM | Attr = S]
mndmhsjc.ini -> %System32%\mndmhsjc.ini -> [Ver = | Size = 576845 bytes | Created Date = 11/4/2007 8:37:58 PM | Attr = HS]
mnwfuffj.ini -> %System32%\mnwfuffj.ini -> [Ver = | Size = 590476 bytes | Created Date = 11/12/2007 3:08:15 PM | Attr = HS]
mp43.exe -> %System32%\mp43.exe -> Microsoft [Ver = 4.30.0004 | Size = 32768 bytes | Created Date = 11/8/2007 12:57:54 AM | Attr = ]
mpeg2data.ax -> %System32%\mpeg2data.ax -> [Ver = | Size = 57856 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
mpg2splt.ax -> %System32%\mpg2splt.ax -> [Ver = | Size = 136192 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
msdmo.dll -> %System32%\msdmo.dll -> [Ver = | Size = 13312 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
MsDtc -> %System32%\MsDtc -> [Folder | Created Date = 9/19/2007 9:15:23 AM | Attr = ]
msdtcprf.h -> %System32%\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 9/19/2007 9:15:39 AM | Attr = ]
msdtcprf.ini -> %System32%\msdtcprf.ini -> [Ver = | Size = 1931 bytes | Created Date = 9/19/2007 9:15:39 AM | Attr = ]
msdvbnp.ax -> %System32%\msdvbnp.ax -> [Ver = | Size = 52224 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
msnav32.ax -> %System32%\msnav32.ax -> [Ver = | Size = 17 bytes | Created Date = 11/4/2007 8:58:10 AM | Attr = ]
mtdrnqgu.exe -> %System32%\mtdrnqgu.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/7/2007 9:04:52 PM | Attr = ]
mtoewqjd.dll -> %System32%\mtoewqjd.dll -> [Ver = | Size = 83008 bytes | Created Date = 11/5/2007 8:41:43 PM | Attr = ]
mui -> %System32%\mui -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
mwisys32_071111.dll -> %System32%\mwisys32_071111.dll -> [Ver = | Size = 203264 bytes | Created Date = 11/11/2007 9:36:29 AM | Attr = ]
mywehit.ini -> %System32%\mywehit.ini -> [Ver = | Size = 188 bytes | Created Date = 11/11/2007 9:39:12 AM | Attr = ]
Mz08r -> %System32%\Mz08r -> [Folder | Created Date = 11/4/2007 8:54:51 AM | Attr = ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
npp -> %System32%\npp -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 9/19/2007 9:18:44 AM | Attr = ]
nv4_disp.dll -> %System32%\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 5783040 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvapi.dll -> %System32%\nvapi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 364544 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvappbar.exe -> %System32%\nvappbar.exe -> [Ver = | Size = 442368 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 138893 bytes | Created Date = 10/8/2007 5:38:06 PM | Attr = ]
nvcod.dll -> %System32%\nvcod.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcodins.dll -> %System32%\nvcodins.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcolor.exe -> %System32%\nvcolor.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 147456 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcpl.cpl -> %System32%\nvcpl.cpl -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 413696 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcpl.dll -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcplui.exe -> %System32%\nvcplui.exe -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 753664 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvdisp.nvu -> %System32%\nvdisp.nvu -> [Ver = | Size = 17525 bytes | Created Date = 10/8/2007 5:38:06 PM | Attr = ]
nvdisps.dll -> %System32%\nvdisps.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6344704 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvdspsch.exe -> %System32%\nvdspsch.exe -> [Ver = | Size = 1339392 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvexpbar.dll -> %System32%\nvexpbar.dll -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 307200 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvgames.dll -> %System32%\nvgames.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3334144 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nview.dll -> %System32%\nview.dll -> [Ver = | Size = 1478656 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccs.dll -> %System32%\nvmccs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 229376 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccsrs.dll -> %System32%\nvmccsrs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 45056 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccss.dll -> %System32%\nvmccss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 188416 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmctray.dll -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmobls.dll -> %System32%\nvmobls.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 1150976 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvnt4cpl.dll -> %System32%\nvnt4cpl.dll -> [Ver = | Size = 286720 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvoglnt.dll -> %System32%\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6746112 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvshell.dll -> %System32%\nvshell.dll -> [Ver = | Size = 466944 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvtuicpl.cpl -> %System32%\nvtuicpl.cpl -> [Ver = | Size = 73728 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvudisp.exe -> %System32%\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 10/8/2007 5:38:06 PM | Attr = ]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 10/8/2007 5:37:25 PM | Attr = ]
nvvitvs.dll -> %System32%\nvvitvs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3551232 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwddi.dll -> %System32%\nvwddi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwdmcpl.dll -> %System32%\nvwdmcpl.dll -> [Ver = | Size = 1703936 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwimg.dll -> %System32%\nvwimg.dll -> [Ver = | Size = 1019904 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwss.dll -> %System32%\nvwss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 2371584 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
nxxdtwcy.dll -> %System32%\nxxdtwcy.dll -> [Ver = | Size = 86080 bytes | Created Date = 11/8/2007 11:19:52 PM | Attr = ]
obeyjjye.ini -> %System32%\obeyjjye.ini -> [Ver = | Size = 584776 bytes | Created Date = 11/10/2007 5:49:32 PM | Attr = HS]
ogurmrnc.ini -> %System32%\ogurmrnc.ini -> [Ver = | Size = 671247 bytes | Created Date = 11/14/2007 6:58:43 PM | Attr = HS]
ogurmrnc.ini2 -> %System32%\ogurmrnc.ini2 -> [Ver = | Size = 671265 bytes | Created Date = 11/14/2007 6:58:54 PM | Attr = HS]
ogurmrnc.tmp -> %System32%\ogurmrnc.tmp -> [Ver = | Size = 671247 bytes | Created Date = 11/14/2007 6:58:54 PM | Attr = HS]
oobe -> %System32%\oobe -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Created Date = 9/19/2007 5:09:19 AM | Attr = ]
pnhxsisu.exe -> %System32%\pnhxsisu.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/14/2007 6:52:59 PM | Attr = ]
printer.exe -> %System32%\printer.exe -> [Ver = | Size = 9728 bytes | Created Date = 11/12/2007 5:57:53 PM | Attr = ]
psisdecd.dll -> %System32%\psisdecd.dll -> [Ver = | Size = 354816 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
psisrndr.ax -> %System32%\psisrndr.ax -> [Ver = | Size = 30208 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
puhmcwdy.dll -> %System32%\puhmcwdy.dll -> [Ver = | Size = 79936 bytes | Created Date = 11/7/2007 11:10:52 PM | Attr = ]
pwvgpvem.dll -> %System32%\pwvgpvem.dll -> [Ver = | Size = 85056 bytes | Created Date = 11/13/2007 4:53:07 PM | Attr = ]
qasf.dll -> %System32%\qasf.dll -> [Ver = | Size = 173056 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qcap.dll -> %System32%\qcap.dll -> [Ver = | Size = 257024 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qdv.dll -> %System32%\qdv.dll -> [Ver = | Size = 316928 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qdvd.dll -> %System32%\qdvd.dll -> [Ver = | Size = 470528 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qedit.dll -> %System32%\qedit.dll -> [Ver = | Size = 1798144 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qedwipes.dll -> %System32%\qedwipes.dll -> [Ver = | Size = 733184 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qmdlwpln.exe -> %System32%\qmdlwpln.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/9/2007 5:43:32 PM | Attr = ]
qqtss.bak1 -> %System32%\qqtss.bak1 -> [Ver = | Size = 642062 bytes | Created Date = 11/12/2007 3:05:48 PM | Attr = HS]
qqtss.bak2 -> %System32%\qqtss.bak2 -> [Ver = | Size = 443995 bytes | Created Date = 11/13/2007 4:38:46 PM | Attr = HS]
qqtss.ini -> %System32%\qqtss.ini -> [Ver = | Size = 445959 bytes | Created Date = 11/12/2007 11:55:54 PM | Attr = HS]
qqtss.ini2 -> %System32%\qqtss.ini2 -> [Ver = | Size = 479823 bytes | Created Date = 11/12/2007 11:55:54 PM | Attr = HS]
qqtss.tmp -> %System32%\qqtss.tmp -> [Ver = | Size = 452379 bytes | Created Date = 11/12/2007 11:41:22 PM | Attr = HS]
quartz.dll -> %System32%\quartz.dll -> [Ver = | Size = 1962496 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qxrijllm.exe -> %System32%\qxrijllm.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/12/2007 3:05:53 PM | Attr = ]
qxxoffkc.ini -> %System32%\qxxoffkc.ini -> [Ver = | Size = 570161 bytes | Created Date = 11/7/2007 10:19:51 PM | Attr = HS]
r2 -> %System32%\r2 -> [Folder | Created Date = 11/4/2007 8:55:01 AM | Attr = ]
ras -> %System32%\ras -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Created Date = 9/19/2007 9:16:42 AM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
Setup -> %System32%\Setup -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
shiftjis.uce -> %System32%\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
sijkdvbv.dll -> %System32%\sijkdvbv.dll -> [Ver = | Size = 77888 bytes | Created Date = 11/9/2007 5:52:32 PM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Created Date = 11/9/2007 4:55:59 PM | Attr = ]
spool -> %System32%\spool -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
spoolvs.exe -> %System32%\spoolvs.exe -> [Ver = | Size = 9728 bytes | Created Date = 11/12/2007 5:57:54 PM | Attr = ]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 9/19/2007 5:09:03 AM | Attr = ]
ssqpqqr.dll -> %System32%\ssqpqqr.dll -> [Ver = | Size = 36864 bytes | Created Date = 11/4/2007 8:42:22 PM | Attr = ]
sstqq.dll -> %System32%\sstqq.dll -> [Ver = | Size = 319584 bytes | Created Date = 11/4/2007 9:00:53 AM | Attr = ]
stgqofpe.exe -> %System32%\stgqofpe.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/7/2007 11:07:52 PM | Attr = ]
stwpinut.dll -> %System32%\stwpinut.dll -> [Ver = | Size = 80448 bytes | Created Date = 11/13/2007 11:41:06 AM | Attr = ]
subrange.uce -> %System32%\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 9/19/2007 9:15:43 AM | Attr = ]
S?mantec -> %System32%\S?mantec -> [Folder | Created Date = 12/31/1747 10:15:04 AM | Attr = ]
tslabels.h -> %System32%\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 9/19/2007 9:15:41 AM | Attr = ]
tslabels.ini -> %System32%\tslabels.ini -> [Ver = | Size = 13223 bytes | Created Date = 9/19/2007 9:15:41 AM | Attr = ]
tsuxipcy.dll -> %System32%\tsuxipcy.dll -> [Ver = | Size = 88128 bytes | Created Date = 11/11/2007 6:52:46 PM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
usrlogon.cmd -> %System32%\usrlogon.cmd -> [Ver = | Size = 1161 bytes | Created Date = 9/19/2007 9:15:41 AM | Attr = ]
uyrbktrd.exe -> %System32%\uyrbktrd.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/14/2007 5:41:25 PM | Attr = ]
v8 -> %System32%\v8 -> [Folder | Created Date = 11/4/2007 8:55:01 AM | Attr = ]
vcbjiknb.dll -> %System32%\vcbjiknb.dll -> [Ver = | Size = 85056 bytes | Created Date = 11/14/2007 3:25:31 AM | Attr = ]
vdcymkly.exe -> %System32%\vdcymkly.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/8/2007 11:10:52 PM | Attr = ]
visxigyp.exe -> %System32%\visxigyp.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/14/2007 6:32:56 PM | Attr = ]
vvgeowbv.exe -> %System32%\vvgeowbv.exe -> [Ver = | Size = 0 bytes | Created Date = 11/4/2007 8:59:13 AM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
WhoisCL.exe -> %System32%\WhoisCL.exe -> NirSoft [Ver = 1.20 | Size = 10752 bytes | Created Date = 10/17/2007 8:42:08 AM | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 9/19/2007 9:17:53 AM | Attr = RH ]
wins -> %System32%\wins -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
winxoo32.dll -> %System32%\winxoo32.dll -> [Ver = | Size = 19968 bytes | Created Date = 11/4/2007 8:58:22 AM | Attr = ]
wmimgmt.msc -> %System32%\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 9/19/2007 9:15:31 AM | Attr = ]
wmpscheme.xml -> %System32%\wmpscheme.xml -> [Ver = | Size = 25065 bytes | Created Date = 9/19/2007 9:18:44 AM | Attr = ]
wnscpisv32.exe -> %System32%\wnscpisv32.exe -> [Ver = | Size = 2 bytes | Created Date = 11/8/2007 1:13:24 AM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 9/19/2007 9:17:49 AM | Attr = RH ]
xircom -> %System32%\xircom -> [Folder | Created Date = 9/19/2007 9:19:03 AM | Attr = ]
xjoatova.exe -> %System32%\xjoatova.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/10/2007 5:43:32 PM | Attr = ]
ycpixust.ini -> %System32%\ycpixust.ini -> [Ver = | Size = 585038 bytes | Created Date = 11/11/2007 6:52:49 PM | Attr = HS]
ycwtdxxn.ini -> %System32%\ycwtdxxn.ini -> [Ver = | Size = 584179 bytes | Created Date = 11/8/2007 11:19:53 PM | Attr = HS]
?asks -> %System32%\?asks -> [Folder | Created Date = 6/6/1749 9:01:50 PM | Attr = ]
amstream.dll -> %System32%\dllcache\amstream.dll -> [Ver = | Size = 64512 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 9/19/2007 9:19:32 AM | Attr = ]
chtskf.dll -> %System32%\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 9/19/2007 9:19:35 AM | Attr = ]
CLASSES.CAT -> %System32%\dllcache\CLASSES.CAT -> [Ver = | Size = 657548 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
DAJAVAC.CAT -> %System32%\dllcache\DAJAVAC.CAT -> [Ver = | Size = 56081 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
devenum.dll -> %System32%\dllcache\devenum.dll -> [Ver = | Size = 132608 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 9/19/2007 5:09:04 AM | Attr = ]
dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 9/19/2007 5:09:04 AM | Attr = ]
DX3.CAT -> %System32%\dllcache\DX3.CAT -> [Ver = | Size = 52311 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 9/19/2007 5:09:03 AM | Attr = ]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 9/19/2007 9:19:44 AM | Attr = ]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 9/19/2007 9:19:44 AM | Attr = ]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 9/19/2007 9:19:44 AM | Attr = ]
FP4.CAT -> %System32%\dllcache\FP4.CAT -> [Ver = | Size = 31405 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
fpencode.dll -> %System32%\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 9/19/2007 9:19:49 AM | Attr = ]
hanja.lex -> %System32%\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 9/19/2007 9:19:55 AM | Attr = ]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 9/19/2007 9:15:49 AM | Attr = ]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 9/19/2007 9:20:02 AM | Attr = ]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
imekr.lex -> %System32%\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 9/19/2007 9:20:16 AM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196666 bytes | Created Date = 9/19/2007 9:20:20 AM | Attr = ]
IMS.CAT -> %System32%\dllcache\IMS.CAT -> [Ver = | Size = 13608 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
imscinst.exe -> %System32%\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 9/19/2007 9:20:22 AM | Attr = ]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 28672 bytes | Created Date = 9/19/2007 9:17:00 AM | Attr = ]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 9/19/2007 9:20:36 AM | Attr = ]
ltts1033.lxa -> %System32%\dllcache\ltts1033.lxa -> [Ver = | Size = 643717 bytes | Created Date = 9/19/2007 5:09:16 AM | Attr = ]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 9/19/2007 5:08:55 AM | Attr = ]
mciqtz32.dll -> %System32%\dllcache\mciqtz32.dll -> [Ver = | Size = 34304 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
mediactr.cat -> %System32%\dllcache\mediactr.cat -> [Ver = | Size = 22399 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
mpg2splt.ax -> %System32%\dllcache\mpg2splt.ax -> [Ver = | Size = 136192 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 9/19/2007 9:16:42 AM | Attr = ]
msdmo.dll -> %System32%\dllcache\msdmo.dll -> [Ver = | Size = 13312 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
msdvbnp.ax -> %System32%\dllcache\msdvbnp.ax -> [Ver = | Size = 52224 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
msinfo.dll -> %System32%\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 348160 bytes | Created Date = 9/19/2007 9:17:08 AM | Attr = ]
MSJDBC.CAT -> %System32%\dllcache\MSJDBC.CAT -> [Ver = | Size = 14031 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT -> [Ver = | Size = 10881 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7369 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
MW770.CAT -> %System32%\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
nls302en.lex -> %System32%\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 9/19/2007 9:17:38 AM | Attr = ]
NT5.CAT -> %System32%\dllcache\NT5.CAT -> [Ver = | Size = 2049999 bytes | Created Date = 9/19/2007 5:08:55 AM | Attr = ]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 9/19/2007 5:08:55 AM | Attr = ]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT -> [Ver = | Size = 451856 bytes | Created Date = 9/19/2007 5:08:55 AM | Attr = ]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086182 bytes | Created Date = 9/19/2007 5:08:55 AM | Attr = ]
nv4_disp.dll -> %System32%\dllcache\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 5783040 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
nv4_mini.sys -> %System32%\dllcache\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 272896 bytes | Created Date = 9/19/2007 9:15:55 AM | Attr = ]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 9/19/2007 9:20:55 AM | Attr = ]
psisdecd.dll -> %System32%\dllcache\psisdecd.dll -> [Ver = | Size = 354816 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
psisrndr.ax -> %System32%\dllcache\psisrndr.ax -> [Ver = | Size = 30208 bytes | Created Date = 10/7/2007 11:33:09 PM | Attr = ]
qasf.dll -> %System32%\dllcache\qasf.dll -> [Ver = | Size = 173056 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qcap.dll -> %System32%\dllcache\qcap.dll -> [Ver = | Size = 257024 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qdv.dll -> %System32%\dllcache\qdv.dll -> [Ver = | Size = 316928 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qdvd.dll -> %System32%\dllcache\qdvd.dll -> [Ver = | Size = 470528 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qedit.dll -> %System32%\dllcache\qedit.dll -> [Ver = | Size = 1798144 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
qedwipes.dll -> %System32%\dllcache\qedwipes.dll -> [Ver = | Size = 733184 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
quartz.dll -> %System32%\dllcache\quartz.dll -> [Ver = | Size = 1962496 bytes | Created Date = 10/7/2007 11:33:08 PM | Attr = ]
r1033tts.lxa -> %System32%\dllcache\r1033tts.lxa -> [Ver = | Size = 605050 bytes | Created Date = 9/19/2007 5:09:16 AM | Attr = ]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 9/19/2007 9:21:02 AM | Attr = ]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 9/19/2007 9:21:02 AM | Attr = ]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 9/19/2007 9:21:02 AM | Attr = ]
sam.sdf -> %System32%\dllcache\sam.sdf -> [Ver = | Size = 888 bytes | Created Date = 9/19/2007 5:09:17 AM | Attr = ]
sam.spd -> %System32%\dllcache\sam.spd -> [Ver = | Size = 1685606 bytes | Created Date = 9/19/2007 5:09:17 AM | Attr = ]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 9/19/2007 5:09:03 AM | Attr = ]
srframe.mmf -> %System32%\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 9/19/2007 9:17:01 AM | Attr = ]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat -> [Ver = | Size = 93044 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
TCLASSES.CAT -> %System32%\dllcache\TCLASSES.CAT -> [Ver = | Size = 22151 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
WFC.CAT -> %System32%\dllcache\WFC.CAT -> [Ver = | Size = 390168 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
XMLDSOC.CAT -> %System32%\dllcache\XMLDSOC.CAT -> [Ver = | Size = 21281 bytes | Created Date = 9/19/2007 5:08:56 AM | Attr = ]
AegisP.sys -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.5.0 | Size = 21035 bytes | Created Date = 10/7/2007 8:32:32 PM | Attr = ]
blank.gif -> %System32%\drivers\blank.gif -> [Ver = | Size = 837 bytes | Created Date = 11/4/2007 8:58:50 AM | Attr = ]
BLKWGDv7.SYS -> %System32%\drivers\BLKWGDv7.SYS -> Belkin Corporation. [Ver = 5.87.19.106 built by: WinDDK | Size = 303616 bytes | Created Date = 10/7/2007 8:32:42 PM | Attr = ]
box_1.gif -> %System32%\drivers\box_1.gif -> [Ver = | Size = 12313 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
box_2.gif -> %System32%\drivers\box_2.gif -> [Ver = | Size = 11927 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
box_3.gif -> %System32%\drivers\box_3.gif -> [Ver = | Size = 12326 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
button_buynow.gif -> %System32%\drivers\button_buynow.gif -> [Ver = | Size = 1619 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
button_freescan.gif -> %System32%\drivers\button_freescan.gif -> [Ver = | Size = 1647 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
cell_bg.gif -> %System32%\drivers\cell_bg.gif -> [Ver = | Size = 1342 bytes | Created Date = 11/4/2007 8:58:51 AM | Attr = ]
cell_footer.gif -> %System32%\drivers\cell_footer.gif -> [Ver = | Size = 1373 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
cell_header_block.gif -> %System32%\drivers\cell_header_block.gif -> [Ver = | Size = 3313 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
cell_header_remove.gif -> %System32%\drivers\cell_header_remove.gif -> [Ver = | Size = 3552 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
cell_header_scan.gif -> %System32%\drivers\cell_header_scan.gif -> [Ver = | Size = 3479 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 166945 bytes | Created Date = 11/4/2007 8:55:15 AM | Attr = ]
core.sys -> %System32%\drivers\core.sys -> [Ver = | Size = 72960 bytes | Created Date = 11/4/2007 8:55:10 AM | Attr = ]
detect.htm -> %System32%\drivers\detect.htm -> [Ver = | Size = 12461 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
disdn -> %System32%\drivers\disdn -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
download_box.gif -> %System32%\drivers\download_box.gif -> [Ver = | Size = 2238 bytes | Created Date = 11/4/2007 8:58:52 AM | Attr = ]
download_btn.jpg -> %System32%\drivers\download_btn.jpg -> [Ver = | Size = 8852 bytes | Created Date = 11/4/2007 8:58:53 AM | Attr = ]
download_now_btn.gif -> %System32%\drivers\download_now_btn.gif -> [Ver = | Size = 4448 bytes | Created Date = 11/4/2007 8:58:53 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Created Date = 9/18/2007 7:19:21 PM | Attr = ]
footer_back.jpg -> %System32%\drivers\footer_back.jpg -> [Ver = | Size = 2922 bytes | Created Date = 11/4/2007 8:58:53 AM | Attr = ]
header_1.gif -> %System32%\drivers\header_1.gif -> [Ver = | Size = 28459 bytes | Created Date = 11/4/2007 8:58:53 AM | Attr = ]
header_2.gif -> %System32%\drivers\header_2.gif -> [Ver = | Size = 15421 bytes | Created Date = 11/4/2007 8:58:57 AM | Attr = ]
header_3.gif -> %System32%\drivers\header_3.gif -> [Ver = | Size = 10193 bytes | Created Date = 11/4/2007 8:58:57 AM | Attr = ]
header_4.gif -> %System32%\drivers\header_4.gif -> [Ver = | Size = 11077 bytes | Created Date = 11/4/2007 8:58:57 AM | Attr = ]
header_red_bg.gif -> %System32%\drivers\header_red_bg.gif -> [Ver = | Size = 877 bytes | Created Date = 11/4/2007 8:58:57 AM | Attr = ]
header_red_free_scan.gif -> %System32%\drivers\header_red_free_scan.gif -> [Ver = | Size = 3216 bytes | Created Date = 11/4/2007 8:58:58 AM | Attr = ]
header_red_free_scan_bg.gif -> %System32%\drivers\header_red_free_scan_bg.gif -> [Ver = | Size = 838 bytes | Created Date = 11/4/2007 8:58:58 AM | Attr = ]
header_red_protect_your_pc.gif -> %System32%\drivers\header_red_protect_your_pc.gif -> [Ver = | Size = 16977 bytes | Created Date = 11/4/2007 8:58:58 AM | Attr = ]
infected.gif -> %System32%\drivers\infected.gif -> [Ver = | Size = 1204 bytes | Created Date = 11/4/2007 8:58:58 AM | Attr = ]
ltmdmnt.sys -> %System32%\drivers\ltmdmnt.sys -> LT [Ver = 8.23 | Size = 607360 bytes | Created Date = 9/19/2007 5:10:15 AM | Attr = ]
main_back.gif -> %System32%\drivers\main_back.gif -> [Ver = | Size = 215 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
nv4_mini.sys -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Created Date = 9/17/2007 12:07:00 AM | Attr = ]
perfect_cleaner_box.jpg -> %System32%\drivers\perfect_cleaner_box.jpg -> [Ver = | Size = 10260 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
product_1_header.gif -> %System32%\drivers\product_1_header.gif -> [Ver = | Size = 2604 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
product_1_name_small.gif -> %System32%\drivers\product_1_name_small.gif -> [Ver = | Size = 1253 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
product_2_header.gif -> %System32%\drivers\product_2_header.gif -> [Ver = | Size = 2214 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
product_2_name_small.gif -> %System32%\drivers\product_2_name_small.gif -> [Ver = | Size = 979 bytes | Created Date = 11/4/2007 8:58:59 AM | Attr = ]
product_3_header.gif -> %System32%\drivers\product_3_header.gif -> [Ver = | Size = 3080 bytes | Created Date = 11/4/2007 8:59:00 AM | Attr = ]
product_3_name_small.gif -> %System32%\drivers\product_3_name_small.gif -> [Ver = | Size = 1714 bytes | Created Date = 11/4/2007 8:59:00 AM | Attr = ]
