[cove314]

I had a problem with winantispyware virus so I did a destructive reformat of windows xp, did all the windows updates and I still have it. I read the "do this first" section and loaded spywareblaster I also did the Hijackthis and the Panda scan here is the info.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:29 AM, on 6/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Common Files\ADS\ADSService.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPuB.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212977941431
O23 - Service: ADSService - EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe
O23 - Service: AuthFw - Authentium - C:\Program Files\Authentium\Firewall SDK\AuthFw.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe
O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: ProtectionService - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe

--
End of file - 7456 bytes



Here is the Panda scan

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-10 02:30:53
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
EarthLink Antivirus 3.93 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00035328 Application/KillApp.A HackTools No 0 Yes No C:\hp\bin\Terminator.exe
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t4wfarop.default\cookies.txt[.tribalfusion.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t4wfarop.default\cookies.txt[.com.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t4wfarop.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t4wfarop.default\cookies.txt[server.iad.liveperson.net/hc/LPearthlink_elink1]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t4wfarop.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t4wfarop.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\t4wfarop.default\cookies.txt[searchportal.information.com/]
;===================================================================================================================================================================================
SUSPECTS
Sent Location .v
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description .v
;===================================================================================================================================================================================
;===================================================================================================================================================================================



Thank you for any help.

 

[ndmmxiaomayi]

Hi,

1. Please download Deckard's System Scanner from Tech Support Forum and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
2. Save all your work and close all opened programs.
3. Double click on dss.exe to run it. Follow the prompts.
4. When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
5. Please post the contents of the 2 log files in your next reply. 1 log per reply please.

 

[cove314]

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-14 21:05:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2008-06-15 01:05:44 UTC - RP55 - Deckard's System Scanner Restore Point
54: 2008-06-14 12:51:45 UTC - RP54 - System Checkpoint
53: 2008-06-13 11:51:44 UTC - RP53 - System Checkpoint
52: 2008-06-12 11:19:55 UTC - RP52 - Installed Sid Meier's Civilization 4 - Beyond the Sword
51: 2008-06-12 11:19:13 UTC - RP51 - Configured Sid Meier's Civilization 4 - Warlords


-- First Restore Point --
1: 2008-06-09 04:31:42 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:35 PM, on 6/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ADS\ADSService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPuB.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212977941431
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ADSService - EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AuthFw - Authentium - C:\Program Files\Authentium\Firewall SDK\AuthFw.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe
O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtectionService - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe

--
End of file - 8499 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 ProtectionService - "c:\program files\earthlink\earthlink protection control center\bin\protectionservice.exe" <Not Verified; EarthLink, Inc.; EarthLink Protection Control Center>

S3 AuthFw - "c:\program files\authentium\firewall sdk\authfw.exe" <Not Verified; Authentium; Authentium Firewall SDK>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-14 19:01:00 342 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job
2008-06-14 02:21:53 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-13 04:44:21 0 d-------- C:\Program Files\Windows Defender
2008-06-12 08:15:37 0 d-------- C:\Program Files\Uniblue
2008-06-12 07:32:32 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-12 07:32:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-12 07:32:25 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-12 07:32:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-12 06:44:38 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-12 06:39:19 0 d-------- C:\Program Files\Firaxis Games
2008-06-12 06:38:51 0 d-------- C:\WINDOWS\LastGood
2008-06-11 06:57:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-06-11 06:44:33 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-06-11 06:20:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-11 06:19:26 0 d-------- C:\Program Files\Common Files\iS3
2008-06-11 06:19:25 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-11 05:57:37 0 d-------- C:\Program Files\WhatsRunning
2008-06-10 05:46:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-06-10 05:45:48 0 d-------- C:\Program Files\iPod
2008-06-10 05:45:44 0 d-------- C:\Program Files\iTunes
2008-06-10 05:45:31 0 d-------- C:\Program Files\Bonjour
2008-06-10 05:44:59 0 d-------- C:\Program Files\QuickTime
2008-06-10 05:44:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-10 05:44:45 0 d-------- C:\Program Files\Apple Software Update
2008-06-10 05:44:37 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-10 05:44:26 0 d-------- C:\Program Files\Common Files\Apple
2008-06-10 05:44:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-10 05:34:14 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-10 05:34:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-06-10 05:34:08 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-10 02:33:51 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 02:33:46 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-10 01:19:11 0 d-------- C:\Program Files\Panda Security
2008-06-10 01:06:01 0 d-------- C:\Program Files\Trend Micro
2008-06-10 00:59:33 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-06-10 00:59:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-10 00:59:33 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-10 00:09:32 0 d-------- C:\EarthLink PCC Data
2008-06-10 00:06:48 53248 --ah----- C:\AFCache.dat
2008-06-10 00:04:05 0 d-------- C:\Program Files\Microsoft WSE
2008-06-10 00:03:39 0 d-------- C:\Program Files\Authentium
2008-06-10 00:03:31 0 d-------- C:\Program Files\Common Files\Authentium
2008-06-10 00:03:24 0 d-------- C:\Program Files\Common Files\ADS
2008-06-10 00:03:21 0 d-------- C:\Program Files\Common Files\EarthLink Protection Control Center
2008-06-10 00:03:16 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-09 10:34:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Visual Networks
2008-06-09 10:33:26 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-09 10:33:17 0 d-------- C:\Program Files\EarthLink TotalAccess
2008-06-09 09:43:25 0 d-------- C:\Documents and Settings\Owner\Application Data\EarthLink
2008-06-09 09:43:22 0 d-------- C:\Documents and Settings\Owner\Application Data\ScamBlocker
2008-06-09 09:36:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\InstallShield
2008-06-09 09:33:55 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-09 09:33:49 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-09 09:30:48 0 d-------- C:\Program Files\Common Files\EarthLink
2008-06-09 09:30:13 152 --a------ C:\WINDOWS\system32\???????????????????????????????????????????g
2008-06-09 09:29:40 0 d-------- C:\Program Files\EarthLink
2008-06-09 09:03:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 08:55:55 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-09 08:54:59 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-09 08:54:59 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-09 01:08:43 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-09 00:33:21 245920 -r-hs---- C:\cmldr
2008-06-09 00:33:17 0 dr-hs---- C:\cmdcons
2008-06-09 00:33:16 0 d-------- C:\WINDOWS\setup.pss
2008-06-09 00:31:36 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-06-09 00:30:55 9856 --a------ C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2008-06-09 00:30:55 49152 --a------ C:\WINDOWS\system32\cpuinf32.dll <Not Verified; Intel Corporation; Intel CPUInfo>
2008-06-09 00:30:54 1630208 --a------ C:\WINDOWS\system32\mplvw7.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-06-09 00:30:54 1150976 --a------ C:\WINDOWS\system32\mplvpx.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-06-09 00:30:54 1581056 --a------ C:\WINDOWS\system32\mplvm6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-06-09 00:30:54 1675264 --a------ C:\WINDOWS\system32\mplva6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-06-09 00:30:54 81920 --a------ C:\WINDOWS\system32\mplaw7.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-06-09 00:30:54 69632 --a------ C:\WINDOWS\system32\mplapx.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-06-09 00:30:54 69632 --a------ C:\WINDOWS\system32\mplam6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-06-09 00:30:54 81920 --a------ C:\WINDOWS\system32\mplaa6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-06-09 00:30:18 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-06-09 00:30:17 0 d-------- C:\Program Files\ArcSoft
2008-06-09 00:27:43 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-09 00:27:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-06-09 00:27:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Sonic
2008-06-09 00:27:43 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-06-09 00:27:43 0 d-------- C:\Documents and Settings\Default User\Application Data\Real
2008-06-09 00:27:43 0 d-------- C:\Documents and Settings\Default User\Application Data\interMute
2008-06-09 00:25:35 0 d--hs---- C:\System Volume Information
2008-06-09 00:20:06 1457 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-06-09 00:18:36 0 d-------- C:\I386
2008-06-09 00:08:29 0 dr------- C:\Program Files
2008-06-09 00:08:29 0 dr------- C:\Documents and Settings\Owner\Start Menu
2008-06-09 00:08:29 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2008-06-09 00:08:27 0 dr------- C:\Documents and Settings\Owner\My Documents
2008-06-09 00:08:26 0 dr------- C:\Documents and Settings\Owner\Favorites
2008-06-09 00:08:26 0 dr-h----- C:\Documents and Settings\Owner\Application Data
2008-06-09 00:08:26 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-09 00:08:26 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-09 00:08:26 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-06-09 00:08:26 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-09 00:08:25 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-09 00:08:25 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-09 00:08:21 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-09 00:08:03 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-09 00:06:39 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-08 23:47:24 0 d-------- C:\WINDOWS\Prefetch
2008-06-08 23:41:54 0 d-------- C:\WINDOWS\system32\scripting
2008-06-08 23:41:53 0 d-------- C:\WINDOWS\system32\en
2008-06-08 23:41:53 0 d-------- C:\WINDOWS\l2schemas
2008-06-08 23:38:34 0 d-------- C:\WINDOWS\network diagnostic
2008-06-08 23:06:47 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-08 23:06:47 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-08 23:06:47 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-06-08 23:06:44 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-06-08 23:06:44 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-06-08 23:03:23 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-08 22:50:56 0 d-------- C:\Program Files\messenger
2008-06-08 22:50:46 0 d-------- C:\WINDOWS\peernet
2008-06-08 22:50:45 0 d-------- C:\WINDOWS\provisioning
2008-06-08 22:49:47 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-08 22:45:18 0 d-------- C:\WINDOWS\EHome
2008-06-08 22:24:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-08 22:22:30 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-08 22:22:27 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-08 22:21:48 0 d-------- C:\WINDOWS\system32\bits
2008-06-08 22:19:08 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-08 22:18:59 0 d--hs---- C:\Documents and Settings\Owner\UserData
2008-06-08 22:18:30 0 d-------- C:\Program Files\CCleaner
2008-06-08 22:17:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-08 22:17:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2008-06-12 07:32:04 0 d-------- C:\Program Files\Common Files
2008-06-12 07:19:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 06:38:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-10 05:59:35 0 d-------- C:\Program Files\IntelliMover Data Transfer Demo
2008-06-10 00:03:54 152 --a------ C:\WINDOWS\system32\???????????????????????????????????????????g
2008-06-09 01:03:10 0 d-------- C:\Program Files\Softex
2008-06-09 01:02:22 0 d-------- C:\Documents and Settings\Owner\Application Data\interMute
2008-06-09 01:01:32 0 d-------- C:\Program Files\Common Files\Real
2008-06-09 00:59:59 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-06-09 00:51:04 0 d-------- C:\Program Files\HP
2008-06-09 00:49:50 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-08 23:41:53 0 d-------- C:\Program Files\Movie Maker
2008-06-08 23:40:10 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 10:07 AM]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [05/23/2003 06:03 AM]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [05/23/2003 05:55 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 11:02 PM]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [06/18/2003 10:19 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 12:42 AM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [08/11/2006 09:43 PM]
"nwiz"="nwiz.exe" [08/11/2006 09:43 PM C:\WINDOWS\system32\nwiz.exe]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [06/17/2003 09:13 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 07:57 PM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [08/11/2006 09:43 PM]
"IPInSightMonitor 01"="C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe" [08/10/2005 10:10 PM]
"IPInSightLAN 01"="C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" [08/10/2005 10:10 PM]
"Earthlink Protection Control Center"="C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe" [11/15/2007 05:44 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [05/07/2003 10:56 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 02/21/2003 06:50 AM 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77558a2c-35db-11dd-aca6-806d6172696f}]
AutoRun\command- D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77558a2f-35db-11dd-aca6-806d6172696f}]
AutoRun\command- F:\autorun.exe

