Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cpvfeed Popups And Other Sites


  • Please log in to reply
20 replies to this topic

#1 sliktek

sliktek

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 08 April 2007 - 04:30 PM

I have searched this whole site and followed all the instructions and ran 50 different spyware scanners but I cannot seem to get rid of the cpvfeed popups. I've also tried vundo and virtumonde.

Here is my HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 4:25:35 PM, on 4/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\DOCUME~1\Logan\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis_v2.zip\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Logan\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {4BB81B5B-87BA-4AB1-86F9-81669092ADB7} - C:\Program Files\WindowsUpdate\hokep.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: McAfee Wi-FiScan - http://download.mcafee.com/molbin/iss-loc/...ScannerCtrl.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 08 April 2007 - 05:05 PM

Welcome to the BleepingComputer HijackThis forum sliktek :thumbsup:

Download Winpfind V2.0.2 and extract the contents to your desktop:
http://download.bleepingcomputer.com/oldtimer/winpfind.exe
Open the WinPFind folder and double click on Winpfind.exe
Leave the configuation settings as they are and click on 'Run Scan'.
The scan will take some time to complete so please be patient.
Once complete close the program.
Open the WinPFind folder,then copy and paste the entire content of winpfind.txt into your next reply please.
Posted Image
Posted Image

#3 sliktek

sliktek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 08 April 2007 - 05:16 PM

WinPFind logfile created on: 4/8/2007 5:06:23 PM
WinPFind by OldTimer - v2.0.2 Folder = C:\Documents and Settings\Logan\Desktop\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

1047996 Kb Total Physical Memory | 562884 Kb Available Physical Memory | 53.71% Memory free
2521220 Kb Paging File | 2094668 Kb Available in Paging File | 83.08% Paging File free
Paging file location: C:\pagefile.sys 1536 3072

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78140128 Kb Total Space | 69767860 Kb Free Space | 89.29% Space Free
Drive D: | 68932156 Kb Total Space | 55497468 Kb Free Space | 80.51% Space Free
Drive E: | 22646 Kb Total Space | 0 Kb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\Documents and Settings\Logan\Desktop\WinPFind\WinPFind.exe (OldTimer Tools)
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
c:\program files\common files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe (McAfee, Inc.)
C:\Program Files\Free Download Manager\fdm.exe ()
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
C:\Program Files\McAfee\MPS\mps.exe (McAfee, Inc.)
C:\Program Files\McAfee\MPS\mpsevh.exe (McAfee, Inc.)
C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
C:\Program Files\McAfee\MSC\mcpromgr.exe (McAfee, Inc.)
C:\Program Files\McAfee\MSK\mskagent.exe (McAfee Inc.)
C:\Program Files\McAfee\MSK\msksrver.exe (McAfee Inc.)
C:\Program Files\McAfee\MWL\MwlGui.exe (McAfee, Inc.)
C:\Program Files\McAfee\MWL\MwlSvc.exe (McAfee, Inc.)
C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
C:\Program Files\SiteAdvisor\6028\SAService.exe (McAfee, Inc.)
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe (McAfee, Inc.)
C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe (McAfee, Inc.)

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped]
= (File not found)

(MBackMonitor) MBackMonitor [Win32_Own | On_Demand | Stopped]
= C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)

(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running]
= C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)

(mcmispupdmgr) McAfee Update Manager [Win32_Own | On_Demand | Stopped]
= C:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)

(mcmscsvc) McAfee Services [Win32_Own | Auto | Running]
= C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running]
= c:\program files\common files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

(McODS) McAfee Scanner [Win32_Own | Auto | Running]
= C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running]
= C:\Program Files\McAfee\MSC\mcpromgr.exe (McAfee, Inc.)

(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running]
= c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running]
= c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe (McAfee, Inc.)

(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running]
= (File not found)

(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running]
= C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running]
= C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)

(MPS9) McAfee Privacy Service [Win32_Own | Auto | Running]
= C:\Program Files\McAfee\MPS\mps.exe (McAfee, Inc.)

(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running]
= C:\Program Files\McAfee\MSK\msksrver.exe (McAfee Inc.)

(MWLSvc) McAfee Wireless Network Security Service [Win32_Own | On_Demand | Running]
= C:\Program Files\McAfee\MWL\MwlSvc.exe (McAfee, Inc.)

(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running]
= C:\Program Files\SiteAdvisor\6028\SAService.exe (McAfee, Inc.)

(WMP54Gv4SVC) WMP54Gv4SVC [Win32_Own | Disabled | Stopped]
= C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe (GEMTEKS)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
!AVG Anti-Spyware = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
CTHelper = C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
CTxfiHlp = C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
MskAgentexe = C:\Program Files\McAfee\MSK\mskagent.exe (McAfee Inc.)
MWLExe = C:\Program Files\McAfee\MWL\MwlGui.exe (McAfee, Inc.)
SiteAdvisor = C:\Program Files\SiteAdvisor\6028\SiteAdv.exe (McAfee, Inc.)
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\Logan\Start Menu\Programs\Startup >
C:\Documents and Settings\Logan\Start Menu\Programs\Startup\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

>>>>> Disabled Startup Folder Items <<<<<

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -> Reg Data - Key not found
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation)

https [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [AddToPlaylistVLC] -> C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -> C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = autocheck autochk *;
ExcludeFromKnownDlls =
PendingFileRenameOperations = \??\C:\WINDOWS\system32\kb1cmp.dll;

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = AVG Anti-Spyware 7.5 ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) )


>>>>> Security Providers <<<<<

>>>>> Winlogon Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145
NoInstrumentation = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
DisableRegistryTools = 0

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName =
Source = C:\Program Files\Online Services\profsywuypr.html
SubscribedURL =

FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 734 bytes | Modified Date: 4/8/2007 1:38:42 PM)
127.0.0.1 localhost