product_features.gif -> %System32%\drivers\product_features.gif -> [Ver = | Size = 1330 bytes | Created Date = 11/4/2007 8:59:00 AM | Attr = ]
pt.htm -> %System32%\drivers\pt.htm -> [Ver = | Size = 36827 bytes | Created Date = 11/4/2007 8:59:00 AM | Attr = ]
rating.gif -> %System32%\drivers\rating.gif -> [Ver = | Size = 4008 bytes | Created Date = 11/4/2007 8:59:07 AM | Attr = ]
RTL8139.sys -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.396.0530.2001 | Size = 23070 bytes | Created Date = 9/19/2007 5:10:08 AM | Attr = ]
screenshot.jpg -> %System32%\drivers\screenshot.jpg -> [Ver = | Size = 26487 bytes | Created Date = 11/4/2007 8:59:07 AM | Attr = ]
sep_hor.gif -> %System32%\drivers\sep_hor.gif -> [Ver = | Size = 65 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
sep_vert.gif -> %System32%\drivers\sep_vert.gif -> [Ver = | Size = 53 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
shadow.jpg -> %System32%\drivers\shadow.jpg -> [Ver = | Size = 2798 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
shadow_bg.gif -> %System32%\drivers\shadow_bg.gif -> [Ver = | Size = 821 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
SjyPkt.sys -> %System32%\drivers\SjyPkt.sys -> Windows ® 2000 DDK provider [Ver = 5.00.2195.1 | Size = 13532 bytes | Created Date = 10/7/2007 8:31:33 PM | Attr = ]
spacer.gif -> %System32%\drivers\spacer.gif -> [Ver = | Size = 49 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
spy_away_box.jpg -> %System32%\drivers\spy_away_box.jpg -> [Ver = | Size = 13618 bytes | Created Date = 11/4/2007 8:59:10 AM | Attr = ]
star.gif -> %System32%\drivers\star.gif -> [Ver = | Size = 639 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
star_gray.gif -> %System32%\drivers\star_gray.gif -> [Ver = | Size = 425 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
star_gray_small.gif -> %System32%\drivers\star_gray_small.gif -> [Ver = | Size = 223 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
star_small.gif -> %System32%\drivers\star_small.gif -> [Ver = | Size = 550 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
style.css -> %System32%\drivers\style.css -> [Ver = | Size = 835 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
s_detect.htm -> %System32%\drivers\s_detect.htm -> [Ver = | Size = 1024 bytes | Created Date = 11/4/2007 8:59:07 AM | Attr = ]
v.gif -> %System32%\drivers\v.gif -> [Ver = | Size = 291 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
warning_icon.gif -> %System32%\drivers\warning_icon.gif -> [Ver = | Size = 3877 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
win_logo.gif -> %System32%\drivers\win_logo.gif -> [Ver = | Size = 1791 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
x.gif -> %System32%\drivers\x.gif -> [Ver = | Size = 283 bytes | Created Date = 11/4/2007 8:59:11 AM | Attr = ]
[Files/Folders - Modified Within 90 days]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 11/13/2007 11:32:26 AM | Attr = ]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 442 bytes | Modified Date = 10/8/2007 4:15:18 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/14/2007 6:52:50 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 11/14/2007 5:44:24 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 11/9/2007 7:02:04 AM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 11/14/2007 6:45:54 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 11/15/2007 7:27:30 AM | Attr = ]
WUTemp -> %SystemDrive%\WUTemp -> [Folder | Modified Date = 10/7/2007 9:49:02 PM | Attr = ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Modified Date = 11/5/2007 8:04:38 PM | Attr = H ]
addins -> %SystemRoot%\addins -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 9/18/2007 8:15:48 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/15/2007 7:45:38 AM | Attr = S]
bXVzdGFuZw -> %SystemRoot%\bXVzdGFuZw -> [Folder | Modified Date = 11/4/2007 8:39:16 PM | Attr = HS]
Config -> %SystemRoot%\Config -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 9/19/2007 9:18:48 AM | Attr = ]
cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 2135 bytes | Modified Date = 11/14/2007 7:54:32 PM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 11/14/2007 6:32:24 PM | Attr = HS]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 9/19/2007 9:15:56 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 11/14/2007 6:52:38 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/28/2007 6:41:10 PM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 9/19/2007 5:09:16 AM | Attr = R S]
Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico -> [Ver = | Size = 1150 bytes | Modified Date = 11/13/2007 5:33:26 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 11/9/2007 4:56:20 PM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 9/19/2007 9:19:04 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1917 bytes | Modified Date = 11/9/2007 7:04:52 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 11/9/2007 4:56:02 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/5/2007 8:06:08 PM | Attr = HS]
java -> %SystemRoot%\java -> [Folder | Modified Date = 9/19/2007 9:18:38 AM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 9/18/2007 8:14:10 PM | Attr = ]
mgrs.exe -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 11/13/2007 5:33:16 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1156 bytes | Modified Date = 11/8/2007 5:07:00 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 9/18/2007 8:13:38 PM | Attr = ]
msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
mui -> %SystemRoot%\mui -> [Folder | Modified Date = 9/18/2007 8:15:46 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 9/19/2007 10:16:02 AM | Attr = ]
nview -> %SystemRoot%\nview -> [Folder | Modified Date = 10/8/2007 5:38:08 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 9/19/2007 9:18:38 AM | Attr = ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 9/19/2007 9:17:54 AM | Attr = R ]
OPTIONS -> %SystemRoot%\OPTIONS -> [Folder | Modified Date = 10/7/2007 8:31:34 PM | Attr = ]
PCHealth -> %SystemRoot%\PCHealth -> [Folder | Modified Date = 9/19/2007 9:17:10 AM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 10/7/2007 11:45:30 PM | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/14/2007 9:55:02 PM | Attr = ]
pwisys.ini -> %SystemRoot%\pwisys.ini -> [Ver = | Size = 442 bytes | Modified Date = 11/14/2007 6:53:00 PM | Attr = ]
quit.exe -> %SystemRoot%\quit.exe -> Microsoft [Ver = 3.65.0002 | Size = 20480 bytes | Modified Date = 11/8/2007 12:57:38 AM | Attr = ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 10/7/2007 11:33:32 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 11/12/2007 11:45:36 PM | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 9/19/2007 10:11:40 AM | Attr = ]
repair -> %SystemRoot%\repair -> [Folder | Modified Date = 9/19/2007 9:19:04 AM | Attr = ]
Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 11/5/2007 4:44:16 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 11/9/2007 4:56:20 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 9/19/2007 9:17:40 AM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 11/7/2007 6:50:28 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 11/11/2007 9:36:28 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 9/19/2007 5:09:16 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 11/15/2007 7:45:24 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 10/8/2007 5:58:54 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 11/15/2007 7:31:22 AM | Attr = ]
TTC-4444.exe -> %SystemRoot%\TTC-4444.exe -> [Ver = | Size = 169147 bytes | Modified Date = 11/4/2007 8:56:12 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 9/18/2007 8:14:08 PM | Attr = ]
vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 9/19/2007 9:16:10 AM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 9/19/2007 9:16:10 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 9/19/2007 9:17:56 AM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 472 bytes | Modified Date = 9/19/2007 9:18:48 AM | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 58 bytes | Modified Date = 10/7/2007 9:42:18 PM | Attr = ]
winshow.exe -> %SystemRoot%\winshow.exe -> [Ver = 23.03.0026 | Size = 35840 bytes | Modified Date = 11/8/2007 1:11:28 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 11/5/2007 8:05:36 PM | Attr = ]
WMSysPrx.prx -> %SystemRoot%\WMSysPrx.prx -> [Ver = | Size = 299552 bytes | Modified Date = 9/19/2007 9:18:44 AM | Attr = ]
yahooo.exe -> %SystemRoot%\yahooo.exe -> Microsoft [Ver = 4.30.0004 | Size = 32768 bytes | Modified Date = 11/8/2007 12:57:56 AM | Attr = ]
?icrosoft -> %SystemRoot%\?icrosoft -> [Folder | Modified Date = 11/4/2007 9:41:34 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 11/10/2007 2:17:04 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/15/2007 7:31:52 AM | Attr = H ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Modified Date = 9/19/2007 9:21:38 AM | Attr = ]
1025 -> %System32%\1025 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1028 -> %System32%\1028 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1031 -> %System32%\1031 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1033 -> %System32%\1033 -> [Folder | Modified Date = 9/18/2007 8:13:24 PM | Attr = ]
1037 -> %System32%\1037 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1041 -> %System32%\1041 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1042 -> %System32%\1042 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
1054 -> %System32%\1054 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
2052 -> %System32%\2052 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
3076 -> %System32%\3076 -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
3com_dmi -> %System32%\3com_dmi -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
a1 -> %System32%\a1 -> [Folder | Modified Date = 11/4/2007 8:39:16 PM | Attr = ]
accttlmc.dll -> %System32%\accttlmc.dll -> [Ver = | Size = 85056 bytes | Modified Date = 11/10/2007 6:55:42 PM | Attr = ]
aivskurq.dll -> %System32%\aivskurq.dll -> Microsoft [Ver = 1.00.0091 | Size = 21504 bytes | Modified Date = 11/4/2007 8:42:26 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 9/19/2007 9:18:46 AM | Attr = ]
awavyhad.dll -> %System32%\awavyhad.dll -> [Ver = | Size = 86080 bytes | Modified Date = 11/7/2007 11:16:56 PM | Attr = ]
bbaplkxx.dll -> %System32%\bbaplkxx.dll -> [Ver = | Size = 81472 bytes | Modified Date = 11/10/2007 5:55:34 PM | Attr = ]
bnkijbcv.ini -> %System32%\bnkijbcv.ini -> [Ver = | Size = 668993 bytes | Modified Date = 11/14/2007 3:25:46 AM | Attr = HS]
bvgevqai -> %System32%\bvgevqai -> [Folder | Modified Date = 11/4/2007 9:01:30 AM | Attr = ]
bxokvvve.ini -> %System32%\bxokvvve.ini -> [Ver = | Size = 671187 bytes | Modified Date = 11/14/2007 6:52:58 PM | Attr = HS]
byxwwts.dll -> %System32%\byxwwts.dll -> [Ver = | Size = 36352 bytes | Modified Date = 11/8/2007 1:11:58 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 9/19/2007 5:08:48 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/15/2007 7:30:44 AM | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
ckffoxxq.dll -> %System32%\ckffoxxq.dll -> [Ver = | Size = 87104 bytes | Modified Date = 11/7/2007 10:19:52 PM | Attr = ]
cmlttcca.ini -> %System32%\cmlttcca.ini -> [Ver = | Size = 584776 bytes | Modified Date = 11/11/2007 9:36:02 AM | Attr = HS]
cnrmrugo.dll -> %System32%\cnrmrugo.dll -> [Ver = | Size = 85056 bytes | Modified Date = 11/14/2007 6:58:44 PM | Attr = ]
Com -> %System32%\Com -> [Folder | Modified Date = 9/19/2007 9:16:12 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 9/19/2007 10:11:32 AM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2578 bytes | Modified Date = 9/19/2007 9:18:48 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 1324 bytes | Modified Date = 10/14/2007 4:50:20 PM | Attr = ]
dahyvawa.ini -> %System32%\dahyvawa.ini -> [Ver = | Size = 570249 bytes | Modified Date = 11/8/2007 6:06:36 AM | Attr = HS]
dhcp -> %System32%\dhcp -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 10/7/2007 11:53:16 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 11/9/2007 4:56:06 PM | Attr = RHS]
dlpsrqpd.dll -> %System32%\dlpsrqpd.dll -> [Ver = | Size = 144480 bytes | Modified Date = 11/12/2007 3:10:52 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/4/2007 8:55:12 AM | Attr = ]
efcyyya.dll -> %System32%\efcyyya.dll -> [Ver = | Size = 36864 bytes | Modified Date = 11/4/2007 9:00:28 AM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Modified Date = 9/19/2007 9:16:10 AM | Attr = ]
explorer.exe -> %System32%\explorer.exe -> Microsoft [Ver = 724.06.0034 | Size = 40960 bytes | Modified Date = 11/14/2007 6:56:28 PM | Attr = ]
export -> %System32%\export -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
eyjjyebo.dll -> %System32%\eyjjyebo.dll -> [Ver = | Size = 88128 bytes | Modified Date = 11/10/2007 5:49:34 PM | Attr = ]
fdqdntmr.exe -> %System32%\fdqdntmr.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/10/2007 6:46:34 PM | Attr = ]
fibagbia -> %System32%\fibagbia -> [Folder | Modified Date = 11/13/2007 5:32:18 PM | Attr = ]
fisuxmel.dll -> %System32%\fisuxmel.dll -> [Ver = | Size = 87104 bytes | Modified Date = 11/6/2007 10:16:56 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 90296 bytes | Modified Date = 9/19/2007 10:11:34 AM | Attr = ]
fvetsnri.ini -> %System32%\fvetsnri.ini -> [Ver = | Size = 584776 bytes | Modified Date = 11/11/2007 9:36:02 AM | Attr = HS]
g2 -> %System32%\g2 -> [Folder | Modified Date = 11/4/2007 8:55:02 AM | Attr = ]
ghginomi.dll -> %System32%\ghginomi.dll -> [Ver = | Size = 81472 bytes | Modified Date = 11/7/2007 10:16:52 PM | Attr = ]
gnyurxvw.dllbox -> %System32%\gnyurxvw.dllbox -> [Ver = | Size = 20768 bytes | Modified Date = 11/14/2007 6:46:34 PM | Attr = HS]
guxehavv.exe -> %System32%\guxehavv.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 11/6/2007 8:27:46 PM | Attr = ]
gvrxieni.dll -> %System32%\gvrxieni.dll -> [Ver = | Size = 79936 bytes | Modified Date = 11/8/2007 11:13:54 PM | Attr = ]
h1 -> %System32%\h1 -> [Folder | Modified Date = 11/4/2007 7:25:08 PM | Attr = ]
hajjgxjs.exe -> %System32%\hajjgxjs.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 3:22:50 AM | Attr = ]
hfdxkfui.ini -> %System32%\hfdxkfui.ini -> [Ver = | Size = 569962 bytes | Modified Date = 11/6/2007 8:47:12 PM | Attr = HS]
hggdefd.dll -> %System32%\hggdefd.dll -> [Ver = | Size = 36352 bytes | Modified Date = 11/13/2007 5:32:12 PM | Attr = ]
hkofdxud.dll -> %System32%\hkofdxud.dll -> [Ver = | Size = 78912 bytes | Modified Date = 11/4/2007 8:35:00 PM | Attr = ]
htoanngi.exe -> %System32%\htoanngi.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 11/5/2007 8:26:58 PM | Attr = ]
hvoywdws.dll -> %System32%\hvoywdws.dll -> [Ver = | Size = 79424 bytes | Modified Date = 11/14/2007 5:47:10 PM | Attr = ]
hwtoffev.dll -> %System32%\hwtoffev.dll -> [Ver = | Size = 80448 bytes | Modified Date = 11/13/2007 4:50:08 PM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 9/19/2007 9:18:26 AM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Modified Date = 9/18/2007 8:13:52 PM | Attr = ]
IExplorer.dll .dbt -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Modified Date = 11/8/2007 12:58:00 AM | Attr = ]
igtwcwkt.dll -> %System32%\igtwcwkt.dll -> [Ver = | Size = 81472 bytes | Modified Date = 11/6/2007 10:14:08 PM | Attr = ]
ihhkj.bak1 -> %System32%\ihhkj.bak1 -> [Ver = | Size = 6470 bytes | Modified Date = 11/13/2007 4:38:14 PM | Attr = HS]
ihhkj.ini -> %System32%\ihhkj.ini -> [Ver = | Size = 34210 bytes | Modified Date = 11/13/2007 5:50:10 PM | Attr = HS]
ihmucegi.dll -> %System32%\ihmucegi.dll -> [Ver = | Size = 79424 bytes | Modified Date = 11/14/2007 6:55:46 PM | Attr = ]
IME -> %System32%\IME -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
inf -> %System32%\inf -> [Folder | Modified Date = 11/11/2007 9:36:30 AM | Attr = ]
insfmkdh.dll -> %System32%\insfmkdh.dll -> [Ver = | Size = 81472 bytes | Modified Date = 11/14/2007 3:25:40 AM | Attr = ]
irnstevf.dll -> %System32%\irnstevf.dll -> [Ver = | Size = 88128 bytes | Modified Date = 11/9/2007 5:46:44 PM | Attr = ]
iufkxdfh.dll -> %System32%\iufkxdfh.dll -> [Ver = | Size = 85568 bytes | Modified Date = 11/5/2007 8:38:46 PM | Attr = ]
jffufwnm.dll -> %System32%\jffufwnm.dll -> [Ver = | Size = 89664 bytes | Modified Date = 11/12/2007 3:08:04 PM | Attr = ]
jkhhi.dll -> %System32%\jkhhi.dll -> [Ver = | Size = 319072 bytes | Modified Date = 11/13/2007 4:37:58 PM | Attr = ]
jkklllj.dll -> %System32%\jkklllj.dll -> [Ver = | Size = 36352 bytes | Modified Date = 11/8/2007 1:17:06 AM | Attr = ]
keystone.exe -> %System32%\keystone.exe -> [Ver = | Size = 425984 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
kgcdpudj.dll -> %System32%\kgcdpudj.dll -> [Ver = | Size = 144480 bytes | Modified Date = 11/14/2007 7:01:44 PM | Attr = ]
kikxchia.dll -> %System32%\kikxchia.dll -> [Ver = | Size = 144480 bytes | Modified Date = 11/14/2007 7:02:04 PM | Attr = ]
kikxchia.dllbox -> %System32%\kikxchia.dllbox -> [Ver = | Size = 20810 bytes | Modified Date = 11/15/2007 7:45:54 AM | Attr = HS]
lcpmoqxo.dll -> %System32%\lcpmoqxo.dll -> [Ver = | Size = 78912 bytes | Modified Date = 11/4/2007 8:34:42 PM | Attr = ]
ldcore.dll -> %System32%\ldcore.dll -> [Ver = | Size = 7713 bytes | Modified Date = 11/4/2007 8:55:50 AM | Attr = ]
ldinfo.ldr -> %System32%\ldinfo.ldr -> [Ver = | Size = 399 bytes | Modified Date = 11/14/2007 5:43:12 PM | Attr = ]
lemxusif.ini -> %System32%\lemxusif.ini -> [Ver = | Size = 570101 bytes | Modified Date = 11/8/2007 1:02:24 AM | Attr = HS]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 9/19/2007 9:17:54 AM | Attr = RH ]
lwisys16_071111.dll -> %System32%\lwisys16_071111.dll -> [Ver = | Size = 23040 bytes | Modified Date = 11/11/2007 9:36:30 AM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 9/19/2007 9:16:48 AM | Attr = ]
mevpgvwp.ini -> %System32%\mevpgvwp.ini -> [Ver = | Size = 668993 bytes | Modified Date = 11/13/2007 4:53:22 PM | Attr = HS]
Microsoft -> %System32%\Microsoft -> [Folder | Modified Date = 10/7/2007 8:33:02 PM | Attr = S]
mndmhsjc.ini -> %System32%\mndmhsjc.ini -> [Ver = | Size = 576845 bytes | Modified Date = 11/4/2007 9:36:28 PM | Attr = HS]
mnwfuffj.ini -> %System32%\mnwfuffj.ini -> [Ver = | Size = 590476 bytes | Modified Date = 11/12/2007 11:58:00 PM | Attr = HS]
mp43.exe -> %System32%\mp43.exe -> Microsoft [Ver = 4.30.0004 | Size = 32768 bytes | Modified Date = 11/8/2007 12:57:56 AM | Attr = ]
MsDtc -> %System32%\MsDtc -> [Folder | Modified Date = 9/19/2007 9:16:08 AM | Attr = ]
msnav32.ax -> %System32%\msnav32.ax -> [Ver = | Size = 17 bytes | Modified Date = 11/4/2007 8:58:12 AM | Attr = ]
mtdrnqgu.exe -> %System32%\mtdrnqgu.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/7/2007 9:04:54 PM | Attr = ]
mtoewqjd.dll -> %System32%\mtoewqjd.dll -> [Ver = | Size = 83008 bytes | Modified Date = 11/5/2007 8:41:46 PM | Attr = ]
mui -> %System32%\mui -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
mwisys32_071111.dll -> %System32%\mwisys32_071111.dll -> [Ver = | Size = 203264 bytes | Modified Date = 11/14/2007 6:52:54 PM | Attr = ]
mywehit.ini -> %System32%\mywehit.ini -> [Ver = | Size = 188 bytes | Modified Date = 11/11/2007 9:39:42 AM | Attr = ]
Mz08r -> %System32%\Mz08r -> [Folder | Modified Date = 11/12/2007 11:55:34 PM | Attr = ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
npp -> %System32%\npp -> [Folder | Modified Date = 9/18/2007 8:15:22 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 9/19/2007 9:18:46 AM | Attr = ]
nv4_disp.dll -> %System32%\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 5783040 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvapi.dll -> %System32%\nvapi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 364544 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvappbar.exe -> %System32%\nvappbar.exe -> [Ver = | Size = 442368 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 138893 bytes | Modified Date = 10/8/2007 5:46:00 PM | Attr = ]
nvcod.dll -> %System32%\nvcod.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcodins.dll -> %System32%\nvcodins.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcolor.exe -> %System32%\nvcolor.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 147456 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcpl.cpl -> %System32%\nvcpl.cpl -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 413696 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcpl.dll -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvcplui.exe -> %System32%\nvcplui.exe -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 753664 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvdisp.nvu -> %System32%\nvdisp.nvu -> [Ver = | Size = 17525 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvdisps.dll -> %System32%\nvdisps.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6344704 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvdspsch.exe -> %System32%\nvdspsch.exe -> [Ver = | Size = 1339392 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvexpbar.dll -> %System32%\nvexpbar.dll -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 307200 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvgames.dll -> %System32%\nvgames.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3334144 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nview.dll -> %System32%\nview.dll -> [Ver = | Size = 1478656 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccs.dll -> %System32%\nvmccs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 229376 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccsrs.dll -> %System32%\nvmccsrs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 45056 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmccss.dll -> %System32%\nvmccss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 188416 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmctray.dll -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvmobls.dll -> %System32%\nvmobls.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 1150976 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvnt4cpl.dll -> %System32%\nvnt4cpl.dll -> [Ver = | Size = 286720 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvoglnt.dll -> %System32%\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6746112 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvshell.dll -> %System32%\nvshell.dll -> [Ver = | Size = 466944 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvtuicpl.cpl -> %System32%\nvtuicpl.cpl -> [Ver = | Size = 73728 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvudisp.exe -> %System32%\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Modified Date = 9/17/2007 1:10:36 AM | Attr = ]
nvvitvs.dll -> %System32%\nvvitvs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3551232 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwddi.dll -> %System32%\nvwddi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwdmcpl.dll -> %System32%\nvwdmcpl.dll -> [Ver = | Size = 1703936 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwimg.dll -> %System32%\nvwimg.dll -> [Ver = | Size = 1019904 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nvwss.dll -> %System32%\nvwss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 2371584 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
nxxdtwcy.dll -> %System32%\nxxdtwcy.dll -> [Ver = | Size = 86080 bytes | Modified Date = 11/8/2007 11:19:54 PM | Attr = ]
obeyjjye.ini -> %System32%\obeyjjye.ini -> [Ver = | Size = 584776 bytes | Modified Date = 11/11/2007 9:36:02 AM | Attr = HS]
ogurmrnc.ini -> %System32%\ogurmrnc.ini -> [Ver = | Size = 671247 bytes | Modified Date = 11/14/2007 6:58:56 PM | Attr = HS]
ogurmrnc.ini2 -> %System32%\ogurmrnc.ini2 -> [Ver = | Size = 671265 bytes | Modified Date = 11/14/2007 7:54:26 PM | Attr = HS]
ogurmrnc.tmp -> %System32%\ogurmrnc.tmp -> [Ver = | Size = 671247 bytes | Modified Date = 11/14/2007 6:58:56 PM | Attr = HS]
oobe -> %System32%\oobe -> [Folder | Modified Date = 9/19/2007 9:17:20 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 39992 bytes | Modified Date = 10/30/2007 4:14:42 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 311604 bytes | Modified Date = 10/30/2007 4:14:42 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 10/30/2007 4:14:42 PM | Attr = ]
pnhxsisu.exe -> %System32%\pnhxsisu.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 6:53:00 PM | Attr = ]
puhmcwdy.dll -> %System32%\puhmcwdy.dll -> [Ver = | Size = 79936 bytes | Modified Date = 11/7/2007 11:10:56 PM | Attr = ]
pwvgpvem.dll -> %System32%\pwvgpvem.dll -> [Ver = | Size = 85056 bytes | Modified Date = 11/13/2007 4:53:10 PM | Attr = ]
qmdlwpln.exe -> %System32%\qmdlwpln.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/9/2007 5:43:34 PM | Attr = ]
qqtss.bak1 -> %System32%\qqtss.bak1 -> [Ver = | Size = 642062 bytes | Modified Date = 11/13/2007 5:56:16 PM | Attr = HS]
qqtss.bak2 -> %System32%\qqtss.bak2 -> [Ver = | Size = 443995 bytes | Modified Date = 11/14/2007 6:53:00 PM | Attr = HS]
qqtss.ini -> %System32%\qqtss.ini -> [Ver = | Size = 445959 bytes | Modified Date = 11/12/2007 3:05:50 PM | Attr = HS]
qqtss.ini2 -> %System32%\qqtss.ini2 -> [Ver = | Size = 479823 bytes | Modified Date = 11/15/2007 7:31:32 AM | Attr = HS]
qqtss.tmp -> %System32%\qqtss.tmp -> [Ver = | Size = 452379 bytes | Modified Date = 11/12/2007 11:42:24 PM | Attr = HS]
qxrijllm.exe -> %System32%\qxrijllm.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/12/2007 3:05:54 PM | Attr = ]
qxxoffkc.ini -> %System32%\qxxoffkc.ini -> [Ver = | Size = 570161 bytes | Modified Date = 11/8/2007 1:02:24 AM | Attr = HS]
r2 -> %System32%\r2 -> [Folder | Modified Date = 11/4/2007 8:55:02 AM | Attr = ]
ras -> %System32%\ras -> [Folder | Modified Date = 9/18/2007 8:14:00 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 11/9/2007 7:02:04 AM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
