Thread: POP-UP virus having problems removing
View Single Post
Old 06-16-2008, 11:01 AM   #3 (permalink)
AnnaLop
Registered User
 
Join Date: Jun 2008
Location: Fort Lauderdale Florida
Posts: 14
OS: XP


Re: POP-UP virus having problems removing
FYI !! I ran task manager and found a file flagged as AXKROEWN.dll and was put into a quarantine file. Since then no more pop-ups. AVG free today said that the vundo trojan was there- Did not catch where as it was 5am and I was really tired. 55 files showed up in virus vault. there is an open option but I'm afraid to open it. Also a delete option. What would be the best stratagy to delete ? I was thinking delete the delete the recovery bin.

So I ran SDFIX and Combofix and here are the results. Looks clean to me but you are the expert. I also took your advice on Javascript and torrent.


ComboFix 08-06-15.4 - HP_Owner 2008-06-16 12:24:20.1 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER\desktopA.sys
C:\WINDOWS\BM064b0f56.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dslsgvkj.ini
C:\WINDOWS\system32\eccxctal.ini
C:\WINDOWS\system32\eccxctal.ini2
C:\WINDOWS\system32\eccxctal.tmp
C:\WINDOWS\system32\euvxhfwc.dll
C:\WINDOWS\system32\FijkQqru.ini
C:\WINDOWS\system32\FijkQqru.ini2
C:\WINDOWS\system32\fllvwngx.ini
C:\WINDOWS\system32\HPAHkUvw.ini
C:\WINDOWS\system32\HPAHkUvw.ini2
C:\WINDOWS\system32\iihRtBeg.ini
C:\WINDOWS\system32\iihRtBeg.ini2
C:\WINDOWS\system32\kjtivsya.ini
C:\WINDOWS\system32\mjclylab.ini
C:\WINDOWS\system32\nnuyoyse.ini
C:\WINDOWS\system32\onpmqnoo.ini
C:\WINDOWS\system32\oyiadokv.ini
C:\WINDOWS\system32\qflnelph.ini
C:\WINDOWS\system32\qrurltwv.ini
C:\WINDOWS\system32\rvfgurps.ini
C:\WINDOWS\system32\ugmvutbe.ini
C:\WINDOWS\system32\vkuctuum.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 11:38 . 2008-06-16 11:38 <DIR> d----c--- C:\XPSETUP
2008-06-16 10:28 . 2008-06-16 10:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-16 10:22 . 2008-06-16 11:11 <DIR> d----c--- C:\SDFix
2008-06-14 12:21 . 2008-06-14 12:52 <DIR> d-------- C:\Program Files\Security Task Manager
2008-06-14 12:21 . 2008-06-14 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-13 21:20 . 2008-06-13 21:20 <DIR> d----c--- C:\Deckard
2008-06-13 21:05 . 2008-06-13 21:11 <DIR> d----c--- C:\ie-spyad_zo
2008-06-13 20:50 . 2008-06-13 20:50 <DIR> d-------- C:\ZonedOut
2008-06-13 20:40 . 2008-06-13 20:43 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-13 20:40 . 2008-06-13 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 16:36 . 2008-06-13 16:36 <DIR> d-------- C:\Program Files\Panda Security
2008-06-13 08:10 . 2008-06-13 08:11 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-12 22:44 . 2008-06-12 22:44 <DIR> d----c--- C:\VundoFix Backups
2008-06-12 12:41 . 2008-06-12 12:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-12 12:35 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003004_.tmp
2008-06-12 12:29 . 2008-06-12 12:29 <DIR> d-------- C:\WINDOWS\EHome
2008-06-12 10:45 . 2008-06-16 12:35 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
2008-06-12 10:40 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-12 10:39 . 2008-04-14 08:30 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 10:27 . 2008-06-12 10:27 294 --ahs---- C:\WINDOWS\system32\rjdflwku.ini
2008-06-10 12:01 . 2008-06-10 12:01 1,579,608 --ahs---- C:\WINDOWS\system32\ugmvutbe.tmp
2008-06-09 20:00 . 2008-06-09 22:58 153 --a------ C:\WINDOWS\wininit.ini
2008-06-08 21:04 . 2008-06-08 21:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-08 21:04 . 2008-06-08 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 20:08 . 2008-06-10 10:29 <DIR> d-------- C:\Program Files\Uniblue
2008-06-05 10:24 . 2008-06-05 10:24 <DIR> d----c--- C:\SIERRA
2008-05-23 21:54 . 2008-05-23 21:54 <DIR> d-------- C:\Program Files\CCleaner
2008-05-23 21:19 . 2008-05-23 21:19 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
2008-05-23 11:13 . 2008-05-23 11:13 <DIR> d-------- C:\Program Files\directx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-06-16 08:21 --------- d-----w C:\Program Files\Java
2008-06-13 02:08 --------- d-----w C:\Program Files\Shutterfly
2008-06-13 02:08 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Shutterfly
2008-06-13 00:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-12 13:22 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-06-10 12:11 --------- d-----w C:\Program Files\Quicken