*Newly Created Service* - SECDRV
*Newly Created Service* - WINDEFEND



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8724 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-14 21:08:48 ------------

 

[cove314]

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2800+
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1023.36 MiB / 490.83 MiB
Pagefile Memory (total/avail): 2465.69 MiB / 1962.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1808.52 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 68.96 GiB total, 42.31 GiB free.
D: is Fixed (FAT32) - 5.55 GiB total, 1.03 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800EB-11DJF0 - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 5.56 GiB - D:
\PARTITION1 (bootable) - Installable File System - 68.96 GiB - C:

\\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE5 - HP photosmart 7700 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHOTOMACHINE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\PHOTOMACHINE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\ADS;C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=PHOTOMACHINE
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft ShowBiz 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{EE5BD928-7934-4E7B-9FE0-0454931A7159}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
EarthLink FastLane --> MsiExec.exe /X{BD33CD92-3A42-4CE1-ADDE-A9B64CFFF24D}
EarthLink Protection Control Center --> C:\Program Files\InstallShield Installation Information\{7E026A05-69E6-40C5-8838-1256DE89650C}\setup.exe -runfromtemp -l0x0009 -removeonly
EarthLink Software --> "C:\Program Files\EarthLink TotalAccess\uninstll.exe" /W
EarthLink Toolbar --> "C:\Program Files\EarthLink TotalAccess\\Toolbar\Toolbar\uninst_tb.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
OmniPass --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Beyond the Sword --> C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords --> C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
Smart Installer --> C:\Program Files\EarthLink\Smart Installer\UnSMI.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
toolkit --> c:\Windows\HPTK\unhptkit.exe
Uniblue ProcessScanner --> "C:\Program Files\Uniblue\ProcessScanner\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
ZeroDay --> MsiExec.exe /I{4CB686B8-144D-4D8C-830F-0A0DA9A039DC}


-- Application Event Log -------------------------------------------------------

Event Record #/Type989 / Warning
Event Submitted/Written: 06/14/2008 01:01:01 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{EE5BD928-7934-4E7B-9FE0-0454931A7159}', feature 'AV_DVP' failed during request for component '{E39DB87F-D2CB-42FF-AAA4-72E708258DC6}'

Event Record #/Type988 / Warning
Event Submitted/Written: 06/14/2008 01:01:01 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{EE5BD928-7934-4E7B-9FE0-0454931A7159}', feature 'AV_DVP', component '{207AD740-F307-4F4C-B354-E035CF9FCB6C}' failed. The resource 'HKEY_LOCAL_MACHINE\Software\Antivirus\' does not exist.

Event Record #/Type987 / Error
Event Submitted/Written: 06/14/2008 02:21:52 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type983 / Warning
Event Submitted/Written: 06/13/2008 01:01:05 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{EE5BD928-7934-4E7B-9FE0-0454931A7159}', feature 'AV_DVP' failed during request for component '{E39DB87F-D2CB-42FF-AAA4-72E708258DC6}'

Event Record #/Type982 / Warning
Event Submitted/Written: 06/13/2008 01:01:05 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{EE5BD928-7934-4E7B-9FE0-0454931A7159}', feature 'AV_DVP', component '{207AD740-F307-4F4C-B354-E035CF9FCB6C}' failed. The resource 'HKEY_LOCAL_MACHINE\Software\Antivirus\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5263 / Warning
Event Submitted/Written: 06/14/2008 09:06:48 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHOTOMACHINE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHOTOMACHINE27 can't undo changes that you allow.

For more information please see the following:
%PHOTOMACHINE275

Scan ID: {A882E97F-980F-45D9-95F7-46141CD8A118}

User: PHOTOMACHINE\Owner

Name: %PHOTOMACHINE271

ID: %PHOTOMACHINE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PHOTOMACHINE276

Alert Type: %PHOTOMACHINE278

Detection Type: 1.1.1593.02

Event Record #/Type5262 / Warning
Event Submitted/Written: 06/14/2008 09:06:48 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHOTOMACHINE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHOTOMACHINE27 can't undo changes that you allow.

For more information please see the following:
%PHOTOMACHINE275

Scan ID: {F88CAC30-05EB-46C7-AE5F-BCA8C1DC4A25}

User: PHOTOMACHINE\Owner

Name: %PHOTOMACHINE271

ID: %PHOTOMACHINE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PHOTOMACHINE276

Alert Type: %PHOTOMACHINE278

Detection Type: 1.1.1593.02

Event Record #/Type5261 / Warning
Event Submitted/Written: 06/14/2008 09:06:48 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHOTOMACHINE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHOTOMACHINE27 can't undo changes that you allow.

For more information please see the following:
%PHOTOMACHINE275

Scan ID: {6E12A749-8922-4D96-AC2A-0A3F3D9DFDFE}

User: PHOTOMACHINE\Owner

Name: %PHOTOMACHINE271

ID: %PHOTOMACHINE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PHOTOMACHINE276

Alert Type: %PHOTOMACHINE278

Detection Type: 1.1.1593.02

Event Record #/Type5260 / Warning
Event Submitted/Written: 06/14/2008 09:06:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHOTOMACHINE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHOTOMACHINE27 can't undo changes that you allow.

For more information please see the following:
%PHOTOMACHINE275

Scan ID: {4F8F951B-E71E-4EEC-AF40-4F67F3363B52}

User: PHOTOMACHINE\Owner

Name: %PHOTOMACHINE271

ID: %PHOTOMACHINE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PHOTOMACHINE276

Alert Type: %PHOTOMACHINE278

Detection Type: 1.1.1593.02

Event Record #/Type5259 / Warning
Event Submitted/Written: 06/14/2008 09:06:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHOTOMACHINE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHOTOMACHINE27 can't undo changes that you allow.

For more information please see the following:
%PHOTOMACHINE275

Scan ID: {35F481CE-470C-4AB5-B9CF-FB7476423D84}

User: PHOTOMACHINE\Owner

Name: %PHOTOMACHINE271

ID: %PHOTOMACHINE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PHOTOMACHINE276

Alert Type: %PHOTOMACHINE278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-06-14 21:08:48 ------------

 

[ndmmxiaomayi]

Hi,

1. Please download OTScanIt.exe from Bleeping Computer by OldTimer and save it to your desktop.
2. Double click on OTScanIt.exe to run it.
3. Click on Extract. Once done, you will be prompted. Click OK and click Close.
4. Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
5. Click on None. Under Files Modified Within, select 90 days.
6. Click on the Run Scan button at the top left hand corner.
7. OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

 

[ndmmxiaomayi]

Hi,

Please also post the following log:

1. Please download regsearch.zip and save it to your desktop.
2. Right click on regsearch.zip and select Extract All....
3. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
4. Click on the Browse button. Click on Desktop. Then click OK.
5. Once done, check (tick) the Show extracted files box and click Finish.
6. Double click on regsearch.exe to run it.
7. Copy and paste SECDRV under Enter search strings (case independent) and click OK... (boxed up in red in the screenshot below).
   
   
   
   
   
8. Click OK.
9. When done, RegSearch.txt will open. Please post the contents of this file in your next reply. This file can also be found on your desktop or wherever regsearch is extracted to.

 

[cove314]

These were my settings for the scan
Process none,services none,drivers none,registry none,Rootkit search no, files created in
90 days, Files modified in 90 days, non microsoft only.