Setup -> %System32%\Setup -> [Folder | Modified Date = 9/18/2007 8:15:52 PM | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
sijkdvbv.dll -> %System32%\sijkdvbv.dll -> [Ver = | Size = 77888 bytes | Modified Date = 11/9/2007 5:52:36 PM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Modified Date = 11/9/2007 4:56:00 PM | Attr = ]
spool -> %System32%\spool -> [Folder | Modified Date = 9/19/2007 9:15:06 AM | Attr = ]
ssqpqqr.dll -> %System32%\ssqpqqr.dll -> [Ver = | Size = 36864 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
sstqq.dll -> %System32%\sstqq.dll -> [Ver = | Size = 319584 bytes | Modified Date = 11/4/2007 9:01:00 AM | Attr = ]
stgqofpe.exe -> %System32%\stgqofpe.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/7/2007 11:07:54 PM | Attr = ]
stwpinut.dll -> %System32%\stwpinut.dll -> [Ver = | Size = 80448 bytes | Modified Date = 11/13/2007 11:41:08 AM | Attr = ]
S?mantec -> %System32%\S?mantec -> [Folder | Modified Date = 11/9/2007 6:42:30 PM | Attr = ]
tsuxipcy.dll -> %System32%\tsuxipcy.dll -> [Ver = | Size = 88128 bytes | Modified Date = 11/11/2007 6:52:48 PM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Modified Date = 9/18/2007 8:15:50 PM | Attr = ]
uyrbktrd.exe -> %System32%\uyrbktrd.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 5:41:26 PM | Attr = ]
v8 -> %System32%\v8 -> [Folder | Modified Date = 11/4/2007 8:55:02 AM | Attr = ]
vcbjiknb.dll -> %System32%\vcbjiknb.dll -> [Ver = | Size = 85056 bytes | Modified Date = 11/14/2007 3:25:34 AM | Attr = ]
vdcymkly.exe -> %System32%\vdcymkly.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/8/2007 11:10:54 PM | Attr = ]
visxigyp.exe -> %System32%\visxigyp.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/14/2007 6:32:58 PM | Attr = ]
vvgeowbv.exe -> %System32%\vvgeowbv.exe -> [Ver = | Size = 0 bytes | Modified Date = 11/4/2007 8:42:26 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 9/19/2007 9:19:04 AM | Attr = ]
WhoisCL.exe -> %System32%\WhoisCL.exe -> NirSoft [Ver = 1.20 | Size = 10752 bytes | Modified Date = 10/17/2007 8:42:08 AM | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 9/19/2007 9:17:54 AM | Attr = RH ]
wins -> %System32%\wins -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
winxoo32.dll -> %System32%\winxoo32.dll -> [Ver = | Size = 19968 bytes | Modified Date = 11/4/2007 8:58:14 AM | Attr = ]
wmpscheme.xml -> %System32%\wmpscheme.xml -> [Ver = | Size = 25065 bytes | Modified Date = 10/8/2007 4:05:12 PM | Attr = ]
wnscpisv32.exe -> %System32%\wnscpisv32.exe -> [Ver = | Size = 2 bytes | Modified Date = 11/12/2007 5:47:06 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/12/2007 11:55:42 PM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 9/19/2007 9:17:50 AM | Attr = RH ]
xircom -> %System32%\xircom -> [Folder | Modified Date = 9/19/2007 9:19:04 AM | Attr = ]
xjoatova.exe -> %System32%\xjoatova.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/10/2007 5:43:34 PM | Attr = ]
ycpixust.ini -> %System32%\ycpixust.ini -> [Ver = | Size = 585038 bytes | Modified Date = 11/11/2007 7:14:56 PM | Attr = HS]
ycwtdxxn.ini -> %System32%\ycwtdxxn.ini -> [Ver = | Size = 584179 bytes | Modified Date = 11/8/2007 11:20:18 PM | Attr = HS]
?asks -> %System32%\?asks -> [Folder | Modified Date = 11/12/2007 5:47:04 PM | Attr = ]
nv4_disp.dll -> %System32%\dllcache\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 5783040 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
nv4_mini.sys -> %System32%\dllcache\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
AegisP.sys -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.5.0 | Size = 21035 bytes | Modified Date = 10/7/2007 8:32:34 PM | Attr = ]
blank.gif -> %System32%\drivers\blank.gif -> [Ver = | Size = 837 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
box_1.gif -> %System32%\drivers\box_1.gif -> [Ver = | Size = 12313 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
box_2.gif -> %System32%\drivers\box_2.gif -> [Ver = | Size = 11927 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
box_3.gif -> %System32%\drivers\box_3.gif -> [Ver = | Size = 12326 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
button_buynow.gif -> %System32%\drivers\button_buynow.gif -> [Ver = | Size = 1619 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
button_freescan.gif -> %System32%\drivers\button_freescan.gif -> [Ver = | Size = 1647 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
cell_bg.gif -> %System32%\drivers\cell_bg.gif -> [Ver = | Size = 1342 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
cell_footer.gif -> %System32%\drivers\cell_footer.gif -> [Ver = | Size = 1373 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
cell_header_block.gif -> %System32%\drivers\cell_header_block.gif -> [Ver = | Size = 3313 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
cell_header_remove.gif -> %System32%\drivers\cell_header_remove.gif -> [Ver = | Size = 3552 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
cell_header_scan.gif -> %System32%\drivers\cell_header_scan.gif -> [Ver = | Size = 3479 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 166945 bytes | Modified Date = 11/4/2007 8:55:18 AM | Attr = ]
core.sys -> %System32%\drivers\core.sys -> [Ver = | Size = 72960 bytes | Modified Date = 11/4/2007 8:55:12 AM | Attr = ]
detect.htm -> %System32%\drivers\detect.htm -> [Ver = | Size = 12461 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
disdn -> %System32%\drivers\disdn -> [Folder | Modified Date = 9/18/2007 7:19:22 PM | Attr = ]
download_box.gif -> %System32%\drivers\download_box.gif -> [Ver = | Size = 2238 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
download_btn.jpg -> %System32%\drivers\download_btn.jpg -> [Ver = | Size = 8852 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
download_now_btn.gif -> %System32%\drivers\download_now_btn.gif -> [Ver = | Size = 4448 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 11/13/2007 6:40:18 PM | Attr = ]
footer_back.jpg -> %System32%\drivers\footer_back.jpg -> [Ver = | Size = 2922 bytes | Modified Date = 11/4/2007 8:42:12 PM | Attr = ]
header_1.gif -> %System32%\drivers\header_1.gif -> [Ver = | Size = 28459 bytes | Modified Date = 11/4/2007 8:42:14 PM | Attr = ]
header_2.gif -> %System32%\drivers\header_2.gif -> [Ver = | Size = 15421 bytes | Modified Date = 11/4/2007 8:42:14 PM | Attr = ]
header_3.gif -> %System32%\drivers\header_3.gif -> [Ver = | Size = 10193 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
header_4.gif -> %System32%\drivers\header_4.gif -> [Ver = | Size = 11077 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
header_red_bg.gif -> %System32%\drivers\header_red_bg.gif -> [Ver = | Size = 877 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
header_red_free_scan.gif -> %System32%\drivers\header_red_free_scan.gif -> [Ver = | Size = 3216 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
header_red_free_scan_bg.gif -> %System32%\drivers\header_red_free_scan_bg.gif -> [Ver = | Size = 838 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
header_red_protect_your_pc.gif -> %System32%\drivers\header_red_protect_your_pc.gif -> [Ver = | Size = 16977 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
infected.gif -> %System32%\drivers\infected.gif -> [Ver = | Size = 1204 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
main_back.gif -> %System32%\drivers\main_back.gif -> [Ver = | Size = 215 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
nv4_mini.sys -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Modified Date = 9/17/2007 12:07:00 AM | Attr = ]
perfect_cleaner_box.jpg -> %System32%\drivers\perfect_cleaner_box.jpg -> [Ver = | Size = 10260 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_1_header.gif -> %System32%\drivers\product_1_header.gif -> [Ver = | Size = 2604 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_1_name_small.gif -> %System32%\drivers\product_1_name_small.gif -> [Ver = | Size = 1253 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_2_header.gif -> %System32%\drivers\product_2_header.gif -> [Ver = | Size = 2214 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_2_name_small.gif -> %System32%\drivers\product_2_name_small.gif -> [Ver = | Size = 979 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_3_header.gif -> %System32%\drivers\product_3_header.gif -> [Ver = | Size = 3080 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_3_name_small.gif -> %System32%\drivers\product_3_name_small.gif -> [Ver = | Size = 1714 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
product_features.gif -> %System32%\drivers\product_features.gif -> [Ver = | Size = 1330 bytes | Modified Date = 11/4/2007 8:42:16 PM | Attr = ]
pt.htm -> %System32%\drivers\pt.htm -> [Ver = | Size = 36827 bytes | Modified Date = 11/4/2007 8:42:20 PM | Attr = ]
rating.gif -> %System32%\drivers\rating.gif -> [Ver = | Size = 4008 bytes | Modified Date = 11/4/2007 8:42:20 PM | Attr = ]
screenshot.jpg -> %System32%\drivers\screenshot.jpg -> [Ver = | Size = 26487 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
sep_hor.gif -> %System32%\drivers\sep_hor.gif -> [Ver = | Size = 65 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
sep_vert.gif -> %System32%\drivers\sep_vert.gif -> [Ver = | Size = 53 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
shadow.jpg -> %System32%\drivers\shadow.jpg -> [Ver = | Size = 2798 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
shadow_bg.gif -> %System32%\drivers\shadow_bg.gif -> [Ver = | Size = 821 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
spacer.gif -> %System32%\drivers\spacer.gif -> [Ver = | Size = 49 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
spy_away_box.jpg -> %System32%\drivers\spy_away_box.jpg -> [Ver = | Size = 13618 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
star.gif -> %System32%\drivers\star.gif -> [Ver = | Size = 639 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
star_gray.gif -> %System32%\drivers\star_gray.gif -> [Ver = | Size = 425 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
star_gray_small.gif -> %System32%\drivers\star_gray_small.gif -> [Ver = | Size = 223 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
star_small.gif -> %System32%\drivers\star_small.gif -> [Ver = | Size = 550 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
style.css -> %System32%\drivers\style.css -> [Ver = | Size = 835 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
s_detect.htm -> %System32%\drivers\s_detect.htm -> [Ver = | Size = 1024 bytes | Modified Date = 11/4/2007 8:42:20 PM | Attr = ]
v.gif -> %System32%\drivers\v.gif -> [Ver = | Size = 291 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
warning_icon.gif -> %System32%\drivers\warning_icon.gif -> [Ver = | Size = 3877 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
win_logo.gif -> %System32%\drivers\win_logo.gif -> [Ver = | Size = 1791 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
x.gif -> %System32%\drivers\x.gif -> [Ver = | Size = 283 bytes | Modified Date = 11/4/2007 8:42:24 PM | Attr = ]
[File String Scan - All]
PEC2 , PECompact2 , -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 11/13/2007 5:33:16 PM | Attr = ]
UPX! , UPX0 , -> %System32%\aivskurq.dll -> Microsoft [Ver = 1.00.0091 | Size = 21504 bytes | Modified Date = 11/4/2007 8:42:26 PM | Attr = ]
aspack , -> %System32%\d3dx9_25.dll -> Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Modified Date = 3/18/2005 4:19:58 PM | Attr = ]
aspack , -> %System32%\d3dx9_26.dll -> Microsoft Corporation [Ver = 9.07.239.0000 | Size = 2297552 bytes | Modified Date = 5/26/2005 2:34:52 PM | Attr = ]
aspack , -> %System32%\d3dx9_27.dll -> Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Modified Date = 7/22/2005 6:59:04 PM | Attr = ]
aspack , -> %System32%\d3dx9_28.dll -> Microsoft Corporation [Ver = 9.10.455.0000 | Size = 2323664 bytes | Modified Date = 12/5/2005 5:09:18 PM | Attr = ]
aspack , -> %System32%\d3dx9_29.dll -> Microsoft Corporation [Ver = 9.11.519.0000 | Size = 2332368 bytes | Modified Date = 2/3/2006 7:43:16 AM | Attr = ]
aspack , -> %System32%\d3dx9_30.dll -> Microsoft Corporation [Ver = 9.12.589.0000 | Size = 2388176 bytes | Modified Date = 3/31/2006 11:40:58 AM | Attr = ]
aspack , -> %System32%\d3dx9_31.dll -> Microsoft Corporation [Ver = 9.15.779.0000 | Size = 2414360 bytes | Modified Date = 9/28/2006 3:05:20 PM | Attr = ]
aspack , -> %System32%\d3dx9_32.dll -> Microsoft Corporation [Ver = 9.16.843.0000 | Size = 3426072 bytes | Modified Date = 11/29/2006 12:06:18 PM | Attr = ]
aspack , -> %System32%\d3dx9_33.dll -> Microsoft Corporation [Ver = 9.18.904.0015 | Size = 3495784 bytes | Modified Date = 3/12/2007 3:42:30 PM | Attr = ]
aspack , -> %System32%\d3dx9_34.dll -> Microsoft Corporation [Ver = 9.19.949.0046 | Size = 3497832 bytes | Modified Date = 5/16/2007 3:45:16 PM | Attr = ]
aspack , -> %System32%\d3dx9_35.dll -> Microsoft Corporation [Ver = 9.19.949.1104 | Size = 3727720 bytes | Modified Date = 7/19/2007 5:14:42 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\guxehavv.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 11/6/2007 8:27:46 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\htoanngi.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 11/5/2007 8:26:58 PM | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%\initpki.dll -> Microsoft Corporation [Ver = 5.131.2600.0 (xpclient.010817-1148) | Size = 144896 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , -> %System32%\ntbackup.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 1135616 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , -> %System32%\nusrmgr.cpl -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Umonitor , -> %System32%\rasdlg.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 631808 bytes | Modified Date = 8/29/2002 4:41:10 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\WhoisCL.exe -> NirSoft [Ver = 1.20 | Size = 10752 bytes | Modified Date = 10/17/2007 8:42:08 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\winxoo32.dll -> [Ver = | Size = 19968 bytes | Modified Date = 11/4/2007 8:58:14 AM | Attr = ]
UPX! , -> %System32%\dllcache\hwxcht.dll -> Microsoft Corporation [Ver = 1.0.0304.0 | Size = 10096640 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
UPX! , WSUD , -> %System32%\dllcache\hwxkor.dll -> Microsoft Corporation [Ver = 1.0.1038.0 | Size = 10129408 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%\dllcache\initpki.dll -> Microsoft Corporation [Ver = 5.131.2600.0 (xpclient.010817-1148) | Size = 144896 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , -> %System32%\dllcache\ntbackup.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 1135616 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , -> %System32%\dllcache\nusrmgr.cpl -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
Umonitor , -> %System32%\dllcache\rasdlg.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 631808 bytes | Modified Date = 8/29/2002 4:41:10 AM | Attr = ]
< End of report >
Thanks, as you can see it's a lot of information to sort through. While I'm looking through that can you do one more thing for me.
Click start then run and paste the following line into the run box
regedit /e d:\regnotify.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
It'll take a few seconds to run then you should see a new text file named regnotify.txt in d:\ copy its entire contents and paste them in a reply to this topic.
Click start then run and paste the following line into the run box
regedit /e d:\regnotify.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
It'll take a few seconds to run then you should see a new text file named regnotify.txt in d:\ copy its entire contents and paste them in a reply to this topic.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kikxchia]
"Dllname"="kikxchia.dll"
"Shutdown"="NotifyShutdown"
"Startup"="NotifyStartup"
"Logon"="NotifyLogon"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxoo32]
"Asynchronous"=dword:00000001
"DllName"="winxoo32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kikxchia]
"Dllname"="kikxchia.dll"
"Shutdown"="NotifyShutdown"
"Startup"="NotifyStartup"
"Logon"="NotifyLogon"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxoo32]
"Asynchronous"=dword:00000001
"DllName"="winxoo32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
Alright let's get to the fixing part.
Download ComboFix from Here or Here to your Desktop.
Download ComboFix from Here or Here to your Desktop.
- Double click combofix.exe and follow the prompts.
- When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
ComboFix 07-11-08.1 - Jay 2007-11-15 15:51:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.129 [GMT -5:00]
Running from: D:\Documents and Settings\Jay\Desktop\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
D:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
D:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe
D:\Documents and Settings\All Users\Application Data.\dajstyhy.dll
D:\Documents and Settings\All Users\Application Data.\ifqxulan.dll
D:\Documents and Settings\All Users\Application Data.\lkjutsvw.dll
D:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
D:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
D:\Documents and Settings\Eddie\Desktop\Live Safety Center.lnk
D:\Documents and Settings\Eddie\Desktop\Online Security Guide.lnk
D:\Documents and Settings\Eddie\Favorites\Online Security Guide.lnk
D:\Documents and Settings\Eddie\Start Menu\Programs\Startup\findfast.exe
D:\Documents and Settings\Jay\Application Data\MCROSO~1.NET
D:\Documents and Settings\Jay\Desktop\Live Safety Center.lnk
D:\Documents and Settings\Jay\Desktop\Online Security Guide.lnk
D:\Documents and Settings\Jay\Favorites\Online Security Guide.lnk
D:\Documents and Settings\Jay\Start Menu\Programs\Startup\findfast.exe
D:\Documents and Settings\Jay\Start Menu\Programs\Startup\ta_start.lnk
D:\Documents and Settings\LocalService\Application Data\NetMon
D:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
D:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
D:\Documents and Settings\NetworkService\Application Data\NetMon
D:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
D:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
D:\Program Files\Common Files\Yazzle1549OinAdmin.exe
D:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
D:\Program Files\SecCenter
D:\Program Files\SecCenter\scprot4.exe
D:\Program Files\web buying
D:\Program Files\web buying\v1.8.5\wbuninst.exe
D:\Program Files\web buying\v1.8.5\webbuying.exe
D:\WINDOWS\cookies.ini
D:\WINDOWS\Free Online Dating.ico
D:\WINDOWS\icroso~1
D:\WINDOWS\mgrs.exe
D:\WINDOWS\shell.exe
D:\WINDOWS\system32\a1
D:\WINDOWS\system32\asks~1
D:\WINDOWS\system32\bvgevqai
D:\WINDOWS\system32\bvgevqai\bg1.gif
D:\WINDOWS\system32\bvgevqai\bgtop.gif
D:\WINDOWS\system32\bvgevqai\bottom1.gif
D:\WINDOWS\system32\bvgevqai\bvgevqai2.exe
D:\WINDOWS\system32\bvgevqai\bvgevqai3.exe
D:\WINDOWS\system32\bvgevqai\essentials.gif
D:\WINDOWS\system32\bvgevqai\icon1.ico
D:\WINDOWS\system32\bvgevqai\install1.gif
D:\WINDOWS\system32\bvgevqai\left1.gif
D:\WINDOWS\system32\bvgevqai\li.gif
D:\WINDOWS\system32\bvgevqai\logo.gif
D:\WINDOWS\system32\bvgevqai\main.htm
D:\WINDOWS\system32\bvgevqai\mainframe.htm
D:\WINDOWS\system32\bvgevqai\reinstall1.gif
D:\WINDOWS\system32\bvgevqai\right1.gif
D:\WINDOWS\system32\bvgevqai\s1.htm
D:\WINDOWS\system32\bvgevqai\s2.htm
D:\WINDOWS\system32\bvgevqai\s3.htm
D:\WINDOWS\system32\bvgevqai\SMTop1.gif
D:\WINDOWS\system32\bvgevqai\SMTop2.gif
D:\WINDOWS\system32\bvgevqai\SMTop3.gif
D:\WINDOWS\system32\bvgevqai\SMTop4.gif
D:\WINDOWS\system32\bvgevqai\soft1_off.gif
D:\WINDOWS\system32\bvgevqai\soft1_off_ext.gif
D:\WINDOWS\system32\bvgevqai\soft1_on.gif
D:\WINDOWS\system32\bvgevqai\soft1_on_ext.gif
D:\WINDOWS\system32\bvgevqai\soft2_off.gif
D:\WINDOWS\system32\bvgevqai\soft2_off_ext.gif
D:\WINDOWS\system32\bvgevqai\soft2_on.gif
D:\WINDOWS\system32\bvgevqai\soft2_on_ext.gif
D:\WINDOWS\system32\bvgevqai\soft3_off.gif
D:\WINDOWS\system32\bvgevqai\soft3_off_ext.gif
D:\WINDOWS\system32\bvgevqai\soft3_on.gif
D:\WINDOWS\system32\bvgevqai\soft3_on_ext.gif
D:\WINDOWS\system32\bvgevqai\softbottom_off.gif
D:\WINDOWS\system32\bvgevqai\softbottom_on.gif
D:\WINDOWS\system32\bvgevqai\softleft_off.gif
D:\WINDOWS\system32\bvgevqai\softleft_on.gif
D:\WINDOWS\system32\bvgevqai\top1.gif
D:\WINDOWS\system32\bvgevqai\top2.gif
D:\WINDOWS\system32\bvgevqai\turnoff1.gif
D:\WINDOWS\system32\bvgevqai\turnon1.gif
D:\WINDOWS\system32\drivers\blank.gif
D:\WINDOWS\system32\drivers\box_1.gif
D:\WINDOWS\system32\drivers\box_2.gif
D:\WINDOWS\system32\drivers\box_3.gif
D:\WINDOWS\system32\drivers\button_buynow.gif
D:\WINDOWS\system32\drivers\button_freescan.gif
D:\WINDOWS\system32\drivers\cell_bg.gif
D:\WINDOWS\system32\drivers\cell_footer.gif
D:\WINDOWS\system32\drivers\cell_header_block.gif
D:\WINDOWS\system32\drivers\cell_header_remove.gif
D:\WINDOWS\system32\drivers\cell_header_scan.gif
D:\WINDOWS\system32\drivers\core.cache.dsk
D:\WINDOWS\system32\drivers\core.sys
D:\WINDOWS\system32\drivers\detect.htm
D:\WINDOWS\system32\drivers\download_box.gif
D:\WINDOWS\system32\drivers\download_btn.jpg
D:\WINDOWS\system32\drivers\download_now_btn.gif
D:\WINDOWS\system32\drivers\footer_back.jpg
D:\WINDOWS\system32\drivers\header_1.gif
D:\WINDOWS\system32\drivers\header_2.gif
D:\WINDOWS\system32\drivers\header_3.gif
D:\WINDOWS\system32\drivers\header_4.gif
D:\WINDOWS\system32\drivers\header_red_bg.gif
D:\WINDOWS\system32\drivers\header_red_free_scan.gif
D:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
D:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
D:\WINDOWS\system32\drivers\infected.gif
D:\WINDOWS\system32\drivers\main_back.gif
D:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
D:\WINDOWS\system32\drivers\product_1_header.gif
D:\WINDOWS\system32\drivers\product_1_name_small.gif
D:\WINDOWS\system32\drivers\product_2_header.gif
D:\WINDOWS\system32\drivers\product_2_name_small.gif
D:\WINDOWS\system32\drivers\product_3_header.gif
D:\WINDOWS\system32\drivers\product_3_name_small.gif
D:\WINDOWS\system32\drivers\product_features.gif
D:\WINDOWS\system32\drivers\pt.htm
D:\WINDOWS\system32\drivers\rating.gif
D:\WINDOWS\system32\drivers\s_detect.htm
D:\WINDOWS\system32\drivers\screenshot.jpg
D:\WINDOWS\system32\drivers\sep_hor.gif
D:\WINDOWS\system32\drivers\sep_vert.gif
D:\WINDOWS\system32\drivers\shadow.jpg
D:\WINDOWS\system32\drivers\shadow_bg.gif
D:\WINDOWS\system32\drivers\spacer.gif
D:\WINDOWS\system32\drivers\spy_away_box.jpg
D:\WINDOWS\system32\drivers\star.gif
D:\WINDOWS\system32\drivers\star_gray.gif
D:\WINDOWS\system32\drivers\star_gray_small.gif
D:\WINDOWS\system32\drivers\star_small.gif
D:\WINDOWS\system32\drivers\style.css
D:\WINDOWS\system32\drivers\v.gif
D:\WINDOWS\system32\drivers\warning_icon.gif
D:\WINDOWS\system32\drivers\win_logo.gif
D:\WINDOWS\system32\drivers\x.gif
D:\windows\system32\explorer.exe
D:\WINDOWS\system32\fibagbia
D:\WINDOWS\system32\fibagbia\bg1.gif
D:\WINDOWS\system32\fibagbia\bgtop.gif
D:\WINDOWS\system32\fibagbia\bottom1.gif
D:\WINDOWS\system32\fibagbia\essentials.gif
D:\WINDOWS\system32\fibagbia\fibagbia1.exe
D:\WINDOWS\system32\fibagbia\fibagbia2.exe
D:\WINDOWS\system32\fibagbia\fibagbia3.exe
D:\WINDOWS\system32\fibagbia\icon1.ico
D:\WINDOWS\system32\fibagbia\install1.gif
D:\WINDOWS\system32\fibagbia\left1.gif
D:\WINDOWS\system32\fibagbia\li.gif
D:\WINDOWS\system32\fibagbia\logo.gif
D:\WINDOWS\system32\fibagbia\main.htm
D:\WINDOWS\system32\fibagbia\mainframe.htm
D:\WINDOWS\system32\fibagbia\reinstall1.gif
D:\WINDOWS\system32\fibagbia\right1.gif
D:\WINDOWS\system32\fibagbia\s1.htm
D:\WINDOWS\system32\fibagbia\s2.htm
D:\WINDOWS\system32\fibagbia\s3.htm
D:\WINDOWS\system32\fibagbia\SMTop1.gif
D:\WINDOWS\system32\fibagbia\SMTop2.gif
D:\WINDOWS\system32\fibagbia\SMTop3.gif
D:\WINDOWS\system32\fibagbia\SMTop4.gif
D:\WINDOWS\system32\fibagbia\soft1_off.gif
D:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
D:\WINDOWS\system32\fibagbia\soft1_on.gif
D:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
D:\WINDOWS\system32\fibagbia\soft2_off.gif
D:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
D:\WINDOWS\system32\fibagbia\soft2_on.gif
D:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
D:\WINDOWS\system32\fibagbia\soft3_off.gif
D:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
D:\WINDOWS\system32\fibagbia\soft3_on.gif
D:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
D:\WINDOWS\system32\fibagbia\softbottom_off.gif
D:\WINDOWS\system32\fibagbia\softbottom_on.gif
D:\WINDOWS\system32\fibagbia\softleft_off.gif
D:\WINDOWS\system32\fibagbia\softleft_on.gif
D:\WINDOWS\system32\fibagbia\top1.gif
D:\WINDOWS\system32\fibagbia\top2.gif
D:\WINDOWS\system32\fibagbia\turnoff1.gif
D:\WINDOWS\system32\fibagbia\turnon1.gif
D:\WINDOWS\system32\g2
D:\WINDOWS\system32\g2\caws83122.exe
D:\WINDOWS\system32\gnyurxvw.dllbox
D:\WINDOWS\system32\guxehavv.exe
D:\WINDOWS\system32\h1
D:\WINDOWS\system32\htoanngi.exe
D:\WINDOWS\system32\iexplorer.dll .dbt
D:\WINDOWS\system32\ihhkj.bak1
D:\WINDOWS\system32\ihhkj.ini
D:\WINDOWS\system32\inf\scrsys071113.scr
D:\WINDOWS\system32\inf\scrsys16_071113.dll
D:\WINDOWS\system32\jkhhi.dll
D:\WINDOWS\system32\kikxchia.dllbox
D:\WINDOWS\system32\ldcore.dll
D:\WINDOWS\system32\ldinfo.ldr
D:\WINDOWS\system32\mp43.exe
D:\WINDOWS\system32\msnav32.ax
D:\WINDOWS\system32\pac.txt
D:\WINDOWS\system32\printer.exe
D:\WINDOWS\system32\qqtss.bak1
D:\WINDOWS\system32\qqtss.bak2
D:\WINDOWS\system32\qqtss.ini
D:\WINDOWS\system32\qqtss.ini2
D:\WINDOWS\system32\qqtss.tmp
D:\WINDOWS\system32\r2
D:\WINDOWS\system32\r2\wr31drs.exe
D:\WINDOWS\system32\smante~1
D:\WINDOWS\system32\spoolvs.exe
D:\WINDOWS\System32\sstqq.dll
D:\WINDOWS\system32\v8
D:\WINDOWS\system32\v8\taldrvr11.exe
D:\WINDOWS\system32\winxoo32.dll
D:\WINDOWS\system32\wnscpisv32.exe
D:\WINDOWS\TTC-4444.exe
D:\WINDOWS\uninstall_nmon.vbs
D:\WINDOWS\winshow.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.