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
- Reg Data - Value does not exist ( HKLM = C:\Program Files\SiteAdvisor\6028\SiteAdv.dll (McAfee, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BB81B5B-87BA-4AB1-86F9-81669092ADB7}]
- ( HKLM = C:\Program Files\WindowsUpdate\hokep.dll () )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
- scriptproxy ( HKLM = c:\program files\McAfee\virusscan\scriptcl.dll (McAfee, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}]
- CPub Object ( HKLM = c:\program files\McAfee\MPS\McPopup.dll (McAfee, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
- FDMIECookiesBHO Class ( HKLM = C:\Program Files\Free Download Manager\iefdmcks.dll () )

>>>>> Bars, Toolbars and Extensions <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor ( HKLM = C:\Program Files\SiteAdvisor\6028\SiteAdv.dll (McAfee, Inc.) )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8194

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all with Free Download Manager]
@ = C:\Program Files\Free Download Manager\dlall.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download selected with Free Download Manager]
@ = C:\Program Files\Free Download Manager\dlselected.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with Free Download Manager]
@ = C:\Program Files\Free Download Manager\dllink.htm ()

>>>>> Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{32683183-48a0-441b-a342-7c2a440a9478} = Media Band ( CLSID not found! )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( CLSID not found! )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = PowerISO ( CLSID not found! )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\MCVSRIGHTCLICKSCANNER]
@ = {162EFDC5-2957-465D-887B-590AF4A7E84D} ( HKLM = c:\Program Files\McAfee\VirusScan\mcodsax.dll (McAfee, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\PowerISO]
@ = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\MCVSRIGHTCLICKSCANNER]
@ = {162EFDC5-2957-465D-887B-590AF4A7E84D} ( HKLM = c:\Program Files\McAfee\VirusScan\mcodsax.dll (McAfee, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\PowerISO]
@ = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

>>>>> User Agent Post Platform <<<<<

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{52AAA030-50B9-416C-9164-E436FD57F02D}] ( 1394 Net Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7564DF29-968E-4233-86FD-149C8B747D39}] ( Broadcom NetXtreme Gigabit Ethernet Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B81A1C6E-5DE4-4C2E-BCD7-3C11AC563BE1}] ( Linksys Wireless-G PCI Adapter )
DefaultGateway =
DhcpDefaultGateway = 192.168.10.1;
DhcpIPAddress = 192.168.10.183
DhcpNameServer = 192.168.10.1
DhcpServer = 192.168.10.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Protocol Handlers <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\siteadvisor]
CLSID = {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - ( HKLM C:\Program Files\SiteAdvisor\6028\SiteAdv.dll (McAfee, Inc.) )

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\McAfee Wi-FiScan\DownloadInformation]
CODEBASE = http://download.mcafee.com/molbin/iss-loc/...ScannerCtrl.cab
INF = C:\WINDOWS\Downloaded Program Files\WscWlanScannerCtrl_cab.inf
OSD = C:\WINDOWS\Downloaded Program Files\WscWlanScannerCtrl_cab.osd

»»»»»»»»»»»»»»»»»»»» Files Created Within 30 Days »»»»»»»»»»»»»