OTScanIt logfile created on: 6/15/2008 7:16:53 PM
OTScanIt by OldTimer - Version 1.0.15.15     Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.36 Mb Total Physical Memory | 545.28 Mb Available Physical Memory | 53.28% Memory free
2.41 Gb Paging File | 1.89 Gb Available in Paging File | 78.42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.96 Gb Total Space | 42.29 Gb Free Space | 61.33% Space Free | Partition Type: NTFS
Drive D: | 5.55 Gb Total Space | 1.03 Gb Free Space | 18.61% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 656.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PHOTOMACHINE
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Files/Folders - Created Within 90 days]
AFCache.dat -> %SystemDrive%\AFCache.dat ->  [Ver =  | Size = 53248 bytes | Created Date = 6/10/2008 12:06:48 AM | Attr =  H ]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 196 bytes | Created Date = 6/9/2008 12:33:23 AM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 6/9/2008 12:33:17 AM | Attr = RHS]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 245920 bytes | Created Date = 6/9/2008 12:33:21 AM | Attr = RHS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 6/14/2008 9:05:21 PM | Attr =    ]
EarthLink PCC Data -> %SystemDrive%\EarthLink PCC Data ->  [Folder | Created Date = 6/10/2008 12:09:32 AM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1073139712 bytes | Created Date = 6/9/2008 1:05:21 AM | Attr =  HS]
I386 -> %SystemDrive%\I386 ->  [Folder | Created Date = 6/9/2008 12:18:36 AM | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Created Date = 6/9/2008 12:08:29 AM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 6/9/2008 12:35:17 AM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Created Date = 6/9/2008 12:25:35 AM | Attr =  HS]
bktrh.gif -> %SystemRoot%\System32\dllcache\bktrh.gif ->  [Ver =  | Size = 999 bytes | Created Date = 6/8/2008 11:27:00 PM | Attr =    ]
cloapp.gif -> %SystemRoot%\System32\dllcache\cloapp.gif ->  [Ver =  | Size = 717 bytes | Created Date = 6/8/2008 11:27:01 PM | Attr =    ]
cloapph.gif -> %SystemRoot%\System32\dllcache\cloapph.gif ->  [Ver =  | Size = 760 bytes | Created Date = 6/8/2008 11:27:01 PM | Attr =    ]
cnt.gif -> %SystemRoot%\System32\dllcache\cnt.gif ->  [Ver =  | Size = 773 bytes | Created Date = 6/8/2008 11:27:01 PM | Attr =    ]
cntd.gif -> %SystemRoot%\System32\dllcache\cntd.gif ->  [Ver =  | Size = 772 bytes | Created Date = 6/8/2008 11:27:01 PM | Attr =    ]
cnth.gif -> %SystemRoot%\System32\dllcache\cnth.gif ->  [Ver =  | Size = 773 bytes | Created Date = 6/8/2008 11:27:01 PM | Attr =    ]
compact.wmz -> %SystemRoot%\System32\dllcache\compact.wmz ->  [Ver =  | Size = 184959 bytes | Created Date = 6/8/2008 11:27:01 PM | Attr =    ]
contents.htm -> %SystemRoot%\System32\dllcache\contents.htm ->  [Ver =  | Size = 8298 bytes | Created Date = 6/8/2008 11:27:01 PM | Attr =    ]
controls.css -> %SystemRoot%\System32\dllcache\controls.css ->  [Ver =  | Size = 9585 bytes | Created Date = 6/8/2008 11:27:01 PM | Attr =    ]
controls.js -> %SystemRoot%\System32\dllcache\controls.js ->  [Ver =  | Size = 6878 bytes | Created Date = 6/8/2008 11:27:01 PM | Attr =    ]
copycd.wmv -> %SystemRoot%\System32\dllcache\copycd.wmv ->  [Ver =  | Size = 381425 bytes | Created Date = 6/8/2008 11:27:01 PM | Attr =    ]
dxmasf.dll -> %SystemRoot%\System32\dllcache\dxmasf.dll ->  [Ver =  | Size = 498742 bytes | Created Date = 6/8/2008 11:27:04 PM | Attr =    ]
events.js -> %SystemRoot%\System32\dllcache\events.js ->  [Ver =  | Size = 5971 bytes | Created Date = 6/8/2008 11:27:04 PM | Attr =    ]
l3codeca.acm -> %SystemRoot%\System32\dllcache\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Created Date = 6/8/2008 11:27:10 PM | Attr =    ]
mdlib.wmv -> %SystemRoot%\System32\dllcache\mdlib.wmv ->  [Ver =  | Size = 457607 bytes | Created Date = 6/8/2008 11:27:13 PM | Attr =    ]
mplayer2.cnt -> %SystemRoot%\System32\dllcache\mplayer2.cnt ->  [Ver =  | Size = 1885 bytes | Created Date = 6/8/2008 11:27:14 PM | Attr =    ]
mplayer2.hlp -> %SystemRoot%\System32\dllcache\mplayer2.hlp ->  [Ver =  | Size = 97117 bytes | Created Date = 6/8/2008 11:27:14 PM | Attr =    ]
mplayer2.inf -> %SystemRoot%\System32\dllcache\mplayer2.inf ->  [Ver =  | Size = 18286 bytes | Created Date = 6/8/2008 11:27:14 PM | Attr =    ]
mplogo.gif -> %SystemRoot%\System32\dllcache\mplogo.gif ->  [Ver =  | Size = 2545 bytes | Created Date = 6/8/2008 11:27:14 PM | Attr =    ]
mplogoh.gif -> %SystemRoot%\System32\dllcache\mplogoh.gif ->  [Ver =  | Size = 2778 bytes | Created Date = 6/8/2008 11:27:14 PM | Attr =    ]
msdxm.ocx -> %SystemRoot%\System32\dllcache\msdxm.ocx ->  [Ver =  | Size = 844314 bytes | Created Date = 6/8/2008 11:27:15 PM | Attr =    ]
msdxmlc.dll -> %SystemRoot%\System32\dllcache\msdxmlc.dll ->  [Ver =  | Size = 4126 bytes | Created Date = 6/8/2008 11:27:15 PM | Attr =    ]
npdrmv2.zip -> %SystemRoot%\System32\dllcache\npdrmv2.zip ->  [Ver =  | Size = 403 bytes | Created Date = 6/8/2008 11:27:21 PM | Attr =    ]
npds.zip -> %SystemRoot%\System32\dllcache\npds.zip ->  [Ver =  | Size = 22060 bytes | Created Date = 6/8/2008 11:27:21 PM | Attr =    ]
nuskin.wmv -> %SystemRoot%\System32\dllcache\nuskin.wmv ->  [Ver =  | Size = 375519 bytes | Created Date = 6/8/2008 11:27:22 PM | Attr =    ]
plylst1.wpl -> %SystemRoot%\System32\dllcache\plylst1.wpl ->  [Ver =  | Size = 1250 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst10.wpl -> %SystemRoot%\System32\dllcache\plylst10.wpl ->  [Ver =  | Size = 787 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst11.wpl -> %SystemRoot%\System32\dllcache\plylst11.wpl ->  [Ver =  | Size = 789 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst12.wpl -> %SystemRoot%\System32\dllcache\plylst12.wpl ->  [Ver =  | Size = 1451 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst13.wpl -> %SystemRoot%\System32\dllcache\plylst13.wpl ->  [Ver =  | Size = 783 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst14.wpl -> %SystemRoot%\System32\dllcache\plylst14.wpl ->  [Ver =  | Size = 775 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst15.wpl -> %SystemRoot%\System32\dllcache\plylst15.wpl ->  [Ver =  | Size = 733 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst2.wpl -> %SystemRoot%\System32\dllcache\plylst2.wpl ->  [Ver =  | Size = 1049 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst3.wpl -> %SystemRoot%\System32\dllcache\plylst3.wpl ->  [Ver =  | Size = 1474 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst4.wpl -> %SystemRoot%\System32\dllcache\plylst4.wpl ->  [Ver =  | Size = 1448 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst5.wpl -> %SystemRoot%\System32\dllcache\plylst5.wpl ->  [Ver =  | Size = 1477 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst6.wpl -> %SystemRoot%\System32\dllcache\plylst6.wpl ->  [Ver =  | Size = 1477 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst7.wpl -> %SystemRoot%\System32\dllcache\plylst7.wpl ->  [Ver =  | Size = 1046 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst8.wpl -> %SystemRoot%\System32\dllcache\plylst8.wpl ->  [Ver =  | Size = 1036 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plylst9.wpl -> %SystemRoot%\System32\dllcache\plylst9.wpl ->  [Ver =  | Size = 784 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
plyr_err.chm -> %SystemRoot%\System32\dllcache\plyr_err.chm ->  [Ver =  | Size = 77307 bytes | Created Date = 6/8/2008 11:27:26 PM | Attr =    ]
quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll ->  [Ver =  | Size = 1288192 bytes | Created Date = 5/7/2008 1:12:40 AM | Attr =    ]
revert.wmz -> %SystemRoot%\System32\dllcache\revert.wmz ->  [Ver =  | Size = 66725 bytes | Created Date = 6/8/2008 11:27:30 PM | Attr =    ]
rtuner.wmv -> %SystemRoot%\System32\dllcache\rtuner.wmv ->  [Ver =  | Size = 572557 bytes | Created Date = 6/8/2008 11:27:30 PM | Attr =    ]
skins.inf -> %SystemRoot%\System32\dllcache\skins.inf ->  [Ver =  | Size = 908 bytes | Created Date = 6/8/2008 11:27:34 PM | Attr =    ]
sl_anet.acm -> %SystemRoot%\System32\dllcache\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Created Date = 6/8/2008 11:27:34 PM | Attr =    ]
snd.htm -> %SystemRoot%\System32\dllcache\snd.htm ->  [Ver =  | Size = 1148 bytes | Created Date = 6/8/2008 11:27:34 PM | Attr =    ]
taoff.gif -> %SystemRoot%\System32\dllcache\taoff.gif ->  [Ver =  | Size = 1380 bytes | Created Date = 6/8/2008 11:27:39 PM | Attr =    ]
taoffh.gif -> %SystemRoot%\System32\dllcache\taoffh.gif ->  [Ver =  | Size = 1367 bytes | Created Date = 6/8/2008 11:27:39 PM | Attr =    ]
taon.gif -> %SystemRoot%\System32\dllcache\taon.gif ->  [Ver =  | Size = 1398 bytes | Created Date = 6/8/2008 11:27:39 PM | Attr =    ]
taonh.gif -> %SystemRoot%\System32\dllcache\taonh.gif ->  [Ver =  | Size = 1380 bytes | Created Date = 6/8/2008 11:27:39 PM | Attr =    ]
tour.js -> %SystemRoot%\System32\dllcache\tour.js ->  [Ver =  | Size = 3187 bytes | Created Date = 6/8/2008 11:27:40 PM | Attr =    ]
tourbg.gif -> %SystemRoot%\System32\dllcache\tourbg.gif ->  [Ver =  | Size = 23829 bytes | Created Date = 6/8/2008 11:27:40 PM | Attr =    ]
tpause.gif -> %SystemRoot%\System32\dllcache\tpause.gif ->  [Ver =  | Size = 2450 bytes | Created Date = 6/8/2008 11:27:40 PM | Attr =    ]
tpauseh.gif -> %SystemRoot%\System32\dllcache\tpauseh.gif ->  [Ver =  | Size = 2371 bytes | Created Date = 6/8/2008 11:27:40 PM | Attr =    ]
tplay.gif -> %SystemRoot%\System32\dllcache\tplay.gif ->  [Ver =  | Size = 2469 bytes | Created Date = 6/8/2008 11:27:40 PM | Attr =    ]
tplayh.gif -> %SystemRoot%\System32\dllcache\tplayh.gif ->  [Ver =  | Size = 2375 bytes | Created Date = 6/8/2008 11:27:40 PM | Attr =    ]
videobg.gif -> %SystemRoot%\System32\dllcache\videobg.gif ->  [Ver =  | Size = 17489 bytes | Created Date = 6/8/2008 11:27:44 PM | Attr =    ]
vidsamp.gif -> %SystemRoot%\System32\dllcache\vidsamp.gif ->  [Ver =  | Size = 5290 bytes | Created Date = 6/8/2008 11:27:44 PM | Attr =    ]
viz.wmv -> %SystemRoot%\System32\dllcache\viz.wmv ->  [Ver =  | Size = 300969 bytes | Created Date = 6/8/2008 11:27:44 PM | Attr =    ]
wm1.gif -> %SystemRoot%\System32\dllcache\wm1.gif ->  [Ver =  | Size = 5789 bytes | Created Date = 6/8/2008 11:27:48 PM | Attr =    ]
wm2.gif -> %SystemRoot%\System32\dllcache\wm2.gif ->  [Ver =  | Size = 7636 bytes | Created Date = 6/8/2008 11:27:48 PM | Attr =    ]
wm3.gif -> %SystemRoot%\System32\dllcache\wm3.gif ->  [Ver =  | Size = 6241 bytes | Created Date = 6/8/2008 11:27:48 PM | Attr =    ]
wm4.gif -> %SystemRoot%\System32\dllcache\wm4.gif ->  [Ver =  | Size = 7369 bytes | Created Date = 6/8/2008 11:27:48 PM | Attr =    ]
wm5.gif -> %SystemRoot%\System32\dllcache\wm5.gif ->  [Ver =  | Size = 2477 bytes | Created Date = 6/8/2008 11:27:48 PM | Attr =    ]
wm6.gif -> %SystemRoot%\System32\dllcache\wm6.gif ->  [Ver =  | Size = 6060 bytes | Created Date = 6/8/2008 11:27:48 PM | Attr =    ]
wm7.gif -> %SystemRoot%\System32\dllcache\wm7.gif ->  [Ver =  | Size = 8677 bytes | Created Date = 6/8/2008 11:27:48 PM | Attr =    ]
wm8.gif -> %SystemRoot%\System32\dllcache\wm8.gif ->  [Ver =  | Size = 4193 bytes | Created Date = 6/8/2008 11:27:48 PM | Attr =    ]