2008-06-10 12:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-10 12:04 --------- d-----w C:\Program Files\Winamp
2008-06-02 13:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-02 12:54 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-20 20:31 --------- d-----w C:\Program Files\Advanced GET EOD
2008-05-14 01:40 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-05-08 19:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:59 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2008-05-06 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-29 20:32 --------- d-----w C:\Program Files\Typing Instructor Deluxe
2008-04-14 09:42 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 09:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 09:42 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 09:42 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 09:42 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 09:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 09:42 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 09:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 09:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 09:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 09:41 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 09:41 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 09:41 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 09:41 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 09:41 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 09:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2007-03-12 12:55 142,950 ----a-w C:\Program Files\IMAG0004.JPG
2007-03-12 12:53 172,330 ----a-w C:\Program Files\IMAG0003.JPG
2007-03-12 12:48 188,766 ----a-w C:\Program Files\IMAG0001.JPG
2007-03-12 12:48 170,718 ----a-w C:\Program Files\IMAG0002.JPG
2006-05-31 15:52 1,408 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2006-02-15 21:00 15,093 -c--a-w C:\Program Files\Common Files\Deep_theta_complete.bwg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 15:54 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 03:52 579584]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2005-09-19 22:42 487424]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 04:59 126976]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 18:34 245760]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22 35328]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 17:20 22528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-23 07:42 282624]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41 28738]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 09:54 253952]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-07-07 17:04 37376]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 17:20 22528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 16:03 219136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 15:54 68856]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588]
Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-01-17 23:59:58 41042]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-08-26 03:41:47 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGywUn]
khfGywUn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\05783cca]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Organize\\bin\\displayAgent.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"=
"C:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\WeBuilder 2007\\webuild.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 FastPara;FastPara;C:\WINDOWS\system32\drivers\FastPara.sys [1998-10-09 21:53]
S3 MSSQL$SQL2000;MSSQL$SQL2000;C:\Program Files\Microsoft SQL Server\MSSQL$SQL2000\Binn\sqlservr.exe [2002-12-17 17:26]
S3 MySQL41;MySQL41;"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL41 []
S3 SQLAgent$SQL2000;SQLAgent$SQL2000;C:\Program Files\Microsoft SQL Server\MSSQL$SQL2000\Binn\sqlagent.EXE [2002-12-17 17:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-16 16:37:42 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 12:35:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL41]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL41"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\hp\KBD\KBD.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
.
**************************************************************************
.
Completion time: 2008-06-16 12:47:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 16:46:52