C:\AUTOEXEC.BAT [Ver = | Size = 0 bytes | Created Date = 4/7/2007 4:16:30 PM | Attr = ]
C:\boot.ini [Ver = | Size = 211 bytes | Created Date = 4/7/2007 11:04:25 AM | Attr = RHS]
C:\CONFIG.SYS [Ver = | Size = 0 bytes | Created Date = 4/7/2007 4:16:30 PM | Attr = ]
C:\District B13.avi.MOV [Ver = | Size = 18587695 bytes | Created Date = 4/7/2007 6:20:08 PM | Attr = ]
C:\IO.SYS [Ver = | Size = 0 bytes | Created Date = 4/7/2007 4:16:30 PM | Attr = RHS]
C:\MSDOS.SYS [Ver = | Size = 0 bytes | Created Date = 4/7/2007 4:16:30 PM | Attr = RHS]
C:\Documents and Settings\All Users\Application Data\desktop.ini [Ver = | Size = 62 bytes | Created Date = 4/7/2007 11:05:43 AM | Attr = HS]
C:\Documents and Settings\Logan\Application Data\desktop.ini [Ver = | Size = 62 bytes | Created Date = 4/7/2007 4:20:59 PM | Attr = HS]
C:\Documents and Settings\Logan\Application Data\Dxcdmns.dll [Ver = | Size = 76 bytes | Created Date = 4/8/2007 10:16:51 AM | Attr = ]
C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 5120 bytes | Created Date = 4/7/2007 4:45:31 PM | Attr = ]
C:\Documents and Settings\Logan\Local Settings\Application Data\fusioncache.dat [Ver = | Size = 128 bytes | Created Date = 4/8/2007 12:46:11 PM | Attr = ]
C:\Documents and Settings\Logan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 13104 bytes | Created Date = 4/7/2007 5:50:51 PM | Attr = ]
C:\Documents and Settings\Logan\Local Settings\Application Data\IconCache.db [Ver = | Size = 6410430 bytes | Created Date = 4/7/2007 4:42:20 PM | Attr = H ]
C:\Documents and Settings\All Users\Documents\desktop.ini [Ver = | Size = 62 bytes | Created Date = 4/7/2007 11:05:43 AM | Attr = HS]
C:\Documents and Settings\Logan\My Documents\desktop.ini [Ver = | Size = 76 bytes | Created Date = 4/7/2007 4:21:03 PM | Attr = HS]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 849 bytes | Created Date = 4/8/2007 2:06:49 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [Ver = | Size = 671 bytes | Created Date = 4/8/2007 12:47:47 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [Ver = | Size = 1602 bytes | Created Date = 4/7/2007 5:00:56 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk [Ver = | Size = 1689 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk [Ver = | Size = 1665 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [Ver = | Size = 719 bytes | Created Date = 4/7/2007 9:54:47 PM | Attr = ]
C:\Documents and Settings\Logan\Desktop\choose.pdf [Ver = | Size = 236734 bytes | Created Date = 4/8/2007 1:26:49 PM | Attr = ]
C:\Documents and Settings\Logan\Desktop\click.php Atribune.org [Ver = 6.03.0019 | Size = 97280 bytes | Created Date = 4/8/2007 2:29:33 PM | Attr = ]
C:\Documents and Settings\Logan\Desktop\Free Download Manager.lnk [Ver = | Size = 664 bytes | Created Date = 4/7/2007 10:17:09 PM | Attr = ]
C:\Documents and Settings\Logan\Desktop\FrostWire 4.13.1.6 BETA.lnk [Ver = | Size = 856 bytes | Created Date = 4/8/2007 7:27:38 AM | Attr = ]
C:\Documents and Settings\Logan\Desktop\PowerISO36.exe [Ver = | Size = 871415 bytes | Created Date = 4/8/2007 12:40:10 PM | Attr = ]
C:\Documents and Settings\Logan\Desktop\µTorrent.lnk [Ver = | Size = 630 bytes | Created Date = 4/7/2007 9:14:51 PM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Created Date = 4/7/2007 11:05:43 AM | Attr = HS]
C:\Documents and Settings\Logan\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Created Date = 4/7/2007 4:20:59 PM | Attr = HS]
C:\WINDOWS\002350_.tmp [Ver = | Size = 19528 bytes | Created Date = 4/7/2007 5:27:36 PM | Attr = ]
C:\WINDOWS\Blue Lace 16.bmp [Ver = | Size = 1272 bytes | Created Date = 4/7/2007 4:13:23 PM | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Created Date = 4/7/2007 4:18:13 PM | Attr = S]
C:\WINDOWS\Coffee Bean.bmp [Ver = | Size = 17062 bytes | Created Date = 4/7/2007 4:13:23 PM | Attr = ]
C:\WINDOWS\control.ini [Ver = | Size = 0 bytes | Created Date = 4/7/2007 4:16:30 PM | Attr = ]
C:\WINDOWS\CTDCRES.DLL Creative Technology Ltd [Ver = 5.12.01.1140-2.07.0070 | Size = 10240 bytes | Created Date = 4/7/2007 10:37:31 PM | Attr = ]
C:\WINDOWS\CTXFIRES.DLL [Ver = 1, 0, 2, 0 | Size = 3072 bytes | Created Date = 4/7/2007 10:37:31 PM | Attr = ]
C:\WINDOWS\desktop.ini [Ver = | Size = 2 bytes | Created Date = 4/7/2007 4:14:56 PM | Attr = ]
C:\WINDOWS\FeatherTexture.bmp [Ver = | Size = 16730 bytes | Created Date = 4/7/2007 4:13:23 PM | Attr = ]
C:\WINDOWS\Gone Fishing.bmp [Ver = | Size = 17336 bytes | Created Date = 4/7/2007 4:13:23 PM | Attr = ]
C:\WINDOWS\Greenstone.bmp [Ver = | Size = 26582 bytes | Created Date = 4/7/2007 4:13:23 PM | Attr = ]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1355 bytes | Created Date = 4/7/2007 11:06:11 AM | Attr = ]
C:\WINDOWS\INRES.DLL Creative Technology Limited [Ver = 1, 0, 9, 0 | Size = 11776 bytes | Created Date = 4/7/2007 10:37:30 PM | Attr = ]
C:\WINDOWS\meta4.exe [Ver = | Size = 217073 bytes | Created Date = 4/7/2007 6:18:52 PM | Attr = ]
C:\WINDOWS\MOTA113.exe [Ver = | Size = 66560 bytes | Created Date = 4/7/2007 6:18:52 PM | Attr = ]
C:\WINDOWS\mozver.dat [Ver = | Size = 1604 bytes | Created Date = 4/8/2007 12:15:47 PM | Attr = ]
C:\WINDOWS\nsreg.dat [Ver = | Size = 0 bytes | Created Date = 4/7/2007 5:01:04 PM | Attr = ]
C:\WINDOWS\ODBCINST.INI [Ver = | Size = 4161 bytes | Created Date = 4/7/2007 11:06:07 AM | Attr = ]