wm9.gif -> %SystemRoot%\System32\dllcache\wm9.gif ->  [Ver =  | Size = 7892 bytes | Created Date = 6/8/2008 11:27:48 PM | Attr =    ]
wmdm.inf -> %SystemRoot%\System32\dllcache\wmdm.inf ->  [Ver =  | Size = 17272 bytes | Created Date = 6/8/2008 11:27:48 PM | Attr =    ]
wmfsdk.inf -> %SystemRoot%\System32\dllcache\wmfsdk.inf ->  [Ver =  | Size = 6769 bytes | Created Date = 6/8/2008 11:27:48 PM | Attr =    ]
wmp.inf -> %SystemRoot%\System32\dllcache\wmp.inf ->  [Ver =  | Size = 29070 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmpaud1.wav -> %SystemRoot%\System32\dllcache\wmpaud1.wav ->  [Ver =  | Size = 354468 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmpaud2.wav -> %SystemRoot%\System32\dllcache\wmpaud2.wav ->  [Ver =  | Size = 86180 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmpaud3.wav -> %SystemRoot%\System32\dllcache\wmpaud3.wav ->  [Ver =  | Size = 172196 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmpaud4.wav -> %SystemRoot%\System32\dllcache\wmpaud4.wav ->  [Ver =  | Size = 86180 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmpaud5.wav -> %SystemRoot%\System32\dllcache\wmpaud5.wav ->  [Ver =  | Size = 86196 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmpaud6.wav -> %SystemRoot%\System32\dllcache\wmpaud6.wav ->  [Ver =  | Size = 343204 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmpaud7.wav -> %SystemRoot%\System32\dllcache\wmpaud7.wav ->  [Ver =  | Size = 343204 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmpaud8.wav -> %SystemRoot%\System32\dllcache\wmpaud8.wav ->  [Ver =  | Size = 172196 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmpaud9.wav -> %SystemRoot%\System32\dllcache\wmpaud9.wav ->  [Ver =  | Size = 172196 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmplay.chm -> %SystemRoot%\System32\dllcache\wmplay.chm ->  [Ver =  | Size = 23195 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmplayer.adm -> %SystemRoot%\System32\dllcache\wmplayer.adm ->  [Ver =  | Size = 69612 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmplayer.chm -> %SystemRoot%\System32\dllcache\wmplayer.chm ->  [Ver =  | Size = 613334 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmploc.js -> %SystemRoot%\System32\dllcache\wmploc.js ->  [Ver =  | Size = 420 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmpocm.inf -> %SystemRoot%\System32\dllcache\wmpocm.inf ->  [Ver =  | Size = 855 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmptour.css -> %SystemRoot%\System32\dllcache\wmptour.css ->  [Ver =  | Size = 1771 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
wmptour.hta -> %SystemRoot%\System32\dllcache\wmptour.hta ->  [Ver =  | Size = 10457 bytes | Created Date = 6/8/2008 11:27:51 PM | Attr =    ]
hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 6/8/2008 11:27:07 PM | Attr =    ]
HP_DT170A-ABA A384X_YC_Pavi_QMXK343_E34NAheBLU2_4_IA7N8X-LA_SASUSTeK Computer INC._VRev 1.xx_B3.05_T030917_WXH1_L409_M1024_J80_7AMD_8Athlon XP 2800+_92.08_110DE006E_N10DE0066_P_Z11C1044C_K_A10DE006A_U10DE0067_G.MRK -> %SystemRoot%\System32\drivers\HP_DT170A-ABA A384X_YC_Pavi_QMXK343_E34NAheBLU2_4_IA7N8X-LA_SASUSTeK Computer INC._VRev 1.xx_B3.05_T030917_WXH1_L409_M1024_J80_7AMD_8Athlon XP 2800+_92.08_110DE006E_N10DE0066_P_Z11C1044C_K_A10DE006A_U10DE0067_G.MRK ->  [Ver =  | Size = 3448 bytes | Created Date = 6/9/2008 12:32:44 AM | Attr = RHS]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img ->  [Ver =  | Size = 67866 bytes | Created Date = 6/8/2008 10:31:30 PM | Attr =    ]
pfc.sys -> %SystemRoot%\System32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 201 | Size = 9856 bytes | Created Date = 6/9/2008 12:30:55 AM | Attr =    ]
UMDF -> %SystemRoot%\System32\drivers\UMDF ->  [Folder | Created Date = 6/9/2008 8:54:59 AM | Attr =    ]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 6/9/2008 8:55:01 AM | Attr =  H ]
bits -> %SystemRoot%\System32\bits ->  [Folder | Created Date = 6/8/2008 10:21:48 PM | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
cpuinf32.dll -> %SystemRoot%\System32\cpuinf32.dll -> Intel Corporation [Ver = 1.0.0.4 | Size = 49152 bytes | Created Date = 6/9/2008 12:30:55 AM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Created Date = 6/9/2008 12:06:39 AM | Attr = RHS]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Created Date = 6/10/2008 5:44:37 AM | Attr =    ]
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 6/8/2008 11:41:53 PM | Attr =    ]
en-us -> %SystemRoot%\System32\en-us ->  [Folder | Created Date = 6/8/2008 11:41:54 PM | Attr =    ]
javasup.vxd -> %SystemRoot%\System32\javasup.vxd ->  [Ver =  | Size = 7315 bytes | Created Date = 6/8/2008 11:06:47 PM | Attr =    ]
lmpgad.ax -> %SystemRoot%\System32\lmpgad.ax -> Ligos Corporation [Ver = 4.0.0.104 | Size = 47104 bytes | Created Date = 6/9/2008 12:30:55 AM | Attr =    ]
lmpgspl.ax -> %SystemRoot%\System32\lmpgspl.ax -> Ligos Corporation [Ver = 4.0.0.104 | Size = 106496 bytes | Created Date = 6/9/2008 12:30:55 AM | Attr =    ]
lmpgvd.ax -> %SystemRoot%\System32\lmpgvd.ax -> Ligos Corporation [Ver = 4.0.0.104 | Size = 94208 bytes | Created Date = 6/9/2008 12:30:54 AM | Attr =    ]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Created Date = 6/9/2008 8:54:59 AM | Attr =    ]
mplaa6.dll -> %SystemRoot%\System32\mplaa6.dll -> Ligos Corporation [Ver = 1.5.0.5 | Size = 81920 bytes | Created Date = 6/9/2008 12:30:54 AM | Attr =    ]
mplam6.dll -> %SystemRoot%\System32\mplam6.dll -> Ligos Corporation [Ver = 1.5.0.5 | Size = 69632 bytes | Created Date = 6/9/2008 12:30:54 AM | Attr =    ]
mplapx.dll -> %SystemRoot%\System32\mplapx.dll -> Ligos Corporation [Ver = 1.5.0.5 | Size = 69632 bytes | Created Date = 6/9/2008 12:30:54 AM | Attr =    ]
mplaw7.dll -> %SystemRoot%\System32\mplaw7.dll -> Ligos Corporation [Ver = 1.5.0.5 | Size = 81920 bytes | Created Date = 6/9/2008 12:30:54 AM | Attr =    ]
mplva6.dll -> %SystemRoot%\System32\mplva6.dll -> Ligos Corporation [Ver = 2.0.0.1 | Size = 1675264 bytes | Created Date = 6/9/2008 12:30:54 AM | Attr =    ]
mplvm6.dll -> %SystemRoot%\System32\mplvm6.dll -> Ligos Corporation [Ver = 2.0.0.1 | Size = 1581056 bytes | Created Date = 6/9/2008 12:30:54 AM | Attr =    ]
mplvpx.dll -> %SystemRoot%\System32\mplvpx.dll -> Ligos Corporation [Ver = 2.0.0.1 | Size = 1150976 bytes | Created Date = 6/9/2008 12:30:54 AM | Attr =    ]
mplvw7.dll -> %SystemRoot%\System32\mplvw7.dll -> Ligos Corporation [Ver = 2.0.0.1 | Size = 1630208 bytes | Created Date = 6/9/2008 12:30:54 AM | Attr =    ]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 81191 bytes | Created Date = 6/9/2008 12:44:22 AM | Attr =    ]
nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu ->  [Ver =  | Size = 16960 bytes | Created Date = 6/9/2008 12:43:19 AM | Attr =    ]
nvudisp.exe -> %SystemRoot%\System32\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 55  | Size = 208896 bytes | Created Date = 6/9/2008 12:43:18 AM | Attr =    ]
pid.inf -> %SystemRoot%\System32\pid.inf ->  [Ver =  | Size = 1261 bytes | Created Date = 6/8/2008 11:27:08 PM | Attr =    ]
PreInstall -> %SystemRoot%\System32\PreInstall ->  [Folder | Created Date = 6/8/2008 10:22:30 PM | Attr =    ]
QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Created Date = 3/28/2008 11:37:26 PM | Attr =    ]
QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Created Date = 3/28/2008 11:37:26 PM | Attr =    ]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 6/8/2008 11:41:54 PM | Attr =    ]
secupd.dat -> %SystemRoot%\System32\secupd.dat ->  [Ver =  | Size = 4569 bytes | Created Date = 6/8/2008 10:31:30 PM | Attr =    ]
secupd.sig -> %SystemRoot%\System32\secupd.sig ->  [Ver =  | Size = 7208 bytes | Created Date = 6/8/2008 10:31:30 PM | Attr =    ]
zonedoff.reg -> %SystemRoot%\System32\zonedoff.reg ->  [Ver =  | Size = 113 bytes | Created Date = 6/8/2008 11:06:44 PM | Attr =    ]
zonedon.reg -> %SystemRoot%\System32\zonedon.reg ->  [Ver =  | Size = 113 bytes | Created Date = 6/8/2008 11:06:44 PM | Attr =    ]
???????????????????????????????????????????g -> %SystemRoot%\System32\㩃停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g ->  [Ver =  | Size = 152 bytes | Modified Date = 6/10/2008 12:03:54 AM | Attr =    ]
hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat ->  [Ver =  | Size = 1457 bytes | Created Date = 6/9/2008 12:20:06 AM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 6/8/2008 10:22:27 PM | Attr =  H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Created Date = 6/8/2008 10:22:07 PM | Attr =  H ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 6/8/2008 10:45:20 PM | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 6/9/2008 8:43:34 AM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 6/9/2008 8:43:22 AM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Created Date = 6/9/2008 12:08:15 AM | Attr = R S]
AuthMgr.INI -> %SystemRoot%\AuthMgr.INI ->  [Ver =  | Size = 34 bytes | Created Date = 6/9/2008 10:35:45 AM | Attr =    ]
EHome -> %SystemRoot%\EHome ->  [Folder | Created Date = 6/8/2008 10:45:18 PM | Attr =    ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 6/14/2008 9:05:44 PM | Attr =    ]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 6/9/2008 8:43:43 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Created Date = 6/9/2008 8:45:06 AM | Attr =    ]
jautoexp.dat -> %SystemRoot%\jautoexp.dat ->  [Ver =  | Size = 6550 bytes | Created Date = 6/8/2008 11:06:47 PM | Attr =    ]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 6/8/2008 11:41:53 PM | Attr =    ]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 6/12/2008 6:38:51 AM | Attr =    ]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 6/8/2008 11:38:34 PM | Attr =    ]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 6/8/2008 10:17:04 PM | Attr =    ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Created Date = 6/9/2008 12:08:03 AM | Attr = R  ]
PCDLIB32.DLL -> %SystemRoot%\PCDLIB32.DLL -> Eastman Kodak [Ver = 3, 0, 0, 0 | Size = 212480 bytes | Created Date = 6/9/2008 12:30:18 AM | Attr =    ]
peernet -> %SystemRoot%\peernet ->  [Folder | Created Date = 6/8/2008 10:50:46 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 6/8/2008 11:47:24 PM | Attr =    ]
provisioning -> %SystemRoot%\provisioning ->  [Folder | Created Date = 6/8/2008 10:50:45 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 6/10/2008 5:46:24 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 6/10/2008 5:46:24 AM | Attr =  H ]
REGULOCS.OLD -> %SystemRoot%\REGULOCS.OLD ->  [Ver =  | Size = 8192 bytes | Created Date = 6/9/2008 10:35:16 AM | Attr =    ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Created Date = 6/8/2008 10:49:47 PM | Attr =    ]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Created Date = 6/9/2008 12:33:16 AM | Attr =    ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Created Date = 6/8/2008 10:19:08 PM | Attr =    ]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 6/9/2008 8:44:41 AM | Attr =    ]
HP Usg Daily.job -> %SystemRoot%\tasks\HP Usg Daily.job ->  [Ver =  | Size = 342 bytes | Created Date = 6/12/2008 7:01:14 AM | Attr =    ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Created Date = 6/13/2008 4:47:30 AM | Attr =  H ]

