red girl virus

Anton Viljoen · Apr 28, 2008

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-28 10:44:39
PROTECTIONS: 1
MALWARE: 9
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Trend Micro PC-cillin Internet Security 2007 15.30.1151 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\user@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@tribalfusion[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\user@statcounter[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@server.iad.liveperson[2].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@www6.addfreestats[1].txt
00367121 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@server.iad.liveperson[3].txt
01658840 Trj/WmaDownloader.F Virus/Trojan No 0 Yes Yes C:\Documents and Settings\User\My Documents\My Music\KEAGAN\ANTON se musiek\01 - piet potent 45.wma
;===================================================================================================================================================================================
SUSPECTS
Sent Location /
;===================================================================================================================================================================================
No C:\WINDOWS\SYSTEM32\LWIS16_080407.DLL /
No C:\WINDOWS\SYSTEM32\QQABC.DAT /
No C:\WINDOWS\SYSTEM32\QQABC.EXE /
No C:\WINDOWS\system32\wincheck071128.exe /
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description /
;===================================================================================================================================================================================
;===================================================================================================================================================================================

nasdaq · May 5, 2008

Hello, Welcome to TSF
I'm nasdaq and will help you.

Please download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:

Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Come back here to this thread and paste the log in your next reply.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Delete the older version once you have successfully downloaded and installed the latest version.

Submit a fresh HijackThis log.

Wait for further instructions.

Anton Viljoen · May 5, 2008

Thks Nasdaq

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:12:21 PM, on 2008/05/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inf\svchosts.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\BXLN4AZS\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.absa.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [] C:\Program Files\Common Files\System\
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [CardBoardFish-DesktopSender] C:\Program Files\CardBoardFish\Desktop SMS Sender\DesktopSMS.exe /systemtray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Userinit] C:\WINDOWS\system32\inf\svchost.exe C:\WINDOWS\system32\lwisys16_071128.dll start
O4 - HKLM\..\Policies\Explorer\Run: [MyUserinit] C:\WINDOWS\system32\inf\svchosts.exe C:\WINDOWS\system32\lwis16_080407.dll tanls
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196795279578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196795235375
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.eprints.co.za/ImageUploader3.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 9660 bytes

nasdaq · May 5, 2008

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Wait for further Instructions.

Anton Viljoen · May 5, 2008

Nasdaq, need help, I cannot get my pc to start in safe mode, but managed to find below, do not know if I should post this into new hijack this thread or if it is a waste of time:

System Report
*************

Run on 2008/05/05 at 09:41 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [676]
\??\C:\WINDOWS\system32\csrss.exe [728]
\??\C:\WINDOWS\system32\winlogon.exe [752]
C:\WINDOWS\system32\services.exe [796]
C:\WINDOWS\system32\lsass.exe [808]
C:\WINDOWS\system32\svchost.exe [1000]
C:\WINDOWS\system32\svchost.exe [1048]
C:\WINDOWS\System32\svchost.exe [1144]
C:\Program Files\Ahead\InCD\InCDsrv.exe [1164]
C:\WINDOWS\system32\svchost.exe [1244]
C:\WINDOWS\system32\svchost.exe [1396]
C:\WINDOWS\system32\spoolsv.exe [1576]
C:\WINDOWS\Explorer.EXE [1868]
C:\WINDOWS\system32\inf\svchosts.exe [2004]
C:\WINDOWS\SOUNDMAN.EXE [2028]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2036]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2044]
C:\Program Files\Ahead\InCD\InCD.exe [152]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [252]
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [312]
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe [528]
C:\Program Files\QuickTime\QTTask.exe [564]
C:\Program Files\iTunes\iTunesHelper.exe [584]
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [656]
C:\WINDOWS\system32\ctfmon.exe [664]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [672]
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe [696]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [720]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [872]
C:\WINDOWS\system32\sistray.exe [1084]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe [1120]
C:\Program Files\Internet Explorer\IEXPLORE.EXE [1356]
C:\WINDOWS\system32\svchost.exe [1616]
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [1740]
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [1756]
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [1812]
C:\WINDOWS\system32\DRIVERS\WtSrv.exe [1952]
C:\Program Files\iPod\bin\iPodService.exe [2852]
C:\WINDOWS\system32\HPZipm12.exe [2880]
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe [2976]
C:\WINDOWS\system32\wuauclt.exe [1976]
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe [3256]

Drivers - Running:

ACPI
AFD
AFS2K
ALCXWDM
atapi
audstub
Beep
Cdfs
cdrbsdrv
Cdrom
Disk
Fdc
Fips
Flpydisk
FltMgr
Ftdisk
GEARAspiWDM
Gpc
HidUsb
HPZid412
HPZipr12
HPZius12
HTTP
i8042prt
Imapi
InCDfs
InCDPass
incdrm
intelppm
IPSec
isapnp
Kbdclass
kbdhid
kmixer
KSecDD
mnmdd
Mouclass
mouhid
MountMgr
MRxDAV
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
Parport
PartMgr
ParVdm
PCI
PCIIde
pfc
PptpMiniport
PSched
Ptilink
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
redbook
serenum
Serial
SiS315
SISAGP
sisidex
SiSkp
SISNICXP
SiSRaid
sr
Srv
swenum
sysaudio
Tcpip
TermDD
tmcfw
tmcomm
tmmbd
tmpreflt
tmtdi
tmxpflt
uagp35
Update
usbccgp
usbehci
usbhub
usbohci
usbprint
usbscan
VgaSave
VolSnap
vsapint
Wanarp
wdmaud

Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
cdrbsvsd
Changer
CmdIde
Cpqarray
dac960nt
dmboot
dmio
dmload
DMusic
dpti2o
drmkaud
Fastfat
hpn
i2omgmt
i2omp
ini910u
IntelIde
Ip6Fw
IpFilterDriver
IpInIp
IpNat
IRENUM
lbrtfdc
Modem
mraid35x
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NdisIP
NwlnkFlt
NwlnkFwd
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
Secdrv
Sfloppy
Simbad
SISNIC
SLIP
SONYPVU1
Sparrow
splitter
SQTECH9080
ss_bus
ss_mdfl
ss_mdm
streamip
swmidi
symc810
symc8xx
sym_hi
sym_u3
Tablet2k
TClass2k
TDPIPE
TDTCP
TosIde
UCTblHid
Udfs
ultra
usbaudio
USBSTOR
ViaIde
wceusbsh
WDICA
WS2IFSL
WSTCODEC
WudfPf
WudfRd

Services - Running:

Apple
AudioSrv
Browser
CryptSvc
DcomLaunch
Dhcp
Dnscache
ERSvc
Eventlog
EventSystem
FastUserSwitchingCompatibility
HidServ
InCDsrv
iPod
lanmanserver
lanmanworkstation
LmHosts
Netman
Nla
PcCtlCom
PcScnSrv
PlugPlay
Pml
PolicyAgent
ProtectedStorage
RasMan
RpcSs
SamSs
Schedule
seclogon
SENS
ShellHWDetection
Spooler
srservice
SSDPSRV
stisvc
TapiSrv
TermService
Themes
Tmntsrv
TmPfw
tmproxy
TrkWks
W32Time
WebClient
winmgmt
WinTabService
wuauserv
WZCSVC

Services - Stopped:

Alerter
ALG
AppMgmt
aspnet_state
BITS
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
dmadmin
dmserver
gusvc
helpsvc
HTTPFilter
IDriverT
ImapiService
Messenger
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
NtLmSsp
NtmsSvc
RasAuto
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SCardSvr
SharedAccess
SwPrv
SysmonLog
upnphost
UPS
VSS
WmdmPmSN
WmiApSrv
WMPNetworkSvc
wscsvc
WudfSvc
xmlprov

Files Created/Modified - 60 Days:

C:\

2008-05-05 21:00:40 525 A.... "C:\hpfr3420.xml"
2008-05-05 21:00:40 900 524 A.... "C:\hpfr3425.log"
2008-05-05 21:37:50 1 560 281 088 A.SH. "C:\pagefile.sys"