2007-11-15 15:50 51,200 --a------ D:\WINDOWS\NirCmd.exe
2007-11-15 13:45 79,936 --a------ D:\WINDOWS\system32\jbavnkkf.dll
2007-11-15 13:42 71,232 --a------ D:\WINDOWS\system32\wqjpiluq.exe
2007-11-15 12:51 79,936 --a------ D:\WINDOWS\system32\suxepbpx.dll
2007-11-15 12:44 203,264 --a------ D:\WINDOWS\system32\mwisys32_071113.dll
2007-11-15 12:44 103,852 --a------ D:\WINDOWS\system\slxpRes071113.exe
2007-11-15 12:44 23,552 --a------ D:\WINDOWS\system32\lwisys16_071113.dll
2007-11-14 19:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Rabio
2007-11-14 19:02 144,480 --a------ D:\WINDOWS\system32\kikxchia.dll
2007-11-14 19:01 144,480 --a------ D:\WINDOWS\system32\kgcdpudj.dll
2007-11-14 18:55 79,424 --a------ D:\WINDOWS\system32\ihmucegi.dll
2007-11-14 18:52 <DIR> d-------- D:\Program Files\Hrlfrkjd
2007-11-14 18:52 71,232 --a------ D:\WINDOWS\system32\pnhxsisu.exe
2007-11-14 18:32 71,232 --a------ D:\WINDOWS\system32\visxigyp.exe
2007-11-14 17:47 79,424 --a------ D:\WINDOWS\system32\hvoywdws.dll
2007-11-14 17:43 <DIR> d-------- D:\Program Files\Cool
2007-11-14 17:41 71,232 --a------ D:\WINDOWS\system32\uyrbktrd.exe
2007-11-14 03:26 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-14 03:25 85,056 --a------ D:\WINDOWS\system32\vcbjiknb.dll
2007-11-14 03:25 81,472 --a------ D:\WINDOWS\system32\insfmkdh.dll
2007-11-14 03:22 71,232 --a------ D:\WINDOWS\system32\hajjgxjs.exe
2007-11-14 02:40 <DIR> d-------- D:\VundoFix Backups
2007-11-13 17:32 <DIR> d-------- D:\Program Files\fyfcdirw
2007-11-13 17:32 36,352 --a------ D:\WINDOWS\system32\hggdefd.dll
2007-11-13 16:53 85,056 --a------ D:\WINDOWS\system32\pwvgpvem.dll
2007-11-13 16:50 80,448 --a------ D:\WINDOWS\system32\hwtoffev.dll
2007-11-13 11:53 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-13 11:41 80,448 --a------ D:\WINDOWS\system32\stwpinut.dll
2007-11-13 11:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\acccore
2007-11-13 11:37 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Aim
2007-11-13 00:12 <DIR> d-------- D:\Documents and Settings\Eddie\Application Data\Lavasoft
2007-11-12 15:10 144,480 --a------ D:\WINDOWS\system32\dlpsrqpd.dll
2007-11-12 15:08 89,664 --a------ D:\WINDOWS\system32\jffufwnm.dll
2007-11-12 15:05 71,232 --a------ D:\WINDOWS\system32\qxrijllm.exe
2007-11-11 18:52 88,128 --a------ D:\WINDOWS\system32\tsuxipcy.dll
2007-11-11 09:36 <DIR> d-------- D:\WINDOWS\system32\inf
2007-11-11 09:36 203,264 --a------ D:\WINDOWS\system32\mwisys32_071111.dll
2007-11-10 18:55 85,056 --a------ D:\WINDOWS\system32\accttlmc.dll
2007-11-10 18:46 71,232 --a------ D:\WINDOWS\system32\fdqdntmr.exe
2007-11-10 17:55 81,472 --a------ D:\WINDOWS\system32\bbaplkxx.dll
2007-11-10 17:49 88,128 --a------ D:\WINDOWS\system32\eyjjyebo.dll
2007-11-10 17:43 71,232 --a------ D:\WINDOWS\system32\xjoatova.exe
2007-11-09 17:52 77,888 --a------ D:\WINDOWS\system32\sijkdvbv.dll
2007-11-09 17:46 88,128 --a------ D:\WINDOWS\system32\irnstevf.dll
2007-11-09 17:43 71,232 --a------ D:\WINDOWS\system32\qmdlwpln.exe
2007-11-09 16:54 549,720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-11-09 16:54 325,976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-11-09 16:54 203,096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-11-09 16:54 186,136 --a------ D:\WINDOWS\system32\wuaueng1.dll
2007-11-09 16:54 167,704 --a------ D:\WINDOWS\system32\wuauclt1.exe
2007-11-09 16:54 33,624 --a------ D:\WINDOWS\system32\wups.dll
2007-11-08 23:19 86,080 --a------ D:\WINDOWS\system32\nxxdtwcy.dll
2007-11-08 23:13 79,936 --a------ D:\WINDOWS\system32\gvrxieni.dll
2007-11-08 23:10 71,232 --a------ D:\WINDOWS\system32\vdcymkly.exe
2007-11-08 17:06 1,156 --a------ D:\WINDOWS\mozver.dat
2007-11-08 01:17 36,352 --a------ D:\WINDOWS\system32\jkklllj.dll
2007-11-08 01:11 36,352 --a------ D:\WINDOWS\system32\byxwwts.dll
2007-11-08 00:57 32,768 --a------ D:\WINDOWS\yahooo.exe
2007-11-08 00:57 20,480 --a------ D:\WINDOWS\quit.exe
2007-11-07 23:16 86,080 --a------ D:\WINDOWS\system32\awavyhad.dll
2007-11-07 23:10 79,936 --a------ D:\WINDOWS\system32\puhmcwdy.dll
2007-11-07 23:07 71,232 --a------ D:\WINDOWS\system32\stgqofpe.exe
2007-11-07 22:19 87,104 --a------ D:\WINDOWS\system32\ckffoxxq.dll
2007-11-07 22:16 81,472 --a------ D:\WINDOWS\system32\ghginomi.dll
2007-11-07 21:04 71,232 --a------ D:\WINDOWS\system32\mtdrnqgu.exe
2007-11-07 18:50 <DIR> d-------- D:\WINDOWS\Sun
2007-11-06 22:16 87,104 --a------ D:\WINDOWS\system32\fisuxmel.dll
2007-11-06 22:14 81,472 --a------ D:\WINDOWS\system32\igtwcwkt.dll
2007-11-05 20:41 83,008 --a------ D:\WINDOWS\system32\mtoewqjd.dll
2007-11-05 20:38 85,568 --a------ D:\WINDOWS\system32\iufkxdfh.dll
2007-11-05 20:05 <DIR> d-------- D:\Program Files\Common Files\Adobe
2007-11-04 20:42 36,864 --a------ D:\WINDOWS\system32\ssqpqqr.dll
2007-11-04 20:34 78,912 --a------ D:\WINDOWS\system32\lcpmoqxo.dll
2007-11-04 20:34 78,912 --a------ D:\WINDOWS\system32\hkofdxud.dll
2007-11-04 20:09 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\Lavasoft
2007-11-04 19:34 <DIR> d-------- D:\Program Files\E404 Helper
2007-11-04 09:01 <DIR> d-------- D:\Program Files\Alrzvghu
2007-11-04 09:00 36,864 --a------ D:\WINDOWS\system32\efcyyya.dll
2007-11-04 08:59 21,504 --a------ D:\WINDOWS\system32\aivskurq.dll
2007-11-04 08:59 0 --a------ D:\WINDOWS\system32\vvgeowbv.exe
2007-11-04 08:55 <DIR> d--hs---- D:\WINDOWS\bXVzdGFuZw
2007-11-04 08:54 <DIR> d-------- D:\WINDOWS\system32\Mz08r
2007-11-04 07:29 <DIR> d-------- D:\Program Files\Java
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Shared
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Incomplete
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\LimeWire
2007-11-04 07:28 <DIR> d-------- D:\Program Files\Common Files\Java
2007-11-04 07:22 <DIR> d-------- D:\Program Files\BearShare Applications
2007-10-17 08:42 10,752 --a------ D:\WINDOWS\system32\WhoisCL.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 02:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-04 13:47 --------- d-----w D:\Documents and Settings\Jay\Application Data\Apple Computer
2007-10-11 21:47 245,408 ----a-w D:\WINDOWS\system32\unicows.dll
2007-10-08 22:48 --------- d-----w D:\Documents and Settings\Jay\Application Data\acccore
2007-10-08 22:37 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-10-08 21:15 --------- d-----w D:\Program Files\AIM6
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\Eddie\Application Data\acccore
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL
2007-10-08 21:14 --------- d-----w D:\Program Files\Common Files\AOL
2007-10-08 21:14 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-08 10:59 --------- d-----w D:\Program Files\iTunes
2007-10-08 10:59 --------- d-----w D:\Program Files\iPod
2007-10-08 10:58 --------- d-----w D:\Program Files\Apple Software Update
2007-10-08 10:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-10-08 03:10 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-08 03:09 --------- d-----w D:\Program Files\QuickTime
2007-10-08 02:42 --------- d-----w D:\Program Files\AIM95
2007-10-08 01:32 21,035 ----a-w D:\WINDOWS\system32\drivers\AegisP.sys
2007-10-08 01:31 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-10-08 01:31 --------- d-----w D:\Program Files\Belkin
2007-09-19 14:19 --------- d-----w D:\Program Files\microsoft frontpage
2007-09-17 06:10 356,352 ----a-w D:\WINDOWS\system32\NVUNINST.EXE
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvwddi.dll
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvmctray.dll
2007-09-17 05:07 8,491,008 ----a-w D:\WINDOWS\system32\nvcpl.dll
2007-09-17 05:07 753,664 ----a-w D:\WINDOWS\system32\nvcplui.exe
2007-09-17 05:07 6,853,088 ----a-w D:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-17 05:07 6,746,112 ----a-w D:\WINDOWS\system32\nvoglnt.dll
2007-09-17 05:07 6,344,704 ----a-w D:\WINDOWS\system32\nvdisps.dll
2007-09-17 05:07 5,783,040 ----a-w D:\WINDOWS\system32\nv4_disp.dll
2007-09-17 05:07 466,944 ----a-w D:\WINDOWS\system32\nvshell.dll
2007-09-17 05:07 45,056 ----a-w D:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 05:07 442,368 ----a-w D:\WINDOWS\system32\nvappbar.exe
2007-09-17 05:07 425,984 ----a-w D:\WINDOWS\system32\keystone.exe
2007-09-17 05:07 364,544 ----a-w D:\WINDOWS\system32\nvapi.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcodins.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcod.dll
2007-09-17 05:07 356,352 ----a-w D:\WINDOWS\system32\nvudisp.exe
2007-09-17 05:07 307,200 ----a-w D:\WINDOWS\system32\nvexpbar.dll
2007-09-17 05:07 3,551,232 ----a-w D:\WINDOWS\system32\nvvitvs.dll
2007-09-17 05:07 3,334,144 ----a-w D:\WINDOWS\system32\nvgames.dll
2007-09-17 05:07 286,720 ----a-w D:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 05:07 229,376 ----a-w D:\WINDOWS\system32\nvmccs.dll
2007-09-17 05:07 2,371,584 ----a-w D:\WINDOWS\system32\nvwss.dll
2007-09-17 05:07 188,416 ----a-w D:\WINDOWS\system32\nvmccss.dll
2007-09-17 05:07 155,716 ----a-w D:\WINDOWS\system32\nvsvc32.exe
2007-09-17 05:07 147,456 ----a-w D:\WINDOWS\system32\nvcolor.exe
2007-09-17 05:07 1,703,936 ----a-w D:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 05:07 1,478,656 ----a-w D:\WINDOWS\system32\nview.dll
2007-09-17 05:07 1,339,392 ----a-w D:\WINDOWS\system32\nvdspsch.exe
2007-09-17 05:07 1,150,976 ----a-w D:\WINDOWS\system32\nvmobls.dll
2007-09-17 05:07 1,019,904 ----a-w D:\WINDOWS\system32\nvwimg.dll
2005-07-29 21:24:26 472 --sha-r D:\WINDOWS\bXVzdGFuZw\vrpWx3IRtT.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{061BBEFA-4B8A-4C0E-B730-D255D7F32BC4}]
2007-08-02 08:43 282624 --a------ D:\Program Files\MSN\mexola4444.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
2007-11-14 18:52 114688 --a------ D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391B174C-A6B7-C9D7-6743-01F7A0D663D6}]
2007-11-04 09:01 106496 --a------ D:\Program Files\Alrzvghu\jmdurkme.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C2A9795-B130-4622-B036-BDCAD28602DC}]
2007-11-12 11:50 397312 --a------ D:\Program Files\Cool\Cool.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-14 19:02 144480 --a------ D:\WINDOWS\system32\kikxchia.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce4bba6d-0dfe-4288-a007-90e85a9a8cc1}]
2007-11-15 13:45 79936 --a------ D:\WINDOWS\System32\jbavnkkf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E729E55E-EABE-4FF0-B4B4-0DA26E91272C}]
2007-08-02 08:43 282624 --a------ D:\Program Files\MSN\mexola83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ec63883c-79cb-48e9-aad0-67ee0b21b209}]
D:\WINDOWS\System32\rjiuhhn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA638AFD-0F10-4A66-8E7E-78F58E5B8B49}]
2007-08-02 08:43 282624 --a------ D:\Program Files\MSN\mexola555077.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= D:\WINDOWS\system32\kikxchia.dll [2007-11-14 19:02 144480]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2007-09-17 00:07]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="D:\WINDOWS\System32\NvMcTray.dll" [2007-09-17 00:07]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2006-01-11 12:05]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2005-09-22 18:29]
"34d31e4f"="D:\WINDOWS\System32\rcgoyjmc.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kikxchia]
kikxchia.dll 2007-11-14 19:02 144480 D:\WINDOWS\system32\kikxchia.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 D:\WINDOWS\System32\sstqq.dll
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;D:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys
R3 SjyPkt;SjyPkt;\??\D:\WINDOWS\System32\Drivers\SjyPkt.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-10 19:17:03 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 16:01:18
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-15 16:01:44 - machine was rebooted
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 4:30:34 PM, on 11/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\yahooo.exe
D:\WINDOWS\System32\wuauclt.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - D:\WINDOWS\system32\kikxchia.dll
O2 - BHO: {1cc8a9a5-8e09-700a-8824-efd0d6abb4ec} - {ce4bba6d-0dfe-4288-a007-90e85a9a8cc1} - D:\WINDOWS\System32\jbavnkkf.dll
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\kikxchia.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\rcgoyjmc.dll",b
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O20 - Winlogon Notify: kikxchia - D:\WINDOWS\SYSTEM32\kikxchia.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.129 [GMT -5:00]
Running from: D:\Documents and Settings\Jay\Desktop\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
D:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
D:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe
D:\Documents and Settings\All Users\Application Data.\dajstyhy.dll
D:\Documents and Settings\All Users\Application Data.\ifqxulan.dll
D:\Documents and Settings\All Users\Application Data.\lkjutsvw.dll
D:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
D:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
D:\Documents and Settings\Eddie\Desktop\Live Safety Center.lnk
D:\Documents and Settings\Eddie\Desktop\Online Security Guide.lnk
D:\Documents and Settings\Eddie\Favorites\Online Security Guide.lnk
D:\Documents and Settings\Eddie\Start Menu\Programs\Startup\findfast.exe
D:\Documents and Settings\Jay\Application Data\MCROSO~1.NET
D:\Documents and Settings\Jay\Desktop\Live Safety Center.lnk
D:\Documents and Settings\Jay\Desktop\Online Security Guide.lnk
D:\Documents and Settings\Jay\Favorites\Online Security Guide.lnk
D:\Documents and Settings\Jay\Start Menu\Programs\Startup\findfast.exe
D:\Documents and Settings\Jay\Start Menu\Programs\Startup\ta_start.lnk
D:\Documents and Settings\LocalService\Application Data\NetMon
D:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
D:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
D:\Documents and Settings\NetworkService\Application Data\NetMon
D:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
D:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
D:\Program Files\Common Files\Yazzle1549OinAdmin.exe
D:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
D:\Program Files\SecCenter
D:\Program Files\SecCenter\scprot4.exe
D:\Program Files\web buying
D:\Program Files\web buying\v1.8.5\wbuninst.exe
D:\Program Files\web buying\v1.8.5\webbuying.exe
D:\WINDOWS\cookies.ini
D:\WINDOWS\Free Online Dating.ico
D:\WINDOWS\icroso~1
D:\WINDOWS\mgrs.exe
D:\WINDOWS\shell.exe
D:\WINDOWS\system32\a1
D:\WINDOWS\system32\asks~1
D:\WINDOWS\system32\bvgevqai
D:\WINDOWS\system32\bvgevqai\bg1.gif
D:\WINDOWS\system32\bvgevqai\bgtop.gif
D:\WINDOWS\system32\bvgevqai\bottom1.gif
D:\WINDOWS\system32\bvgevqai\bvgevqai2.exe
D:\WINDOWS\system32\bvgevqai\bvgevqai3.exe
D:\WINDOWS\system32\bvgevqai\essentials.gif
D:\WINDOWS\system32\bvgevqai\icon1.ico
D:\WINDOWS\system32\bvgevqai\install1.gif
D:\WINDOWS\system32\bvgevqai\left1.gif
D:\WINDOWS\system32\bvgevqai\li.gif
D:\WINDOWS\system32\bvgevqai\logo.gif
D:\WINDOWS\system32\bvgevqai\main.htm
D:\WINDOWS\system32\bvgevqai\mainframe.htm
D:\WINDOWS\system32\bvgevqai\reinstall1.gif
D:\WINDOWS\system32\bvgevqai\right1.gif
D:\WINDOWS\system32\bvgevqai\s1.htm
D:\WINDOWS\system32\bvgevqai\s2.htm
D:\WINDOWS\system32\bvgevqai\s3.htm
D:\WINDOWS\system32\bvgevqai\SMTop1.gif
D:\WINDOWS\system32\bvgevqai\SMTop2.gif
D:\WINDOWS\system32\bvgevqai\SMTop3.gif
D:\WINDOWS\system32\bvgevqai\SMTop4.gif
D:\WINDOWS\system32\bvgevqai\soft1_off.gif
D:\WINDOWS\system32\bvgevqai\soft1_off_ext.gif
D:\WINDOWS\system32\bvgevqai\soft1_on.gif
D:\WINDOWS\system32\bvgevqai\soft1_on_ext.gif
D:\WINDOWS\system32\bvgevqai\soft2_off.gif
D:\WINDOWS\system32\bvgevqai\soft2_off_ext.gif
D:\WINDOWS\system32\bvgevqai\soft2_on.gif
D:\WINDOWS\system32\bvgevqai\soft2_on_ext.gif
D:\WINDOWS\system32\bvgevqai\soft3_off.gif
D:\WINDOWS\system32\bvgevqai\soft3_off_ext.gif
D:\WINDOWS\system32\bvgevqai\soft3_on.gif
D:\WINDOWS\system32\bvgevqai\soft3_on_ext.gif
D:\WINDOWS\system32\bvgevqai\softbottom_off.gif
D:\WINDOWS\system32\bvgevqai\softbottom_on.gif
D:\WINDOWS\system32\bvgevqai\softleft_off.gif
D:\WINDOWS\system32\bvgevqai\softleft_on.gif
D:\WINDOWS\system32\bvgevqai\top1.gif
D:\WINDOWS\system32\bvgevqai\top2.gif
D:\WINDOWS\system32\bvgevqai\turnoff1.gif
D:\WINDOWS\system32\bvgevqai\turnon1.gif
D:\WINDOWS\system32\drivers\blank.gif
D:\WINDOWS\system32\drivers\box_1.gif
D:\WINDOWS\system32\drivers\box_2.gif
D:\WINDOWS\system32\drivers\box_3.gif
D:\WINDOWS\system32\drivers\button_buynow.gif
D:\WINDOWS\system32\drivers\button_freescan.gif
D:\WINDOWS\system32\drivers\cell_bg.gif
D:\WINDOWS\system32\drivers\cell_footer.gif
D:\WINDOWS\system32\drivers\cell_header_block.gif
D:\WINDOWS\system32\drivers\cell_header_remove.gif
D:\WINDOWS\system32\drivers\cell_header_scan.gif
D:\WINDOWS\system32\drivers\core.cache.dsk
D:\WINDOWS\system32\drivers\core.sys
D:\WINDOWS\system32\drivers\detect.htm
D:\WINDOWS\system32\drivers\download_box.gif
D:\WINDOWS\system32\drivers\download_btn.jpg
D:\WINDOWS\system32\drivers\download_now_btn.gif
D:\WINDOWS\system32\drivers\footer_back.jpg
D:\WINDOWS\system32\drivers\header_1.gif
D:\WINDOWS\system32\drivers\header_2.gif
D:\WINDOWS\system32\drivers\header_3.gif
D:\WINDOWS\system32\drivers\header_4.gif
D:\WINDOWS\system32\drivers\header_red_bg.gif
D:\WINDOWS\system32\drivers\header_red_free_scan.gif
D:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
D:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
D:\WINDOWS\system32\drivers\infected.gif
D:\WINDOWS\system32\drivers\main_back.gif
D:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
D:\WINDOWS\system32\drivers\product_1_header.gif
D:\WINDOWS\system32\drivers\product_1_name_small.gif
D:\WINDOWS\system32\drivers\product_2_header.gif
D:\WINDOWS\system32\drivers\product_2_name_small.gif
D:\WINDOWS\system32\drivers\product_3_header.gif
D:\WINDOWS\system32\drivers\product_3_name_small.gif
D:\WINDOWS\system32\drivers\product_features.gif
D:\WINDOWS\system32\drivers\pt.htm
D:\WINDOWS\system32\drivers\rating.gif
D:\WINDOWS\system32\drivers\s_detect.htm
D:\WINDOWS\system32\drivers\screenshot.jpg
D:\WINDOWS\system32\drivers\sep_hor.gif
D:\WINDOWS\system32\drivers\sep_vert.gif
D:\WINDOWS\system32\drivers\shadow.jpg
D:\WINDOWS\system32\drivers\shadow_bg.gif
D:\WINDOWS\system32\drivers\spacer.gif
D:\WINDOWS\system32\drivers\spy_away_box.jpg
D:\WINDOWS\system32\drivers\star.gif
D:\WINDOWS\system32\drivers\star_gray.gif
D:\WINDOWS\system32\drivers\star_gray_small.gif
D:\WINDOWS\system32\drivers\star_small.gif
D:\WINDOWS\system32\drivers\style.css
D:\WINDOWS\system32\drivers\v.gif
D:\WINDOWS\system32\drivers\warning_icon.gif
D:\WINDOWS\system32\drivers\win_logo.gif
D:\WINDOWS\system32\drivers\x.gif
D:\windows\system32\explorer.exe
D:\WINDOWS\system32\fibagbia
D:\WINDOWS\system32\fibagbia\bg1.gif
D:\WINDOWS\system32\fibagbia\bgtop.gif
D:\WINDOWS\system32\fibagbia\bottom1.gif
D:\WINDOWS\system32\fibagbia\essentials.gif
D:\WINDOWS\system32\fibagbia\fibagbia1.exe
D:\WINDOWS\system32\fibagbia\fibagbia2.exe
D:\WINDOWS\system32\fibagbia\fibagbia3.exe
D:\WINDOWS\system32\fibagbia\icon1.ico
D:\WINDOWS\system32\fibagbia\install1.gif
D:\WINDOWS\system32\fibagbia\left1.gif
D:\WINDOWS\system32\fibagbia\li.gif
D:\WINDOWS\system32\fibagbia\logo.gif
D:\WINDOWS\system32\fibagbia\main.htm
D:\WINDOWS\system32\fibagbia\mainframe.htm
D:\WINDOWS\system32\fibagbia\reinstall1.gif
D:\WINDOWS\system32\fibagbia\right1.gif
D:\WINDOWS\system32\fibagbia\s1.htm
D:\WINDOWS\system32\fibagbia\s2.htm
D:\WINDOWS\system32\fibagbia\s3.htm
D:\WINDOWS\system32\fibagbia\SMTop1.gif
D:\WINDOWS\system32\fibagbia\SMTop2.gif
D:\WINDOWS\system32\fibagbia\SMTop3.gif
D:\WINDOWS\system32\fibagbia\SMTop4.gif
D:\WINDOWS\system32\fibagbia\soft1_off.gif
D:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
D:\WINDOWS\system32\fibagbia\soft1_on.gif
D:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
D:\WINDOWS\system32\fibagbia\soft2_off.gif
D:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
D:\WINDOWS\system32\fibagbia\soft2_on.gif
D:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
D:\WINDOWS\system32\fibagbia\soft3_off.gif
D:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
D:\WINDOWS\system32\fibagbia\soft3_on.gif
D:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
D:\WINDOWS\system32\fibagbia\softbottom_off.gif
D:\WINDOWS\system32\fibagbia\softbottom_on.gif
D:\WINDOWS\system32\fibagbia\softleft_off.gif
D:\WINDOWS\system32\fibagbia\softleft_on.gif
D:\WINDOWS\system32\fibagbia\top1.gif
D:\WINDOWS\system32\fibagbia\top2.gif
D:\WINDOWS\system32\fibagbia\turnoff1.gif
D:\WINDOWS\system32\fibagbia\turnon1.gif
D:\WINDOWS\system32\g2
D:\WINDOWS\system32\g2\caws83122.exe
D:\WINDOWS\system32\gnyurxvw.dllbox
D:\WINDOWS\system32\guxehavv.exe
D:\WINDOWS\system32\h1
D:\WINDOWS\system32\htoanngi.exe
D:\WINDOWS\system32\iexplorer.dll .dbt
D:\WINDOWS\system32\ihhkj.bak1
D:\WINDOWS\system32\ihhkj.ini
D:\WINDOWS\system32\inf\scrsys071113.scr
D:\WINDOWS\system32\inf\scrsys16_071113.dll
D:\WINDOWS\system32\jkhhi.dll
D:\WINDOWS\system32\kikxchia.dllbox
D:\WINDOWS\system32\ldcore.dll
D:\WINDOWS\system32\ldinfo.ldr
D:\WINDOWS\system32\mp43.exe
D:\WINDOWS\system32\msnav32.ax
D:\WINDOWS\system32\pac.txt
D:\WINDOWS\system32\printer.exe
D:\WINDOWS\system32\qqtss.bak1
D:\WINDOWS\system32\qqtss.bak2
D:\WINDOWS\system32\qqtss.ini
D:\WINDOWS\system32\qqtss.ini2
D:\WINDOWS\system32\qqtss.tmp
D:\WINDOWS\system32\r2
D:\WINDOWS\system32\r2\wr31drs.exe
D:\WINDOWS\system32\smante~1
D:\WINDOWS\system32\spoolvs.exe
D:\WINDOWS\System32\sstqq.dll
D:\WINDOWS\system32\v8
D:\WINDOWS\system32\v8\taldrvr11.exe
D:\WINDOWS\system32\winxoo32.dll
D:\WINDOWS\system32\wnscpisv32.exe
D:\WINDOWS\TTC-4444.exe
D:\WINDOWS\uninstall_nmon.vbs
D:\WINDOWS\winshow.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.