[Files/Folders - Modified Within 90 days]
AFCache.dat -> %SystemDrive%\AFCache.dat ->  [Ver =  | Size = 53248 bytes | Modified Date = 6/10/2008 12:06:48 AM | Attr =  H ]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 196 bytes | Modified Date = 6/9/2008 12:27:46 AM | Attr = RHS]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 283 bytes | Modified Date = 6/8/2008 10:51:23 PM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 6/9/2008 12:33:24 AM | Attr = RHS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 6/14/2008 9:05:21 PM | Attr =    ]
EarthLink PCC Data -> %SystemDrive%\EarthLink PCC Data ->  [Folder | Modified Date = 6/10/2008 12:09:32 AM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1073139712 bytes | Modified Date = 6/12/2008 7:47:57 AM | Attr =  HS]
hp -> %SystemDrive%\hp ->  [Folder | Modified Date = 6/10/2008 6:03:29 AM | Attr =  H ]
I386 -> %SystemDrive%\I386 ->  [Folder | Modified Date = 6/9/2008 12:19:53 AM | Attr =    ]
NTDETECT.COM -> %SystemDrive%\NTDETECT.COM ->  [Ver =  | Size = 47564 bytes | Modified Date = 6/8/2008 10:48:10 PM | Attr = RHS]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 6/8/2008 11:38:17 PM | Attr = RHS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 6/14/2008 8:29:04 PM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 6/9/2008 12:35:17 AM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 6/8/2008 11:02:36 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 6/14/2008 9:05:44 PM | Attr =    ]
compact.wmz -> %SystemRoot%\System32\dllcache\compact.wmz ->  [Ver =  | Size = 184959 bytes | Modified Date = 4/13/2008 1:28:15 PM | Attr =    ]
dxmasf.dll -> %SystemRoot%\System32\dllcache\dxmasf.dll ->  [Ver =  | Size = 498742 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
l3codeca.acm -> %SystemRoot%\System32\dllcache\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Modified Date = 4/13/2008 8:09:57 PM | Attr =    ]
msdxm.ocx -> %SystemRoot%\System32\dllcache\msdxm.ocx ->  [Ver =  | Size = 844314 bytes | Modified Date = 4/13/2008 8:10:08 PM | Attr =    ]
msdxmlc.dll -> %SystemRoot%\System32\dllcache\msdxmlc.dll ->  [Ver =  | Size = 4126 bytes | Modified Date = 4/13/2008 8:10:08 PM | Attr =    ]
quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll ->  [Ver =  | Size = 1288192 bytes | Modified Date = 5/7/2008 1:12:40 AM | Attr =    ]
revert.wmz -> %SystemRoot%\System32\dllcache\revert.wmz ->  [Ver =  | Size = 66725 bytes | Modified Date = 4/13/2008 1:28:53 PM | Attr =    ]
sl_anet.acm -> %SystemRoot%\System32\dllcache\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Modified Date = 4/13/2008 8:10:50 PM | Attr =    ]
wmp.inf -> %SystemRoot%\System32\dllcache\wmp.inf ->  [Ver =  | Size = 29070 bytes | Modified Date = 4/13/2008 1:23:23 PM | Attr =    ]
adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 4255 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3967 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3615 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3647 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3135 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3711 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3775 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr =    ]
amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 4/13/2008 2:36:39 PM | Attr =    ]
atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 21183 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11359 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 14143 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 17279 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 15423 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
dmboot.sys -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 2:44:48 PM | Attr =    ]
dmio.sys -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 2:44:46 PM | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 6/14/2008 8:50:37 PM | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 249881 bytes | Modified Date = 6/14/2008 8:50:37 PM | Attr = R  ]
hosts.20080614-205037.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080614-205037.backup ->  [Ver =  | Size = 249518 bytes | Modified Date = 6/9/2008 9:20:25 AM | Attr = R  ]
hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 4/13/2008 12:36:05 PM | Attr =    ]
HP_DT170A-ABA A384X_YC_Pavi_QMXK343_E34NAheBLU2_4_IA7N8X-LA_SASUSTeK Computer INC._VRev 1.xx_B3.05_T030917_WXH1_L409_M1024_J80_7AMD_8Athlon XP 2800+_92.08_110DE006E_N10DE0066_P_Z11C1044C_K_A10DE006A_U10DE0067_G.MRK -> %SystemRoot%\System32\drivers\HP_DT170A-ABA A384X_YC_Pavi_QMXK343_E34NAheBLU2_4_IA7N8X-LA_SASUSTeK Computer INC._VRev 1.xx_B3.05_T030917_WXH1_L409_M1024_J80_7AMD_8Athlon XP 2800+_92.08_110DE006E_N10DE0066_P_Z11C1044C_K_A10DE006A_U10DE0067_G.MRK ->  [Ver =  | Size = 3448 bytes | Modified Date = 6/9/2008 12:32:44 AM | Attr = RHS]
secdrv.sys -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 4/13/2008 12:39:15 PM | Attr =    ]
siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3901 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =    ]
sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 4/13/2008 2:36:39 PM | Attr =    ]
UMDF -> %SystemRoot%\System32\drivers\UMDF ->  [Folder | Modified Date = 6/9/2008 8:55:24 AM | Attr =    ]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 6/9/2008 8:55:01 AM | Attr =  H ]
vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11325 bytes | Modified Date = 4/13/2008 8:12:08 PM | Attr =    ]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 993 bytes | Modified Date = 6/9/2008 12:31:38 AM | Attr =    ]
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 6/9/2008 8:56:02 AM | Attr =    ]
amstream.dll -> %SystemRoot%\System32\amstream.dll ->  [Ver =  | Size = 70656 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr =    ]
ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr =    ]
ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr =    ]
ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr =    ]
ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.4071 | Size = 870784 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr =    ]
ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.0231 | Size = 1888992 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc.  [Ver = 6.14.01.0009 | Size = 516768 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
atmfd.dll -> %SystemRoot%\System32\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 226 | Size = 285696 bytes | Modified Date = 4/13/2008 8:09:01 PM | Attr =    ]
atmlib.dll -> %SystemRoot%\System32\atmlib.dll -> Adobe Systems [Ver = 5.1 Build 226 | Size = 30208 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr =    ]
bits -> %SystemRoot%\System32\bits ->  [Folder | Modified Date = 6/8/2008 11:41:53 PM | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 6/8/2008 11:45:31 PM | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 6/12/2008 7:32:10 AM | Attr =    ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 6/8/2008 11:40:13 PM | Attr =    ]
compatui.dll -> %SystemRoot%\System32\compatui.dll ->  [Ver = 1, 0, 0, 1 | Size = 252928 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr =    ]
dcache.bin -> %SystemRoot%\System32\dcache.bin ->  [Ver =  | Size = 1804 bytes | Modified Date = 4/13/2008 8:25:26 PM | Attr =    ]
defrag.exe -> %SystemRoot%\System32\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 25088 bytes | Modified Date = 4/13/2008 8:12:16 PM | Attr =    ]
devenum.dll -> %SystemRoot%\System32\devenum.dll ->  [Ver =  | Size = 59904 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr =    ]
dfrgfat.exe -> %SystemRoot%\System32\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 82944 bytes | Modified Date = 4/13/2008 8:12:16 PM | Attr =    ]
dfrgntfs.exe -> %SystemRoot%\System32\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 105472 bytes | Modified Date = 4/13/2008 8:12:16 PM | Attr =    ]
dfrgsnap.dll -> %SystemRoot%\System32\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 39424 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr =    ]
dfrgui.dll -> %SystemRoot%\System32\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 124416 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr =    ]
dgnet.dll -> %SystemRoot%\System32\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 111104 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr =    ]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 6/12/2008 7:17:47 AM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 6/12/2008 7:00:28 AM | Attr = RHS]
dmadmin.exe -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr =    ]
dmdlgs.dll -> %SystemRoot%\System32\dmdlgs.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 285184 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
dmdskmgr.dll -> %SystemRoot%\System32\dmdskmgr.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 200704 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
dmremote.exe -> %SystemRoot%\System32\dmremote.exe -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 15872 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr =    ]
dmserver.dll -> %SystemRoot%\System32\dmserver.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 23552 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
dmutil.dll -> %SystemRoot%\System32\dmutil.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 52224 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 6/12/2008 7:31:48 AM | Attr =    ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 6/10/2008 5:44:37 AM | Attr =    ]
dxmasf.dll -> %SystemRoot%\System32\dxmasf.dll ->  [Ver =  | Size = 498742 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr =    ]
en -> %SystemRoot%\System32\en ->  [Folder | Modified Date = 6/8/2008 11:41:53 PM | Attr =    ]
en-us -> %SystemRoot%\System32\en-us ->  [Folder | Modified Date = 6/9/2008 8:45:14 AM | Attr =    ]
encdec.dll -> %SystemRoot%\System32\encdec.dll ->  [Ver =  | Size = 186880 bytes | Modified Date = 4/13/2008 8:11:53 PM | Attr =    ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 126912 bytes | Modified Date = 6/8/2008 11:47:03 PM | Attr =    ]
hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Modified Date = 4/13/2008 8:11:54 PM | Attr =    ]
hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.5512 | Size = 347136 bytes | Modified Date = 4/13/2008 8:11:54 PM | Attr =    ]
iac25_32.ax -> %SystemRoot%\System32\iac25_32.ax -> Intel Corporation [Ver = 2.05.53 | Size = 199680 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
ias -> %SystemRoot%\System32\ias ->  [Folder | Modified Date = 6/9/2008 12:18:05 AM | Attr =    ]
iccvid.dll -> %SystemRoot%\System32\iccvid.dll -> Radius Inc. [Ver = 1.10.0.11 | Size = 80384 bytes | Modified Date = 4/13/2008 8:11:54 PM | Attr =    ]
icsxml -> %SystemRoot%\System32\icsxml ->  [Folder | Modified Date = 6/9/2008 12:18:05 AM | Attr =    ]
ir41_32.ax -> %SystemRoot%\System32\ir41_32.ax -> Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
ir41_qc.dll -> %SystemRoot%\System32\ir41_qc.dll -> Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
ir41_qcx.dll -> %SystemRoot%\System32\ir41_qcx.dll -> Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
ir50_32.dll -> %SystemRoot%\System32\ir50_32.dll -> Intel Corporation [Ver = R.5.10.15.2.55 | Size = 755200 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
ir50_qc.dll -> %SystemRoot%\System32\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
ir50_qcx.dll -> %SystemRoot%\System32\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
ivfsrc.ax -> %SystemRoot%\System32\ivfsrc.ax -> Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
jgdw400.dll -> %SystemRoot%\System32\jgdw400.dll -> America Online [Ver = 106 | Size = 163840 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
jgpl400.dll -> %SystemRoot%\System32\jgpl400.dll -> Johnson-Grace Company [Ver = 054 | Size = 27648 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =    ]
l3codeca.acm -> %SystemRoot%\System32\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Modified Date = 4/13/2008 8:09:57 PM | Attr =    ]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 6/9/2008 8:54:59 AM | Attr =    ]
mciqtz32.dll -> %SystemRoot%\System32\mciqtz32.dll ->  [Ver =  | Size = 35328 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr =    ]
mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr =    ]
mpeg2data.ax -> %SystemRoot%\System32\mpeg2data.ax ->  [Ver =  | Size = 118272 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
mpg2splt.ax -> %SystemRoot%\System32\mpg2splt.ax ->  [Ver =  | Size = 148992 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
msdmo.dll -> %SystemRoot%\System32\msdmo.dll ->  [Ver =  | Size = 14336 bytes | Modified Date = 4/13/2008 8:11:59 PM | Attr =    ]
msdvbnp.ax -> %SystemRoot%\System32\msdvbnp.ax ->  [Ver =  | Size = 56832 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
msdxm.ocx -> %SystemRoot%\System32\msdxm.ocx ->  [Ver =  | Size = 844314 bytes | Modified Date = 4/13/2008 8:10:08 PM | Attr =    ]
msdxmlc.dll -> %SystemRoot%\System32\msdxmlc.dll ->  [Ver =  | Size = 4126 bytes | Modified Date = 4/13/2008 8:10:08 PM | Attr =    ]
mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Modified Date = 4/13/2008 8:12:01 PM | Attr =    ]
mui -> %SystemRoot%\System32\mui ->  [Folder | Modified Date = 6/8/2008 10:50:56 PM | Attr =    ]
npp -> %SystemRoot%\System32\npp ->  [Folder | Modified Date = 6/8/2008 11:40:16 PM | Attr =    ]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 6/9/2008 8:56:02 AM | Attr =    ]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 81191 bytes | Modified Date = 6/12/2008 7:48:16 AM | Attr =    ]
odbcconf.rsp -> %SystemRoot%\System32\odbcconf.rsp ->  [Ver =  | Size = 4310 bytes | Modified Date = 4/13/2008 1:26:09 PM | Attr =    ]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 6/8/2008 11:39:56 PM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 63016 bytes | Modified Date = 6/12/2008 7:06:15 AM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 402406 bytes | Modified Date = 6/12/2008 7:06:15 AM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 473400 bytes | Modified Date = 6/12/2008 7:06:15 AM | Attr =    ]
PreInstall -> %SystemRoot%\System32\PreInstall ->  [Folder | Modified Date = 6/8/2008 10:22:30 PM | Attr =    ]
proctexe.ocx -> %SystemRoot%\System32\proctexe.ocx -> Intel Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 81920 bytes | Modified Date = 4/13/2008 8:10:35 PM | Attr =    ]
psisdecd.dll -> %SystemRoot%\System32\psisdecd.dll ->  [Ver =  | Size = 363520 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr =    ]
psisrndr.ax -> %SystemRoot%\System32\psisrndr.ax ->  [Ver =  | Size = 33280 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr =    ]
qcap.dll -> %SystemRoot%\System32\qcap.dll ->  [Ver =  | Size = 192512 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr =    ]
qdv.dll -> %SystemRoot%\System32\qdv.dll ->  [Ver =  | Size = 279040 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr =    ]
qdvd.dll -> %SystemRoot%\System32\qdvd.dll ->  [Ver =  | Size = 386048 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr =    ]
qedit.dll -> %SystemRoot%\System32\qedit.dll ->  [Ver =  | Size = 562176 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr =    ]
qedwipes.dll -> %SystemRoot%\System32\qedwipes.dll ->  [Ver =  | Size = 733696 bytes | Modified Date = 4/13/2008 1:21:32 PM | Attr =    ]
quartz.dll -> %SystemRoot%\System32\quartz.dll ->  [Ver =  | Size = 1288192 bytes | Modified Date = 5/7/2008 1:12:40 AM | Attr =    ]
QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Modified Date = 3/28/2008 11:37:26 PM | Attr =    ]
QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Modified Date = 3/28/2008 11:37:26 PM | Attr =    ]
ras -> %SystemRoot%\System32\ras ->  [Folder | Modified Date = 6/9/2008 12:18:15 AM | Attr =    ]
regwizc.dll -> %SystemRoot%\System32\regwizc.dll -> Microsoft [Ver = 3, 0, 0, 0 | Size = 397824 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =    ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 6/9/2008 12:29:10 AM | Attr =    ]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 6/8/2008 11:40:17 PM | Attr =    ]
s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =    ]
sbe.dll -> %SystemRoot%\System32\sbe.dll ->  [Ver =  | Size = 270848 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =    ]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Modified Date = 6/8/2008 11:41:54 PM | Attr =    ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 6/8/2008 11:47:01 PM | Attr =    ]
slbiop.dll -> %SystemRoot%\System32\slbiop.dll -> Schlumberger Technology Corporation [Ver = 5.1.2600.2095 (xpsp_sp2_rc1.040310-2010) | Size = 98304 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr =    ]
slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr =    ]
slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr =    ]
slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr =    ]
slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 4/13/2008 8:12:35 PM | Attr =    ]
slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 4/13/2008 8:12:35 PM | Attr =    ]
sl_anet.acm -> %SystemRoot%\System32\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Modified Date = 4/13/2008 8:10:50 PM | Attr =    ]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Modified Date = 6/8/2008 11:41:54 PM | Attr =    ]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 6/8/2008 11:47:00 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 6/13/2008 4:44:02 AM | Attr =    ]
???????????????????????????????????????????g -> %SystemRoot%\System32\㩃停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g ->  [Ver =  | Size = 152 bytes | Modified Date = 6/10/2008 12:03:54 AM | Attr =    ]
hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat ->  [Ver =  | Size = 1457 bytes | Modified Date = 6/12/2008 7:48:14 AM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 6/11/2008 4:55:11 PM | Attr =  H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Modified Date = 6/8/2008 10:22:08 PM | Attr =  H ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Modified Date = 6/8/2008 11:37:28 PM | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 6/9/2008 8:43:34 AM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 6/9/2008 8:43:22 AM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Modified Date = 6/9/2008 12:17:15 AM | Attr =    ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 6/8/2008 11:47:00 PM | Attr =    ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 6/12/2008 7:17:36 AM | Attr = R S]
AuthMgr.INI -> %SystemRoot%\AuthMgr.INI ->  [Ver =  | Size = 34 bytes | Modified Date = 6/9/2008 10:35:45 AM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 6/12/2008 7:47:59 AM | Attr =   S]
CREATOR -> %SystemRoot%\CREATOR ->  [Folder | Modified Date = 6/9/2008 12:19:53 AM | Attr =    ]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 6/9/2008 12:17:06 AM | Attr =    ]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 6/12/2008 5:59:55 AM | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 6/9/2008 10:33:20 AM | Attr =   S]
EHome -> %SystemRoot%\EHome ->  [Folder | Modified Date = 6/8/2008 11:33:59 PM | Attr =    ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 6/14/2008 9:05:44 PM | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 6/8/2008 11:46:59 PM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 6/9/2008 8:55:53 AM | Attr =    ]
I386 -> %SystemRoot%\I386 ->  [Folder | Modified Date = 6/9/2008 12:18:31 AM | Attr =    ]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 6/9/2008 8:44:29 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 6/9/2008 8:45:06 AM | Attr =    ]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 6/8/2008 11:42:00 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 6/12/2008 7:17:46 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 6/15/2008 1:01:21 PM | Attr =  HS]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Modified Date = 6/8/2008 11:41:53 PM | Attr =    ]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 6/12/2008 7:17:46 AM | Attr =    ]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 6/9/2008 8:44:35 AM | Attr =    ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 6/12/2008 6:38:54 AM | Attr =    ]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 6/8/2008 11:40:15 PM | Attr =    ]
MSBN -> %SystemRoot%\MSBN ->  [Folder | Modified Date = 6/9/2008 12:22:30 AM | Attr =    ]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 6/8/2008 11:42:00 PM | Attr =    ]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 6/8/2008 10:17:04 PM | Attr =    ]
nview -> %SystemRoot%\nview ->  [Folder | Modified Date = 6/9/2008 1:05:16 AM | Attr =    ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 6/9/2008 12:16:35 AM | Attr = R  ]
peernet -> %SystemRoot%\peernet ->  [Folder | Modified Date = 6/8/2008 11:41:53 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 6/15/2008 7:15:28 PM | Attr =    ]
provisioning -> %SystemRoot%\provisioning ->  [Folder | Modified Date = 6/8/2008 10:50:45 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 6/10/2008 5:46:24 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 6/12/2008 7:48:19 AM | Attr =  H ]
QUICKEN.INI -> %SystemRoot%\QUICKEN.INI ->  [Ver =  | Size = 608 bytes | Modified Date = 6/9/2008 1:01:06 AM | Attr =    ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 6/9/2008 8:37:17 AM | Attr =    ]
REGULOCS.OLD -> %SystemRoot%\REGULOCS.OLD ->  [Ver =  | Size = 8192 bytes | Modified Date = 6/9/2008 10:35:16 AM | Attr =    ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 6/8/2008 11:46:16 PM | Attr =    ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Modified Date = 6/8/2008 10:49:47 PM | Attr =    ]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Modified Date = 6/9/2008 12:33:16 AM | Attr =    ]
slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 4/13/2008 8:12:35 PM | Attr =    ]
SMINST -> %SystemRoot%\SMINST ->  [Folder | Modified Date = 6/9/2008 12:20:06 AM | Attr =    ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 6/8/2008 10:25:12 PM | Attr =    ]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 6/8/2008 11:40:14 PM | Attr =    ]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 6/8/2008 11:39:54 PM | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 231 bytes | Modified Date = 6/9/2008 12:23:57 AM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 6/12/2008 7:07:51 AM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 6/13/2008 4:47:30 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 6/15/2008 6:56:03 PM | Attr =    ]
twain_32.dll -> %SystemRoot%\twain_32.dll -> Twain Working Group [Ver = 1,7,1,1 | Size = 50688 bytes | Modified Date = 4/13/2008 8:12:07 PM | Attr =    ]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 6/9/2008 8:44:41 AM | Attr =    ]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 6/8/2008 10:48:22 PM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 517 bytes | Modified Date = 6/9/2008 8:55:59 AM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 6/11/2008 6:44:58 AM | Attr =    ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 6/8/2008 11:48:17 PM | Attr =    ]
HP Usg Daily.job -> %SystemRoot%\tasks\HP Usg Daily.job ->  [Ver =  | Size = 342 bytes | Modified Date = 6/15/2008 7:01:01 PM | Attr =    ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 6/15/2008 2:28:06 AM | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 6/12/2008 7:48:00 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 8/28/2003 11:35:27 PM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5489 bytes | Modified Date = 6/13/2008 4:50:05 AM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 6/13/2008 4:50:05 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 6/9/2008 12:57:06 AM | Attr =    ]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat ->  [Ver =  | Size = 515952 bytes | Modified Date = 6/9/2008 12:57:07 AM | Attr =    ]
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat ->  [Ver =  | Size = 515952 bytes | Modified Date = 6/9/2008 12:57:07 AM | Attr =    ]