C:\WINDOWS\Prairie Wind.bmp [Ver = | Size = 65954 bytes | Created Date = 4/7/2007 4:13:24 PM | Attr = ]
C:\WINDOWS\REGLOCS.OLD [Ver = | Size = 8192 bytes | Created Date = 4/7/2007 4:18:53 PM | Attr = ]
C:\WINDOWS\Rhododendron.bmp [Ver = | Size = 17362 bytes | Created Date = 4/7/2007 4:13:24 PM | Attr = ]
C:\WINDOWS\River Sumida.bmp [Ver = | Size = 26680 bytes | Created Date = 4/7/2007 4:13:24 PM | Attr = ]
C:\WINDOWS\Santa Fe Stucco.bmp [Ver = | Size = 65832 bytes | Created Date = 4/7/2007 4:13:24 PM | Attr = ]
C:\WINDOWS\SET3.tmp [Ver = | Size = 1086182 bytes | Created Date = 4/7/2007 11:05:38 AM | Attr = R ]
C:\WINDOWS\SET7.tmp [Ver = | Size = 13608 bytes | Created Date = 4/7/2007 11:05:40 AM | Attr = R ]
C:\WINDOWS\slrundll.exe Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 4/7/2007 5:33:24 PM | Attr = ]
C:\WINDOWS\Soap Bubbles.bmp [Ver = | Size = 65978 bytes | Created Date = 4/7/2007 4:13:23 PM | Attr = ]
C:\WINDOWS\super.chm [Ver = | Size = 9292 bytes | Created Date = 4/7/2007 6:18:42 PM | Attr = H ]
C:\WINDOWS\uni_eh10.exe [Ver = 1.00.0010 | Size = 57344 bytes | Created Date = 3/15/2007 8:46:35 AM | Attr = ]
C:\WINDOWS\vb.ini [Ver = | Size = 36 bytes | Created Date = 4/7/2007 4:13:56 PM | Attr = ]
C:\WINDOWS\vbaddin.ini [Ver = | Size = 37 bytes | Created Date = 4/7/2007 4:13:56 PM | Attr = ]
C:\WINDOWS\VTTC.exe [Ver = | Size = 105434 bytes | Created Date = 4/8/2007 9:19:32 AM | Attr = ]
C:\WINDOWS\WindowsShell.Manifest [Ver = | Size = 749 bytes | Created Date = 4/7/2007 4:15:39 PM | Attr = RH ]
C:\WINDOWS\winnt.bmp [Ver = | Size = 48680 bytes | Created Date = 4/7/2007 4:14:56 PM | Attr = HS]
C:\WINDOWS\winnt256.bmp [Ver = | Size = 48680 bytes | Created Date = 4/7/2007 4:14:56 PM | Attr = HS]
C:\WINDOWS\WMSysPr9.prx [Ver = | Size = 316640 bytes | Created Date = 4/7/2007 5:34:24 PM | Attr = ]
C:\WINDOWS\WMSysPrx.prx [Ver = | Size = 299552 bytes | Created Date = 4/7/2007 4:16:27 PM | Attr = ]
C:\WINDOWS\x2.64.exe [Ver = | Size = 502784 bytes | Created Date = 4/7/2007 6:18:52 PM | Attr = ]
C:\WINDOWS\Zapotec.bmp [Ver = | Size = 9522 bytes | Created Date = 4/7/2007 4:13:24 PM | Attr = ]
C:\WINDOWS\{00000005-00000000-00000009-00001102-00000004-20021102}.BAK [Ver = | Size = 4958588 bytes | Created Date = 4/8/2007 1:01:58 AM | Attr = ]
C:\WINDOWS\{00000005-00000000-00000009-00001102-00000004-20021102}.CDF [Ver = | Size = 4958588 bytes | Created Date = 4/7/2007 10:38:28 PM | Attr = ]
C:\WINDOWS\System32\$winnt$.inf [Ver = | Size = 261 bytes | Created Date = 4/7/2007 11:04:23 AM | Attr = ]
C:\WINDOWS\System32\ac3DX.ax [Ver = 1.01a | Size = 227328 bytes | Created Date = 4/7/2007 6:18:42 PM | Attr = RHS]
C:\WINDOWS\System32\amcompat.tlb [Ver = | Size = 16832 bytes | Created Date = 4/7/2007 4:16:28 PM | Attr = ]
C:\WINDOWS\System32\ati2cqag.dll ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Created Date = 4/7/2007 5:33:32 PM | Attr = ]
C:\WINDOWS\System32\ati2dvaa.dll ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 4/7/2007 5:33:32 PM | Attr = ]
C:\WINDOWS\System32\ati2dvag.dll ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Created Date = 4/7/2007 5:33:32 PM | Attr = ]
C:\WINDOWS\System32\ati3d1ag.dll ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 4/7/2007 5:33:32 PM | Attr = ]
C:\WINDOWS\System32\ati3duag.dll ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Created Date = 4/7/2007 5:33:32 PM | Attr = ]
C:\WINDOWS\System32\ativdaxx.ax ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 4/7/2007 5:33:32 PM | Attr = ]
C:\WINDOWS\System32\ativmvxx.ax ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 4/7/2007 5:33:32 PM | Attr = ]
C:\WINDOWS\System32\ativtmxx.dll ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 4/7/2007 5:33:32 PM | Attr = ]
C:\WINDOWS\System32\ativvaxx.dll ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Created Date = 4/7/2007 5:33:32 PM | Attr = ]
C:\WINDOWS\System32\AUTOEXEC.NT [Ver = | Size = 1688 bytes | Created Date = 4/7/2007 11:05:51 AM | Attr = ]
C:\WINDOWS\System32\AVCDX.ax CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\avisynth.dll The Public [Ver = 2, 5, 7, 0 | Size = 306688 bytes | Created Date = 4/7/2007 6:18:52 PM | Attr = ]
C:\WINDOWS\System32\AVSredirect.dll [Ver = | Size = 27648 bytes | Created Date = 4/7/2007 6:18:52 PM | Attr = ]
C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx [Ver = | Size = 30528 bytes | Created Date = 4/8/2007 1:02:16 AM | Attr = ]
C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx [Ver = | Size = 30528 bytes | Created Date = 4/8/2007 1:02:16 AM | Attr = ]
C:\WINDOWS\System32\BMXState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx [Ver = | Size = 31056 bytes | Created Date = 4/8/2007 1:02:16 AM | Attr = ]
C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx [Ver = | Size = 31056 bytes | Created Date = 4/8/2007 1:02:16 AM | Attr = ]
C:\WINDOWS\System32\bopomofo.uce [Ver = | Size = 22984 bytes | Created Date = 4/7/2007 4:13:22 PM | Attr = ]
C:\WINDOWS\System32\cdplayer.exe.manifest [Ver = | Size = 749 bytes | Created Date = 4/7/2007 4:15:39 PM | Attr = RH ]
C:\WINDOWS\System32\Config.MPF [Ver = | Size = 13556 bytes | Created Date = 4/8/2007 12:52:28 PM | Attr = ]
C:\WINDOWS\System32\CONFIG.NT [Ver = | Size = 2577 bytes | Created Date = 4/7/2007 4:16:30 PM | Attr = ]