C:\WINDOWS\

2008-05-05 21:38:38 0 A.... "C:\WINDOWS\0.log"
2008-05-05 21:37:52 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
2008-04-09 21:03:06 316 825 A.... "C:\WINDOWS\comsetup.log"
2008-04-09 8:10:04 10 752 A.... "C:\WINDOWS\DCEBoot.exe"
2008-04-09 8:15:36 913 A.... "C:\WINDOWS\DCEBOOT.LOG"
2008-04-08 13:10:14 40 883 A.... "C:\WINDOWS\DirectX.log"
2008-04-09 21:03:06 927 155 A.... "C:\WINDOWS\FaxSetup.log"
2008-04-08 14:23:32 1 813 A.... "C:\WINDOWS\hegames.ini"
2008-04-09 21:03:06 148 113 A.... "C:\WINDOWS\iis6.log"
2008-04-09 21:03:00 1 355 A.... "C:\WINDOWS\imsins.BAK"
2008-04-09 21:03:06 1 355 A.... "C:\WINDOWS\imsins.log"
2008-04-09 21:03:00 18 797 A.... "C:\WINDOWS\KB941693.log"
2008-04-09 21:01:10 12 417 A.... "C:\WINDOWS\KB945553.log"
2008-04-09 21:02:52 19 723 A.... "C:\WINDOWS\KB947864-IE7.log"
2008-04-09 21:02:22 12 608 A.... "C:\WINDOWS\KB948590.log"
2008-04-09 21:03:06 14 287 A.... "C:\WINDOWS\KB948881.log"
2008-04-09 21:03:06 46 773 A.... "C:\WINDOWS\msgsocm.log"
2008-04-09 21:03:06 190 980 A.... "C:\WINDOWS\ntdtcsetup.log"
2008-04-09 21:03:06 449 066 A.... "C:\WINDOWS\ocgen.log"
2008-04-09 21:03:06 51 286 A.... "C:\WINDOWS\ocmsn.log"
2008-05-05 21:39:58 699 A.... "C:\WINDOWS\pwisys.ini"
2008-04-08 8:46:16 1 409 A.... "C:\WINDOWS\QTFont.for"
2008-05-05 21:38:08 54 156 A..H. "C:\WINDOWS\QTFont.qfn"
2008-03-22 9:10:04 169 A.... "C:\WINDOWS\RtlRack.ini"
2008-05-05 21:33:42 32 642 A.... "C:\WINDOWS\SchedLgU.Txt"
2008-03-16 9:50:30 169 333 A.... "C:\WINDOWS\setupact.log"
2008-04-28 7:01:32 676 104 A.... "C:\WINDOWS\setupapi.log"
2008-04-27 17:56:56 242 A.... "C:\WINDOWS\svcpack.log"
2008-04-17 12:12:36 108 A.... "C:\WINDOWS\TMFilter.log"
2008-04-09 21:03:06 359 023 A.... "C:\WINDOWS\tsoc.log"
2008-04-09 21:02:42 103 278 A.... "C:\WINDOWS\updspapi.log"
2008-05-05 21:38:20 159 A.... "C:\WINDOWS\wiadebug.log"
2008-05-05 21:38:22 48 A.... "C:\WINDOWS\wiaservc.log"
2008-03-12 20:22:14 793 A.... "C:\WINDOWS\win.ini"
2008-05-05 21:38:24 1 151 152 A.... "C:\WINDOWS\WindowsUpdate.log"
2008-04-18 11:11:46 104 564 A.... "C:\WINDOWS\wmsetup.log"
2008-04-09 21:03:04 90 112 A.... "C:\WINDOWS\$NtUninstallKB948881$\reg00001"
2008-04-09 21:02:16 21 420 A.... "C:\WINDOWS\Debug\mrt.log"
2008-04-09 21:02:16 5 798 A.... "C:\WINDOWS\Debug\mrteng.log"
2008-05-05 21:37:52 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
2008-03-25 18:13:04 124 208 A.... "C:\WINDOWS\Downloaded Program Files\as2stubie.dll"
2008-03-07 8:56:30 395 A.... "C:\WINDOWS\Downloaded Program Files\as2stubie.inf"
2008-04-14 15:11:52 4 100 A.... "C:\WINDOWS\inf\branches.PNF"
2008-04-08 13:10:12 4 858 A.... "C:\WINDOWS\inf\d3dx9_29_x86.PNF"
2008-04-14 15:11:54 5 900 A.... "C:\WINDOWS\inf\GEARAspiWDM.PNF"
2008-04-14 15:11:54 1 511 032 A.... "C:\WINDOWS\inf\INFCACHE.1"
2008-03-30 18:51:02 2 544 A.... "C:\WINDOWS\inf\oem39.inf"
2008-04-28 10:45:42 6 544 A.... "C:\WINDOWS\inf\oem39.PNF"
2008-03-30 19:08:04 3 444 A.... "C:\WINDOWS\inf\oem40.inf"
2008-04-28 10:45:44 8 218 A.... "C:\WINDOWS\inf\oem40.PNF"
2008-03-30 19:08:04 2 583 A.... "C:\WINDOWS\inf\oem41.inf"
2008-04-28 10:45:46 6 904 A.... "C:\WINDOWS\inf\oem41.PNF"
2008-04-08 13:10:10 4 794 A.... "C:\WINDOWS\inf\xinput9_1_0_x86.PNF"
2008-04-08 13:10:12 4 778 A.... "C:\WINDOWS\inf\xinput1_1_x86.PNF"
2008-04-08 13:10:12 4 778 A.... "C:\WINDOWS\inf\xinput1_2_x86.PNF"
2008-04-20 9:14:30 90 112 A.... "C:\WINDOWS\Minidump\Mini042008-01.dmp"
2008-04-13 19:23:10 18 542 A.... "C:\WINDOWS\network diagnostic\xpnetdiag.xml"
2008-04-13 19:22:52 108 188 A.... "C:\WINDOWS\system\skspf080407.exe"
2008-04-10 7:50:48 173 080 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
2008-04-29 18:41:12 6 300 A.... "C:\WINDOWS\system32\jupdate-1.6.0_05-b13.log"
2008-04-13 19:23:10 29 696 A.... "C:\WINDOWS\system32\lwis16_080407.dll"
2008-04-06 7:56:20 19 836 024 A.... "C:\WINDOWS\system32\MRT.exe"
2008-05-05 21:40:08 175 A.... "C:\WINDOWS\system32\mywehit.ini"
2008-05-05 21:40:16 2 122 A.... "C:\WINDOWS\system32\mywehit.ini.tmp"
2008-04-12 14:18:54 59 780 A.... "C:\WINDOWS\system32\perfc009.dat"
2008-04-12 14:18:54 397 560 A.... "C:\WINDOWS\system32\perfh009.dat"
2008-04-12 14:18:54 443 766 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
2008-05-05 21:38:10 200 192 A.... "C:\WINDOWS\system32\QQabc.dat"
2008-04-13 8:09:20 297 237 A.... "C:\WINDOWS\system32\QQabc.exe"
2008-03-28 23:37:26 57 344 A.... "C:\WINDOWS\system32\QuickTime.qts"
2008-03-28 23:37:26 90 112 A.... "C:\WINDOWS\system32\QuickTimeVR.qtx"
2008-03-19 11:47:00 1 845 248 A.... "C:\WINDOWS\system32\win32k.sys"
2008-05-05 21:39:30 13 646 A.... "C:\WINDOWS\system32\wpa.dbl"
2008-04-08 7:49:06 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
2008-05-05 21:37:54 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
2008-03-22 10:34:10 0 A.... "C:\WINDOWS\Temp\scs29.tmp"
2008-05-05 21:40:44 2 595 A.... "C:\WINDOWS\Temp\scs6.tmp"
2008-05-05 21:37:56 255 A.... "C:\WINDOWS\Temp\WGAErrLog.txt"
2008-05-05 21:39:44 409 A.... "C:\WINDOWS\Temp\WGANotify.settings"
2008-04-09 21:02:22 10 956 A.... "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.inf"
2008-04-09 21:02:18 355 A.... "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.txt"
2008-04-09 21:01:10 11 246 A.... "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.inf"
2008-04-09 21:01:06 608 A.... "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.txt"
2008-04-09 21:03:06 10 334 A.... "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.inf"
2008-04-09 21:03:04 122 A.... "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.txt"
2008-04-09 21:03:00 11 082 A.... "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.inf"
2008-04-09 21:02:56 360 A.... "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.txt"
2008-04-09 21:02:34 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00002"
2008-04-09 21:02:34 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00003"
2008-04-09 21:02:34 90 112 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00004"
2008-04-09 21:02:34 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00005"
2008-04-09 21:02:34 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00006"
2008-04-09 21:02:34 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00007"
2008-04-09 21:02:34 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00008"
2008-04-09 21:02:34 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00009"
2008-04-09 21:02:34 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00010"
2008-04-09 21:02:34 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00011"
2008-04-09 21:02:34 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00012"
2008-04-09 21:02:36 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00013"
2008-04-09 21:02:36 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00014"
2008-04-09 21:02:36 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00015"
2008-04-09 21:02:36 12 288 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00016"
2008-03-19 11:47:00 1 845 248 A.... "C:\WINDOWS\system32\dllcache\win32k.sys"
2008-03-30 19:07:30 36 368 A.... "C:\WINDOWS\system32\drivers\tmpreflt.sys"
2008-03-30 19:07:36 204 816 A.... "C:\WINDOWS\system32\drivers\tmxpflt.sys"
2008-03-30 18:50:58 1 169 240 A.... "C:\WINDOWS\system32\drivers\vsapint.sys"
2008-04-13 19:22:52 108 188 A.... "C:\WINDOWS\system32\inf\scrsys080407.scr"
2008-04-13 19:23:10 29 696 A.... "C:\WINDOWS\system32\inf\scrsys16_080407.dll"
2008-04-12 14:18:34 383 A.... "C:\WINDOWS\WinSxS\Manifests\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e.manifest"
2008-04-12 14:18:42 8 173 A.... "C:\WINDOWS\WinSxS\Manifests\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790.manifest"
2008-04-12 14:18:34 8 192 A.... "C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll"
2008-04-12 14:18:42 258 048 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll"
2008-04-12 14:18:42 113 664 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll"
2008-03-19 11:40:28 1 845 888 A.... "C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys"
2008-03-20 10:20:12 705 A.... "C:\WINDOWS\$hf_mig$\KB941693\update\branches.inf"
2008-03-20 10:41:58 11 284 A.... "C:\WINDOWS\$hf_mig$\KB941693\update\KB941693.CAT"
2008-03-20 14:26:12 204 A.... "C:\WINDOWS\$hf_mig$\KB941693\update\update.ver"
2008-03-20 10:20:12 496 A.... "C:\WINDOWS\$hf_mig$\KB941693\update\updatebr.inf"
2008-03-20 10:37:10 21 927 A.... "C:\WINDOWS\$hf_mig$\KB941693\update\update_SP2QFE.inf"
2008-04-09 21:02:52 22 881 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.inf"
2008-04-09 21:02:36 7 811 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.txt"
2008-04-12 14:19:36 78 954 A.... "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.log"
2008-04-13 12:44:28 375 574 A.... "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen_service.log"
2008-03-20 10:41:58 11 284 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB941693.cat"
2008-04-02 8:53:32 12 319 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem39.CAT"
2008-04-02 8:53:32 12 319 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem40.CAT"
2008-04-02 8:53:32 12 319 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem41.CAT"
2008-04-28 10:45:46 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
2008-05-05 21:40:04 734 A.... "C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin"
2008-05-05 21:40:26 734 A.... "C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin"
2008-04-12 14:18:50 107 496 A.... "C:\WINDOWS\system32\wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof"
2008-04-12 14:18:18 29 388 A.... "C:\WINDOWS\system32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof"