< End of report >

 

[cove314]

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 6/15/2008 7:26:35 PM for strings:
; 'secdrv'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000]
"Service"="Secdrv"
"DeviceDesc"="Secdrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECDRV\0000\Control]
"ActiveService"="Secdrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv]
; Contents of value:
; System32\DRIVERS\secdrv.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,65,00,63,00,64,00,72,00,76,\
00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="Secdrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv\Enum]
"0"="Root\\LEGACY_SECDRV\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Secdrv]
; Contents of value:
; System32\DRIVERS\secdrv.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,65,00,63,00,64,00,72,00,76,\
00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="Secdrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Secdrv\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000]
"Service"="Secdrv"
"DeviceDesc"="Secdrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECDRV\0000\Control]
"ActiveService"="Secdrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv]
; Contents of value:
; System32\DRIVERS\secdrv.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,65,00,63,00,64,00,72,00,76,\
00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="Secdrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv\Enum]
"0"="Root\\LEGACY_SECDRV\\0000"

; End Of The Log...

 

[ndmmxiaomayi]

Hi,

Do you know anything about this file?

C:\Windows\system32\㩃停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g

Disable Windows Defender temporarily

Please disable Windows Defender temporarily as it may interfere with the fixes. You can re-enable it back after your computer is clean.