2007-11-15 15:50 51,200 --a------ D:\WINDOWS\NirCmd.exe
2007-11-15 13:45 79,936 --a------ D:\WINDOWS\system32\jbavnkkf.dll
2007-11-15 13:42 71,232 --a------ D:\WINDOWS\system32\wqjpiluq.exe
2007-11-15 12:51 79,936 --a------ D:\WINDOWS\system32\suxepbpx.dll
2007-11-15 12:44 203,264 --a------ D:\WINDOWS\system32\mwisys32_071113.dll
2007-11-15 12:44 103,852 --a------ D:\WINDOWS\system\slxpRes071113.exe
2007-11-15 12:44 23,552 --a------ D:\WINDOWS\system32\lwisys16_071113.dll
2007-11-14 19:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Rabio
2007-11-14 19:02 144,480 --a------ D:\WINDOWS\system32\kikxchia.dll
2007-11-14 19:01 144,480 --a------ D:\WINDOWS\system32\kgcdpudj.dll
2007-11-14 18:55 79,424 --a------ D:\WINDOWS\system32\ihmucegi.dll
2007-11-14 18:52 <DIR> d-------- D:\Program Files\Hrlfrkjd
2007-11-14 18:52 71,232 --a------ D:\WINDOWS\system32\pnhxsisu.exe
2007-11-14 18:32 71,232 --a------ D:\WINDOWS\system32\visxigyp.exe
2007-11-14 17:47 79,424 --a------ D:\WINDOWS\system32\hvoywdws.dll
2007-11-14 17:43 <DIR> d-------- D:\Program Files\Cool
2007-11-14 17:41 71,232 --a------ D:\WINDOWS\system32\uyrbktrd.exe
2007-11-14 03:26 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-14 03:25 85,056 --a------ D:\WINDOWS\system32\vcbjiknb.dll
2007-11-14 03:25 81,472 --a------ D:\WINDOWS\system32\insfmkdh.dll
2007-11-14 03:22 71,232 --a------ D:\WINDOWS\system32\hajjgxjs.exe
2007-11-14 02:40 <DIR> d-------- D:\VundoFix Backups
2007-11-13 17:32 <DIR> d-------- D:\Program Files\fyfcdirw
2007-11-13 17:32 36,352 --a------ D:\WINDOWS\system32\hggdefd.dll
2007-11-13 16:53 85,056 --a------ D:\WINDOWS\system32\pwvgpvem.dll
2007-11-13 16:50 80,448 --a------ D:\WINDOWS\system32\hwtoffev.dll
2007-11-13 11:53 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-13 11:41 80,448 --a------ D:\WINDOWS\system32\stwpinut.dll
2007-11-13 11:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\acccore
2007-11-13 11:37 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Aim
2007-11-13 00:12 <DIR> d-------- D:\Documents and Settings\Eddie\Application Data\Lavasoft
2007-11-12 15:10 144,480 --a------ D:\WINDOWS\system32\dlpsrqpd.dll
2007-11-12 15:08 89,664 --a------ D:\WINDOWS\system32\jffufwnm.dll
2007-11-12 15:05 71,232 --a------ D:\WINDOWS\system32\qxrijllm.exe
2007-11-11 18:52 88,128 --a------ D:\WINDOWS\system32\tsuxipcy.dll
2007-11-11 09:36 <DIR> d-------- D:\WINDOWS\system32\inf
2007-11-11 09:36 203,264 --a------ D:\WINDOWS\system32\mwisys32_071111.dll
2007-11-10 18:55 85,056 --a------ D:\WINDOWS\system32\accttlmc.dll
2007-11-10 18:46 71,232 --a------ D:\WINDOWS\system32\fdqdntmr.exe
2007-11-10 17:55 81,472 --a------ D:\WINDOWS\system32\bbaplkxx.dll
2007-11-10 17:49 88,128 --a------ D:\WINDOWS\system32\eyjjyebo.dll
2007-11-10 17:43 71,232 --a------ D:\WINDOWS\system32\xjoatova.exe
2007-11-09 17:52 77,888 --a------ D:\WINDOWS\system32\sijkdvbv.dll
2007-11-09 17:46 88,128 --a------ D:\WINDOWS\system32\irnstevf.dll
2007-11-09 17:43 71,232 --a------ D:\WINDOWS\system32\qmdlwpln.exe
2007-11-09 16:54 549,720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-11-09 16:54 325,976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-11-09 16:54 203,096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-11-09 16:54 186,136 --a------ D:\WINDOWS\system32\wuaueng1.dll
2007-11-09 16:54 167,704 --a------ D:\WINDOWS\system32\wuauclt1.exe
2007-11-09 16:54 33,624 --a------ D:\WINDOWS\system32\wups.dll
2007-11-08 23:19 86,080 --a------ D:\WINDOWS\system32\nxxdtwcy.dll
2007-11-08 23:13 79,936 --a------ D:\WINDOWS\system32\gvrxieni.dll
2007-11-08 23:10 71,232 --a------ D:\WINDOWS\system32\vdcymkly.exe
2007-11-08 17:06 1,156 --a------ D:\WINDOWS\mozver.dat
2007-11-08 01:17 36,352 --a------ D:\WINDOWS\system32\jkklllj.dll
2007-11-08 01:11 36,352 --a------ D:\WINDOWS\system32\byxwwts.dll
2007-11-08 00:57 32,768 --a------ D:\WINDOWS\yahooo.exe
2007-11-08 00:57 20,480 --a------ D:\WINDOWS\quit.exe
2007-11-07 23:16 86,080 --a------ D:\WINDOWS\system32\awavyhad.dll
2007-11-07 23:10 79,936 --a------ D:\WINDOWS\system32\puhmcwdy.dll
2007-11-07 23:07 71,232 --a------ D:\WINDOWS\system32\stgqofpe.exe
2007-11-07 22:19 87,104 --a------ D:\WINDOWS\system32\ckffoxxq.dll
2007-11-07 22:16 81,472 --a------ D:\WINDOWS\system32\ghginomi.dll
2007-11-07 21:04 71,232 --a------ D:\WINDOWS\system32\mtdrnqgu.exe
2007-11-07 18:50 <DIR> d-------- D:\WINDOWS\Sun
2007-11-06 22:16 87,104 --a------ D:\WINDOWS\system32\fisuxmel.dll
2007-11-06 22:14 81,472 --a------ D:\WINDOWS\system32\igtwcwkt.dll
2007-11-05 20:41 83,008 --a------ D:\WINDOWS\system32\mtoewqjd.dll
2007-11-05 20:38 85,568 --a------ D:\WINDOWS\system32\iufkxdfh.dll
2007-11-05 20:05 <DIR> d-------- D:\Program Files\Common Files\Adobe
2007-11-04 20:42 36,864 --a------ D:\WINDOWS\system32\ssqpqqr.dll
2007-11-04 20:34 78,912 --a------ D:\WINDOWS\system32\lcpmoqxo.dll
2007-11-04 20:34 78,912 --a------ D:\WINDOWS\system32\hkofdxud.dll
2007-11-04 20:09 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\Lavasoft
2007-11-04 19:34 <DIR> d-------- D:\Program Files\E404 Helper
2007-11-04 09:01 <DIR> d-------- D:\Program Files\Alrzvghu
2007-11-04 09:00 36,864 --a------ D:\WINDOWS\system32\efcyyya.dll
2007-11-04 08:59 21,504 --a------ D:\WINDOWS\system32\aivskurq.dll
2007-11-04 08:59 0 --a------ D:\WINDOWS\system32\vvgeowbv.exe
2007-11-04 08:55 <DIR> d--hs---- D:\WINDOWS\bXVzdGFuZw
2007-11-04 08:54 <DIR> d-------- D:\WINDOWS\system32\Mz08r
2007-11-04 07:29 <DIR> d-------- D:\Program Files\Java
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Shared
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Incomplete
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\LimeWire
2007-11-04 07:28 <DIR> d-------- D:\Program Files\Common Files\Java
2007-11-04 07:22 <DIR> d-------- D:\Program Files\BearShare Applications
2007-10-17 08:42 10,752 --a------ D:\WINDOWS\system32\WhoisCL.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 02:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-04 13:47 --------- d-----w D:\Documents and Settings\Jay\Application Data\Apple Computer
2007-10-11 21:47 245,408 ----a-w D:\WINDOWS\system32\unicows.dll
2007-10-08 22:48 --------- d-----w D:\Documents and Settings\Jay\Application Data\acccore
2007-10-08 22:37 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-10-08 21:15 --------- d-----w D:\Program Files\AIM6
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\Eddie\Application Data\acccore
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL
2007-10-08 21:14 --------- d-----w D:\Program Files\Common Files\AOL
2007-10-08 21:14 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-08 10:59 --------- d-----w D:\Program Files\iTunes
2007-10-08 10:59 --------- d-----w D:\Program Files\iPod
2007-10-08 10:58 --------- d-----w D:\Program Files\Apple Software Update
2007-10-08 10:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-10-08 03:10 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-08 03:09 --------- d-----w D:\Program Files\QuickTime
2007-10-08 02:42 --------- d-----w D:\Program Files\AIM95
2007-10-08 01:32 21,035 ----a-w D:\WINDOWS\system32\drivers\AegisP.sys
2007-10-08 01:31 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-10-08 01:31 --------- d-----w D:\Program Files\Belkin
2007-09-19 14:19 --------- d-----w D:\Program Files\microsoft frontpage
2007-09-17 06:10 356,352 ----a-w D:\WINDOWS\system32\NVUNINST.EXE
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvwddi.dll
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvmctray.dll
2007-09-17 05:07 8,491,008 ----a-w D:\WINDOWS\system32\nvcpl.dll
2007-09-17 05:07 753,664 ----a-w D:\WINDOWS\system32\nvcplui.exe
2007-09-17 05:07 6,853,088 ----a-w D:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-17 05:07 6,746,112 ----a-w D:\WINDOWS\system32\nvoglnt.dll
2007-09-17 05:07 6,344,704 ----a-w D:\WINDOWS\system32\nvdisps.dll
2007-09-17 05:07 5,783,040 ----a-w D:\WINDOWS\system32\nv4_disp.dll
2007-09-17 05:07 466,944 ----a-w D:\WINDOWS\system32\nvshell.dll
2007-09-17 05:07 45,056 ----a-w D:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 05:07 442,368 ----a-w D:\WINDOWS\system32\nvappbar.exe
2007-09-17 05:07 425,984 ----a-w D:\WINDOWS\system32\keystone.exe
2007-09-17 05:07 364,544 ----a-w D:\WINDOWS\system32\nvapi.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcodins.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcod.dll
2007-09-17 05:07 356,352 ----a-w D:\WINDOWS\system32\nvudisp.exe
2007-09-17 05:07 307,200 ----a-w D:\WINDOWS\system32\nvexpbar.dll
2007-09-17 05:07 3,551,232 ----a-w D:\WINDOWS\system32\nvvitvs.dll
2007-09-17 05:07 3,334,144 ----a-w D:\WINDOWS\system32\nvgames.dll
2007-09-17 05:07 286,720 ----a-w D:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 05:07 229,376 ----a-w D:\WINDOWS\system32\nvmccs.dll
2007-09-17 05:07 2,371,584 ----a-w D:\WINDOWS\system32\nvwss.dll
2007-09-17 05:07 188,416 ----a-w D:\WINDOWS\system32\nvmccss.dll
2007-09-17 05:07 155,716 ----a-w D:\WINDOWS\system32\nvsvc32.exe
2007-09-17 05:07 147,456 ----a-w D:\WINDOWS\system32\nvcolor.exe
2007-09-17 05:07 1,703,936 ----a-w D:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 05:07 1,478,656 ----a-w D:\WINDOWS\system32\nview.dll
2007-09-17 05:07 1,339,392 ----a-w D:\WINDOWS\system32\nvdspsch.exe
2007-09-17 05:07 1,150,976 ----a-w D:\WINDOWS\system32\nvmobls.dll
2007-09-17 05:07 1,019,904 ----a-w D:\WINDOWS\system32\nvwimg.dll
2005-07-29 21:24:26 472 --sha-r D:\WINDOWS\bXVzdGFuZw\vrpWx3IRtT.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{061BBEFA-4B8A-4C0E-B730-D255D7F32BC4}]
2007-08-02 08:43 282624 --a------ D:\Program Files\MSN\mexola4444.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
2007-11-14 18:52 114688 --a------ D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391B174C-A6B7-C9D7-6743-01F7A0D663D6}]
2007-11-04 09:01 106496 --a------ D:\Program Files\Alrzvghu\jmdurkme.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C2A9795-B130-4622-B036-BDCAD28602DC}]
2007-11-12 11:50 397312 --a------ D:\Program Files\Cool\Cool.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-14 19:02 144480 --a------ D:\WINDOWS\system32\kikxchia.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce4bba6d-0dfe-4288-a007-90e85a9a8cc1}]
2007-11-15 13:45 79936 --a------ D:\WINDOWS\System32\jbavnkkf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E729E55E-EABE-4FF0-B4B4-0DA26E91272C}]
2007-08-02 08:43 282624 --a------ D:\Program Files\MSN\mexola83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ec63883c-79cb-48e9-aad0-67ee0b21b209}]
D:\WINDOWS\System32\rjiuhhn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA638AFD-0F10-4A66-8E7E-78F58E5B8B49}]
2007-08-02 08:43 282624 --a------ D:\Program Files\MSN\mexola555077.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= D:\WINDOWS\system32\kikxchia.dll [2007-11-14 19:02 144480]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2007-09-17 00:07]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="D:\WINDOWS\System32\NvMcTray.dll" [2007-09-17 00:07]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2006-01-11 12:05]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2005-09-22 18:29]
"34d31e4f"="D:\WINDOWS\System32\rcgoyjmc.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kikxchia]
kikxchia.dll 2007-11-14 19:02 144480 D:\WINDOWS\system32\kikxchia.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 D:\WINDOWS\System32\sstqq.dll
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;D:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys
R3 SjyPkt;SjyPkt;\??\D:\WINDOWS\System32\Drivers\SjyPkt.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-10 19:17:03 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 16:01:18
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-15 16:01:44 - machine was rebooted
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 4:30:34 PM, on 11/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\yahooo.exe
D:\WINDOWS\System32\wuauclt.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - D:\WINDOWS\system32\kikxchia.dll
O2 - BHO: {1cc8a9a5-8e09-700a-8824-efd0d6abb4ec} - {ce4bba6d-0dfe-4288-a007-90e85a9a8cc1} - D:\WINDOWS\System32\jbavnkkf.dll
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\kikxchia.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\rcgoyjmc.dll",b
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O20 - Winlogon Notify: kikxchia - D:\WINDOWS\SYSTEM32\kikxchia.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
SDFix: Version 1.114
Run by Administrator on Thu 11/15/2007 at 11:53 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: D:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
D:\WINDOWS\SYSTEM32\VVGEOWBV.EXE - Deleted
D:\Program Files\E404 Helper\e404.v4.dll - Deleted
D:\WINDOWS\system32\aivskurq.dll - Deleted
Folder D:\Program Files\E404 Helper - Removed
Removing Temp Files...
ADS Check:
D:\WINDOWS
No streams found.
D:\WINDOWS\system32
No streams found.
D:\WINDOWS\system32\svchost.exe
No streams found.
D:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 00:01:24
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - D:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 16 Nov 2007 20,810 ..SH. --- "D:\WINDOWS\system32\kikxchia.dllbox"
Wed 14 Nov 2007 671,247 A.SH. --- "D:\WINDOWS\system32\ogurmrnc.tmp"
Fri 12 Oct 2007 4,348 ..SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico1D9.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico1DA.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico1DB.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico1DC.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico1DD.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico2.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico3.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico4.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico5.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico56.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico57.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico58.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico59.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico5A.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico6.tmp"
Fri 16 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico7.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico76.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico77.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico78.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico79.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico7A.tmp"
Fri 16 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico8.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico83.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico84.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico85.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico86.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico87.tmp"
Fri 16 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico9.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico91.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico92.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico93.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico94.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico95.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico9C.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico9D.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico9E.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\ico9F.tmp"
Fri 16 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\icoA.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\icoA0.tmp"
Fri 16 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\icoB.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\icoC8.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\icoC9.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\icoCA.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\icoCB.tmp"
Thu 15 Nov 2007 4,286 A..H. --- "D:\Documents and Settings\Jay\Local Settings\Temp\icoCC.tmp"
Tue 13 Nov 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\f934b30a3337b488590ef3c1f3bbfd68\BIT17.tmp"
Fri 16 Nov 2007 4,494,405 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\b4b20917c986769c3ff7ff42e8c8d15a\download\BITF.tmp"
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 12:05:42 AM, on 11/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - D:\WINDOWS\system32\kikxchia.dll
O2 - BHO: {1cc8a9a5-8e09-700a-8824-efd0d6abb4ec} - {ce4bba6d-0dfe-4288-a007-90e85a9a8cc1} - D:\WINDOWS\System32\jbavnkkf.dll
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\kikxchia.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\rcgoyjmc.dll",b
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O20 - Winlogon Notify: kikxchia - D:\WINDOWS\SYSTEM32\kikxchia.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Please run the Bit Defender Online Scan
http://www.bitdefender.com/scan8/ie.html
You must use Internet Explorer for this scanner.
Install the ActiveX and Click on "Click here to Scan"
Allow it to update and Scan the Machine.
It should disinfect or delete whatever it finds that is infected.
Save the report in generates in a text format please and post it back here along with a fresh HijackThis log.
http://www.bitdefender.com/scan8/ie.html
You must use Internet Explorer for this scanner.
Install the ActiveX and Click on "Click here to Scan"
Allow it to update and Scan the Machine.
It should disinfect or delete whatever it finds that is infected.
Save the report in generates in a text format please and post it back here along with a fresh HijackThis log.
internet explorer will not open at all anymore
Since before or after the Bitdefender scan?
QUOTE(LS Atribune @ Nov 17 2007, 12:09 AM)
Since before or after the Bitdefender scan?
before, it wont even open up to let me do the scan
Interesting, wonder if it was something we did or somethign the malware did.
Lets try reinstalling internet explorer, you can download it at the link below, it's IE6
http://www.microsoft.com/downloads/details...;DisplayLang=en
If it works do the scan with bit defender.
Lets try reinstalling internet explorer, you can download it at the link below, it's IE6
http://www.microsoft.com/downloads/details...;DisplayLang=en
If it works do the scan with bit defender.
heres bitdefender's scan and a new hyjack this log.
BitDefender Online Scanner
Scan report generated at: Mon, Nov 19, 2007 - 21:15:09
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;
Statistics
Time
02:09:17
Files
482200
Folders
17607
Boot Sectors
5
Archives
40526
Packed Files
16519
Results
Identified Viruses
14
Infected Files
32
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
30
Engines Info
Virus Definitions
878368
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\My Downloads\iMeshV4.exe=>wise0027=>(NSIS o)=>bzip2_solid_nsis0007
Detected with: Application.Downloader.Bt
C:\My Downloads\iMeshV4.exe=>wise0027=>(NSIS o)=>bzip2_solid_nsis0007
Disinfection failed
C:\My Downloads\iMeshV4.exe=>wise0027=>(NSIS o)=>bzip2_solid_nsis0007
Deleted
C:\My Downloads\iMeshV4.exe=>wise0027=>(NSIS o)
Update failed
C:\My Downloads\iMeshV4.exe=>wise0029=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor
C:\My Downloads\iMeshV4.exe=>wise0029=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed
C:\My Downloads\iMeshV4.exe=>wise0029=>(ZIP Sfx s)=>cd_htm.dll
Deleted
C:\My Downloads\iMeshV4.exe=>wise0029=>(ZIP Sfx s)
Updated
C:\My Downloads\iMeshV4.exe=>wise0029
Update failed
C:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001199.exe
Infected with: Trojan.Renos.NAW
C:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001199.exe
Disinfection failed
C:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001199.exe
Deleted
D:\Program Files\Alrzvghu\jmdurkme.dll
Infected with: Generic.Otuboh.CA786F03
D:\Program Files\Alrzvghu\jmdurkme.dll
Disinfection failed
D:\Program Files\Alrzvghu\jmdurkme.dll
Delete failed
D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
Infected with: Generic.Otuboh.0B1FB7FF
D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
Disinfection failed
D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
Delete failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001200.exe
Infected with: Generic.Onlinegames.5.3BA74EDB
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001200.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001200.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001201.dll
Infected with: Trojan.Agent.AFSH
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001201.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001201.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001202.dll
Infected with: Trojan.Generic.67796
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001202.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001202.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001203.dll
Infected with: Trojan.Agent.AFTJ
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001203.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001203.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001204.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001204.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001204.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001205.dll
Infected with: Trojan.Agent.AFSH
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001205.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001205.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001206.dll
Infected with: Trojan.Agent.AFSH
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001206.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001206.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001207.dll
Infected with: Trojan.Agent.AFSK
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001207.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001207.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001208.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001208.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001208.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001209.dll
Infected with: Trojan.Agent.AFSH
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001209.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001209.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001210.dll
Infected with: Trojan.Agent.AFTJ
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001210.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001210.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001211.dll
Infected with: Trojan.Vundo.DQE
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001211.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001211.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001212.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001212.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001212.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001213.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001213.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001213.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001214.dll
Infected with: Trojan.Agent.AFSK
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001214.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001214.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001215.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001215.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001215.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001216.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001216.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001216.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001217.dll
Infected with: Trojan.Agent.AFTJ
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001217.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001217.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001218.dll
Infected with: Trojan.Generic.67796
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001218.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001218.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001219.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001219.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001219.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001220.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001220.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001220.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001221.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001221.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001221.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001222.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001222.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001222.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001223.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001223.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001223.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001224.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001224.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001224.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001225.exe
Infected with: Backdoor.Generic.25462
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001225.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001225.exe
Deleted
D:\WINDOWS\system32\insfmkdh.dll
Infected with: Trojan.BHO.NYO
D:\WINDOWS\system32\insfmkdh.dll
Disinfection failed
D:\WINDOWS\system32\insfmkdh.dll
Deleted
---------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 2:21:51 PM, on 11/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\iTunes\iTunes.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - D:\WINDOWS\system32\kikxchia.dll
O2 - BHO: {1cc8a9a5-8e09-700a-8824-efd0d6abb4ec} - {ce4bba6d-0dfe-4288-a007-90e85a9a8cc1} - D:\WINDOWS\System32\jbavnkkf.dll
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\kikxchia.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\rcgoyjmc.dll",b
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: kikxchia - D:\WINDOWS\SYSTEM32\kikxchia.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
BitDefender Online Scanner
Scan report generated at: Mon, Nov 19, 2007 - 21:15:09
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;
Statistics
Time
02:09:17
Files
482200
Folders
17607
Boot Sectors
5
Archives
40526
Packed Files
16519
Results
Identified Viruses
14
Infected Files
32
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
30
Engines Info
Virus Definitions
878368
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\My Downloads\iMeshV4.exe=>wise0027=>(NSIS o)=>bzip2_solid_nsis0007
Detected with: Application.Downloader.Bt
C:\My Downloads\iMeshV4.exe=>wise0027=>(NSIS o)=>bzip2_solid_nsis0007
Disinfection failed
C:\My Downloads\iMeshV4.exe=>wise0027=>(NSIS o)=>bzip2_solid_nsis0007
Deleted
C:\My Downloads\iMeshV4.exe=>wise0027=>(NSIS o)
Update failed
C:\My Downloads\iMeshV4.exe=>wise0029=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor
C:\My Downloads\iMeshV4.exe=>wise0029=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed
C:\My Downloads\iMeshV4.exe=>wise0029=>(ZIP Sfx s)=>cd_htm.dll
Deleted
C:\My Downloads\iMeshV4.exe=>wise0029=>(ZIP Sfx s)
Updated
C:\My Downloads\iMeshV4.exe=>wise0029
Update failed
C:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001199.exe
Infected with: Trojan.Renos.NAW
C:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001199.exe
Disinfection failed
C:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001199.exe
Deleted
D:\Program Files\Alrzvghu\jmdurkme.dll
Infected with: Generic.Otuboh.CA786F03
D:\Program Files\Alrzvghu\jmdurkme.dll
Disinfection failed
D:\Program Files\Alrzvghu\jmdurkme.dll
Delete failed
D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
Infected with: Generic.Otuboh.0B1FB7FF
D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
Disinfection failed
D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
Delete failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001200.exe
Infected with: Generic.Onlinegames.5.3BA74EDB
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001200.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001200.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001201.dll
Infected with: Trojan.Agent.AFSH
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001201.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001201.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001202.dll
Infected with: Trojan.Generic.67796
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001202.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001202.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001203.dll
Infected with: Trojan.Agent.AFTJ
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001203.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001203.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001204.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001204.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001204.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001205.dll
Infected with: Trojan.Agent.AFSH
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001205.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001205.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001206.dll
Infected with: Trojan.Agent.AFSH
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001206.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001206.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001207.dll
Infected with: Trojan.Agent.AFSK
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001207.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001207.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001208.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001208.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001208.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001209.dll
Infected with: Trojan.Agent.AFSH
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001209.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001209.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001210.dll
Infected with: Trojan.Agent.AFTJ
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001210.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001210.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001211.dll
Infected with: Trojan.Vundo.DQE
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001211.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001211.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001212.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001212.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001212.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001213.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001213.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001213.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001214.dll
Infected with: Trojan.Agent.AFSK
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001214.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001214.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001215.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001215.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001215.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001216.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001216.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001216.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001217.dll
Infected with: Trojan.Agent.AFTJ
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001217.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001217.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001218.dll
Infected with: Trojan.Generic.67796
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001218.dll
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001218.dll
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001219.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001219.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001219.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001220.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001220.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001220.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001221.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001221.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001221.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001222.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001222.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001222.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001223.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001223.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001223.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001224.exe
Infected with: Trojan.Fotomoto.F
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001224.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001224.exe
Deleted
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001225.exe
Infected with: Backdoor.Generic.25462
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001225.exe
Disinfection failed
D:\System Volume Information\_restore{6BA113B1-F950-4950-AEAD-1AB0790ACF6A}\RP3\A0001225.exe
Deleted
D:\WINDOWS\system32\insfmkdh.dll
Infected with: Trojan.BHO.NYO
D:\WINDOWS\system32\insfmkdh.dll
Disinfection failed
D:\WINDOWS\system32\insfmkdh.dll
Deleted
---------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 2:21:51 PM, on 11/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\iTunes\iTunes.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - D:\WINDOWS\system32\kikxchia.dll
O2 - BHO: {1cc8a9a5-8e09-700a-8824-efd0d6abb4ec} - {ce4bba6d-0dfe-4288-a007-90e85a9a8cc1} - D:\WINDOWS\System32\jbavnkkf.dll
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\kikxchia.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\rcgoyjmc.dll",b
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: kikxchia - D:\WINDOWS\SYSTEM32\kikxchia.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
ttt
Hi Kranium31, sorry about the late reply, was out of town at a conference and got back fairly late last night.
Can you please delete the copy of vundofix you have now then follow my previous instructions to run it again.
Post both the vundofix.txt and a new hijackthis log when finished.
Can you please delete the copy of vundofix you have now then follow my previous instructions to run it again.
Post both the vundofix.txt and a new hijackthis log when finished.
ok heres the new hyjack this and vundofix logs
Logfile of HijackThis v1.99.1
Scan saved at 12:50:57 AM, on 11/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: {1cc8a9a5-8e09-700a-8824-efd0d6abb4ec} - {ce4bba6d-0dfe-4288-a007-90e85a9a8cc1} - D:\WINDOWS\System32\jbavnkkf.dll
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\rcgoyjmc.dll",b
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
---------------------------------------------------------------------------------------------------------------------------------------------
VundoFix V6.6.2
Checking Java version...
Scan started at 12:40:53 AM 11/24/2007
Listing files found while scanning....
D:\windows\system32\kikxchia.dll
D:\windows\system32\kikxchia.dllbox
Beginning removal...
Attempting to delete D:\windows\system32\kikxchia.dll
D:\windows\system32\kikxchia.dll Has been deleted!
Attempting to delete D:\windows\system32\kikxchia.dllbox
D:\windows\system32\kikxchia.dllbox Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 12:50:57 AM, on 11/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - D:\Program Files\Hrlfrkjd\vcbgsjtt.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: {1cc8a9a5-8e09-700a-8824-efd0d6abb4ec} - {ce4bba6d-0dfe-4288-a007-90e85a9a8cc1} - D:\WINDOWS\System32\jbavnkkf.dll
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\rcgoyjmc.dll",b
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
---------------------------------------------------------------------------------------------------------------------------------------------
VundoFix V6.6.2
Checking Java version...