C:\Program Files\

2008-03-30 10:36:30 438 272 A.... "C:\Program Files\iTunes\CDDBControlApple.dll"
2008-03-30 10:36:30 643 072 A.... "C:\Program Files\iTunes\iPodUpdaterExt.dll"
2008-03-30 10:36:34 20 638 504 A.... "C:\Program Files\iTunes\iTunes.exe"
2008-03-30 10:36:40 132 392 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.dll"
2008-03-30 10:36:40 267 048 A.... "C:\Program Files\iTunes\iTunesHelper.exe"
2008-03-30 10:36:40 108 328 A.... "C:\Program Files\iTunes\iTunesAdmin.dll"
2008-03-30 10:36:40 171 520 A.... "C:\Program Files\iTunes\iTunesPhotoSupport.dll"
2008-03-30 10:36:40 283 136 A.... "C:\Program Files\iTunes\iTunesOutlookAddIn.dll"
2008-04-15 12:36:14 123 009 A.... "C:\Program Files\Limewire\uninstall.exe"
2008-04-27 11:55:44 2 829 A.... "C:\Program Files\NoAdware5.0\unins000.dat"
2008-04-27 11:54:20 690 969 A.... "C:\Program Files\NoAdware5.0\unins000.exe"
2008-05-03 16:47:42 64 A.... "C:\Program Files\Power MP3 WMA Converter\cvtconfig.dat"
2008-03-14 14:48:52 442 368 A.... "C:\Program Files\Safari\CFNetwork.dll"
2008-03-14 14:48:52 462 848 A.... "C:\Program Files\Safari\CoreFoundation.dll"
2008-03-14 14:48:52 3 592 192 A.... "C:\Program Files\Safari\CoreGraphics.dll"
2008-03-14 14:42:46 12 296 192 A.... "C:\Program Files\Safari\icudt36.dll"
2008-03-14 14:48:52 880 640 A.... "C:\Program Files\Safari\icuin36.dll"
2008-03-14 14:48:52 1 032 192 A.... "C:\Program Files\Safari\icuuc36.dll"
2008-03-14 14:48:52 319 488 A.... "C:\Program Files\Safari\libtidy.dll"
2008-03-14 14:48:52 1 055 744 A.... "C:\Program Files\Safari\libxml2.dll"
2008-03-14 14:48:52 197 632 A.... "C:\Program Files\Safari\libxslt.dll"
2008-03-14 14:48:52 47 616 A.... "C:\Program Files\Safari\pthreadVC2.dll"
2008-03-14 14:48:52 532 480 A.... "C:\Program Files\Safari\PubSubDLL.dll"
2008-03-14 14:50:12 38 400 A.... "C:\Program Files\Safari\QTMovieWin.dll"
2008-03-14 15:05:24 3 447 080 A.... "C:\Program Files\Safari\Safari.exe"
2008-03-14 14:48:52 282 112 A.... "C:\Program Files\Safari\SafariTheme.dll"
2008-03-14 14:48:52 378 368 A.... "C:\Program Files\Safari\Search.dll"
2008-03-14 14:48:52 466 432 A.... "C:\Program Files\Safari\SpellChecker.dll"
2008-03-14 14:48:54 368 640 A.... "C:\Program Files\Safari\SQLite3.dll"
2008-03-14 14:48:54 4 666 368 A.... "C:\Program Files\Safari\WebKit.dll"
2008-03-14 14:48:54 62 464 A.... "C:\Program Files\Safari\zlib1.dll"
2008-04-27 16:54:10 4 620 A.... "C:\Program Files\SpywareBlaster\unins000.dat"
2008-04-27 16:53:32 691 481 A.... "C:\Program Files\SpywareBlaster\unins000.exe"
2008-04-08 8:44:26 143 360 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll"
2008-04-08 8:44:26 143 360 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll"
2008-04-08 8:44:26 143 360 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll"
2008-04-08 8:44:26 143 360 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll"
2008-04-08 8:44:26 143 360 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll"
2008-04-08 8:44:26 143 360 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll"
2008-04-08 8:44:26 143 360 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll"
2008-03-30 10:36:30 504 104 A.... "C:\Program Files\iPod\bin\iPodService.exe"
2008-03-30 10:36:40 129 536 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll"
2008-03-30 10:36:40 150 528 A.... "C:\Program Files\iTunes\iTunes.Resources\iTunes.dll"
2008-03-30 10:36:46 99 328 A.... "C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll"
2008-03-30 10:36:40 42 496 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll"
2008-03-30 10:36:14 69 632 A.... "C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll"
2008-04-08 13:09:36 51 962 A.... "C:\Program Files\Midas Interactive\Clever Kids Dino Land\Uninstall.exe"
2008-04-27 12:23:02 10 922 A.... "C:\Program Files\NoAdware5.0\NoAdwareBackup\4,27,2008_12,22,57.zip"
2008-04-27 12:39:00 571 A.... "C:\Program Files\NoAdware5.0\NoAdwareBackup\4,27,2008_12,38,58.zip"
2008-03-25 18:12:28 132 400 A.... "C:\Program Files\Panda Security\ActiveScan 2.0\as2auditor.dll"
2008-03-25 18:12:40 87 344 A.... "C:\Program Files\Panda Security\ActiveScan 2.0\as2data.dll"
2008-03-25 18:12:54 161 072 A.... "C:\Program Files\Panda Security\ActiveScan 2.0\as2guiie.dll"
2008-03-25 18:12:54 124 208 A.... "C:\Program Files\Panda Security\ActiveScan 2.0\as2scanner.dll"
2008-03-25 18:13:06 54 576 A.... "C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe"
2008-03-25 18:13:14 169 264 A.... "C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll"
2008-03-25 17:34:18 99 632 A.... "C:\Program Files\Panda Security\ActiveScan 2.0\psscoms.dll"
2008-03-14 14:42:54 55 296 A.... "C:\Program Files\Safari\Plugins\npJavaPlugin.dll"
2008-03-14 14:43:00 919 A.... "C:\Program Files\Safari\PubSub.resources\Enclosure.html"
2008-03-14 14:43:00 1 480 A.... "C:\Program Files\Safari\PubSub.resources\Entries.html"
2008-03-14 14:43:00 3 445 A.... "C:\Program Files\Safari\PubSub.resources\Entry.html"
2008-03-14 14:43:00 1 439 A.... "C:\Program Files\Safari\PubSub.resources\FeedComplete.html"
2008-03-14 14:43:00 2 301 A.... "C:\Program Files\Safari\PubSub.resources\FeedStatic.html"
2008-03-14 14:43:00 10 952 A.... "C:\Program Files\Safari\PubSub.resources\Feed.html"
2008-03-14 14:43:00 1 538 A.... "C:\Program Files\Safari\PubSub.resources\Friends.html"
2008-03-14 14:45:20 6 649 A.... "C:\Program Files\Safari\Safari.resources\FTPDirectoryTemplate.html"
2008-03-14 14:49:00 33 280 A.... "C:\Program Files\Safari\Safari.resources\SafariRegistry.dll"
2008-05-05 18:10:42 396 288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
2008-04-16 20:25:16 0 A.... "C:\Program Files\Trend Micro\Internet Security 2007\ASPAList.dat"
2008-04-16 20:25:16 0 A.... "C:\Program Files\Trend Micro\Internet Security 2007\ASPBList.dat"
2008-05-05 21:39:08 688 A.... "C:\Program Files\Trend Micro\Internet Security 2007\HosFList.dat"
2008-05-05 15:52:20 26 040 A.... "C:\Program Files\Trend Micro\Internet Security 2007\MailAddr.dat"
2008-05-05 18:12:24 6 044 A.... "C:\Program Files\Trend Micro\Internet Security 2007\NFCcur.dat"
2008-05-05 20:37:02 980 496 A.... "C:\Program Files\Trend Micro\Internet Security 2007\pcclient.exe"
2008-05-01 8:55:42 4 103 A.... "C:\Program Files\Trend Micro\Internet Security 2007\result.htm"
2008-05-01 8:55:42 4 103 A.... "C:\Program Files\Trend Micro\Internet Security 2007\result_bk.htm"
2008-05-05 21:33:42 718 A.... "C:\Program Files\Trend Micro\Internet Security 2007\TmPfwLog.dat"
2008-04-16 20:27:48 552 A.... "C:\Program Files\Trend Micro\Internet Security 2007\URLAList.dat"
2008-04-16 20:27:48 260 A.... "C:\Program Files\Trend Micro\Internet Security 2007\URLBList.dat"
2008-04-27 10:50:16 147 604 A.... "C:\Program Files\Trend Micro\Internet Security 2007\usrbl.dat"
2008-05-05 21:39:52 13 468 504 A.... "C:\Program Files\Trend Micro\Internet Security 2007\usrwl.dat"
2008-03-30 18:55:22 1 213 784 A.... "C:\Program Files\Trend Micro\Internet Security 2007\VSAPI32.DLL"
2008-04-07 15:33:12 10 736 A.... "C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\gth.dll"
2008-04-07 15:33:08 130 544 A.... "C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\gtn.dll"
2008-04-07 15:33:08 734 704 A.... "C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll"
2008-04-07 15:33:08 1 079 792 A.... "C:\Program Files\Google\GoogleToolbarNotifier\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe"