C:\WINDOWS\System32\CONFIG.TMP [Ver = | Size = 2577 bytes | Created Date = 4/7/2007 11:05:51 AM | Attr = ]
C:\WINDOWS\System32\CoreAAC.ax [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\CT4MGM.SF2 [Ver = | Size = 4174814 bytes | Created Date = 4/7/2007 10:38:36 PM | Attr = ]
C:\WINDOWS\System32\ctzapxx.ini [Ver = | Size = 191 bytes | Created Date = 4/7/2007 10:37:31 PM | Attr = ]
C:\WINDOWS\System32\c_10006.nls [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:05:58 AM | Attr = ]
C:\WINDOWS\System32\c_10007.nls [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:06:00 AM | Attr = ]
C:\WINDOWS\System32\c_10010.nls [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:05:55 AM | Attr = ]
C:\WINDOWS\System32\c_10017.nls [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:06:00 AM | Attr = ]
C:\WINDOWS\System32\c_10029.nls [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:05:55 AM | Attr = ]
C:\WINDOWS\System32\c_10081.nls [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:06:02 AM | Attr = ]
C:\WINDOWS\System32\c_10082.nls [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:05:55 AM | Attr = ]
C:\WINDOWS\System32\c_20127.nls [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:05:54 AM | Attr = ]
C:\WINDOWS\System32\C_28594.NLS [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:05:57 AM | Attr = ]
C:\WINDOWS\System32\C_28595.NLS [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:06:00 AM | Attr = ]
C:\WINDOWS\System32\C_28597.NLS [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:05:58 AM | Attr = ]
C:\WINDOWS\System32\c_28599.nls [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:06:02 AM | Attr = ]
C:\WINDOWS\System32\c_28603.nls [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:06:03 AM | Attr = ]
C:\WINDOWS\System32\c_737.nls [Ver = | Size = 66594 bytes | Created Date = 4/7/2007 11:05:58 AM | Attr = ]
C:\WINDOWS\System32\c_852.nls [Ver = | Size = 66594 bytes | Created Date = 4/7/2007 11:05:55 AM | Attr = ]
C:\WINDOWS\System32\c_855.nls [Ver = | Size = 66594 bytes | Created Date = 4/7/2007 11:05:57 AM | Attr = ]
C:\WINDOWS\System32\c_857.nls [Ver = | Size = 66594 bytes | Created Date = 4/7/2007 11:06:02 AM | Attr = ]
C:\WINDOWS\System32\c_866.nls [Ver = | Size = 66594 bytes | Created Date = 4/7/2007 11:05:57 AM | Attr = ]
C:\WINDOWS\System32\c_869.nls [Ver = | Size = 66594 bytes | Created Date = 4/7/2007 11:05:58 AM | Attr = ]
C:\WINDOWS\System32\c_875.nls [Ver = | Size = 66082 bytes | Created Date = 4/7/2007 11:05:58 AM | Attr = ]
C:\WINDOWS\System32\d3d9caps.dat [Ver = | Size = 664 bytes | Created Date = 4/8/2007 12:16:00 PM | Attr = ]
C:\WINDOWS\System32\desktop.ini [Ver = | Size = 2 bytes | Created Date = 4/7/2007 4:14:56 PM | Attr = ]
C:\WINDOWS\System32\devil.dll Abysmal Software [Ver = 1.6.6 | Size = 719872 bytes | Created Date = 4/7/2007 6:18:52 PM | Attr = ]
C:\WINDOWS\System32\dgrpsetu.dll Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 4/7/2007 11:05:53 AM | Attr = ]
C:\WINDOWS\System32\dgsetup.dll Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 4/7/2007 11:05:53 AM | Attr = ]
C:\WINDOWS\System32\DiracSplitter.ax Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\dunzip32.dll Inner Media, Inc. [Ver = 5.00.06 | Size = 143360 bytes | Created Date = 4/8/2007 12:44:37 PM | Attr = ]
C:\WINDOWS\System32\DVCState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx [Ver = | Size = 11564 bytes | Created Date = 4/8/2007 1:02:16 AM | Attr = ]
C:\WINDOWS\System32\emptyregdb.dat [Ver = | Size = 21640 bytes | Created Date = 4/7/2007 4:14:05 PM | Attr = ]
C:\WINDOWS\System32\EqnClass.Dll Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 4/7/2007 11:05:53 AM | Attr = ]
C:\WINDOWS\System32\flvDX.dll Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 95072 bytes | Created Date = 4/7/2007 11:05:10 AM | Attr = ]
C:\WINDOWS\System32\gb2312.uce [Ver = | Size = 24006 bytes | Created Date = 4/7/2007 4:13:22 PM | Attr = ]
C:\WINDOWS\System32\GTNDIS3.VXD [Ver = | Size = 31930 bytes | Created Date = 4/7/2007 4:31:18 PM | Attr = ]
C:\WINDOWS\System32\GTNDIS5.sys Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Created Date = 4/7/2007 4:31:18 PM | Attr = ]
C:\WINDOWS\System32\GTW32N50.dll [Ver = 1.0.0.1 | Size = 94208 bytes | Created Date = 4/7/2007 4:31:18 PM | Attr = ]
C:\WINDOWS\System32\hsfcisp2.dll Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 4/7/2007 5:33:30 PM | Attr = ]
C:\WINDOWS\System32\hticons.dll Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 4/7/2007 4:13:29 PM | Attr = ]
C:\WINDOWS\System32\i420vfw.dll www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 4/7/2007 6:18:52 PM | Attr = ]
C:\WINDOWS\System32\iac25_32.ax Intel Corporation [Ver = 2.05.53 | Size = 199680 bytes | Created Date = 4/7/2007 5:33:30 PM | Attr = ]
C:\WINDOWS\System32\ideograf.uce [Ver = | Size = 60458 bytes | Created Date = 4/7/2007 4:13:22 PM | Attr = ]
C:\WINDOWS\System32\instwdm.ini [Ver = | Size = 86446 bytes | Created Date = 4/7/2007 10:37:31 PM | Attr = ]
C:\WINDOWS\System32\ir41_32.ax Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Created Date = 4/7/2007 5:33:30 PM | Attr = ]
C:\WINDOWS\System32\ir41_qc.dll Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Created Date = 4/7/2007 5:33:30 PM | Attr = ]
C:\WINDOWS\System32\ir41_qcx.dll Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Created Date = 4/7/2007 5:33:30 PM | Attr = ]