1. Go to Start > All Programs > Windows Defender.
2. Click on Tools at the top.
3. Under Settings, click on Options.
4. Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
5. Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
6. Click on the Save button at the bottom right hand corner.

Run Combofix

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:

Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

1. Combofix log (C:\Combofix.txt)
2. A new HijackThis log
3. If you know anything about the 㩃停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g file

 

[cove314]

ComboFix 08-06-16.5 - Owner 2008-06-17 17:21:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.409 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-16 20:17 . 2008-06-16 20:17 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-06-16 20:17 . 2008-06-16 20:17 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-06-16 19:34 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-06-16 19:34 . 2006-02-28 08:50 22,472 --a------ C:\WINDOWS\system32\drivers\OlcamUsb.sys
2008-06-16 19:34 . 2006-02-28 09:23 15,968 --a------ C:\WINDOWS\system32\drivers\OlcamFir.sys
2008-06-16 19:34 . 2003-05-01 17:49 402 --a------ C:\WINDOWS\system32\msxml4.inf
2008-06-16 19:32 . 2008-06-16 19:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\OLYMPUS
2008-06-16 19:32 . 2008-06-16 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OLYMPUS
2008-06-16 15:54 . 2008-06-16 19:31 <DIR> d-------- C:\Program Files\OLYMPUS
2008-06-16 15:54 . 2008-06-16 15:54 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-14 21:05 . 2008-06-14 21:05 <DIR> d-------- C:\Deckard
2008-06-13 04:44 . 2008-06-13 04:44 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-12 08:15 . 2008-06-12 08:15 <DIR> d-------- C:\Program Files\Uniblue
2008-06-12 07:32 . 2008-06-12 07:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-12 07:32 . 2008-06-12 07:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-12 07:32 . 2008-06-12 07:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-12 07:32 . 2008-06-12 07:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-12 07:00 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-12 07:00 . 2008-04-13 14:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-12 07:00 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-12 07:00 . 2008-04-13 14:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-12 06:39 . 2008-06-12 06:39 <DIR> d-------- C:\Program Files\Firaxis Games
2008-06-12 06:38 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-06-11 16:52 . 2008-04-14 08:30 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:52 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 06:20 . 2008-06-11 06:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-11 06:19 . 2008-06-11 06:19 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-06-11 06:19 . 2008-06-11 06:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-11 05:57 . 2008-06-11 06:40 <DIR> d-------- C:\Program Files\WhatsRunning
2008-06-10 05:47 . 2008-04-13 14:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-10 05:46 . 2008-06-10 05:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-06-10 05:46 . 2008-06-16 20:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-10 05:46 . 2008-06-10 05:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-10 05:45 . 2008-06-10 05:45 <DIR> d-------- C:\Program Files\iTunes
2008-06-10 05:45 . 2008-06-10 05:45 <DIR> d-------- C:\Program Files\iPod
2008-06-10 05:45 . 2008-06-10 05:45 <DIR> d-------- C:\Program Files\Bonjour
2008-06-10 05:44 . 2008-06-10 05:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-10 05:44 . 2008-06-10 05:45 <DIR> d-------- C:\Program Files\QuickTime
2008-06-10 05:44 . 2008-06-10 05:44 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-10 05:44 . 2008-06-10 05:44 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-10 05:44 . 2008-06-10 05:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-10 05:44 . 2008-06-10 05:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-10 05:34 . 2008-06-10 05:34 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-10 05:34 . 2008-06-10 05:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-10 02:33 . 2008-06-12 07:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 02:33 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-06-10 02:33 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-10 01:19 . 2008-06-11 06:39 <DIR> d-------- C:\Program Files\Panda Security
2008-06-10 01:06 . 2008-06-10 01:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-10 00:59 . 2008-06-17 17:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-06-10 00:59 . 2008-06-10 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-10 00:59 . 2008-06-10 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-10 00:09 . 2008-06-10 00:09 <DIR> d-------- C:\EarthLink PCC Data
2008-06-10 00:06 . 2008-06-10 00:06 1,683,456 --ah----- C:\AFCache.dat
2008-06-10 00:04 . 2008-06-10 00:04 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-06-10 00:03 . 2008-06-10 00:03 <DIR> d-------- C:\Program Files\Common Files\EarthLink Protection Control Center
2008-06-10 00:03 . 2008-06-10 00:03 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-06-10 00:03 . 2008-06-10 00:06 <DIR> d-------- C:\Program Files\Common Files\ADS
2008-06-10 00:03 . 2008-06-10 00:03 <DIR> d-------- C:\Program Files\Authentium
2008-06-10 00:03 . 2008-06-10 00:03 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-09 10:35 . 2008-06-09 10:35 8,192 --a------ C:\WINDOWS\REGULOCS.OLD
2008-06-09 10:35 . 2008-06-09 10:35 34 --a------ C:\WINDOWS\AuthMgr.INI
2008-06-09 10:34 . 2008-06-09 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Visual Networks
2008-06-09 10:33 . 2008-06-09 10:51 <DIR> d-------- C:\Program Files\EarthLink TotalAccess
2008-06-09 10:33 . 2008-06-09 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-09 09:43 . 2008-06-11 06:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ScamBlocker
2008-06-09 09:43 . 2008-06-09 10:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\EarthLink
2008-06-09 09:36 . 2008-06-09 09:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\InstallShield
2008-06-09 09:30 . 2008-06-09 10:33 <DIR> d-------- C:\Program Files\Common Files\EarthLink
2008-06-09 09:30 . 2008-06-10 00:03 152 --a------ C:\WINDOWS\system32\???????????????????????????????????????????g
2008-06-09 09:29 . 2008-06-10 00:03 <DIR> d-------- C:\Program Files\EarthLink
2008-06-09 09:03 . 2008-06-09 09:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 09:03 . 2008-06-09 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 08:55 . 2008-06-14 20:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-09 08:54 . 2008-06-09 08:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-09 08:54 . 2008-06-09 08:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-09 08:44 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-09 08:44 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-09 08:44 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-09 08:44 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-09 08:44 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-09 08:44 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-09 08:44 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-09 08:44 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-09 08:44 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-09 01:08 . 2008-06-09 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-09 00:44 . 2008-06-16 20:32 81,191 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-09 00:43 . 2006-08-11 21:42 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-09 00:43 . 2006-08-11 21:42 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-09 00:32 . 2008-06-09 00:32 3,448 -rahs---- C:\WINDOWS\system32\drivers\HP_DT170A-ABA A384X_YC_Pavi_QMXK343_E34NAheBLU2_4_IA7N8X-LA_SASUSTeK Computer INC._VRev 1.xx_B3.05_T030917_WXH1_L409_M1024_J80_7AMD_8Athlon XP 2800+_92.08_110DE006E_N10DE0066_P_Z11C1044C_K_A10DE006A_U10DE0067_G.MRK
2008-06-09 00:31 . 2003-08-23 10:34 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-09 00:31 . 2003-08-28 23:16 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-06-09 00:31 . 2003-08-23 10:12 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
2008-06-09 00:31 . 2003-08-23 23:26 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-06-09 00:31 . 2003-08-28 23:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\interMute
2008-06-09 00:31 . 2008-04-13 15:18 52,480 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-06-09 00:31 . 2008-04-13 14:39 24,576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-06-09 00:30 . 2008-06-09 00:30 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-09 00:29 . 2008-04-13 15:19 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-06-09 00:29 . 2008-04-13 14:45 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-06-09 00:27 . 2003-08-23 10:34 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-09 00:20 . 2008-06-16 20:32 1,457 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-06-09 00:18 . 2008-06-09 00:19 <DIR> d-------- C:\I386
2008-06-09 00:08 . 2008-06-16 15:54 <DIR> dr------- C:\Program Files
2008-06-09 00:08 . 2008-06-09 00:16 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-06-09 00:06 . 2008-06-12 07:00 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-06-08 23:41 . 2008-06-08 23:41 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-08 23:41 . 2008-06-08 23:41 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-08 23:41 . 2008-06-08 23:41 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-08 23:26 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-06-08 23:26 . 2006-10-18 22:47 7,168 -----c--- C:\WINDOWS\system32\dllcache\asferror.dll
2008-06-08 22:50 . 2008-06-08 22:50 <DIR> d-------- C:\WINDOWS\provisioning
2008-06-08 22:50 . 2008-06-08 23:41 <DIR> d-------- C:\WINDOWS\peernet
2008-06-08 22:49 . 2008-06-08 22:49 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-08 22:45 . 2008-06-08 23:33 <DIR> d-------- C:\WINDOWS\EHome
2008-06-08 22:31 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-06-08 22:31 . 2008-04-14 05:42 11,264 --------- C:\WINDOWS\system32\spnpinst.exe
2008-06-08 22:31 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-06-08 22:31 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-06-08 22:22 . 2008-06-11 16:55 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-08 22:22 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-08 22:21 . 2008-06-08 23:41 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-08 22:21 . 2008-04-13 13:39 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2008-06-08 22:21 . 2008-04-13 20:12 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-06-08 22:21 . 2008-04-13 20:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 00:17 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-06-16 23:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 10:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-10 09:59 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-06-09 05:03 --------- d-----w C:\Program Files\Softex
2008-06-09 05:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\interMute
2008-06-09 05:01 --------- d-----w C:\Program Files\Common Files\Real
2008-06-09 04:59 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-06-09 04:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-09 04:51 --------- d-----w C:\Program Files\HP
2008-06-09 04:49 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-09 03:43 420,432 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\pchplugin.zip
2008-06-09 03:43 126,976 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\ContentUpdater.exe
2008-06-09 03:43 106,496 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PluginCtrl.dll
2008-06-09 03:42 77,824 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\WinVerifyTrust.dll
2008-06-09 03:42 49,152 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHI18N.dll
2008-06-09 03:42 159,744 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHButton.exe
2008-06-09 03:42 122,880 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\SearchCtrl.dll
2008-06-09 03:42 1,306,152 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\motdeusr.zip
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 10:07 114688]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 06:03 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 05:55 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 22:19 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 21:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 21:13 118784]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57 81920]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-08-11 21:43 86016]
"IPInSightMonitor 01"="C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe" [2005-08-10 22:10 122880]
"IPInSightLAN 01"="C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" [2005-08-10 22:10 380928]
"Earthlink Protection Control Center"="C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe" [2007-11-15 17:44 58856]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 22:56 188416]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
OLYMPUS Viewer.lnk - C:\Program Files\OLYMPUS\OLYMPUS Viewer\Ov_Monitor.exe [2008-06-16 19:31:34 40960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 10:33 1506544 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 GRFILTER;CS NDIS Driver;C:\WINDOWS\system32\drivers\GRFILTER.sys [2007-04-11 10:35]
R2 GRTdiMon;GR TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys [2007-04-11 10:35]
R3 ADSFilter;ADSFilter - (EarthLink Filter Driver);C:\WINDOWS\system32\drivers\ADSFilter.sys [2007-08-03 07:35]
R3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver);C:\WINDOWS\system32\drivers\ADSMonitor.sys [2007-08-03 07:35]
S3 AuthFw;AuthFw;"C:\Program Files\Authentium\Firewall SDK\AuthFw.exe" [2007-04-05 14:02]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver;C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys [2007-04-26 10:57]
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter;C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys [2007-04-26 10:57]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-17 19:01:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2008-06-17 21:15:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 17:23:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-06-17 17:25:23
ComboFix-quarantined-files.txt 2008-06-17 21:25:03

Pre-Run: 44,094,742,528 bytes free
Post-Run: 44,096,737,280 bytes free

285 --- E O F --- 2008-06-11 20:55:30

 

[cove314]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:56 PM, on 6/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Viewer\Ov_Monitor.exe
C:\Program Files\Common Files\ADS\ADSService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPuB.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: OLYMPUS Viewer.lnk = C:\Program Files\OLYMPUS\OLYMPUS Viewer\Ov_Monitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212977941431
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ADSService - EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AuthFw - Authentium - C:\Program Files\Authentium\Firewall SDK\AuthFw.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe
O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtectionService - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe

--
End of file - 8416 bytes

 

[cove314]

I have no Idea what the 停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g file could be.
My earthlink virus protection still finds WinantiSpyware every morning and I delete it but it still shows up the next time I do a scan. maybe it could be associated with that?