2008-03-30 10:36:30 42 496 A.... "C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\da.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:40 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\es.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fi.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\it.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ja.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ko.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\nb.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\nl.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pl.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pt_PT.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ru.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\sv.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\zh_CN.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesMiniPlayer.Resources\zh_TW.lproj\iTunesMiniPlayerLocalized.dll"
2008-03-30 10:36:46 111 104 A.... "C:\Program Files\iTunes\iTunes.Resources\da.lproj\iTunesLocalized.dll"
2008-03-30 10:36:46 118 784 A.... "C:\Program Files\iTunes\iTunes.Resources\de.lproj\iTunesLocalized.dll"
2008-03-30 10:36:40 110 080 A.... "C:\Program Files\iTunes\iTunes.Resources\en.lproj\iTunesLocalized.dll"
2008-03-30 10:36:46 116 224 A.... "C:\Program Files\iTunes\iTunes.Resources\es.lproj\iTunesLocalized.dll"
2008-03-30 10:36:46 111 104 A.... "C:\Program Files\iTunes\iTunes.Resources\fi.lproj\iTunesLocalized.dll"
2008-03-30 10:36:46 117 248 A.... "C:\Program Files\iTunes\iTunes.Resources\fr.lproj\iTunesLocalized.dll"
2008-03-30 10:36:46 114 688 A.... "C:\Program Files\iTunes\iTunes.Resources\it.lproj\iTunesLocalized.dll"
2008-03-30 10:36:46 110 080 A.... "C:\Program Files\iTunes\iTunes.Resources\ja.lproj\iTunesLocalized.dll"
2008-03-30 10:36:46 97 280 A.... "C:\Program Files\iTunes\iTunes.Resources\ko.lproj\iTunesLocalized.dll"
2008-03-30 10:36:46 112 128 A.... "C:\Program Files\iTunes\iTunes.Resources\nb.lproj\iTunesLocalized.dll"
2008-03-30 10:36:46 114 688 A.... "C:\Program Files\iTunes\iTunes.Resources\nl.lproj\iTunesLocalized.dll"
2008-03-30 10:36:46 113 152 A.... "C:\Program Files\iTunes\iTunes.Resources\pl.lproj\iTunesLocalized.dll"
2008-03-30 10:36:48 116 736 A.... "C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\iTunesLocalized.dll"
2008-03-30 10:36:48 113 664 A.... "C:\Program Files\iTunes\iTunes.Resources\ru.lproj\iTunesLocalized.dll"
2008-03-30 10:36:48 111 104 A.... "C:\Program Files\iTunes\iTunes.Resources\sv.lproj\iTunesLocalized.dll"
2008-03-30 10:36:48 110 080 A.... "C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\iTunesLocalized.dll"
2008-03-30 10:36:48 110 080 A.... "C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\iTunesLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\da.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:40 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\es.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\fi.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\it.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\ja.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 008 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\ko.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\nb.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\nl.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\pl.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\pt_PT.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\ru.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\sv.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\zh_CN.lproj\iTunesHelperLocalized.dll"
2008-03-30 10:36:50 43 520 A.... "C:\Program Files\iTunes\iTunesHelper.Resources\zh_TW.lproj\iTunesHelperLocalized.dll"
2008-03-27 18:26:56 15 024 A.... "C:\Program Files\Panda Security\NanoScan\Engine\RKPavProc.sys"
2008-03-14 14:38:48 22 820 A.... "C:\Program Files\Safari\CoreFoundation.resources\CharacterSets\CFUniCharPropertyDatabase.data"
2008-03-14 14:49:00 6 448 A.... "C:\Program Files\Safari\Safari.resources\da.lproj\FontPicker.html"
2008-03-14 14:49:00 2 314 A.... "C:\Program Files\Safari\Safari.resources\da.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 36 864 A.... "C:\Program Files\Safari\Safari.resources\da.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 756 A.... "C:\Program Files\Safari\Safari.resources\da.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 562 A.... "C:\Program Files\Safari\Safari.resources\da.lproj\StandardErrorPage.html"
2008-03-14 14:50:04 1 344 512 A.... "C:\Program Files\Safari\Safari.resources\de.lproj\Dictionary.dat"
2008-03-14 14:49:00 6 136 A.... "C:\Program Files\Safari\Safari.resources\de.lproj\FontPicker.html"
2008-03-14 14:49:00 2 300 A.... "C:\Program Files\Safari\Safari.resources\de.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 39 936 A.... "C:\Program Files\Safari\Safari.resources\de.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 840 A.... "C:\Program Files\Safari\Safari.resources\de.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 582 A.... "C:\Program Files\Safari\Safari.resources\de.lproj\StandardErrorPage.html"
2008-03-14 14:50:04 926 208 A.... "C:\Program Files\Safari\Safari.resources\en.lproj\Dictionary.dat"
2008-03-14 14:45:20 6 121 A.... "C:\Program Files\Safari\Safari.resources\en.lproj\FontPicker.html"
2008-03-14 14:45:20 2 212 A.... "C:\Program Files\Safari\Safari.resources\en.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:45:20 36 352 A.... "C:\Program Files\Safari\Safari.resources\en.lproj\SafariResources.dll"
2008-03-14 14:45:20 2 732 A.... "C:\Program Files\Safari\Safari.resources\en.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:45:20 1 548 A.... "C:\Program Files\Safari\Safari.resources\en.lproj\StandardErrorPage.html"
2008-03-14 14:50:04 689 152 A.... "C:\Program Files\Safari\Safari.resources\es.lproj\Dictionary.dat"
2008-03-14 14:49:00 6 474 A.... "C:\Program Files\Safari\Safari.resources\es.lproj\FontPicker.html"
2008-03-14 14:49:00 2 266 A.... "C:\Program Files\Safari\Safari.resources\es.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 40 448 A.... "C:\Program Files\Safari\Safari.resources\es.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 732 A.... "C:\Program Files\Safari\Safari.resources\es.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 560 A.... "C:\Program Files\Safari\Safari.resources\es.lproj\StandardErrorPage.html"
2008-03-14 14:49:00 6 470 A.... "C:\Program Files\Safari\Safari.resources\fi.lproj\FontPicker.html"
2008-03-14 14:49:00 2 232 A.... "C:\Program Files\Safari\Safari.resources\fi.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 38 400 A.... "C:\Program Files\Safari\Safari.resources\fi.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 752 A.... "C:\Program Files\Safari\Safari.resources\fi.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 624 A.... "C:\Program Files\Safari\Safari.resources\fi.lproj\StandardErrorPage.html"
2008-03-14 14:50:04 957 952 A.... "C:\Program Files\Safari\Safari.resources\fr.lproj\Dictionary.dat"
2008-03-14 14:49:00 6 211 A.... "C:\Program Files\Safari\Safari.resources\fr.lproj\FontPicker.html"
2008-03-14 14:49:00 2 260 A.... "C:\Program Files\Safari\Safari.resources\fr.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 40 960 A.... "C:\Program Files\Safari\Safari.resources\fr.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 764 A.... "C:\Program Files\Safari\Safari.resources\fr.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 556 A.... "C:\Program Files\Safari\Safari.resources\fr.lproj\StandardErrorPage.html"
2008-03-14 14:45:20 90 556 A.... "C:\Program Files\Safari\Safari.resources\Help\Acknowledgments.html"