C:\WINDOWS\System32\ir50_32.dll Intel Corporation [Ver = R.5.10.15.2.55 | Size = 755200 bytes | Created Date = 4/7/2007 5:33:30 PM | Attr = ]
C:\WINDOWS\System32\ir50_qc.dll Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Created Date = 4/7/2007 5:33:29 PM | Attr = ]
C:\WINDOWS\System32\ir50_qcx.dll Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Created Date = 4/7/2007 5:33:29 PM | Attr = ]
C:\WINDOWS\System32\isrdbg32.dll Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 4/7/2007 4:14:50 PM | Attr = ]
C:\WINDOWS\System32\ivfsrc.ax Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Created Date = 4/7/2007 5:33:29 PM | Attr = ]
C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49248 bytes | Created Date = 4/8/2007 7:27:36 AM | Attr = ]
C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 53346 bytes | Created Date = 4/8/2007 7:27:36 AM | Attr = ]
C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 127078 bytes | Created Date = 4/8/2007 7:27:36 AM | Attr = ]
C:\WINDOWS\System32\jpicpl32.cpl Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49265 bytes | Created Date = 4/8/2007 7:27:36 AM | Attr = ]
C:\WINDOWS\System32\kanji_1.uce [Ver = | Size = 6948 bytes | Created Date = 4/7/2007 4:13:22 PM | Attr = ]
C:\WINDOWS\System32\kanji_2.uce [Ver = | Size = 8484 bytes | Created Date = 4/7/2007 4:13:22 PM | Attr = ]
C:\WINDOWS\System32\korean.uce [Ver = | Size = 12876 bytes | Created Date = 4/7/2007 4:13:22 PM | Attr = ]
C:\WINDOWS\System32\logonui.exe.manifest [Ver = | Size = 488 bytes | Created Date = 4/7/2007 4:15:43 PM | Attr = RH ]
C:\WINDOWS\System32\MatroskaDX.ax Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\mdmxsdk.dll Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 4/7/2007 5:33:29 PM | Attr = ]
C:\WINDOWS\System32\mpeg2data.ax [Ver = | Size = 118272 bytes | Created Date = 4/7/2007 5:33:29 PM | Attr = ]
C:\WINDOWS\System32\msdtcprf.h [Ver = | Size = 768 bytes | Created Date = 4/7/2007 4:13:18 PM | Attr = ]
C:\WINDOWS\System32\msdtcprf.ini [Ver = | Size = 1931 bytes | Created Date = 4/7/2007 4:13:18 PM | Attr = ]
C:\WINDOWS\System32\msfDX.dll Hans Mayerl [Ver = 2.02.2113 | Size = 31232 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\mtxparhd.dll Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 4/7/2007 5:33:28 PM | Attr = ]
C:\WINDOWS\System32\ncpa.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 4/7/2007 4:15:39 PM | Attr = RH ]
C:\WINDOWS\System32\nscompat.tlb [Ver = | Size = 23392 bytes | Created Date = 4/7/2007 4:16:28 PM | Attr = ]
C:\WINDOWS\System32\nv4_disp.dll NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Created Date = 4/7/2007 5:33:28 PM | Attr = ]
C:\WINDOWS\System32\nwc.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 4/7/2007 4:15:39 PM | Attr = RH ]
C:\WINDOWS\System32\OpenAL32.dll Portions © Creative Labs Inc. and NVIDIA Corp. [Ver = 6.14.0357.13 | Size = 86016 bytes | Created Date = 4/7/2007 10:37:46 PM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 498352 bytes | Created Date = 4/7/2007 11:06:08 AM | Attr = ]
C:\WINDOWS\System32\RealMediaDX.ax Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\RLAPEDec.ax RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\RLMPCDec.ax RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\RLOgg.ax RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\RLSpeexDec.ax [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\RLTheoraDec.ax RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\RLVorbisDec.ax RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Created Date = 4/7/2007 6:18:43 PM | Attr = RHS]
C:\WINDOWS\System32\s3gnb.dll S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 4/7/2007 5:33:27 PM | Attr = ]
C:\WINDOWS\System32\sapi.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 4/7/2007 4:15:39 PM | Attr = RH ]
C:\WINDOWS\System32\settings.sfm [Ver = | Size = 1080 bytes | Created Date = 4/8/2007 1:02:16 AM | Attr = ]
C:\WINDOWS\System32\settingsbkup.sfm [Ver = | Size = 1080 bytes | Created Date = 4/8/2007 1:02:16 AM | Attr = ]
C:\WINDOWS\System32\shiftjis.uce [Ver = | Size = 16740 bytes | Created Date = 4/7/2007 4:13:23 PM | Attr = ]
C:\WINDOWS\System32\slcoinst.dll Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 4/7/2007 5:33:27 PM | Attr = ]
C:\WINDOWS\System32\slextspk.dll Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 4/7/2007 5:33:27 PM | Attr = ]
C:\WINDOWS\System32\slgen.dll Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 4/7/2007 5:33:27 PM | Attr = ]
C:\WINDOWS\System32\slrundll.exe Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 4/7/2007 5:33:27 PM | Attr = ]
C:\WINDOWS\System32\slserv.exe Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 4/7/2007 5:33:27 PM | Attr = ]
C:\WINDOWS\System32\Smab.dll [Ver = | Size = 471552 bytes | Created Date = 4/7/2007 6:18:52 PM | Attr = ]
C:\WINDOWS\System32\spxcoins.dll Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 4/7/2007 11:05:53 AM | Attr = ]
C:\WINDOWS\System32\subrange.uce [Ver = | Size = 93702 bytes | Created Date = 4/7/2007 4:13:23 PM | Attr = ]
C:\WINDOWS\System32\tslabels.h [Ver = | Size = 3286 bytes | Created Date = 4/7/2007 4:13:20 PM | Attr = ]
C:\WINDOWS\System32\tslabels.ini [Ver = | Size = 13223 bytes | Created Date = 4/7/2007 4:13:20 PM | Attr = ]
C:\WINDOWS\System32\usrlogon.cmd [Ver =