 

[ndmmxiaomayi]

Hi,

The logs are looking fine.

My earthlink virus protection still finds WinantiSpyware every morning and I delete it but it still shows up the next time I do a scan.

Can I know which folders and files are being detected?

Example:

C:\Windows\baddy.exe

Show hidden files

1. Open My Computer.
2. Go to Tools > Folder Options.
3. Select the View tab.
4. Scroll down to Hidden files and folders.
5. Select Show hidden files and folders.
6. Uncheck (untick) Hide extensions of known file types.
7. Uncheck (untick) Hide protected operating system files (Recommended).
8. Click Yes when prompted.
9. Click OK.

Delete file

Please navigate to this folder - C:\Windows\system32

Find and delete this file - 停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g

 

[cove314]

I deleted the ????????????????????????????g file then restarted my computer and ran a through scan with my virus software and it did not find anything.
It usually shows up in the morning so I will see if it appears then.
The file it keeps finding is WinantiSpyware. It has it located at,
Hkey_local_machine\software\antivirus

 

[ndmmxiaomayi]

Hmm...

That's a rogue antispyware as far as I know.

Please follow this post to do a registry search.

Instead of entering SECDRV, enter in antivirus.

Then post back the results.

Thanks.

 

[cove314]

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 6/19/2008 4:57:13 AM for strings:
; 'antivirus'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01832BAE-76A5-4956-814D-92D08335C278}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{103CAE29-DB09-4F77-812B-FFC0C3BC91A1}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F22F6F1-FDC5-4C6D-9335-B6E31315FB1B}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{253A6409-6917-48EF-9CC7-9CB79FDA4169}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}]
@="IOfficeAntiVirus implementation"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50F3C8D1-E5E8-463D-A6E5-5A5966359538}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{567408B9-78B1-44DD-9CC2-7AC136C916C5}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67EC8D27-C3CD-447E-9315-46A04DDB6C35}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D855303-A902-4608-8668-C177F80AB429}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EDDD996-E47F-4C59-8505-9FC570612FB6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95212051-5DB5-4061-8229-A205D818AFC2}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1962F85-324C-4751-83ED-27426F9F6E36}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A665DBA7-6009-4F9D-B2BB-437D5F655472}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7392C69-8D2D-469C-AF1D-40D66B1B455E}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAEC103D-39C8-482E-896F-802FB893515E}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED9DA10-9C9E-4AEB-B5B2-51C7ADC7A4DA}\InprocServer32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\829DB5EE4397B7E4F90E404539A11795]
"ProductName"="Authentium AntiVirus SDK - 2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DD33E7E9-0542-4CB0-BB14-C1465D4F9108}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DD33E7E9-0542-4CB0-BB14-C1465D4F9108}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3670BA5-D8B0-4DA2-A566-F13A39B0DA4E}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\dvpapi.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E3670BA5-D8B0-4DA2-A566-F13A39B0DA4E}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Command Software\Command AntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01926AD1129A0E44DA057E9CBC5E72C4]
"4F57260AB42358E4596E782BDC274910"="02:\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments\\ScanWithAntiVirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\047DA702703FC4F43B450E53FCF9BCC6]
"829DB5EE4397B7E4F90E404539A11795"="02:\\Software\\Antivirus\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\334063B1C014DE54B83E341DD187F2B5]
"829DB5EE4397B7E4F90E404539A11795"="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\csav.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4E6F59F6458ADE8449F585D210F417B0]
"829DB5EE4397B7E4F90E404539A11795"="02:\\SOFTWARE\\Command Software\\Command AntiVirus\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B2ACD5C1A0F1494FB80ABF5D63D580D]
"829DB5EE4397B7E4F90E404539A11795"="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\odapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A627730A6B67D4940B94058A2B3DC6CA]
"829DB5EE4397B7E4F90E404539A11795"="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\Css-Dvp.sys"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA8D5B89958940040AAB58FA6B5BF15C]
"829DB5EE4397B7E4F90E404539A11795"="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\csscan32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6DF0DFB866D34F46B4F4CB2FCA74BDE]
"829DB5EE4397B7E4F90E404539A11795"="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\css3rde.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB9B11B30AB692648B5168AB26B854A4]
"829DB5EE4397B7E4F90E404539A11795"="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\defvn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C60610FA38E52A44592570E0737D0C60]
"829DB5EE4397B7E4F90E404539A11795"="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\dvpmgr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F78BD93EBC2DFF24AA4A277E8052D86C]
"829DB5EE4397B7E4F90E404539A11795"="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\dvpapi.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7BE156A1C8617C4FAD42323DF8FB4C6]
"829DB5EE4397B7E4F90E404539A11795"="C:\\Program Files\\Common Files\\Authentium\\AntiVirus\\css3rdem.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\829DB5EE4397B7E4F90E404539A11795\InstallProperties]
"Comments"="AntiVirus"
"DisplayName"="Authentium AntiVirus SDK - 2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\alltiettantivirus.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\antivirusaskeladd.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\antiviruspcsuite.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\antivirusscherm.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\winantivirus.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stantivirus.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stantivirus.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alltiettantivirus.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alltiettantivirus.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.info]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.info\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.net]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.net\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.org]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.org\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.info]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.info\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.net]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.net\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.org]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.org\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-hq.net]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-hq.net\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-scanner.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-scanner.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-stop.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-stop.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.info]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.info\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.net]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.net\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.org]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.org\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008x.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008x.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusadvance.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusadvance.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusaskeladd.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusaskeladd.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusgereedschap.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusgereedschap.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusgolden.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusgolden.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiviruspcsuite.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiviruspcsuite.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiviruspremium.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiviruspremium.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusprotector.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusprotector.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusscherm.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusscherm.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirussecuritypro.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirussecuritypro.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirussuite.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirussuite.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fastfreedownload.com\antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fastfreedownload.com\www.antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microantivirus.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microantivirus.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microantivirusxp.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microantivirusxp.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pandaantivirus-2007.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pandaantivirus-2007.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trustedantivirus.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trustedantivirus.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\br]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\de]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\download]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\es]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\fr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\go]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\hk]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\instlog]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\kb]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\secure]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\support]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\ulog]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\utils]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www-download-antivirus.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www-download-antivirus.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xpantiviruspro.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xpantiviruspro.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
"ScanWithAntiVirus"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE5BD928-7934-4E7B-9FE0-0454931A7159}]
"Comments"="AntiVirus"
"DisplayName"="Authentium AntiVirus SDK - 2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\MpOfficeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\MpOfficeAntiVirus\MpOfficeAntiVirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dvpapi]
; Contents of value:
; "C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe"
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,6f,\
00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,75,00,74,00,68,00,\
65,00,6e,00,74,00,69,00,75,00,6d,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,\
00,72,00,75,00,73,00,5c,00,64,00,76,00,70,00,61,00,70,00,69,00,2e,00,65,00,\
78,00,65,00,22,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\dvpapi]
; Contents of value:
; "C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe"
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,6f,\
00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,75,00,74,00,68,00,\
65,00,6e,00,74,00,69,00,75,00,6d,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,\
00,72,00,75,00,73,00,5c,00,64,00,76,00,70,00,61,00,70,00,69,00,2e,00,65,00,\
78,00,65,00,22,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvpapi]
; Contents of value:
; "C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe"
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,6f,\
00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,75,00,74,00,68,00,\
65,00,6e,00,74,00,69,00,75,00,6d,00,5c,00,41,00,6e,00,74,00,69,00,56,00,69,\
00,72,00,75,00,73,00,5c,00,64,00,76,00,70,00,61,00,70,00,69,00,2e,00,65,00,\
78,00,65,00,22,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\alltiettantivirus.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\antivirusaskeladd.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\antiviruspcsuite.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\antivirusscherm.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\winantivirus.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stantivirus.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stantivirus.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alltiettantivirus.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alltiettantivirus.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.info]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.info\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.net]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.net\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.org]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008-pro.org\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.info]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.info\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.net]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.net\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.org]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-2008pro.org\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-hq.net]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-hq.net\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-scanner.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-scanner.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-stop.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus-stop.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.info]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.info\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.net]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.net\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.org]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008pro.org\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008x.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirus2008x.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusadvance.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusadvance.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusaskeladd.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusaskeladd.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusgereedschap.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusgereedschap.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusgolden.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusgolden.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiviruspcsuite.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiviruspcsuite.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiviruspremium.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiviruspremium.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusprotector.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusprotector.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusscherm.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusscherm.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirussecuritypro.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirussecuritypro.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirussuite.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirussuite.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fastfreedownload.com\antivirus]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fastfreedownload.com\www.antivirus]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ieantivirus.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microantivirus.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microantivirus.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microantivirusxp.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microantivirusxp.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pandaantivirus-2007.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pandaantivirus-2007.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trustedantivirus.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trustedantivirus.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\br]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\de]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\download]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\es]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\fr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\go]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\hk]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\instlog]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\kb]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\secure]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\support]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\ulog]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\utils]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.net]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www-download-antivirus.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www-download-antivirus.com\www]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xpantivirus.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xpantiviruspro.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xpantiviruspro.com\www]

; End Of The Log...

 

[ndmmxiaomayi]

Hmm...

Nothing odd there. Things are looking good as far as I can tell. :smile:

Let me know what your antivirus detects.

 

[cove314]

It still finds it. I did a Full system recovery totally deleting my entire hard drive because this virus showed up. I had to connect to the internet to do my windows updating could the virus gotten back in then? is there a way for me to do windows update from a disc? I ran the full system recovery from a partition on my hard drive.

 

[ndmmxiaomayi]

One way is to order it.

http://support.microsoft.com/kb/322389

The above article is just a brief summary.

Assuming that your recovery partition has no service packs, this is what you need to do:

1. Download and install SP1a from here - http://www.microsoft.com/windowsxp/downloads/updates/sp1/expresso.mspx

2. Download and install SP2 from here - http://www.microsoft.com/downloads/...BE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

All of these can be done a relative or friend's house. Download and burn them to a disc.

Unplug your cables from your modem/router and disable all security programs before installing the service packs.

Then connect the cables back to check if there are more updates to install. When done, you can re-enable all your security programs.

 

[cove314]

I did a destructive reinstall of XP. did the updates from a disc, then connected to the internet to check on more updates. updated all the windows xp updates. ran my virus checker and foud a bunch (149) deleted them. and when I was coming to this site to post my active scan picked them all up again, here is a new hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:26 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe
C:\Program Files\Common Files\ADS\ADSService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Authentium\Firewall SDK\AuthFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe" /tray
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214010479473
O23 - Service: ADSService - EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe
O23 - Service: AuthFw - Authentium - C:\Program Files\Authentium\Firewall SDK\AuthFw.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe
O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: ProtectionService - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe

--
End of file - 6253 bytes