Pre-Run: 13,022,232,576 bytes free
Post-Run: 12,367,294,464 bytes free

213 --- E O F --- 2008-06-14 21:10:40


SDFix: Version 1.193
Run by HP_Owner on Mon 06/16/2008 at 10:37 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 11:03:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Hewlett-Packard\\HP Organize\\bin\\displayAgent.exe"="C:\\Program Files\\Hewlett-Packard\\HP Organize\\bin\\displayAgent.exe:*:Enabled:displayAgent.exe"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Advanced GET EOD\\winros.exe"="C:\\Program Files\\Advanced GET EOD\\winros.exe:*:Enabled:eSignal Data Manager"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"="C:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe:*:Enabled:sqlservr.exe"
"C:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"="C:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe:*:Enabled:sqlbrowser.exe"
"C:\\Program Files\\IM\\IM.exe"="C:\\Program Files\\IM\\IM.exe:*:Enabled:IM"
"C:\\Program Files\\Yahoo! Games\\Scrabble\\Scrabble.exe"="C:\\Program Files\\Yahoo! Games\\Scrabble\\Scrabble.exe:*:Disabled:SCRABBLE r"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\WeBuilder 2007\\webuild.exe"="C:\\Program Files\\WeBuilder 2007\\webuild.exe:*:Enabled:WeBuilder 2007"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:ęTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Fri 2 Sep 2005 213 A.SHR --- "C:\BOOT.BAK"
Thu 8 Nov 2007 31 A..H. --- "C:\WINDOWS\uccspecc.sys"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 10 Jun 2008 1,579,668 A.SH. --- "C:\WINDOWS\system32\eccxctal.tmp"
Tue 10 Jun 2008 1,579,608 A.SH. --- "C:\WINDOWS\system32\ugmvutbe.tmp"
Wed 13 Feb 2008 13 ...H. --- "C:\Documents and Settings\All Users\Application Data\~113.>sys"
Mon 10 Jul 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Aug 2007 61,440 A..H. --- "C:\Program Files\MySQL\MySQL Connector Net 5.0.8.1\installtools.dll"
Mon 28 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT15.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT48.tmp"
Wed 15 Aug 2007 20,480 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL0003.tmp"
Wed 15 Aug 2007 20,480 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL0005.tmp"
Wed 15 Aug 2007 20,480 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL0868.tmp"
Wed 15 Aug 2007 19,456 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL1807.tmp"
Wed 15 Aug 2007 21,504 A..H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL2595.tmp"
Thu 22 May 2008 25,088 ...H. --- "C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Word\~WRL3113.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp10.tmp"
Sat 1 Jul 2006 2,016 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp11.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp12.tmp"
Sun 5 Feb 2006 146,386 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp13.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp14.tmp"
Sat 1 Jul 2006 1,824 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp16.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp18.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp1A.tmp"
Sat 1 Jul 2006 2,016 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp1C.tmp"
Fri 21 Jul 2006 2,076 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp1D9.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp1E.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp20.tmp"
Sat 1 Jul 2006 2,208 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp22.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp23.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp24.tmp"
Sat 1 Jul 2006 2,112 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp25.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp26.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp27.tmp"
Sat 1 Jul 2006 1,824 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp28.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp29.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp2A.tmp"
Sat 1 Jul 2006 1,728 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp2B.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp2C.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp2D.tmp"
Sat 1 Jul 2006 1,344 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp2E.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp2F.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp30.tmp"
Sat 1 Jul 2006 1,824 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp31.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp32.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp34.tmp"
Sat 1 Jul 2006 1,536 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp36.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp38.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp39.tmp"
Sat 1 Jul 2006 1,824 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp3A.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp3B.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp3C.tmp"
Sat 1 Jul 2006 1,632 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp3D.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp3E.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp3F.tmp"
Sat 1 Jul 2006 1,920 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp41.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp42.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp43.tmp"
Sat 1 Jul 2006 1,728 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp44.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp45.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp46.tmp"
Sat 1 Jul 2006 2,112 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp47.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp48.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp49.tmp"
Sat 1 Jul 2006 2,496 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp4A.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp4B.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp4C.tmp"
Sat 1 Jul 2006 2,592 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp4D.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp4E.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp4F.tmp"
Sat 1 Jul 2006 2,784 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp50.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp51.tmp"
Sat 1 Jul 2006 5 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp52.tmp"
Sat 1 Jul 2006 2,208 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp53.tmp"
Mon 26 Dec 2005 269,784 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp6F.tmp"
Mon 26 Dec 2005 201,326,592 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp72.tmp"
Sat 26 Aug 2006 10 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp8F.tmp"
Sat 26 Aug 2006 531 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp90.tmp"
Sat 26 Aug 2006 864 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp91.tmp"
Sun 5 Feb 2006 9,610 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp96.tmp"
Sun 5 Feb 2006 812 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp97.tmp"
Sun 5 Feb 2006 294 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp98.tmp"
Sun 5 Feb 2006 182 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp99.tmp"
Sun 5 Feb 2006 12,180 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp9A.tmp"
Tue 18 Jul 2006 10,800 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp9B.tmp"
Tue 18 Jul 2006 10,800 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp9C.tmp"
Sat 1 Jul 2006 72 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmpCB.tmp"
Sat 1 Jul 2006 15 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmpF.tmp"
Sun 23 Jul 2006 389,632 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\~WRD1364.tmp"

Finished!
AnnaLop is offline