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 08 April 2007 - 05:23 PM

Can you post the rest of the Winpfind.txt into your next reply please.
Posted Image
Posted Image

#5 sliktek

sliktek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 08 April 2007 - 05:26 PM

[Ver = | Size = 1161 bytes | Created Date = 4/7/2007 4:13:20 PM | Attr = ]
C:\WINDOWS\System32\vbicodec.ax [Ver = | Size = 53248 bytes | Created Date = 4/7/2007 5:33:45 PM | Attr = ]
C:\WINDOWS\System32\WindowsLogon.manifest [Ver = | Size = 488 bytes | Created Date = 4/7/2007 4:15:43 PM | Attr = RH ]
C:\WINDOWS\System32\wmimgmt.msc [Ver = | Size = 63488 bytes | Created Date = 4/7/2007 4:13:09 PM | Attr = ]
C:\WINDOWS\System32\wmpscheme.xml [Ver = | Size = 25065 bytes | Created Date = 4/7/2007 4:16:28 PM | Attr = ]
C:\WINDOWS\System32\wpa.bak [Ver = | Size = 13646 bytes | Created Date = 4/7/2007 4:37:54 PM | Attr = ]
C:\WINDOWS\System32\wrap_oal.dll Creative Labs [Ver = 2.0.8.0 | Size = 409600 bytes | Created Date = 4/7/2007 10:37:46 PM | Attr = ]
C:\WINDOWS\System32\wstpager.ax [Ver = | Size = 164352 bytes | Created Date = 4/7/2007 5:33:45 PM | Attr = ]
C:\WINDOWS\System32\wstrenderer.ax [Ver = | Size = 239616 bytes | Created Date = 4/7/2007 5:33:45 PM | Attr = ]
C:\WINDOWS\System32\wuaucpl.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 4/7/2007 4:15:39 PM | Attr = RH ]
C:\WINDOWS\System32\x.264.exe [Ver = | Size = 240128 bytes | Created Date = 4/7/2007 6:18:52 PM | Attr = ]
C:\WINDOWS\System32\XceedZip.dll Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 5.0.117.0 | Size = 427864 bytes | Created Date = 4/8/2007 12:43:41 PM | Attr = ]
C:\WINDOWS\System32\yv12vfw.dll www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 4/7/2007 6:18:52 PM | Attr = ]
C:\WINDOWS\System32\dllcache\apphelp.sdb [Ver = | Size = 217118 bytes | Created Date = 4/7/2007 6:15:10 PM | Attr = ]
C:\WINDOWS\System32\dllcache\apph_sp.sdb [Ver = | Size = 764868 bytes | Created Date = 4/7/2007 6:15:10 PM | Attr = ]
C:\WINDOWS\System32\dllcache\cap7146.sys Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 4/7/2007 4:17:03 PM | Attr = ]
C:\WINDOWS\System32\dllcache\chtskf.dll [Ver = | Size = 173568 bytes | Created Date = 4/7/2007 4:17:05 PM | Attr = ]
C:\WINDOWS\System32\dllcache\dgrpsetu.dll Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 4/7/2007 11:05:53 AM | Attr = ]
C:\WINDOWS\System32\dllcache\dgsetup.dll Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 4/7/2007 11:05:53 AM | Attr = ]
C:\WINDOWS\System32\dllcache\eqnclass.dll Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 4/7/2007 11:05:53 AM | Attr = ]
C:\WINDOWS\System32\dllcache\esucmd.dll SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 4/7/2007 4:17:11 PM | Attr = ]
C:\WINDOWS\System32\dllcache\esuimgd.dll SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 4/7/2007 4:17:11 PM | Attr = ]
C:\WINDOWS\System32\dllcache\esunid.dll SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 4/7/2007 4:17:11 PM | Attr = ]
C:\WINDOWS\System32\dllcache\hanja.lex [Ver = | Size = 108827 bytes | Created Date = 4/7/2007 4:17:15 PM | Attr = ]
C:\WINDOWS\System32\dllcache\HPCRDP.CAT [Ver = | Size = 13472 bytes | Created Date = 4/7/2007 11:05:42 AM | Attr = ]
C:\WINDOWS\System32\dllcache\htrn_jis.dll Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 4/7/2007 4:13:29 PM | Attr = ]
C:\WINDOWS\System32\dllcache\hwxjpn.dll [Ver = | Size = 13463552 bytes | Created Date = 4/7/2007 4:17:20 PM | Attr = ]
C:\WINDOWS\System32\dllcache\IASNT4.CAT [Ver = | Size = 8574 bytes | Created Date = 4/7/2007 11:05:42 AM | Attr = ]
C:\WINDOWS\System32\dllcache\imekr.lex [Ver = | Size = 134339 bytes | Created Date = 4/7/2007 4:17:28 PM | Attr = ]
C:\WINDOWS\System32\dllcache\imjpinst.exe [Ver = | Size = 196665 bytes | Created Date = 4/7/2007 4:17:30 PM | Attr = ]
C:\WINDOWS\System32\dllcache\imscinst.exe [Ver = | Size = 59392 bytes | Created Date = 4/7/2007 4:17:30 PM | Attr = ]
C:\WINDOWS\System32\dllcache\korwbrkr.lex [Ver = | Size = 1158818 bytes | Created Date = 4/7/2007 4:17:36 PM | Attr = ]
C:\WINDOWS\System32\dllcache\ltts1033.lxa [Ver = | Size = 643717 bytes | Created Date = 4/7/2007 11:06:05 AM | Attr = ]
C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [Ver = | Size = 399645 bytes | Created Date = 4/7/2007 11:05:42 AM | Attr = ]
C:\WINDOWS\System32\dllcache\MW770.CAT [Ver = | Size = 37484 bytes | Created Date = 4/7/2007 11:05:42 AM | Attr = ]
C:\WINDOWS\System32\dllcache\nls302en.lex [Ver = | Size = 4399505 bytes | Created Date = 4/7/2007 4:15:27 PM | Attr = ]
C:\WINDOWS\System32\dllcache\NT5IIS.CAT [Ver = | Size = 797189 bytes | Created Date = 4/7/2007 11:05:42 AM | Attr = ]
C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [Ver = | Size = 7382 bytes | Created Date = 4/7/2007 11:05:42 AM | Attr = ]
C:\WINDOWS\System32\dllcache\pintlcsa.dll [Ver = | Size = 175104 bytes | Created Date = 4/7/2007 4:17:47 PM | Attr = ]
C:\WINDOWS\System32\dllcache\r1033tts.lxa [Ver = | Size = 605050 bytes | Created Date = 4/7/2007 11:06:05 AM | Attr = ]
C:\WINDOWS\System32\dllcache\rw330ext.dll Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 4/7/2007 4:17:51 PM | Attr = ]
C:\WINDOWS\System32\dllcache\rwia001.dll Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 4/7/2007 4:17:51 PM | Attr = ]
C:\WINDOWS\System32\dllcache\rwia330.dll Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 4/7/2007 4:17:52 PM | Attr = ]
C:\WINDOWS\System32\dllcache\sam.sdf [Ver = | Size = 888 bytes | Created Date = 4/7/2007 11:06:06 AM | Attr = ]
C:\WINDOWS\System32\dllcache\sam.spd [Ver = | Size = 1685606 bytes | Created Date = 4/7/2007 11:06:06 AM | Attr = ]
C:\WINDOWS\System32\dllcache\spxcoins.dll Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 4/7/2007 11:05:53 AM | Attr = ]
C:\WINDOWS\System32\dllcache\srframe.mmf [Ver = | Size = 984 bytes | Created Date = 4/7/2007 4:14:50 PM | Attr = ]
C:\WINDOWS\System32\dllcache\sysmain.sdb [Ver = | Size = 1197294 bytes | Created Date = 4/7/2007 6:15:09 PM | Attr = ]