2008-03-14 14:50:04 899 072 A.... "C:\Program Files\Safari\Safari.resources\it.lproj\Dictionary.dat"
2008-03-14 14:49:00 6 477 A.... "C:\Program Files\Safari\Safari.resources\it.lproj\FontPicker.html"
2008-03-14 14:49:00 2 238 A.... "C:\Program Files\Safari\Safari.resources\it.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 39 424 A.... "C:\Program Files\Safari\Safari.resources\it.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 752 A.... "C:\Program Files\Safari\Safari.resources\it.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 568 A.... "C:\Program Files\Safari\Safari.resources\it.lproj\StandardErrorPage.html"
2008-03-14 14:49:00 6 480 A.... "C:\Program Files\Safari\Safari.resources\ja.lproj\FontPicker.html"
2008-03-14 14:49:00 2 120 A.... "C:\Program Files\Safari\Safari.resources\ja.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 31 744 A.... "C:\Program Files\Safari\Safari.resources\ja.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 688 A.... "C:\Program Files\Safari\Safari.resources\ja.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 534 A.... "C:\Program Files\Safari\Safari.resources\ja.lproj\StandardErrorPage.html"
2008-03-14 14:49:00 6 133 A.... "C:\Program Files\Safari\Safari.resources\ko.lproj\FontPicker.html"
2008-03-14 14:49:00 2 104 A.... "C:\Program Files\Safari\Safari.resources\ko.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 30 208 A.... "C:\Program Files\Safari\Safari.resources\ko.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 770 A.... "C:\Program Files\Safari\Safari.resources\ko.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 666 A.... "C:\Program Files\Safari\Safari.resources\ko.lproj\StandardErrorPage.html"
2008-03-14 14:49:00 6 494 A.... "C:\Program Files\Safari\Safari.resources\nb.lproj\FontPicker.html"
2008-03-14 14:49:00 2 250 A.... "C:\Program Files\Safari\Safari.resources\nb.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 37 376 A.... "C:\Program Files\Safari\Safari.resources\nb.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 770 A.... "C:\Program Files\Safari\Safari.resources\nb.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 552 A.... "C:\Program Files\Safari\Safari.resources\nb.lproj\StandardErrorPage.html"
2008-03-14 14:50:04 1 010 176 A.... "C:\Program Files\Safari\Safari.resources\nl.lproj\Dictionary.dat"
2008-03-14 14:49:00 6 128 A.... "C:\Program Files\Safari\Safari.resources\nl.lproj\FontPicker.html"
2008-03-14 14:49:00 2 352 A.... "C:\Program Files\Safari\Safari.resources\nl.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 40 448 A.... "C:\Program Files\Safari\Safari.resources\nl.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 756 A.... "C:\Program Files\Safari\Safari.resources\nl.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 582 A.... "C:\Program Files\Safari\Safari.resources\nl.lproj\StandardErrorPage.html"
2008-03-14 14:49:00 6 221 A.... "C:\Program Files\Safari\Safari.resources\pl.lproj\FontPicker.html"
2008-03-14 14:49:00 2 258 A.... "C:\Program Files\Safari\Safari.resources\pl.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 37 888 A.... "C:\Program Files\Safari\Safari.resources\pl.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 758 A.... "C:\Program Files\Safari\Safari.resources\pl.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 548 A.... "C:\Program Files\Safari\Safari.resources\pl.lproj\StandardErrorPage.html"
2008-03-14 14:50:04 858 112 A.... "C:\Program Files\Safari\Safari.resources\pt.lproj\Dictionary.dat"
2008-03-14 14:49:00 6 208 A.... "C:\Program Files\Safari\Safari.resources\pt_PT.lproj\FontPicker.html"
2008-03-14 14:49:00 2 232 A.... "C:\Program Files\Safari\Safari.resources\pt_PT.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 40 448 A.... "C:\Program Files\Safari\Safari.resources\pt_PT.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 742 A.... "C:\Program Files\Safari\Safari.resources\pt_PT.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 558 A.... "C:\Program Files\Safari\Safari.resources\pt_PT.lproj\StandardErrorPage.html"
2008-03-14 14:49:00 6 157 A.... "C:\Program Files\Safari\Safari.resources\ru.lproj\FontPicker.html"
2008-03-14 14:49:00 2 258 A.... "C:\Program Files\Safari\Safari.resources\ru.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 38 912 A.... "C:\Program Files\Safari\Safari.resources\ru.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 778 A.... "C:\Program Files\Safari\Safari.resources\ru.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 1 564 A.... "C:\Program Files\Safari\Safari.resources\ru.lproj\StandardErrorPage.html"
2008-03-14 14:45:22 550 A.... "C:\Program Files\Safari\Safari.resources\SnippetEditor\SnippetEditor.html"
2008-03-14 14:50:04 874 496 A.... "C:\Program Files\Safari\Safari.resources\sv.lproj\Dictionary.dat"
2008-03-14 14:49:00 6 431 A.... "C:\Program Files\Safari\Safari.resources\sv.lproj\FontPicker.html"
2008-03-14 14:49:00 3 358 A.... "C:\Program Files\Safari\Safari.resources\sv.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 37 888 A.... "C:\Program Files\Safari\Safari.resources\sv.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 816 A.... "C:\Program Files\Safari\Safari.resources\sv.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 2 270 A.... "C:\Program Files\Safari\Safari.resources\sv.lproj\StandardErrorPage.html"
2008-03-14 14:49:00 6 384 A.... "C:\Program Files\Safari\Safari.resources\zh_CN.lproj\FontPicker.html"
2008-03-14 14:49:00 1 092 A.... "C:\Program Files\Safari\Safari.resources\zh_CN.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 28 672 A.... "C:\Program Files\Safari\Safari.resources\zh_CN.lproj\SafariResources.dll"
2008-03-14 14:49:00 1 386 A.... "C:\Program Files\Safari\Safari.resources\zh_CN.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 791 A.... "C:\Program Files\Safari\Safari.resources\zh_CN.lproj\StandardErrorPage.html"
2008-03-14 14:49:00 6 129 A.... "C:\Program Files\Safari\Safari.resources\zh_TW.lproj\FontPicker.html"
2008-03-14 14:49:00 1 062 A.... "C:\Program Files\Safari\Safari.resources\zh_TW.lproj\NetworkDiagnosticsErrorPage.html"
2008-03-14 14:49:00 29 184 A.... "C:\Program Files\Safari\Safari.resources\zh_TW.lproj\SafariResources.dll"
2008-03-14 14:49:00 2 652 A.... "C:\Program Files\Safari\Safari.resources\zh_TW.lproj\ServerNotFoundErrorPage.html"
2008-03-14 14:49:00 766 A.... "C:\Program Files\Safari\Safari.resources\zh_TW.lproj\StandardErrorPage.html"
2008-03-14 14:50:12 4 199 A.... "C:\Program Files\Safari\WebKit.resources\inspector\inspector.html"
2008-04-27 16:54:10 17 592 A.... "C:\Program Files\Trend Micro\Internet Security 2007\MBD\Tmbd0002.dat"
2008-05-05 20:37:02 69 980 A.... "C:\Program Files\Trend Micro\Internet Security 2007\MBD\Tmbd0003.dat"
2008-05-05 21:38:20 388 A.... "C:\Program Files\Trend Micro\Internet Security 2007\MBD\TmMbdMas.dat"
2008-05-05 20:37:02 40 352 A.... "C:\Program Files\Trend Micro\Internet Security 2007\PFW\TmRl0005.dat"
2008-05-05 20:37:02 40 352 A.... "C:\Program Files\Trend Micro\Internet Security 2007\PFW\TmRl000B.dat"
2008-05-05 20:37:02 40 352 A.... "C:\Program Files\Trend Micro\Internet Security 2007\PFW\TmRl0011.dat"
2008-05-05 20:37:02 9 228 A.... "C:\Program Files\Trend Micro\Internet Security 2007\PFW\TmRl0019.dat"
2008-05-05 20:37:02 40 368 A.... "C:\Program Files\Trend Micro\Internet Security 2007\PFW\TmRl001E.dat"
2008-04-16 20:35:56 73 208 A.... "C:\Program Files\Trend Micro\Internet Security 2007\PFW\TmRl0020.dat"
2008-04-16 20:35:58 62 240 A.... "C:\Program Files\Trend Micro\Internet Security 2007\PFW\TmRl0021.dat"