Scan started at 12:40:53 AM 11/24/2007
Listing files found while scanning....
D:\windows\system32\kikxchia.dll
D:\windows\system32\kikxchia.dllbox
Beginning removal...
Attempting to delete D:\windows\system32\kikxchia.dll
D:\windows\system32\kikxchia.dll Has been deleted!
Attempting to delete D:\windows\system32\kikxchia.dllbox
D:\windows\system32\kikxchia.dllbox Has been deleted!
Performing Repairs to the registry.
Done!
Please download VundoFix.exe to your desktop if you don't already have it.
- Open a new notepad window
- Paste the list of files from the quote box below into the notepad window.QUOTED:\Program Files\Hrlfrkjd\vcbgsjtt.dll
D:\Program Files\Alrzvghu\jmdurkme.dll
D:\WINDOWS\System32\jbavnkkf.dll
D:\Program Files\MSN\mexola83122.dll
D:\Program Files\MSN\mexola555077.dll
D:\WINDOWS\System32\rcgoyjmc.dll - Save this as vundofix.vft and Save as type "all files".
- Double-click VundoFix.exe to run it.
- Drag vundofix.vft onto the listbox (white box) of VundoFix.
- Click the "Remove Vundo" button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
ok did that heres a new hyjack this log
Logfile of HijackThis v1.99.1
Scan saved at 4:23:05 AM, on 11/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - D:\Program Files\Hrlfrkjd\vcbgsjtt.dll (file missing)
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: {1cc8a9a5-8e09-700a-8824-efd0d6abb4ec} - {ce4bba6d-0dfe-4288-a007-90e85a9a8cc1} - D:\WINDOWS\System32\jbavnkkf.dll (file missing)
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll (file missing)
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\rcgoyjmc.dll",b
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 4:23:05 AM, on 11/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - D:\Program Files\Hrlfrkjd\vcbgsjtt.dll (file missing)
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: {1cc8a9a5-8e09-700a-8824-efd0d6abb4ec} - {ce4bba6d-0dfe-4288-a007-90e85a9a8cc1} - D:\WINDOWS\System32\jbavnkkf.dll (file missing)
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll (file missing)
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\rcgoyjmc.dll",b
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
everything seems to be gone
thanks, you were a big help
thanks, you were a big help
Not quite, please run hijack this again and place a check beside each of the following. Once done close all other windows and click fix checked.
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - D:\Program Files\Hrlfrkjd\vcbgsjtt.dll (file missing)
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll (file missing)
O2 - BHO: {1cc8a9a5-8e09-700a-8824-efd0d6abb4ec} - {ce4bba6d-0dfe-4288-a007-90e85a9a8cc1} - D:\WINDOWS\System32\jbavnkkf.dll (file missing)
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll (file missing)
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\rcgoyjmc.dll",b
Next reboot your computer and find and delete the following files and folders:
D:\Program Files\MSN\mexola4444.dll
D:\WINDOWS\System32\rcgoyjmc.dll
D:\Program Files\Hrlfrkjd\
D:\Program Files\Alrzvghu\
once you've done that reboot again and post a new hijackthis log.
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - D:\Program Files\Hrlfrkjd\vcbgsjtt.dll (file missing)
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - D:\Program Files\Alrzvghu\jmdurkme.dll (file missing)
O2 - BHO: {1cc8a9a5-8e09-700a-8824-efd0d6abb4ec} - {ce4bba6d-0dfe-4288-a007-90e85a9a8cc1} - D:\WINDOWS\System32\jbavnkkf.dll (file missing)
O2 - BHO: (no name) - {E729E55E-EABE-4FF0-B4B4-0DA26E91272C} - D:\Program Files\MSN\mexola83122.dll (file missing)
O2 - BHO: (no name) - {ec63883c-79cb-48e9-aad0-67ee0b21b209} - D:\WINDOWS\System32\rjiuhhn.dll (file missing)
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [34d31e4f] rundll32.exe "D:\WINDOWS\System32\rcgoyjmc.dll",b
Next reboot your computer and find and delete the following files and folders:
D:\Program Files\MSN\mexola4444.dll
D:\WINDOWS\System32\rcgoyjmc.dll
D:\Program Files\Hrlfrkjd\
D:\Program Files\Alrzvghu\
once you've done that reboot again and post a new hijackthis log.
everything else was deleted, but mexola4444.dll wont let me delete it
heres a new hyjack this log file
-------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:31:49 AM, on 11/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\wuauclt.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
heres a new hyjack this log file
-------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:31:49 AM, on 11/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\wuauclt.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {061BBEFA-4B8A-4C0E-B730-D255D7F32BC4} - D:\Program Files\MSN\mexola4444.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {FA638AFD-0F10-4A66-8E7E-78F58E5B8B49} - D:\Program Files\MSN\mexola555077.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
i thought everything was gone for a while, now i still have some virus software thing automatically downloading and i dont know how to get rid of it, adaware doesnt get rid of it either, this is rediculous i swear people have too much time on their hands. 
heres a new hyjack this log and an adaware log
Logfile of HijackThis v1.99.1
Scan saved at 8:09:07 PM, on 11/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\userinit.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
D:\DOCUME~1\Jay\LOCALS~1\Temp\winvsnet.exe
D:\PROGRA~1\YMBOLS~1\logonui.exe
D:\Program Files\QdrModule\QdrModule9.exe
D:\Program Files\QdrPack\QdrPack9.exe
D:\Program Files\Common Files\?ssembly\r?ndll.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Web Buying\v1.8.6\webbuying.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "D:\DOCUME~1\Jay\LOCALS~1\Temp\winvsnet.exe"
O4 - HKCU\..\Run: [Cbei] "D:\PROGRA~1\YMBOLS~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule9] "D:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [QdrPack9] "D:\Program Files\QdrPack\QdrPack9.exe"
O4 - HKCU\..\Run: [Qgpqdrq] "D:\Program Files\Common Files\?ssembly\r?ndll.exe"
O4 - HKCU\..\Run: [WinAble] D:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [WebBuying] D:\Program Files\Web Buying\v1.8.6\webbuying.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
heres a new hyjack this log and an adaware log
Logfile of HijackThis v1.99.1
Scan saved at 8:09:07 PM, on 11/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\userinit.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
D:\DOCUME~1\Jay\LOCALS~1\Temp\winvsnet.exe
D:\PROGRA~1\YMBOLS~1\logonui.exe
D:\Program Files\QdrModule\QdrModule9.exe
D:\Program Files\QdrPack\QdrPack9.exe
D:\Program Files\Common Files\?ssembly\r?ndll.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Web Buying\v1.8.6\webbuying.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "D:\DOCUME~1\Jay\LOCALS~1\Temp\winvsnet.exe"
O4 - HKCU\..\Run: [Cbei] "D:\PROGRA~1\YMBOLS~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule9] "D:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [QdrPack9] "D:\Program Files\QdrPack\QdrPack9.exe"
O4 - HKCU\..\Run: [Qgpqdrq] "D:\Program Files\Common Files\?ssembly\r?ndll.exe"
O4 - HKCU\..\Run: [WinAble] D:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [WebBuying] D:\Program Files\Web Buying\v1.8.6\webbuying.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Well it looks like you picked up a new group of infections.
Please delete the copy of Combofix I had you download earlier then do the following.
Download ComboFix from Here or Here to your Desktop.
Please delete the copy of Combofix I had you download earlier then do the following.
Download ComboFix from Here or Here to your Desktop.
- Double click combofix.exe and follow the prompts.
- When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
ok heres the combofix log and the hyjack this log
-------------------------------------------------------------------------------------------------------------------------------------------------
ComboFix 07-11-19.4 - Jay 2007-11-27 17:11:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.62 [GMT -5:00]Running from: D:\Documents and Settings\Jay\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
D:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
D:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
D:\Documents and Settings\All Users\Application Data.\salesmonitor
D:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
D:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
D:\Documents and Settings\Jay\Application Data\CROSOF~1
D:\Documents and Settings\Jay\Favorites\Online Security Guide.lnk
D:\Documents and Settings\Jay\Start Menu\Programs\Internet Speed Monitor
D:\Documents and Settings\Jay\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
D:\Documents and Settings\Jay\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
D:\Documents and Settings\Jay\Start Menu\Programs\Outerinfo
D:\Documents and Settings\Jay\Start Menu\Programs\Outerinfo\Terms.lnk
D:\Documents and Settings\Jay\Start Menu\Programs\Outerinfo\Uninstall.lnk
D:\Documents and Settings\NetworkService\Application Data\NetMon
D:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
D:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
D:\Program Files\Common Files\ssembl~1
D:\Program Files\Common Files\ssembl~1\r?ndll.exe
D:\Program Files\Common Files\Yazzle1281OinAdmin.exe
D:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
D:\Program Files\Common Files\Yazzle1552OinAdmin.exe
D:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
D:\Program Files\outerinfo
D:\Program Files\outerinfo\FF\chrome.manifest
D:\Program Files\outerinfo\FF\components\FF.dll
D:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
D:\Program Files\outerinfo\FF\install.rdf
D:\Program Files\outerinfo\OiUninstaller.exe
D:\Program Files\outerinfo\outerinfo.ico
D:\Program Files\outerinfo\Terms.rtf
D:\Program Files\QdrPack
D:\Program Files\QdrPack\dicts.gz
D:\Program Files\QdrPack\QdrPack9.exe
D:\Program Files\QdrPack\trgts.gz
D:\Program Files\Temporary
D:\Program Files\ymbols~1
D:\Program Files\ymbols~1\?ymbols\
D:\Program Files\ymbols~1\logonui.exe
D:\UGA6P
D:\WINDOWS\system32\c1
D:\WINDOWS\system32\d1
D:\WINDOWS\system32\drivers\core.cache.dsk
D:\WINDOWS\system32\drivers\core.sys
D:\WINDOWS\system32\ehhkj.bak1
D:\WINDOWS\system32\ehhkj.bak2
D:\WINDOWS\system32\ehhkj.ini
D:\WINDOWS\system32\j2
D:\WINDOWS\system32\jkhhe.dll
D:\WINDOWS\system32\m8
D:\WINDOWS\system32\m8\nsts2dll1.exe
D:\WINDOWS\system32\wiydn.dll
D:\WINDOWS\system32\wnscpisv32.exe
D:\WINDOWS\uninstall_nmon.vbs
D:\WINDOWS\wbun.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.
2007-11-27 17:10 78,912 --a------ D:\WINDOWS\system32\jxvtxjjh.dll
2007-11-27 17:07 71,232 --a------ D:\WINDOWS\system32\drnmjteg.exe
2007-11-25 20:16 1,060,864 --a------ D:\WINDOWS\system32\mfc71.dll
2007-11-25 20:16 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
2007-11-25 20:16 348,160 --a------ D:\WINDOWS\system32\msvcr71.dll
2007-11-25 20:16 24,064 --a------ D:\WINDOWS\system32\msxml3a.dll
2007-11-25 08:37 35,840 --a------ D:\WINDOWS\17PHolmes572.exe
2007-11-25 08:35 38,912 --a------ D:\WINDOWS\system32\hgggeff.dll
2007-11-25 08:34 38,912 --a------ D:\WINDOWS\system32\mljjhig.dll
2007-11-25 08:32 38,912 --a------ D:\WINDOWS\system32\fcccyyy.dll
2007-11-25 08:31 38,912 --a------ D:\WINDOWS\system32\pmnkllk.dll
2007-11-25 08:31 35,840 --a------ D:\WINDOWS\mrofinu572.exe
2007-11-25 08:31 35,840 --a------ D:\WINDOWS\mrofinu1000106.exe
2007-11-25 08:03 <DIR> d-------- D:\Program Files\QdrModule
2007-11-25 08:03 <DIR> d-------- D:\Program Files\QdrDrive
2007-11-25 08:03 35,840 --a------ D:\WINDOWS\mrofinu72.exe
2007-11-24 00:40 <DIR> d-------- D:\VundoFix Backups
2007-11-17 18:35 <DIR> d-------- D:\WINDOWS\BDOSCAN8
2007-11-17 18:26 <DIR> d-------- D:\WINDOWS\Windows Update Setup Files
2007-11-17 18:26 <DIR> d--h----- D:\WINDOWS\msdownld.tmp
2007-11-16 00:02 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2007-11-15 23:53 <DIR> d-------- D:\WINDOWS\ERUNT
2007-11-15 13:48 669,596 --ahs---- D:\WINDOWS\system32\uekdwqco.ini
2007-11-15 12:51 79,936 --a------ D:\WINDOWS\system32\suxepbpx.dll
2007-11-15 12:44 203,264 --a------ D:\WINDOWS\system32\mwisys32_071113.dll
2007-11-15 12:44 23,552 --a------ D:\WINDOWS\system32\lwisys16_071113.dll
2007-11-14 19:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Rabio
2007-11-14 19:01 144,480 --a------ D:\WINDOWS\system32\kgcdpudj.dll
2007-11-14 18:58 671,247 --ahs---- D:\WINDOWS\system32\ogurmrnc.tmp
2007-11-14 18:58 671,247 --ahs---- D:\WINDOWS\system32\ogurmrnc.ini
2007-11-14 18:55 79,424 --a------ D:\WINDOWS\system32\ihmucegi.dll
2007-11-14 17:47 79,424 --a------ D:\WINDOWS\system32\hvoywdws.dll
2007-11-14 03:26 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-14 03:25 85,056 --a------ D:\WINDOWS\system32\vcbjiknb.dll
2007-11-13 17:32 <DIR> d-------- D:\Program Files\fyfcdirw
2007-11-13 17:32 36,352 --a------ D:\WINDOWS\system32\hggdefd.dll
2007-11-13 16:53 668,993 --ahs---- D:\WINDOWS\system32\mevpgvwp.ini
2007-11-13 16:53 85,056 --a------ D:\WINDOWS\system32\pwvgpvem.dll
2007-11-13 16:50 80,448 --a------ D:\WINDOWS\system32\hwtoffev.dll
2007-11-13 11:53 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-13 11:41 80,448 --a------ D:\WINDOWS\system32\stwpinut.dll
2007-11-13 11:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\acccore
2007-11-13 11:37 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Aim
2007-11-13 00:12 <DIR> d-------- D:\Documents and Settings\Eddie\Application Data\Lavasoft
2007-11-12 15:10 144,480 --a------ D:\WINDOWS\system32\dlpsrqpd.dll
2007-11-12 15:08 590,476 --ahs---- D:\WINDOWS\system32\mnwfuffj.ini
2007-11-11 18:52 585,038 --ahs---- D:\WINDOWS\system32\ycpixust.ini
2007-11-11 18:52 88,128 --a------ D:\WINDOWS\system32\tsuxipcy.dll
2007-11-11 09:39 188 --a------ D:\WINDOWS\system32\mywehit.ini
2007-11-11 09:36 <DIR> d-------- D:\WINDOWS\system32\inf
2007-11-11 09:36 203,264 --a------ D:\WINDOWS\system32\mwisys32_071111.dll
2007-11-10 17:49 584,776 --ahs---- D:\WINDOWS\system32\obeyjjye.ini
2007-11-09 17:46 584,776 --ahs---- D:\WINDOWS\system32\fvetsnri.ini
2007-11-09 16:54 549,720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-11-09 16:54 325,976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-11-09 16:54 216,408 --a------ D:\WINDOWS\system32\wuaucpl.cpl
2007-11-09 16:54 203,096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-11-09 16:54 186,136 --a------ D:\WINDOWS\system32\wuaueng1.dll
2007-11-09 16:54 167,704 --a------ D:\WINDOWS\system32\wuaucpl.cpl.wusetup.241823046.bak
2007-11-09 16:54 167,704 --a------ D:\WINDOWS\system32\wuauclt1.exe
2007-11-09 16:54 33,624 --a------ D:\WINDOWS\system32\wups.dll
2007-11-08 23:19 584,179 --ahs---- D:\WINDOWS\system32\ycwtdxxn.ini
2007-11-08 17:06 1,156 --a------ D:\WINDOWS\mozver.dat
2007-11-08 01:17 36,352 --a------ D:\WINDOWS\system32\jkklllj.dll
2007-11-08 00:57 20,480 --a------ D:\WINDOWS\quit.exe
2007-11-07 23:16 570,249 --ahs---- D:\WINDOWS\system32\dahyvawa.ini
2007-11-07 22:19 570,161 --ahs---- D:\WINDOWS\system32\qxxoffkc.ini
2007-11-07 18:50 <DIR> d-------- D:\WINDOWS\Sun
2007-11-06 22:16 570,101 --ahs---- D:\WINDOWS\system32\lemxusif.ini
2007-11-05 20:41 83,008 --a------ D:\WINDOWS\system32\mtoewqjd.dll
2007-11-05 20:38 569,962 --ahs---- D:\WINDOWS\system32\hfdxkfui.ini
2007-11-05 20:38 85,568 --a------ D:\WINDOWS\system32\iufkxdfh.dll
2007-11-05 20:05 <DIR> d-------- D:\Program Files\Common Files\Adobe
2007-11-04 20:37 576,845 --ahs---- D:\WINDOWS\system32\mndmhsjc.ini
2007-11-04 20:34 78,912 --a------ D:\WINDOWS\system32\lcpmoqxo.dll
2007-11-04 20:34 78,912 --a------ D:\WINDOWS\system32\hkofdxud.dll
2007-11-04 20:09 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\Lavasoft
2007-11-04 08:55 <DIR> d--hs---- D:\WINDOWS\bXVzdGFuZw
2007-11-04 08:54 <DIR> d-------- D:\WINDOWS\system32\Mz08r
2007-11-04 07:29 <DIR> d-------- D:\Program Files\Java
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Shared
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Incomplete
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\LimeWire
2007-11-04 07:29 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2007-11-04 07:28 <DIR> d-------- D:\Program Files\Common Files\Java
2007-11-04 07:22 <DIR> d-------- D:\Program Files\BearShare Applications
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 13:36 38,912 ----a-w D:\WINDOWS\system32\awtqnno.dll
2007-11-10 23:55 85,056 ----a-w D:\WINDOWS\system32\accttlmc.dll
2007-11-10 22:55 81,472 ----a-w D:\WINDOWS\system32\bbaplkxx.dll
2007-11-08 06:11 36,352 ----a-w D:\WINDOWS\system32\byxwwts.dll
2007-11-05 02:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-04 13:47 --------- d-----w D:\Documents and Settings\Jay\Application Data\Apple Computer
2007-10-25 15:26 53,248 ----a-w D:\WINDOWS\bdoscandel.exe
2007-10-17 13:42 10,752 ----a-w D:\WINDOWS\system32\WhoisCL.exe
2007-10-11 21:47 245,408 ----a-w D:\WINDOWS\system32\unicows.dll
2007-10-08 22:48 --------- d-----w D:\Documents and Settings\Jay\Application Data\acccore
2007-10-08 22:37 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-10-08 21:15 --------- d-----w D:\Program Files\AIM6
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\Eddie\Application Data\acccore
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL
2007-10-08 21:14 --------- d-----w D:\Program Files\Common Files\AOL
2007-10-08 21:14 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-08 10:59 --------- d-----w D:\Program Files\iTunes
2007-10-08 10:59 --------- d-----w D:\Program Files\iPod
2007-10-08 10:58 --------- d-----w D:\Program Files\Apple Software Update
2007-10-08 10:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-10-08 03:10 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-08 03:09 --------- d-----w D:\Program Files\QuickTime
2007-10-08 02:42 --------- d-----w D:\Program Files\AIM95
2007-10-08 01:32 21,035 ----a-w D:\WINDOWS\system32\drivers\AegisP.sys
2007-10-08 01:31 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-10-08 01:31 --------- d-----w D:\Program Files\Belkin
2007-09-17 06:10 356,352 ----a-w D:\WINDOWS\system32\NVUNINST.EXE
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvwddi.dll
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvmctray.dll
2007-09-17 05:07 8,491,008 ----a-w D:\WINDOWS\system32\nvcpl.dll
2007-09-17 05:07 753,664 ----a-w D:\WINDOWS\system32\nvcplui.exe
2007-09-17 05:07 6,746,112 ----a-w D:\WINDOWS\system32\nvoglnt.dll
2007-09-17 05:07 6,344,704 ----a-w D:\WINDOWS\system32\nvdisps.dll
2007-09-17 05:07 5,783,040 ----a-w D:\WINDOWS\system32\nv4_disp.dll
2007-09-17 05:07 466,944 ----a-w D:\WINDOWS\system32\nvshell.dll
2007-09-17 05:07 45,056 ----a-w D:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 05:07 442,368 ----a-w D:\WINDOWS\system32\nvappbar.exe
2007-09-17 05:07 425,984 ----a-w D:\WINDOWS\system32\keystone.exe
2007-09-17 05:07 364,544 ----a-w D:\WINDOWS\system32\nvapi.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcodins.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcod.dll
2007-09-17 05:07 356,352 ----a-w D:\WINDOWS\system32\nvudisp.exe
2007-09-17 05:07 307,200 ----a-w D:\WINDOWS\system32\nvexpbar.dll
2007-09-17 05:07 3,551,232 ----a-w D:\WINDOWS\system32\nvvitvs.dll
2007-09-17 05:07 3,334,144 ----a-w D:\WINDOWS\system32\nvgames.dll
2007-09-17 05:07 286,720 ----a-w D:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 05:07 229,376 ----a-w D:\WINDOWS\system32\nvmccs.dll
2007-09-17 05:07 2,371,584 ----a-w D:\WINDOWS\system32\nvwss.dll
2007-09-17 05:07 188,416 ----a-w D:\WINDOWS\system32\nvmccss.dll
2007-09-17 05:07 155,716 ----a-w D:\WINDOWS\system32\nvsvc32.exe
2007-09-17 05:07 147,456 ----a-w D:\WINDOWS\system32\nvcolor.exe
2007-09-17 05:07 1,703,936 ----a-w D:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 05:07 1,478,656 ----a-w D:\WINDOWS\system32\nview.dll
2007-09-17 05:07 1,339,392 ----a-w D:\WINDOWS\system32\nvdspsch.exe
2007-09-17 05:07 1,150,976 ----a-w D:\WINDOWS\system32\nvmobls.dll
2007-09-17 05:07 1,019,904 ----a-w D:\WINDOWS\system32\nvwimg.dll
2005-07-29 21:24 472 --sha-r D:\WINDOWS\bXVzdGFuZw\vrpWx3IRtT.vbs
.
((((((((((((((((((((((((((((( snapshot@2007-11-15_16.01.23.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-17 23:35:23 45,056 ----a-w D:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-11-17 23:35:24 10,240 ----a-w D:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-11-17 23:35:24 27,136 ----a-w D:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-11-17 23:35:28 181,760 ----a-w D:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2007-11-17 23:35:28 77,824 ----a-w D:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w D:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-11-17 23:35:29 142,848 ----a-w D:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-11-17 23:35:24 86,016 ----a-w D:\WINDOWS\BDOSCAN8\librtvr.dll
- 2007-10-29 23:56:19 136,192 ----a-w D:\WINDOWS\catchme.exe
+ 2007-11-08 21:59:01 136,704 ----a-w D:\WINDOWS\catchme.exe
+ 2007-10-25 15:26:48 118,784 ----a-w D:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w D:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2007-11-14 04:40:48 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-16 04:53:30 536,576 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-11-16 04:53:30 8,192 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-14 04:40:48 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-16 04:53:26 536,576 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-11-16 04:53:26 8,192 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2004-10-07 18:39:30 89,088 ----a-w D:\WINDOWS\system32\atl71.dll
+ 2004-11-02 18:41:52 516,832 ----a-w D:\WINDOWS\system32\capicom.dll
- 2007-11-15 21:00:45 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-27 22:22:03 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-15 21:00:45 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-27 22:22:03 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-15 21:00:45 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-27 22:22:03 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-30 21:14:41 39,992 ----a-w D:\WINDOWS\system32\perfc009.dat
+ 2007-11-15 21:27:48 39,992 ----a-w D:\WINDOWS\system32\perfc009.dat
- 2007-10-30 21:14:41 311,604 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2007-11-15 21:27:48 311,604 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2007-11-17 18:00:26 491,768 ----a-w D:\WINDOWS\Windows Update Setup Files\ie6setup.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
2007-11-25 08:31 38912 --a------ D:\WINDOWS\System32\pmnkllk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A020964-25C2-4711-8006-3306D07E2C31}]
D:\Program Files\MSN\mexola83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CAC4110-D127-4E37-836B-875141D6DF16}]
D:\Program Files\MSN\mexola4444.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72E2C46B-461D-4EC1-7EB0-471B95DD9157}]
D:\Program Files\ComPlus Applications\qukafope.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
D:\Program Files\QdrDrive\QdrDrive8.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B78CFC34-11AA-4E0B-892C-4DE670F65C94}]
D:\WINDOWS\System32\pgeprily.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf0d1df9-41fc-46f1-8fc1-79cce06dde9e}]
2007-11-27 17:10 78912 --a------ D:\WINDOWS\System32\jxvtxjjh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Cbei"="D:\PROGRA~1\YMBOLS~1\logonui.exe" []
"QdrModule9"="D:\Program Files\QdrModule\QdrModule9.exe" [2007-11-01 14:51]
"Qgpqdrq"="D:\Program Files\Common Files\?ssembly\r?ndll.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 07:00 D:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2001-08-23 07:00 D:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2006-01-11 12:05]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2005-09-22 18:29]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"= D:\WINDOWS\System32\pmnkllk.dll [2007-11-25 08:31 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkllk]
pmnkllk.dll 2007-11-25 08:31 38912 D:\WINDOWS\system32\pmnkllk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 D:\WINDOWS\System32\jkhhe.dll
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;D:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys
R3 SjyPkt;SjyPkt;\??\D:\WINDOWS\System32\Drivers\SjyPkt.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 19:17:11 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 17:22:41
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-27 17:23:06 - machine was rebooted
D:\ComboFix2.txt ... 2007-11-15 17:24
D:\ComboFix3.txt ... 2007-11-15 16:01
.