2008-04-16 20:35:58 62 240 A.... "C:\Program Files\Trend Micro\Internet Security 2007\PFW\TmRl0022.dat"
2008-04-16 20:35:58 62 240 A.... "C:\Program Files\Trend Micro\Internet Security 2007\PFW\TmRl0023.dat"
2008-04-16 20:35:58 1 384 A.... "C:\Program Files\Trend Micro\Internet Security 2007\PFW\TmRulMas.dat"
2008-05-05 21:39:08 5 304 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Profile\Prf00000.dat"
2008-04-16 20:35:58 5 304 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Profile\Prf00001.dat"
2008-04-16 20:35:58 5 304 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Profile\Prf00002.dat"
2008-04-16 20:35:58 5 304 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Profile\Prf00003.dat"
2008-05-04 10:59:10 213 136 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3.tmp"
2008-05-03 8:52:50 213 246 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3C.tmp"
2008-05-05 8:33:38 213 136 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4.tmp"
2008-05-05 21:04:36 213 136 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5.tmp"
2008-05-05 21:10:50 213 136 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6.tmp"
2008-05-04 13:54:54 213 246 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\63.tmp"
2008-05-05 21:13:40 213 136 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7.tmp"
2008-05-05 21:27:50 213 136 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8.tmp"
2008-05-05 21:32:02 213 136 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9.tmp"
2008-04-28 7:31:48 0 A.... "C:\Program Files\Trend Micro\Internet Security 2007\SpyBackup\SpyBackup.dat"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\da.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\de.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:30 43 008 A.... "C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\es.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\fi.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\it.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 008 A.... "C:\Program Files\iPod\bin\iPodService.Resources\ja.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 008 A.... "C:\Program Files\iPod\bin\iPodService.Resources\ko.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\nb.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\nl.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\pl.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\pt_PT.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\ru.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 520 A.... "C:\Program Files\iPod\bin\iPodService.Resources\sv.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 008 A.... "C:\Program Files\iPod\bin\iPodService.Resources\zh_CN.lproj\iPodServiceLocalized.dll"
2008-03-30 10:36:46 43 008 A.... "C:\Program Files\iPod\bin\iPodService.Resources\zh_TW.lproj\iPodServiceLocalized.dll"
2008-03-28 23:37:14 935 853 A.... "C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip"
2008-03-14 14:49:00 23 438 A.... "C:\Program Files\Safari\Safari.resources\Help\da.lproj\License.html"
2008-03-14 14:49:00 3 640 A.... "C:\Program Files\Safari\Safari.resources\Help\da.lproj\Plug-ins.html"
2008-03-14 14:49:00 27 874 A.... "C:\Program Files\Safari\Safari.resources\Help\de.lproj\License.html"
2008-03-14 14:49:00 3 636 A.... "C:\Program Files\Safari\Safari.resources\Help\de.lproj\Plug-ins.html"
2008-03-14 14:45:20 22 876 A.... "C:\Program Files\Safari\Safari.resources\Help\en.lproj\License.html"
2008-03-14 14:45:20 3 623 A.... "C:\Program Files\Safari\Safari.resources\Help\en.lproj\Plug-ins.html"
2008-03-14 14:49:00 26 374 A.... "C:\Program Files\Safari\Safari.resources\Help\es.lproj\License.html"
2008-03-14 14:49:00 3 628 A.... "C:\Program Files\Safari\Safari.resources\Help\es.lproj\Plug-ins.html"
2008-03-14 14:49:00 22 549 A.... "C:\Program Files\Safari\Safari.resources\Help\fi.lproj\License.html"
2008-03-14 14:49:00 3 622 A.... "C:\Program Files\Safari\Safari.resources\Help\fi.lproj\Plug-ins.html"
2008-03-14 14:49:00 26 895 A.... "C:\Program Files\Safari\Safari.resources\Help\fr.lproj\License.html"
2008-03-14 14:49:00 3 624 A.... "C:\Program Files\Safari\Safari.resources\Help\fr.lproj\Plug-ins.html"
2008-03-14 14:49:00 25 852 A.... "C:\Program Files\Safari\Safari.resources\Help\it.lproj\License.html"
2008-03-14 14:49:00 3 631 A.... "C:\Program Files\Safari\Safari.resources\Help\it.lproj\Plug-ins.html"
2008-03-14 14:49:00 31 723 A.... "C:\Program Files\Safari\Safari.resources\Help\ja.lproj\License.html"
2008-03-14 14:49:00 7 184 A.... "C:\Program Files\Safari\Safari.resources\Help\ja.lproj\Plug-ins.html"
2008-03-14 14:49:00 29 789 A.... "C:\Program Files\Safari\Safari.resources\Help\ko.lproj\License.html"
2008-03-14 14:49:00 3 631 A.... "C:\Program Files\Safari\Safari.resources\Help\ko.lproj\Plug-ins.html"
2008-03-14 14:49:00 24 563 A.... "C:\Program Files\Safari\Safari.resources\Help\nb.lproj\License.html"
2008-03-14 14:49:00 3 635 A.... "C:\Program Files\Safari\Safari.resources\Help\nb.lproj\Plug-ins.html"
2008-03-14 14:49:00 27 811 A.... "C:\Program Files\Safari\Safari.resources\Help\nl.lproj\License.html"
2008-03-14 14:49:00 3 633 A.... "C:\Program Files\Safari\Safari.resources\Help\nl.lproj\Plug-ins.html"
2008-03-14 14:49:00 26 390 A.... "C:\Program Files\Safari\Safari.resources\Help\pl.lproj\License.html"
2008-03-14 14:49:00 3 613 A.... "C:\Program Files\Safari\Safari.resources\Help\pl.lproj\Plug-ins.html"
2008-03-14 14:49:00 26 822 A.... "C:\Program Files\Safari\Safari.resources\Help\pt_PT.lproj\License.html"
2008-03-14 14:49:00 3 627 A.... "C:\Program Files\Safari\Safari.resources\Help\pt_PT.lproj\Plug-ins.html"
2008-03-14 14:49:00 115 771 A.... "C:\Program Files\Safari\Safari.resources\Help\ru.lproj\License.html"
2008-03-14 14:49:00 3 657 A.... "C:\Program Files\Safari\Safari.resources\Help\ru.lproj\Plug-ins.html"
2008-03-14 14:49:00 25 389 A.... "C:\Program Files\Safari\Safari.resources\Help\sv.lproj\License.html"
2008-03-14 14:49:00 3 643 A.... "C:\Program Files\Safari\Safari.resources\Help\sv.lproj\Plug-ins.html"
2008-03-14 14:49:00 19 706 A.... "C:\Program Files\Safari\Safari.resources\Help\zh_CN.lproj\License.html"
2008-03-14 14:49:00 3 694 A.... "C:\Program Files\Safari\Safari.resources\Help\zh_CN.lproj\Plug-ins.html"
2008-03-14 14:49:00 19 893 A.... "C:\Program Files\Safari\Safari.resources\Help\zh_TW.lproj\License.html"
2008-03-14 14:49:00 3 607 A.... "C:\Program Files\Safari\Safari.resources\Help\zh_TW.lproj\Plug-ins.html"
2008-05-04 13:36:12 213 161 A.... "C:\Program Files\Trend Micro\Internet Security 2007\backup\T\80504000.DAT"
2008-03-30 19:07:30 36 368 A.... "C:\Program Files\Trend Micro\Internet Security 2007\drivers\VsapiDriver\tmpreflt.sys"
2008-03-30 19:07:36 204 816 A.... "C:\Program Files\Trend Micro\Internet Security 2007\drivers\VsapiDriver\tmxpflt.sys"
2008-03-30 18:50:58 1 169 240 A.... "C:\Program Files\Trend Micro\Internet Security 2007\drivers\VsapiDriver\VsapiNT.sys"
2008-04-27 16:54:10 17 592 A.... "C:\Program Files\Trend Micro\Internet Security 2007\MBD\Backup\Tmbd0002.dat"
2008-05-05 20:37:02 69 980 A.... "C:\Program Files\Trend Micro\Internet Security 2007\MBD\Backup\Tmbd0003.dat"
2008-05-05 21:38:20 388 A.... "C:\Program Files\Trend Micro\Internet Security 2007\MBD\Backup\TmMbdMas.dat"
2008-05-02 7:56:26 144 210 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Temp\aubin\AU_Data\AU_Cache\pcc153-p.activeupdate.trendmicro.com\autis153e.zip"
2008-05-05 17:36:12 2 816 A.... "C:\Program Files\Trend Micro\Internet Security 2007\Temp\aubin\AU_Data\AU_Cache\pcc153-p.activeupdate.trendmicro.com\ini_xml.zip"

Files with hidden attributes:

Mon 5 Dec 2005 56 ..SHR --- "C:\WINDOWS\system32\A98AEC782F.sys"
Mon 3 Dec 2007 27,136 ..SHR --- "C:\WINDOWS\system32\wincheck071128.dll"
Mon 3 Dec 2007 28,052 ..SHR --- "C:\WINDOWS\system32\wincheck071128.exe"
Sat 2 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 20 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Program Folders:

C:\Program Files\

3DGroove
Adobe
Ahead
Apple Software Update
AvantGo Connect
AvRack
Canon
Common Files
ComPlus Applications
Corel
CyberLink
CyberLink DVD Solution
Disney Interactive
GENIUS TABLET
Google
Hewlett-Packard
Imagine It!
Infogrames Interactive
InstallShield Installation Information
Internet Explorer
iPod
iTunes
Java
Limewire
Loan Calculator Plus25
McAfee
Messenger
Micrografx
Microsoft ActiveSync
microsoft frontpage
Microsoft Office
Midas Interactive
Movie Maker
MSN
MSN Gaming Zone
MSN Messenger
NetMeeting
NoAdware5.0
Online Services
Outlook Express
Panda Security
PIXELA
Power MP3 WMA Converter
QuickTime
Realtek Sound Manager
Safari
Samsung
Scholastic's Clifford
SiS VGA Utilities V3.65
Sony Corporation
SpywareBlaster
Trend Micro
Uninstall Information
Windows Live
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox

C:\Program Files\Common Files\

Adobe
Ahead
Apple
Corel
Designer
Hewlett-Packard
InstallShield
Java
Microsoft Shared
MSSoap
muvee Technologies
ODBC
Services
SpeechEngines
System

Add/Remove Programs:

3D Groove Playback Engine
Panda ActiveScan 2.0
Adobe Acrobat 5.0
Blue's Art Time Activities
Clever Kids Dino Land (remove only)
Clifford Learning Activities
HijackThis 2.0.2
HP Photo and Imaging 2.0 - hp psc 1200 series
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
InCD
Corel Graphics Suite 11
Canon Camera Window for ZoomBrowser EX
Canon Utilities File Viewer Utility 1.2
Canon Utilities RemoteCapture 2.7
Canon Utilities PhotoStitch 3.1
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Update for Windows XP (KB929338)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB933360)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
LimeWire 4.16.6
Loan Calculator! Plus v2.5b
Microsoft Compression Client Pack 1.0 for Windows XP
Nero OEM
Microsoft National Language Support Downlevel APIs
NoAdware v5.0
OmniGSoft Nine Hole Golf 1.0 for Pocket PC
Canon PhotoRecord
Power MP3 WMA Converter 2006, (ver 3.42c)
Putt-Putt Travels Through Time
SAMSUNG Mobile USB Modem 1.0 Software
SiS VGA Utilities
SiS 900 PCI Fast Ethernet Adapter Driver
SpywareBlaster 4.0
Trend Micro PC-cillin Internet Security 2007
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Microsoft ActiveSync 3.7
Windows Media Format 11 runtime
Windows Media Player 11
Micrografx Windows Draw 6 Limited Edition
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
Your Photo Here
Microsoft Office 2000 Standard
Macromedia Flash Player
Corel Graphics Suite 11
SiSRaidPackage
Safari
QuickTime
Picture Package
Multimedia Launcher
Google Toolbar for Internet Explorer
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Apple Mobile Device Support
VBA (2627.01)
iTunes
Camera Window
Sony USB Driver
PowerDVD
HP Photo and Imaging 2.0 - All-in-One Drivers
File Viewer Utility 1.2.2
MegaCam
Microsoft Outlook 2002
HP Photo and Imaging 2.0 - All-in-One
RemoteCapture 2.7.2
HP Memories Disc
Microsoft .NET Framework 2.0 Service Pack 1
Apple Software Update
PowerProducer
DVD Solution
Trend Micro PC-cillin Internet Security 2007
Canon Utilities ZoomBrowser EX
First Step Guide
hp psc 1200 series
Search for the Secret Keys
Activity Center, Winnie the Pooh
Corel Painter 8
PhotoStitch
ImageMixer VCD2
Realtek AC'97 Audio

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SoundMan"="SOUNDMAN.EXE"
"SiSRaid"="C:\\Program Files\\Silicon Integrated Systems\\SiSRaidPackage\\SRaid.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"WService"="WService.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
@="C:\\Program Files\\Common Files\\System\\"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
"CardBoardFish-DesktopSender"="C:\\Program Files\\CardBoardFish\\Desktop SMS Sender\\DesktopSMS.exe /systemtray"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PowerBar"=""
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"OE"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\TMAS_OE\\TMAS_OEMon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"Userinit"="C:\\WINDOWS\\system32\\inf\\svchost.exe C:\\WINDOWS\\system32\\lwisys16_071128.dll start"
"MyUserinit"="C:\\WINDOWS\\system32\\inf\\svchosts.exe C:\\WINDOWS\\system32\\lwis16_080407.dll tanls"

Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 4 DISABLED

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 4 DISABLED

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

@="CorelDRAW Shell Extension Component"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0

Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"

Non-Default IFEO Debugger:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentsvr.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\appsvc32.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arswp.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ast.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avconsol.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmonitor.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccenter.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccsvchst.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\eghost.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filedsty.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ftcleanershell.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fyfirewall.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hijackthis.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icesword.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmor.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ispwdsvc.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kascrscn.scr
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kasmain.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kastask.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavdx.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpf.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpfw.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavsetup.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kislnchr.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmfilter.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfw32.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfw32x.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfwsvc.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kregex.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\krepair.com
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ksloader.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvcenter.kxp
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvdetect.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvfwmcl.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp.kxp
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp_1.kxp
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvreport.kxp
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvscan.kxp
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvsrvxp.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvstub.kxp
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvwsc.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.kxp
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp_1.kxp
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch9x.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatchx.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\magicset.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navapsvc.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navapw32.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32kui.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npfmntor.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfw.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwliveupdate.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qhset.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qqdoctor.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qqkav.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmon.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmond.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravstub.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravtask.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regclean.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsagent.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsaupd.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartup.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sreng.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syssafe.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojandetector.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojanwall.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojdie.kxp
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uihost.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxagent.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxattachment.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxcfg.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxfwhlp.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxpol.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\upiea.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uplive.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\usbcleaner.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsstat.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscanx.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wopticlean.exe
Debugger REG_SZ C:\Program Files\Common Files\Microsoft Shared\vndoaut.exe

Non-Default Installed Components:

Non-Default Safeboot Minimal:

File Associations:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"

Finished!

nasdaq · May 5, 2008

Can you run this tool?

Familiarize yourself with this combofix tool.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

It's IMPORTANT to carry out the instructions in the sequence listed below.
***************************************************

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------

Please Note:

1. Disconnect from the internet. Unplug the cable from the wall.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.
--------------------------------------------------------------------
Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Anton Viljoen · May 6, 2008

ComboFix 08-05-01.3 - User 2008-05-06 20:50:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.440 [GMT 2:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\FunWebProducts
C:\Documents and Settings\User\Application Data\FunWebProducts\Data\User\avatar.dat
C:\Documents and Settings\User\Application Data\FunWebProducts\Data\User\zwinky.dat
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pwisys.ini
C:\WINDOWS\system32\inf\scrsys080407.scr
C:\WINDOWS\system32\inf\scrsys16_080407.dll
C:\WINDOWS\system32\inf\svchost.exe
C:\WINDOWS\system32\inf\svchosts.exe
C:\WINDOWS\system32\lwis16_080407.dll
C:\WINDOWS\system32\lwisys16_071128.dll
C:\WINDOWS\system32\sexit.dat

.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-05 21:02 . 2008-05-05 21:41 <DIR> d-------- C:\SDFix
2008-05-04 09:48 . 2008-05-04 09:49 <DIR> d-------- C:\Program Files\Loan Calculator Plus25
2008-04-27 16:54 . 2008-04-27 16:54 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-27 16:54 . 2008-04-30 19:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 16:54 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-27 15:28 . 2008-04-28 07:02 <DIR> d-------- C:\Program Files\Panda Security
2008-04-27 11:55 . 2008-04-27 12:22 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-04-21 14:27 . 2008-05-05 21:42 2,427 --a------ C:\WINDOWS\system32\mywehit.ini.tmp
2008-04-13 19:23 . 2008-04-13 19:22 108,188 --a------ C:\WINDOWS\system\skspf080407.exe
2008-04-13 08:09 . 2008-04-13 08:09 297,237 --a------ C:\WINDOWS\system32\QQabc.exe
2008-04-13 08:09 . 2008-05-06 08:28 200,192 --a------ C:\WINDOWS\system32\QQabc.dat
2008-04-08 13:10 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-04-08 13:10 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-04-08 13:09 . 2008-04-08 13:09 <DIR> d-------- C:\Program Files\Midas Interactive
2008-04-08 08:46 . 2008-05-06 08:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 08:46 . 2008-04-08 08:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-08 08:45 . 2008-04-08 08:45 <DIR> d-------- C:\Program Files\iTunes
2008-04-08 08:45 . 2008-04-08 08:45 <DIR> d-------- C:\Program Files\iPod
2008-04-07 11:28 . 2008-04-09 08:10 10,752 --a------ C:\WINDOWS\DCEBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 16:04 --------- d-----w C:\Program Files\Trend Micro
2008-04-29 16:41 --------- d-----w C:\Program Files\Java
2008-04-15 10:36 --------- d-----w C:\Program Files\Limewire
2008-04-08 06:44 --------- d-----w C:\Program Files\QuickTime
2008-03-30 17:07 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-03-30 17:07 204,816 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-03-30 16:50 1,169,240 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-03-25 20:58 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-03-25 06:03 --------- d-----w C:\Program Files\Safari
2008-03-22 09:06 --------- d-----w C:\Program Files\Google
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-12-04 17:22 34 -csh--w C:\Program Files\DLD.DAT
2007-08-06 13:16 3,872 ----a-w C:\Documents and Settings\User\Application Data\ViewerApp.dat
2006-08-29 12:42 6,485,656 -c--a-w C:\Program Files\hppse1.12.0.46enu.exe
2006-02-26 19:20 1,163,954 -c--a-w C:\Program Files\PowerConvertor.EXE
2005-03-31 20:17 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2005-12-05 19:58 56 -csh--r C:\WINDOWS\system32\A98AEC782F.sys
2007-12-03 17:05 27,136 -csh--r C:\WINDOWS\system32\wincheck071128.dll
2007-12-03 17:05 28,052 -csh--r C:\WINDOWS\system32\wincheck071128.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 07:42 401491]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 17:22 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2007-03-19 00:00 321040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"SiSPower"="SiSPower.dll" [2005-01-04 10:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"WService"="WService.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-06-10 16:20 1397760]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-03-19 00:00 3429904]
"CardBoardFish-DesktopSender"="C:\Program Files\CardBoardFish\Desktop SMS Sender\DesktopSMS.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 21:08:34 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10 40960]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-12-01 16:47:39 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"MyUserinit"= C:\WINDOWS\system32\inf\svchosts.exe C:\WINDOWS\system32\lwis16_080407.dll tanls

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 10:43]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 08:04]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 08:05]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 08:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72c77c2e-913b-11da-9a29-0013d4433b68}]
\Shell\AutoRun\command - E:\pvnworn.exe
\Shell\explore\Command - E:\pvnworn.exe
\Shell\open\Command - E:\pvnworn.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 05:49:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-03-31 20:19:08 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1133466712.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 20:53:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\Program Files\Internet Explorer\iexplore.exe [604] 0x858CF990

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ?X?????????????????????????????????????????????????????????????|p??|????m??|?`?w????????8X????@?8?@?????8X??c"?s???s??????@?????N'?s?Q2?L|?s????????????u??s????????c"?s???s??????@?8?@?N'?s?R2??$@?8?@?8?@??????????R2??=2????sh=2?xQ2?h=2??=2?0i?s?????????R2????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-06 20:58:16
ComboFix-quarantined-files.txt 2008-05-06 18:58:13

Pre-Run: 177,203,822,592 bytes free
Post-Run: 177,851,420,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

156 --- E O F --- 2008-04-12 12:19:35

tetonbob · May 6, 2008

Hello, Anton Viljoen

I believe the above ComboFix log belongs in this thread. Please bookmark this topic so you may more easily find your way back. nasdaq might not otherwise know you've replied.

Back to you, nasdaq!

nasdaq · May 7, 2008

Hi,

Delete these files in bold.

C:\WINDOWS\system32\mywehit.ini.tmp
C:\WINDOWS\system\skspf080407.exe
C:\WINDOWS\system32\QQabc.exe
C:\WINDOWS\system32\QQabc.dat
C:\WINDOWS\DCEBoot.exe

Submit a fresh HijackThis log.

Let me know what problem persists.

Anton Viljoen · May 7, 2008

Nasdaq,

You're a legend, my PC is cured!!!

Thks for your help.

nasdaq · May 8, 2008

Let me see a fresh HijackThis log.

Time for some housekeeping

Click START then RUN
Now type Combofix /u in the runbox and click OK

The above procedure will:

Delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

red girl virus

Top Contributors this Month

Recommended Communities