--- E O F ---
---------------------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:23:28 PM, on 11/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\QdrModule\QdrModule9.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - D:\WINDOWS\System32\pmnkllk.dll
O2 - BHO: (no name) - {4A020964-25C2-4711-8006-3306D07E2C31} - D:\Program Files\MSN\mexola83122.dll (file missing)
O2 - BHO: (no name) - {4CAC4110-D127-4E37-836B-875141D6DF16} - D:\Program Files\MSN\mexola4444.dll (file missing)
O2 - BHO: 0 - {72E2C46B-461D-4EC1-7EB0-471B95DD9157} - D:\Program Files\ComPlus Applications\qukafope.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - D:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: (no name) - {B78CFC34-11AA-4E0B-892C-4DE670F65C94} - D:\WINDOWS\System32\pgeprily.dll (file missing)
O2 - BHO: {e9edd60e-cc97-1cf8-1f64-cf149fd1d0fb} - {bf0d1df9-41fc-46f1-8fc1-79cce06dde9e} - D:\WINDOWS\System32\jxvtxjjh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [Cbei] "D:\PROGRA~1\YMBOLS~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule9] "D:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Qgpqdrq] "D:\Program Files\Common Files\?ssembly\r?ndll.exe"
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: pmnkllk - D:\WINDOWS\SYSTEM32\pmnkllk.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
-------------------------------------------------------------------------------------------------------------------------------------------------
ComboFix 07-11-19.4 - Jay 2007-11-27 17:11:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.62 [GMT -5:00]Running from: D:\Documents and Settings\Jay\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
D:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
D:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
D:\Documents and Settings\All Users\Application Data.\salesmonitor
D:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
D:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
D:\Documents and Settings\Jay\Application Data\CROSOF~1
D:\Documents and Settings\Jay\Favorites\Online Security Guide.lnk
D:\Documents and Settings\Jay\Start Menu\Programs\Internet Speed Monitor
D:\Documents and Settings\Jay\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
D:\Documents and Settings\Jay\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
D:\Documents and Settings\Jay\Start Menu\Programs\Outerinfo
D:\Documents and Settings\Jay\Start Menu\Programs\Outerinfo\Terms.lnk
D:\Documents and Settings\Jay\Start Menu\Programs\Outerinfo\Uninstall.lnk
D:\Documents and Settings\NetworkService\Application Data\NetMon
D:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
D:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
D:\Program Files\Common Files\ssembl~1
D:\Program Files\Common Files\ssembl~1\r?ndll.exe
D:\Program Files\Common Files\Yazzle1281OinAdmin.exe
D:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
D:\Program Files\Common Files\Yazzle1552OinAdmin.exe
D:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
D:\Program Files\outerinfo
D:\Program Files\outerinfo\FF\chrome.manifest
D:\Program Files\outerinfo\FF\components\FF.dll
D:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
D:\Program Files\outerinfo\FF\install.rdf
D:\Program Files\outerinfo\OiUninstaller.exe
D:\Program Files\outerinfo\outerinfo.ico
D:\Program Files\outerinfo\Terms.rtf
D:\Program Files\QdrPack
D:\Program Files\QdrPack\dicts.gz
D:\Program Files\QdrPack\QdrPack9.exe
D:\Program Files\QdrPack\trgts.gz
D:\Program Files\Temporary
D:\Program Files\ymbols~1
D:\Program Files\ymbols~1\?ymbols\
D:\Program Files\ymbols~1\logonui.exe
D:\UGA6P
D:\WINDOWS\system32\c1
D:\WINDOWS\system32\d1
D:\WINDOWS\system32\drivers\core.cache.dsk
D:\WINDOWS\system32\drivers\core.sys
D:\WINDOWS\system32\ehhkj.bak1
D:\WINDOWS\system32\ehhkj.bak2
D:\WINDOWS\system32\ehhkj.ini
D:\WINDOWS\system32\j2
D:\WINDOWS\system32\jkhhe.dll
D:\WINDOWS\system32\m8
D:\WINDOWS\system32\m8\nsts2dll1.exe
D:\WINDOWS\system32\wiydn.dll
D:\WINDOWS\system32\wnscpisv32.exe
D:\WINDOWS\uninstall_nmon.vbs
D:\WINDOWS\wbun.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.
2007-11-27 17:10 78,912 --a------ D:\WINDOWS\system32\jxvtxjjh.dll
2007-11-27 17:07 71,232 --a------ D:\WINDOWS\system32\drnmjteg.exe
2007-11-25 20:16 1,060,864 --a------ D:\WINDOWS\system32\mfc71.dll
2007-11-25 20:16 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
2007-11-25 20:16 348,160 --a------ D:\WINDOWS\system32\msvcr71.dll
2007-11-25 20:16 24,064 --a------ D:\WINDOWS\system32\msxml3a.dll
2007-11-25 08:37 35,840 --a------ D:\WINDOWS\17PHolmes572.exe
2007-11-25 08:35 38,912 --a------ D:\WINDOWS\system32\hgggeff.dll
2007-11-25 08:34 38,912 --a------ D:\WINDOWS\system32\mljjhig.dll
2007-11-25 08:32 38,912 --a------ D:\WINDOWS\system32\fcccyyy.dll
2007-11-25 08:31 38,912 --a------ D:\WINDOWS\system32\pmnkllk.dll
2007-11-25 08:31 35,840 --a------ D:\WINDOWS\mrofinu572.exe
2007-11-25 08:31 35,840 --a------ D:\WINDOWS\mrofinu1000106.exe
2007-11-25 08:03 <DIR> d-------- D:\Program Files\QdrModule
2007-11-25 08:03 <DIR> d-------- D:\Program Files\QdrDrive
2007-11-25 08:03 35,840 --a------ D:\WINDOWS\mrofinu72.exe
2007-11-24 00:40 <DIR> d-------- D:\VundoFix Backups
2007-11-17 18:35 <DIR> d-------- D:\WINDOWS\BDOSCAN8
2007-11-17 18:26 <DIR> d-------- D:\WINDOWS\Windows Update Setup Files
2007-11-17 18:26 <DIR> d--h----- D:\WINDOWS\msdownld.tmp
2007-11-16 00:02 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2007-11-15 23:53 <DIR> d-------- D:\WINDOWS\ERUNT
2007-11-15 13:48 669,596 --ahs---- D:\WINDOWS\system32\uekdwqco.ini
2007-11-15 12:51 79,936 --a------ D:\WINDOWS\system32\suxepbpx.dll
2007-11-15 12:44 203,264 --a------ D:\WINDOWS\system32\mwisys32_071113.dll
2007-11-15 12:44 23,552 --a------ D:\WINDOWS\system32\lwisys16_071113.dll
2007-11-14 19:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Rabio
2007-11-14 19:01 144,480 --a------ D:\WINDOWS\system32\kgcdpudj.dll
2007-11-14 18:58 671,247 --ahs---- D:\WINDOWS\system32\ogurmrnc.tmp
2007-11-14 18:58 671,247 --ahs---- D:\WINDOWS\system32\ogurmrnc.ini
2007-11-14 18:55 79,424 --a------ D:\WINDOWS\system32\ihmucegi.dll
2007-11-14 17:47 79,424 --a------ D:\WINDOWS\system32\hvoywdws.dll
2007-11-14 03:26 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-14 03:25 85,056 --a------ D:\WINDOWS\system32\vcbjiknb.dll
2007-11-13 17:32 <DIR> d-------- D:\Program Files\fyfcdirw
2007-11-13 17:32 36,352 --a------ D:\WINDOWS\system32\hggdefd.dll
2007-11-13 16:53 668,993 --ahs---- D:\WINDOWS\system32\mevpgvwp.ini
2007-11-13 16:53 85,056 --a------ D:\WINDOWS\system32\pwvgpvem.dll
2007-11-13 16:50 80,448 --a------ D:\WINDOWS\system32\hwtoffev.dll
2007-11-13 11:53 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-13 11:41 80,448 --a------ D:\WINDOWS\system32\stwpinut.dll
2007-11-13 11:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\acccore
2007-11-13 11:37 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Aim
2007-11-13 00:12 <DIR> d-------- D:\Documents and Settings\Eddie\Application Data\Lavasoft
2007-11-12 15:10 144,480 --a------ D:\WINDOWS\system32\dlpsrqpd.dll
2007-11-12 15:08 590,476 --ahs---- D:\WINDOWS\system32\mnwfuffj.ini
2007-11-11 18:52 585,038 --ahs---- D:\WINDOWS\system32\ycpixust.ini
2007-11-11 18:52 88,128 --a------ D:\WINDOWS\system32\tsuxipcy.dll
2007-11-11 09:39 188 --a------ D:\WINDOWS\system32\mywehit.ini
2007-11-11 09:36 <DIR> d-------- D:\WINDOWS\system32\inf
2007-11-11 09:36 203,264 --a------ D:\WINDOWS\system32\mwisys32_071111.dll
2007-11-10 17:49 584,776 --ahs---- D:\WINDOWS\system32\obeyjjye.ini
2007-11-09 17:46 584,776 --ahs---- D:\WINDOWS\system32\fvetsnri.ini
2007-11-09 16:54 549,720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-11-09 16:54 325,976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-11-09 16:54 216,408 --a------ D:\WINDOWS\system32\wuaucpl.cpl
2007-11-09 16:54 203,096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-11-09 16:54 186,136 --a------ D:\WINDOWS\system32\wuaueng1.dll
2007-11-09 16:54 167,704 --a------ D:\WINDOWS\system32\wuaucpl.cpl.wusetup.241823046.bak
2007-11-09 16:54 167,704 --a------ D:\WINDOWS\system32\wuauclt1.exe
2007-11-09 16:54 33,624 --a------ D:\WINDOWS\system32\wups.dll
2007-11-08 23:19 584,179 --ahs---- D:\WINDOWS\system32\ycwtdxxn.ini
2007-11-08 17:06 1,156 --a------ D:\WINDOWS\mozver.dat
2007-11-08 01:17 36,352 --a------ D:\WINDOWS\system32\jkklllj.dll
2007-11-08 00:57 20,480 --a------ D:\WINDOWS\quit.exe
2007-11-07 23:16 570,249 --ahs---- D:\WINDOWS\system32\dahyvawa.ini
2007-11-07 22:19 570,161 --ahs---- D:\WINDOWS\system32\qxxoffkc.ini
2007-11-07 18:50 <DIR> d-------- D:\WINDOWS\Sun
2007-11-06 22:16 570,101 --ahs---- D:\WINDOWS\system32\lemxusif.ini
2007-11-05 20:41 83,008 --a------ D:\WINDOWS\system32\mtoewqjd.dll
2007-11-05 20:38 569,962 --ahs---- D:\WINDOWS\system32\hfdxkfui.ini
2007-11-05 20:38 85,568 --a------ D:\WINDOWS\system32\iufkxdfh.dll
2007-11-05 20:05 <DIR> d-------- D:\Program Files\Common Files\Adobe
2007-11-04 20:37 576,845 --ahs---- D:\WINDOWS\system32\mndmhsjc.ini
2007-11-04 20:34 78,912 --a------ D:\WINDOWS\system32\lcpmoqxo.dll
2007-11-04 20:34 78,912 --a------ D:\WINDOWS\system32\hkofdxud.dll
2007-11-04 20:09 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\Lavasoft
2007-11-04 08:55 <DIR> d--hs---- D:\WINDOWS\bXVzdGFuZw
2007-11-04 08:54 <DIR> d-------- D:\WINDOWS\system32\Mz08r
2007-11-04 07:29 <DIR> d-------- D:\Program Files\Java
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Shared
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Incomplete
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\LimeWire
2007-11-04 07:29 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2007-11-04 07:28 <DIR> d-------- D:\Program Files\Common Files\Java
2007-11-04 07:22 <DIR> d-------- D:\Program Files\BearShare Applications
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 13:36 38,912 ----a-w D:\WINDOWS\system32\awtqnno.dll
2007-11-10 23:55 85,056 ----a-w D:\WINDOWS\system32\accttlmc.dll
2007-11-10 22:55 81,472 ----a-w D:\WINDOWS\system32\bbaplkxx.dll
2007-11-08 06:11 36,352 ----a-w D:\WINDOWS\system32\byxwwts.dll
2007-11-05 02:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-04 13:47 --------- d-----w D:\Documents and Settings\Jay\Application Data\Apple Computer
2007-10-25 15:26 53,248 ----a-w D:\WINDOWS\bdoscandel.exe
2007-10-17 13:42 10,752 ----a-w D:\WINDOWS\system32\WhoisCL.exe
2007-10-11 21:47 245,408 ----a-w D:\WINDOWS\system32\unicows.dll
2007-10-08 22:48 --------- d-----w D:\Documents and Settings\Jay\Application Data\acccore
2007-10-08 22:37 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-10-08 21:15 --------- d-----w D:\Program Files\AIM6
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\Eddie\Application Data\acccore
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL
2007-10-08 21:14 --------- d-----w D:\Program Files\Common Files\AOL
2007-10-08 21:14 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-08 10:59 --------- d-----w D:\Program Files\iTunes
2007-10-08 10:59 --------- d-----w D:\Program Files\iPod
2007-10-08 10:58 --------- d-----w D:\Program Files\Apple Software Update
2007-10-08 10:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-10-08 03:10 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-08 03:09 --------- d-----w D:\Program Files\QuickTime
2007-10-08 02:42 --------- d-----w D:\Program Files\AIM95
2007-10-08 01:32 21,035 ----a-w D:\WINDOWS\system32\drivers\AegisP.sys
2007-10-08 01:31 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-10-08 01:31 --------- d-----w D:\Program Files\Belkin
2007-09-17 06:10 356,352 ----a-w D:\WINDOWS\system32\NVUNINST.EXE
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvwddi.dll
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvmctray.dll
2007-09-17 05:07 8,491,008 ----a-w D:\WINDOWS\system32\nvcpl.dll
2007-09-17 05:07 753,664 ----a-w D:\WINDOWS\system32\nvcplui.exe
2007-09-17 05:07 6,746,112 ----a-w D:\WINDOWS\system32\nvoglnt.dll
2007-09-17 05:07 6,344,704 ----a-w D:\WINDOWS\system32\nvdisps.dll
2007-09-17 05:07 5,783,040 ----a-w D:\WINDOWS\system32\nv4_disp.dll
2007-09-17 05:07 466,944 ----a-w D:\WINDOWS\system32\nvshell.dll
2007-09-17 05:07 45,056 ----a-w D:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 05:07 442,368 ----a-w D:\WINDOWS\system32\nvappbar.exe
2007-09-17 05:07 425,984 ----a-w D:\WINDOWS\system32\keystone.exe
2007-09-17 05:07 364,544 ----a-w D:\WINDOWS\system32\nvapi.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcodins.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcod.dll
2007-09-17 05:07 356,352 ----a-w D:\WINDOWS\system32\nvudisp.exe
2007-09-17 05:07 307,200 ----a-w D:\WINDOWS\system32\nvexpbar.dll
2007-09-17 05:07 3,551,232 ----a-w D:\WINDOWS\system32\nvvitvs.dll
2007-09-17 05:07 3,334,144 ----a-w D:\WINDOWS\system32\nvgames.dll
2007-09-17 05:07 286,720 ----a-w D:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 05:07 229,376 ----a-w D:\WINDOWS\system32\nvmccs.dll
2007-09-17 05:07 2,371,584 ----a-w D:\WINDOWS\system32\nvwss.dll
2007-09-17 05:07 188,416 ----a-w D:\WINDOWS\system32\nvmccss.dll
2007-09-17 05:07 155,716 ----a-w D:\WINDOWS\system32\nvsvc32.exe
2007-09-17 05:07 147,456 ----a-w D:\WINDOWS\system32\nvcolor.exe
2007-09-17 05:07 1,703,936 ----a-w D:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 05:07 1,478,656 ----a-w D:\WINDOWS\system32\nview.dll
2007-09-17 05:07 1,339,392 ----a-w D:\WINDOWS\system32\nvdspsch.exe
2007-09-17 05:07 1,150,976 ----a-w D:\WINDOWS\system32\nvmobls.dll
2007-09-17 05:07 1,019,904 ----a-w D:\WINDOWS\system32\nvwimg.dll
2005-07-29 21:24 472 --sha-r D:\WINDOWS\bXVzdGFuZw\vrpWx3IRtT.vbs
.
((((((((((((((((((((((((((((( snapshot@2007-11-15_16.01.23.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-17 23:35:23 45,056 ----a-w D:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-11-17 23:35:24 10,240 ----a-w D:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-11-17 23:35:24 27,136 ----a-w D:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-11-17 23:35:28 181,760 ----a-w D:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2007-11-17 23:35:28 77,824 ----a-w D:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w D:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-11-17 23:35:29 142,848 ----a-w D:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-11-17 23:35:24 86,016 ----a-w D:\WINDOWS\BDOSCAN8\librtvr.dll
- 2007-10-29 23:56:19 136,192 ----a-w D:\WINDOWS\catchme.exe
+ 2007-11-08 21:59:01 136,704 ----a-w D:\WINDOWS\catchme.exe
+ 2007-10-25 15:26:48 118,784 ----a-w D:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w D:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2007-11-14 04:40:48 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-16 04:53:30 536,576 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-11-16 04:53:30 8,192 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-14 04:40:48 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-16 04:53:26 536,576 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-11-16 04:53:26 8,192 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2004-10-07 18:39:30 89,088 ----a-w D:\WINDOWS\system32\atl71.dll
+ 2004-11-02 18:41:52 516,832 ----a-w D:\WINDOWS\system32\capicom.dll
- 2007-11-15 21:00:45 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-27 22:22:03 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-15 21:00:45 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-27 22:22:03 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-15 21:00:45 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-27 22:22:03 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-30 21:14:41 39,992 ----a-w D:\WINDOWS\system32\perfc009.dat
+ 2007-11-15 21:27:48 39,992 ----a-w D:\WINDOWS\system32\perfc009.dat
- 2007-10-30 21:14:41 311,604 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2007-11-15 21:27:48 311,604 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2007-11-17 18:00:26 491,768 ----a-w D:\WINDOWS\Windows Update Setup Files\ie6setup.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
2007-11-25 08:31 38912 --a------ D:\WINDOWS\System32\pmnkllk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A020964-25C2-4711-8006-3306D07E2C31}]
D:\Program Files\MSN\mexola83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CAC4110-D127-4E37-836B-875141D6DF16}]
D:\Program Files\MSN\mexola4444.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72E2C46B-461D-4EC1-7EB0-471B95DD9157}]
D:\Program Files\ComPlus Applications\qukafope.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
D:\Program Files\QdrDrive\QdrDrive8.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B78CFC34-11AA-4E0B-892C-4DE670F65C94}]
D:\WINDOWS\System32\pgeprily.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf0d1df9-41fc-46f1-8fc1-79cce06dde9e}]
2007-11-27 17:10 78912 --a------ D:\WINDOWS\System32\jxvtxjjh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Cbei"="D:\PROGRA~1\YMBOLS~1\logonui.exe" []
"QdrModule9"="D:\Program Files\QdrModule\QdrModule9.exe" [2007-11-01 14:51]
"Qgpqdrq"="D:\Program Files\Common Files\?ssembly\r?ndll.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 07:00 D:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2001-08-23 07:00 D:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2006-01-11 12:05]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2005-09-22 18:29]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"= D:\WINDOWS\System32\pmnkllk.dll [2007-11-25 08:31 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkllk]
pmnkllk.dll 2007-11-25 08:31 38912 D:\WINDOWS\system32\pmnkllk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 D:\WINDOWS\System32\jkhhe.dll
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;D:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys
R3 SjyPkt;SjyPkt;\??\D:\WINDOWS\System32\Drivers\SjyPkt.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 19:17:11 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 17:22:41
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-27 17:23:06 - machine was rebooted
D:\ComboFix2.txt ... 2007-11-15 17:24
D:\ComboFix3.txt ... 2007-11-15 16:01
.
--- E O F ---
---------------------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:23:28 PM, on 11/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\QdrModule\QdrModule9.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - D:\WINDOWS\System32\pmnkllk.dll
O2 - BHO: (no name) - {4A020964-25C2-4711-8006-3306D07E2C31} - D:\Program Files\MSN\mexola83122.dll (file missing)
O2 - BHO: (no name) - {4CAC4110-D127-4E37-836B-875141D6DF16} - D:\Program Files\MSN\mexola4444.dll (file missing)
O2 - BHO: 0 - {72E2C46B-461D-4EC1-7EB0-471B95DD9157} - D:\Program Files\ComPlus Applications\qukafope.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - D:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: (no name) - {B78CFC34-11AA-4E0B-892C-4DE670F65C94} - D:\WINDOWS\System32\pgeprily.dll (file missing)
O2 - BHO: {e9edd60e-cc97-1cf8-1f64-cf149fd1d0fb} - {bf0d1df9-41fc-46f1-8fc1-79cce06dde9e} - D:\WINDOWS\System32\jxvtxjjh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [Cbei] "D:\PROGRA~1\YMBOLS~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule9] "D:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Qgpqdrq] "D:\Program Files\Common Files\?ssembly\r?ndll.exe"
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: pmnkllk - D:\WINDOWS\SYSTEM32\pmnkllk.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
QUOTE(Malakk @ Nov 27 2007, 06:50 PM)
I have a similar problem I was wondering if anyone could tell me how to remove spyware from my computer. I have Security programs but they dont seem to be doing anything.
as you can see its quite involved to get rid of you need to start your own thread
haha
ok
well
ill just take the time to figure it out on my own
thanks anyway
ok
well
ill just take the time to figure it out on my own
thanks anyway
First thing I need you to do is go to http://www.uploadmalware.com click the browse button and locate C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader
In that directory there will be 2 files with names that start with qmgr and are dat files select one to be uploaded then do the same for the other one.
Then click the Send Files button, once you've done that please continue with the following instructions.
Please download >>ComboFix<< by sUBs:
NOTE: In the event you already have ComboFix, Please delete it, this is a new version that I need you to download.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
In that directory there will be 2 files with names that start with qmgr and are dat files select one to be uploaded then do the same for the other one.
Then click the Send Files button, once you've done that please continue with the following instructions.
Please download >>ComboFix<< by sUBs:
NOTE: In the event you already have ComboFix, Please delete it, this is a new version that I need you to download.
- Save it to your desktop.
- Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: CODEFile::
D:\WINDOWS\system32\jxvtxjjh.dll
D:\WINDOWS\system32\drnmjteg.exe
D:\WINDOWS\17PHolmes572.exe
D:\WINDOWS\system32\hgggeff.dll
D:\WINDOWS\system32\mljjhig.dll
D:\WINDOWS\system32\fcccyyy.dll
D:\WINDOWS\system32\pmnkllk.dll
D:\WINDOWS\mrofinu572.exe
D:\WINDOWS\mrofinu1000106.exe
D:\WINDOWS\mrofinu72.exe
D:\WINDOWS\system32\uekdwqco.ini
D:\WINDOWS\system32\suxepbpx.dll
D:\WINDOWS\system32\mwisys32_071113.dll
D:\WINDOWS\system32\lwisys16_071113.dll
D:\WINDOWS\system32\kgcdpudj.dll
D:\WINDOWS\system32\ogurmrnc.tmp
D:\WINDOWS\system32\ogurmrnc.ini
D:\WINDOWS\system32\ihmucegi.dll
D:\WINDOWS\system32\hvoywdws.dll
D:\WINDOWS\system32\vcbjiknb.dll
D:\WINDOWS\system32\hggdefd.dll
D:\WINDOWS\system32\mevpgvwp.ini
D:\WINDOWS\system32\pwvgpvem.dll
D:\WINDOWS\system32\hwtoffev.dll
D:\WINDOWS\system32\stwpinut.dll
D:\WINDOWS\system32\dlpsrqpd.dll
D:\WINDOWS\system32\mnwfuffj.ini
D:\WINDOWS\system32\ycpixust.ini
D:\WINDOWS\system32\tsuxipcy.dll
D:\WINDOWS\system32\mywehit.ini
D:\WINDOWS\system32\mwisys32_071111.dll
D:\WINDOWS\system32\obeyjjye.ini
D:\WINDOWS\system32\fvetsnri.ini
D:\WINDOWS\system32\ycwtdxxn.ini
D:\WINDOWS\system32\jkklllj.dll
D:\WINDOWS\system32\dahyvawa.ini
D:\WINDOWS\system32\qxxoffkc.ini
D:\WINDOWS\system32\lemxusif.ini
D:\WINDOWS\system32\mtoewqjd.dll
D:\WINDOWS\system32\hfdxkfui.ini
D:\WINDOWS\system32\iufkxdfh.dll
D:\WINDOWS\system32\mndmhsjc.ini
D:\WINDOWS\system32\lcpmoqxo.dll
D:\WINDOWS\system32\hkofdxud.dll
D:\WINDOWS\system32\awtqnno.dll
D:\WINDOWS\system32\accttlmc.dll
D:\WINDOWS\system32\bbaplkxx.dll
D:\WINDOWS\system32\byxwwts.dll
Folder::
D:\Program Files\QdrModule
D:\Program Files\QdrDrive
D:\Documents and Settings\All Users\Application Data\Rabio
D:\Program Files\fyfcdirw
D:\WINDOWS\bXVzdGFuZw
D:\WINDOWS\system32\Mz08r
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A020964-25C2-4711-8006-3306D07E2C31}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CAC4110-D127-4E37-836B-875141D6DF16}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72E2C46B-461D-4EC1-7EB0-471B95DD9157}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B78CFC34-11AA-4E0B-892C-4DE670F65C94}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf0d1df9-41fc-46f1-8fc1-79cce06dde9e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cbei"=-
"QdrModule9"=-
"Qgpqdrq"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkllk]
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
ok heres the new log
ComboFix 07-11-19.4C - Jay 2007-11-28 17:26:16.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.95 [GMT -5:00]
Running from: D:\Documents and Settings\Jay\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Jay\Desktop\CFScript.txt
* Created a new restore point
FILE
D:\WINDOWS\17PHolmes572.exe
D:\WINDOWS\mrofinu1000106.exe
D:\WINDOWS\mrofinu572.exe
D:\WINDOWS\mrofinu72.exe
D:\WINDOWS\system32\accttlmc.dll
D:\WINDOWS\system32\awtqnno.dll
D:\WINDOWS\system32\bbaplkxx.dll
D:\WINDOWS\system32\byxwwts.dll
D:\WINDOWS\system32\dahyvawa.ini
D:\WINDOWS\system32\dlpsrqpd.dll
D:\WINDOWS\system32\drnmjteg.exe
D:\WINDOWS\system32\fcccyyy.dll
D:\WINDOWS\system32\fvetsnri.ini
D:\WINDOWS\system32\hfdxkfui.ini
D:\WINDOWS\system32\hggdefd.dll
D:\WINDOWS\system32\hgggeff.dll
D:\WINDOWS\system32\hkofdxud.dll
D:\WINDOWS\system32\hvoywdws.dll
D:\WINDOWS\system32\hwtoffev.dll
D:\WINDOWS\system32\ihmucegi.dll
D:\WINDOWS\system32\iufkxdfh.dll
D:\WINDOWS\system32\jkklllj.dll
D:\WINDOWS\system32\jxvtxjjh.dll
D:\WINDOWS\system32\kgcdpudj.dll
D:\WINDOWS\system32\lcpmoqxo.dll
D:\WINDOWS\system32\lemxusif.ini
D:\WINDOWS\system32\lwisys16_071113.dll
D:\WINDOWS\system32\mevpgvwp.ini
D:\WINDOWS\system32\mljjhig.dll
D:\WINDOWS\system32\mndmhsjc.ini
D:\WINDOWS\system32\mnwfuffj.ini
D:\WINDOWS\system32\mtoewqjd.dll
D:\WINDOWS\system32\mwisys32_071111.dll
D:\WINDOWS\system32\mwisys32_071113.dll
D:\WINDOWS\system32\mywehit.ini
D:\WINDOWS\system32\obeyjjye.ini
D:\WINDOWS\system32\ogurmrnc.ini
D:\WINDOWS\system32\ogurmrnc.tmp
D:\WINDOWS\system32\pmnkllk.dll
D:\WINDOWS\system32\pwvgpvem.dll
D:\WINDOWS\system32\qxxoffkc.ini
D:\WINDOWS\system32\stwpinut.dll
D:\WINDOWS\system32\suxepbpx.dll
D:\WINDOWS\system32\tsuxipcy.dll
D:\WINDOWS\system32\uekdwqco.ini
D:\WINDOWS\system32\vcbjiknb.dll
D:\WINDOWS\system32\ycpixust.ini
D:\WINDOWS\system32\ycwtdxxn.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\All Users\Application Data\Rabio
D:\Program Files\fyfcdirw
D:\Program Files\fyfcdirw\ngpmlqda.dll
D:\Program Files\QdrDrive
D:\Program Files\QdrDrive\qdrloader.exe
D:\Program Files\QdrModule
D:\Program Files\QdrModule\dic.gz
D:\Program Files\QdrModule\kwd.gz
D:\Program Files\QdrModule\QdrModule9.exe
D:\WINDOWS\17PHolmes572.exe
D:\WINDOWS\bXVzdGFuZw
D:\WINDOWS\bXVzdGFuZw\vrpWx3IRtT.vbs
D:\WINDOWS\mrofinu1000106.exe
D:\WINDOWS\mrofinu572.exe
D:\WINDOWS\mrofinu72.exe
D:\WINDOWS\system32\accttlmc.dll
D:\WINDOWS\system32\awtqnno.dll
D:\WINDOWS\system32\bbaplkxx.dll
D:\WINDOWS\system32\byxwwts.dll
D:\WINDOWS\system32\dahyvawa.ini
D:\WINDOWS\system32\dlpsrqpd.dll
D:\WINDOWS\system32\drnmjteg.exe
D:\WINDOWS\system32\fcccyyy.dll
D:\WINDOWS\system32\fvetsnri.ini
D:\WINDOWS\system32\hfdxkfui.ini
D:\WINDOWS\system32\hggdefd.dll
D:\WINDOWS\system32\hgggeff.dll
D:\WINDOWS\system32\hkofdxud.dll
D:\WINDOWS\system32\hvoywdws.dll
D:\WINDOWS\system32\hwtoffev.dll
D:\WINDOWS\system32\ihmucegi.dll
D:\WINDOWS\system32\iufkxdfh.dll
D:\WINDOWS\system32\jkklllj.dll
D:\WINDOWS\system32\jxvtxjjh.dll
D:\WINDOWS\system32\kgcdpudj.dll
D:\WINDOWS\system32\lcpmoqxo.dll
D:\WINDOWS\system32\lemxusif.ini
D:\WINDOWS\system32\lwisys16_071113.dll
D:\WINDOWS\system32\mevpgvwp.ini
D:\WINDOWS\system32\mljjhig.dll
D:\WINDOWS\system32\mndmhsjc.ini
D:\WINDOWS\system32\mnwfuffj.ini
D:\WINDOWS\system32\mtoewqjd.dll
D:\WINDOWS\system32\mwisys32_071111.dll
D:\WINDOWS\system32\mwisys32_071113.dll
D:\WINDOWS\system32\mywehit.ini
D:\WINDOWS\system32\Mz08r
D:\WINDOWS\system32\obeyjjye.ini
D:\WINDOWS\system32\ogurmrnc.ini
D:\WINDOWS\system32\ogurmrnc.tmp
D:\WINDOWS\system32\pmnkllk.dll
D:\WINDOWS\system32\pwvgpvem.dll
D:\WINDOWS\system32\qxxoffkc.ini
D:\WINDOWS\system32\stwpinut.dll
D:\WINDOWS\system32\suxepbpx.dll
D:\WINDOWS\system32\tsuxipcy.dll
D:\WINDOWS\system32\uekdwqco.ini
D:\WINDOWS\system32\vcbjiknb.dll
D:\WINDOWS\system32\ycpixust.ini
D:\WINDOWS\system32\ycwtdxxn.ini
.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.
2007-11-24 00:40 <DIR> d-------- D:\VundoFix Backups
2007-11-17 18:35 <DIR> d-------- D:\WINDOWS\BDOSCAN8
2007-11-17 18:26 <DIR> d-------- D:\WINDOWS\Windows Update Setup Files
2007-11-17 18:26 <DIR> d--h----- D:\WINDOWS\msdownld.tmp
2007-11-16 00:02 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2007-11-15 23:53 <DIR> d-------- D:\WINDOWS\ERUNT
2007-11-14 03:26 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-13 11:53 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-13 11:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\acccore
2007-11-13 11:37 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Aim
2007-11-13 00:12 <DIR> d-------- D:\Documents and Settings\Eddie\Application Data\Lavasoft
2007-11-11 09:36 <DIR> d-------- D:\WINDOWS\system32\inf
2007-11-09 16:54 549,720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-11-09 16:54 325,976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-11-09 16:54 216,408 --a------ D:\WINDOWS\system32\wuaucpl.cpl
2007-11-09 16:54 203,096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-11-09 16:54 186,136 --a------ D:\WINDOWS\system32\wuaueng1.dll
2007-11-09 16:54 167,704 --a------ D:\WINDOWS\system32\wuaucpl.cpl.wusetup.241823046.bak
2007-11-09 16:54 167,704 --a------ D:\WINDOWS\system32\wuauclt1.exe
2007-11-09 16:54 33,624 --a------ D:\WINDOWS\system32\wups.dll
2007-11-08 17:06 1,156 --a------ D:\WINDOWS\mozver.dat
2007-11-08 00:57 20,480 --a------ D:\WINDOWS\quit.exe
2007-11-07 18:50 <DIR> d-------- D:\WINDOWS\Sun
2007-11-05 20:05 <DIR> d-------- D:\Program Files\Common Files\Adobe
2007-11-04 20:09 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\Lavasoft
2007-11-04 07:29 <DIR> d-------- D:\Program Files\Java
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Shared
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Incomplete
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\LimeWire
2007-11-04 07:28 <DIR> d-------- D:\Program Files\Common Files\Java
2007-11-04 07:22 <DIR> d-------- D:\Program Files\BearShare Applications
2007-11-04 07:22 483,328 --a------ D:\WINDOWS\system32\actskn45.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 02:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-04 13:47 --------- d-----w D:\Documents and Settings\Jay\Application Data\Apple Computer
2007-10-25 15:26 53,248 ----a-w D:\WINDOWS\bdoscandel.exe
2007-10-17 13:42 10,752 ----a-w D:\WINDOWS\system32\WhoisCL.exe
2007-10-11 21:47 245,408 ----a-w D:\WINDOWS\system32\unicows.dll
2007-10-08 22:48 --------- d-----w D:\Documents and Settings\Jay\Application Data\acccore
2007-10-08 22:37 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-10-08 21:15 --------- d-----w D:\Program Files\AIM6
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\Eddie\Application Data\acccore
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL
2007-10-08 21:14 --------- d-----w D:\Program Files\Common Files\AOL
2007-10-08 21:14 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-08 10:59 --------- d-----w D:\Program Files\iTunes
2007-10-08 10:59 --------- d-----w D:\Program Files\iPod
2007-10-08 10:58 --------- d-----w D:\Program Files\Apple Software Update
2007-10-08 10:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-10-08 03:10 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-08 03:09 --------- d-----w D:\Program Files\QuickTime
2007-10-08 02:42 --------- d-----w D:\Program Files\AIM95
2007-10-08 01:32 21,035 ----a-w D:\WINDOWS\system32\drivers\AegisP.sys
2007-10-08 01:31 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-10-08 01:31 --------- d-----w D:\Program Files\Belkin
2007-09-17 06:10 356,352 ----a-w D:\WINDOWS\system32\NVUNINST.EXE
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvwddi.dll
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvmctray.dll
2007-09-17 05:07 8,491,008 ----a-w D:\WINDOWS\system32\nvcpl.dll
2007-09-17 05:07 753,664 ----a-w D:\WINDOWS\system32\nvcplui.exe
2007-09-17 05:07 6,746,112 ----a-w D:\WINDOWS\system32\nvoglnt.dll
2007-09-17 05:07 6,344,704 ----a-w D:\WINDOWS\system32\nvdisps.dll
2007-09-17 05:07 5,783,040 ----a-w D:\WINDOWS\system32\nv4_disp.dll
2007-09-17 05:07 466,944 ----a-w D:\WINDOWS\system32\nvshell.dll
2007-09-17 05:07 45,056 ----a-w D:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 05:07 442,368 ----a-w D:\WINDOWS\system32\nvappbar.exe
2007-09-17 05:07 425,984 ----a-w D:\WINDOWS\system32\keystone.exe
2007-09-17 05:07 364,544 ----a-w D:\WINDOWS\system32\nvapi.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcodins.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcod.dll
2007-09-17 05:07 356,352 ----a-w D:\WINDOWS\system32\nvudisp.exe
2007-09-17 05:07 307,200 ----a-w D:\WINDOWS\system32\nvexpbar.dll
2007-09-17 05:07 3,551,232 ----a-w D:\WINDOWS\system32\nvvitvs.dll
2007-09-17 05:07 3,334,144 ----a-w D:\WINDOWS\system32\nvgames.dll
2007-09-17 05:07 286,720 ----a-w D:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 05:07 229,376 ----a-w D:\WINDOWS\system32\nvmccs.dll
2007-09-17 05:07 2,371,584 ----a-w D:\WINDOWS\system32\nvwss.dll
2007-09-17 05:07 188,416 ----a-w D:\WINDOWS\system32\nvmccss.dll
2007-09-17 05:07 155,716 ----a-w D:\WINDOWS\system32\nvsvc32.exe
2007-09-17 05:07 147,456 ----a-w D:\WINDOWS\system32\nvcolor.exe
2007-09-17 05:07 1,703,936 ----a-w D:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 05:07 1,478,656 ----a-w D:\WINDOWS\system32\nview.dll
2007-09-17 05:07 1,339,392 ----a-w D:\WINDOWS\system32\nvdspsch.exe
2007-09-17 05:07 1,150,976 ----a-w D:\WINDOWS\system32\nvmobls.dll
2007-09-17 05:07 1,019,904 ----a-w D:\WINDOWS\system32\nvwimg.dll
.
((((((((((((((((((((((((((((( snapshot_2007-11-27_17.22.46.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 22:22:03 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-28 22:23:10 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-27 22:22:03 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-28 22:23:10 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-27 22:22:03 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-28 22:24:23 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 07:00 D:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2001-08-23 07:00 D:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2006-01-11 12:05]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2005-09-22 18:29]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkllk]
pmnkllk.dll
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;D:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys
R3 SjyPkt;SjyPkt;\??\D:\WINDOWS\System32\Drivers\SjyPkt.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 19:17:11 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 17:33:41
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-28 17:33:59 - machine was rebooted
D:\ComboFix2.txt ... 2007-11-28 17:23
D:\ComboFix3.txt ... 2007-11-27 17:23
.
--- E O F ---
ComboFix 07-11-19.4C - Jay 2007-11-28 17:26:16.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.95 [GMT -5:00]
Running from: D:\Documents and Settings\Jay\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Jay\Desktop\CFScript.txt
* Created a new restore point
FILE
D:\WINDOWS\17PHolmes572.exe
D:\WINDOWS\mrofinu1000106.exe
D:\WINDOWS\mrofinu572.exe
D:\WINDOWS\mrofinu72.exe
D:\WINDOWS\system32\accttlmc.dll
D:\WINDOWS\system32\awtqnno.dll
D:\WINDOWS\system32\bbaplkxx.dll
D:\WINDOWS\system32\byxwwts.dll
D:\WINDOWS\system32\dahyvawa.ini
D:\WINDOWS\system32\dlpsrqpd.dll
D:\WINDOWS\system32\drnmjteg.exe
D:\WINDOWS\system32\fcccyyy.dll
D:\WINDOWS\system32\fvetsnri.ini
D:\WINDOWS\system32\hfdxkfui.ini
D:\WINDOWS\system32\hggdefd.dll
D:\WINDOWS\system32\hgggeff.dll
D:\WINDOWS\system32\hkofdxud.dll
D:\WINDOWS\system32\hvoywdws.dll
D:\WINDOWS\system32\hwtoffev.dll
D:\WINDOWS\system32\ihmucegi.dll
D:\WINDOWS\system32\iufkxdfh.dll
D:\WINDOWS\system32\jkklllj.dll
D:\WINDOWS\system32\jxvtxjjh.dll
D:\WINDOWS\system32\kgcdpudj.dll
D:\WINDOWS\system32\lcpmoqxo.dll
D:\WINDOWS\system32\lemxusif.ini
D:\WINDOWS\system32\lwisys16_071113.dll
D:\WINDOWS\system32\mevpgvwp.ini
D:\WINDOWS\system32\mljjhig.dll
D:\WINDOWS\system32\mndmhsjc.ini
D:\WINDOWS\system32\mnwfuffj.ini
D:\WINDOWS\system32\mtoewqjd.dll
D:\WINDOWS\system32\mwisys32_071111.dll
D:\WINDOWS\system32\mwisys32_071113.dll
D:\WINDOWS\system32\mywehit.ini
D:\WINDOWS\system32\obeyjjye.ini
D:\WINDOWS\system32\ogurmrnc.ini
D:\WINDOWS\system32\ogurmrnc.tmp
D:\WINDOWS\system32\pmnkllk.dll
D:\WINDOWS\system32\pwvgpvem.dll
D:\WINDOWS\system32\qxxoffkc.ini
D:\WINDOWS\system32\stwpinut.dll
D:\WINDOWS\system32\suxepbpx.dll
D:\WINDOWS\system32\tsuxipcy.dll
D:\WINDOWS\system32\uekdwqco.ini
D:\WINDOWS\system32\vcbjiknb.dll
D:\WINDOWS\system32\ycpixust.ini
D:\WINDOWS\system32\ycwtdxxn.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\All Users\Application Data\Rabio
D:\Program Files\fyfcdirw
D:\Program Files\fyfcdirw\ngpmlqda.dll
D:\Program Files\QdrDrive
D:\Program Files\QdrDrive\qdrloader.exe
D:\Program Files\QdrModule
D:\Program Files\QdrModule\dic.gz
D:\Program Files\QdrModule\kwd.gz
D:\Program Files\QdrModule\QdrModule9.exe
D:\WINDOWS\17PHolmes572.exe
D:\WINDOWS\bXVzdGFuZw
D:\WINDOWS\bXVzdGFuZw\vrpWx3IRtT.vbs
D:\WINDOWS\mrofinu1000106.exe
D:\WINDOWS\mrofinu572.exe
D:\WINDOWS\mrofinu72.exe
D:\WINDOWS\system32\accttlmc.dll
D:\WINDOWS\system32\awtqnno.dll
D:\WINDOWS\system32\bbaplkxx.dll
D:\WINDOWS\system32\byxwwts.dll
D:\WINDOWS\system32\dahyvawa.ini
D:\WINDOWS\system32\dlpsrqpd.dll
D:\WINDOWS\system32\drnmjteg.exe
D:\WINDOWS\system32\fcccyyy.dll
D:\WINDOWS\system32\fvetsnri.ini
D:\WINDOWS\system32\hfdxkfui.ini
D:\WINDOWS\system32\hggdefd.dll
D:\WINDOWS\system32\hgggeff.dll
D:\WINDOWS\system32\hkofdxud.dll
D:\WINDOWS\system32\hvoywdws.dll
D:\WINDOWS\system32\hwtoffev.dll
D:\WINDOWS\system32\ihmucegi.dll
D:\WINDOWS\system32\iufkxdfh.dll
D:\WINDOWS\system32\jkklllj.dll
D:\WINDOWS\system32\jxvtxjjh.dll
D:\WINDOWS\system32\kgcdpudj.dll
D:\WINDOWS\system32\lcpmoqxo.dll
D:\WINDOWS\system32\lemxusif.ini
D:\WINDOWS\system32\lwisys16_071113.dll
D:\WINDOWS\system32\mevpgvwp.ini
D:\WINDOWS\system32\mljjhig.dll
D:\WINDOWS\system32\mndmhsjc.ini
D:\WINDOWS\system32\mnwfuffj.ini
D:\WINDOWS\system32\mtoewqjd.dll
D:\WINDOWS\system32\mwisys32_071111.dll
D:\WINDOWS\system32\mwisys32_071113.dll
D:\WINDOWS\system32\mywehit.ini
D:\WINDOWS\system32\Mz08r
D:\WINDOWS\system32\obeyjjye.ini
D:\WINDOWS\system32\ogurmrnc.ini
D:\WINDOWS\system32\ogurmrnc.tmp
D:\WINDOWS\system32\pmnkllk.dll
D:\WINDOWS\system32\pwvgpvem.dll
D:\WINDOWS\system32\qxxoffkc.ini
D:\WINDOWS\system32\stwpinut.dll
D:\WINDOWS\system32\suxepbpx.dll
D:\WINDOWS\system32\tsuxipcy.dll
D:\WINDOWS\system32\uekdwqco.ini
D:\WINDOWS\system32\vcbjiknb.dll
D:\WINDOWS\system32\ycpixust.ini
D:\WINDOWS\system32\ycwtdxxn.ini
.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.
2007-11-24 00:40 <DIR> d-------- D:\VundoFix Backups
2007-11-17 18:35 <DIR> d-------- D:\WINDOWS\BDOSCAN8
2007-11-17 18:26 <DIR> d-------- D:\WINDOWS\Windows Update Setup Files
2007-11-17 18:26 <DIR> d--h----- D:\WINDOWS\msdownld.tmp
2007-11-16 00:02 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2007-11-15 23:53 <DIR> d-------- D:\WINDOWS\ERUNT
2007-11-14 03:26 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-13 11:53 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-13 11:39 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\acccore
2007-11-13 11:37 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Aim
2007-11-13 00:12 <DIR> d-------- D:\Documents and Settings\Eddie\Application Data\Lavasoft
2007-11-11 09:36 <DIR> d-------- D:\WINDOWS\system32\inf
2007-11-09 16:54 549,720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-11-09 16:54 325,976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-11-09 16:54 216,408 --a------ D:\WINDOWS\system32\wuaucpl.cpl
2007-11-09 16:54 203,096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-11-09 16:54 186,136 --a------ D:\WINDOWS\system32\wuaueng1.dll
2007-11-09 16:54 167,704 --a------ D:\WINDOWS\system32\wuaucpl.cpl.wusetup.241823046.bak
2007-11-09 16:54 167,704 --a------ D:\WINDOWS\system32\wuauclt1.exe
2007-11-09 16:54 33,624 --a------ D:\WINDOWS\system32\wups.dll
2007-11-08 17:06 1,156 --a------ D:\WINDOWS\mozver.dat
2007-11-08 00:57 20,480 --a------ D:\WINDOWS\quit.exe
2007-11-07 18:50 <DIR> d-------- D:\WINDOWS\Sun
2007-11-05 20:05 <DIR> d-------- D:\Program Files\Common Files\Adobe
2007-11-04 20:09 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\Lavasoft
2007-11-04 07:29 <DIR> d-------- D:\Program Files\Java
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Shared
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Incomplete
2007-11-04 07:29 <DIR> d-------- D:\Documents and Settings\Jay\Application Data\LimeWire
2007-11-04 07:28 <DIR> d-------- D:\Program Files\Common Files\Java
2007-11-04 07:22 <DIR> d-------- D:\Program Files\BearShare Applications
2007-11-04 07:22 483,328 --a------ D:\WINDOWS\system32\actskn45.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 02:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-04 13:47 --------- d-----w D:\Documents and Settings\Jay\Application Data\Apple Computer
2007-10-25 15:26 53,248 ----a-w D:\WINDOWS\bdoscandel.exe
2007-10-17 13:42 10,752 ----a-w D:\WINDOWS\system32\WhoisCL.exe
2007-10-11 21:47 245,408 ----a-w D:\WINDOWS\system32\unicows.dll
2007-10-08 22:48 --------- d-----w D:\Documents and Settings\Jay\Application Data\acccore
2007-10-08 22:37 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-10-08 21:15 --------- d-----w D:\Program Files\AIM6
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\Eddie\Application Data\acccore
2007-10-08 21:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL
2007-10-08 21:14 --------- d-----w D:\Program Files\Common Files\AOL
2007-10-08 21:14 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-08 10:59 --------- d-----w D:\Program Files\iTunes
2007-10-08 10:59 --------- d-----w D:\Program Files\iPod
2007-10-08 10:58 --------- d-----w D:\Program Files\Apple Software Update
2007-10-08 10:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-10-08 03:10 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-08 03:09 --------- d-----w D:\Program Files\QuickTime
2007-10-08 02:42 --------- d-----w D:\Program Files\AIM95
2007-10-08 01:32 21,035 ----a-w D:\WINDOWS\system32\drivers\AegisP.sys
2007-10-08 01:31 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-10-08 01:31 --------- d-----w D:\Program Files\Belkin
2007-09-17 06:10 356,352 ----a-w D:\WINDOWS\system32\NVUNINST.EXE
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvwddi.dll
2007-09-17 05:07 81,920 ----a-w D:\WINDOWS\system32\nvmctray.dll
2007-09-17 05:07 8,491,008 ----a-w D:\WINDOWS\system32\nvcpl.dll
2007-09-17 05:07 753,664 ----a-w D:\WINDOWS\system32\nvcplui.exe
2007-09-17 05:07 6,746,112 ----a-w D:\WINDOWS\system32\nvoglnt.dll
2007-09-17 05:07 6,344,704 ----a-w D:\WINDOWS\system32\nvdisps.dll
2007-09-17 05:07 5,783,040 ----a-w D:\WINDOWS\system32\nv4_disp.dll
2007-09-17 05:07 466,944 ----a-w D:\WINDOWS\system32\nvshell.dll
2007-09-17 05:07 45,056 ----a-w D:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 05:07 442,368 ----a-w D:\WINDOWS\system32\nvappbar.exe
2007-09-17 05:07 425,984 ----a-w D:\WINDOWS\system32\keystone.exe
2007-09-17 05:07 364,544 ----a-w D:\WINDOWS\system32\nvapi.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcodins.dll
2007-09-17 05:07 36,864 ----a-w D:\WINDOWS\system32\nvcod.dll
2007-09-17 05:07 356,352 ----a-w D:\WINDOWS\system32\nvudisp.exe
2007-09-17 05:07 307,200 ----a-w D:\WINDOWS\system32\nvexpbar.dll
2007-09-17 05:07 3,551,232 ----a-w D:\WINDOWS\system32\nvvitvs.dll
2007-09-17 05:07 3,334,144 ----a-w D:\WINDOWS\system32\nvgames.dll
2007-09-17 05:07 286,720 ----a-w D:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 05:07 229,376 ----a-w D:\WINDOWS\system32\nvmccs.dll
2007-09-17 05:07 2,371,584 ----a-w D:\WINDOWS\system32\nvwss.dll
2007-09-17 05:07 188,416 ----a-w D:\WINDOWS\system32\nvmccss.dll
2007-09-17 05:07 155,716 ----a-w D:\WINDOWS\system32\nvsvc32.exe
2007-09-17 05:07 147,456 ----a-w D:\WINDOWS\system32\nvcolor.exe
2007-09-17 05:07 1,703,936 ----a-w D:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 05:07 1,478,656 ----a-w D:\WINDOWS\system32\nview.dll
2007-09-17 05:07 1,339,392 ----a-w D:\WINDOWS\system32\nvdspsch.exe
2007-09-17 05:07 1,150,976 ----a-w D:\WINDOWS\system32\nvmobls.dll
2007-09-17 05:07 1,019,904 ----a-w D:\WINDOWS\system32\nvwimg.dll
.
((((((((((((((((((((((((((((( snapshot_2007-11-27_17.22.46.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 22:22:03 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-28 22:23:10 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-27 22:22:03 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-28 22:23:10 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-27 22:22:03 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-28 22:24:23 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 07:00 D:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2001-08-23 07:00 D:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2006-01-11 12:05]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2005-09-22 18:29]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkllk]
pmnkllk.dll
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;D:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys
R3 SjyPkt;SjyPkt;\??\D:\WINDOWS\System32\Drivers\SjyPkt.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 19:17:11 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 17:33:41
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-28 17:33:59 - machine was rebooted
D:\ComboFix2.txt ... 2007-11-28 17:23
D:\ComboFix3.txt ... 2007-11-27 17:23
.
--- E O F ---
Can you please post a new HijackThis log as well.
Logfile of HijackThis v1.99.1
Scan saved at 7:04:07 PM, on 11/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\AIM6\aolsoftware.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: pmnkllk - pmnkllk.dll (file missing)
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Scan saved at 7:04:07 PM, on 11/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\AIM6\aolsoftware.exe
C:\Hijack this\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: pmnkllk - pmnkllk.dll (file missing)
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Looking much better, I want you to run the following scanner, it is going to take a long time to run but it is very thorough.
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.Click OK Now under select a target to scan: This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Save the file to your desktop. Copy and paste that information in your next post.
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
- Select My Computer
- Now click on the Save as Text button:
QUOTE(LS Atribune @ Nov 28 2007, 07:00 PM)
Looking much better, I want you to run the following scanner, it is going to take a long time to run but it is very thorough.
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.Click OK Now under select a target to scan: This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Save the file to your desktop. Copy and paste that information in your next post.
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
- Select My Computer
- Now click on the Save as Text button:
i keep getting this error message
"Update process failed. No further anti-virus actions can be performed.
Attention, you must be online to activate Kaspersky online scanner, since the latest anti-virus bases version must be must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest virus's. [21]
Well, that's not good. Lets use panda active scan instead.
Please go HERE to run Panda's ActiveScan
Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
ok heres the new logs
Incident Status Location
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.servedby.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.valueclick.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.winfixer.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.atdmt.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.valueclick.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.doubleclick.net/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.winfixer.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[citi.bridgetrack.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.servedby.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[citi.bridgetrack.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.atdmt.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.valueclick.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.doubleclick.net/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.winfixer.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.atwola.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.servedby.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.servedby.advertising.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[citi.bridgetrack.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.questionmarket.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.servedby.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.servedby.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.realmedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[citi.bridgetrack.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.servedby.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.ads.addynamix.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[citi.bridgetrack.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.ads.addynamix.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[citi.bridgetrack.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.servedby.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.ads.addynamix.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[citi.bridgetrack.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[citi.bridgetrack.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.servedby.advertising.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[citi.bridgetrack.com/]
Spyw
Incident Status Location
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.servedby.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.valueclick.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.winfixer.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-1.txt[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.atdmt.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.valueclick.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.doubleclick.net/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.winfixer.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-10.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-100.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-101.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-102.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-103.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-104.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-105.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-106.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-107.txt[citi.bridgetrack.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.clickbank.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-108.txt[citi.bridgetrack.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.servedby.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-109.txt[citi.bridgetrack.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.atdmt.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.valueclick.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.doubleclick.net/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.winfixer.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-11.txt[.atwola.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.servedby.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.servedby.advertising.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-110.txt[citi.bridgetrack.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.questionmarket.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.servedby.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.servedby.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.servedby.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.realmedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-111.txt[citi.bridgetrack.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.servedby.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.ads.addynamix.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-112.txt[citi.bridgetrack.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.ads.addynamix.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-113.txt[citi.bridgetrack.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.servedby.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.ads.addynamix.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-114.txt[citi.bridgetrack.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-115.txt[citi.bridgetrack.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.servedby.advertising.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.revenue.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.clickbank.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jason Andrews\Application Data\Mozilla\Firefox\Profiles\3b6bne69.default\cookies-116.txt[citi.bridgetrack.com/]
Spyw