C:\WINDOWS\System32\drivers\adv01nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\adv02nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\adv05nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\adv07nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\adv08nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\adv09nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\adv11nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\amdagp.sys Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati1btxx.sys ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati1mdxx.sys ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati1pdxx.sys ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati1raxx.sys ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 4/7/2007 5:33:37 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati1rvxx.sys ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati1snxx.sys ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati1ttxx.sys ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati1tuxx.sys ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati1xbxx.sys ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati1xsxx.sys ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati2mtaa.sys ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\ati2mtag.sys ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atinbtxx.sys ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atinmdxx.sys ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atinpdxx.sys ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atinraxx.sys ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atinrvxx.sys ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atinsnxx.sys ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atinttxx.sys ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atintuxx.sys ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atinxbxx.sys ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atinxsxx.sys ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\ativmc20.cod [Ver = | Size = 64352 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atv01nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atv02nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atv04nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 4/7/2007 5:33:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\atv06nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Created Date = 4/7/2007 5:33:35 PM | Attr = ]
C:\WINDOWS\System32\drivers\atv10nt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Created Date = 4/7/2007 5:33:35 PM | Attr = ]
C:\WINDOWS\System32\drivers\AvgAsCln.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/8/2007 2:06:47 PM | Attr = ]
C:\WINDOWS\System32\drivers\ch7xxnt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Created Date = 4/7/2007 5:33:35 PM | Attr = ]
C:\WINDOWS\System32\drivers\core.cache.dsk [Ver = | Size = 161849 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = ]
C:\WINDOWS\System32\drivers\core.sys [Ver = | Size = 72320 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = ]
C:\WINDOWS\System32\drivers\cxthsfs2.cty [Ver = | Size = 129045 bytes | Created Date = 4/7/2007 5:33:35 PM | Attr = ]
C:\WINDOWS\System32\drivers\hsfbs2s2.sys Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 4/7/2007 5:33:35 PM | Attr = ]
C:\WINDOWS\System32\drivers\hsfcxts2.sys Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 4/7/2007 5:33:35 PM | Attr = ]
C:\WINDOWS\System32\drivers\hsfdpsp2.sys Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 4/7/2007 5:33:34 PM | Attr = ]
C:\WINDOWS\System32\drivers\mdmxsdk.sys Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Created Date = 4/7/2007 5:33:34 PM | Attr = ]
C:\WINDOWS\System32\drivers\mfeavfk.sys McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Created Date = 4/8/2007 12:43:51 PM | Attr = ]
C:\WINDOWS\System32\drivers\mfebopk.sys McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 34184 bytes | Created Date = 4/8/2007 12:43:53 PM | Attr = ]
C:\WINDOWS\System32\drivers\mfehidk.sys McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 170408 bytes | Created Date = 4/8/2007 12:43:51 PM | Attr = ]
C:\WINDOWS\System32\drivers\mferkdk.sys McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 32008 bytes | Created Date = 4/8/2007 12:43:54 PM | Attr = ]
C:\WINDOWS\System32\drivers\mfesmfk.sys McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 37480 bytes | Created Date = 4/8/2007 12:43:53 PM | Attr = ]
C:\WINDOWS\System32\drivers\Mpfp.sys McAfee, Inc. [Ver = 8.3.111.0 | Size = 109608 bytes | Created Date = 4/8/2007 12:43:44 PM | Attr = ]
C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [Ver = | Size = 0 bytes | Created Date = 4/7/2007 6:12:23 PM | Attr = H ]
C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf [Ver = | Size = 0 bytes | Created Date = 4/7/2007 6:12:24 PM | Attr = H ]
C:\WINDOWS\System32\drivers\mtlmnt5.sys Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 4/7/2007 5:33:34 PM | Attr = ]
C:\WINDOWS\System32\drivers\mtlstrm.sys Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 4/7/2007 5:33:34 PM | Attr = ]
C:\WINDOWS\System32\drivers\mtxparhm.sys Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 4/7/2007 5:33:34 PM | Attr = ]
C:\WINDOWS\System32\drivers\netwlan5.img [Ver = | Size = 67866 bytes | Created Date = 4/7/2007 5:33:34 PM | Attr = ]
C:\WINDOWS\System32\drivers\ntmtlfax.sys Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 4/7/2007 5:33:34 PM | Attr = ]
C:\WINDOWS\System32\drivers\nv4_mini.sys NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 4/7/2007 5:33:34 PM | Attr = ]
C:\WINDOWS\System32\drivers\recagent.sys Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\RT2500.sys Ralink Technology Inc. [Ver = 3.01.00.0000 | Size = 243328 bytes | Created Date = 4/7/2007 4:31:18 PM | Attr = ]
C:\WINDOWS\System32\drivers\s3gnbm.sys S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\siint5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\sisagp.sys Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\slnt7554.sys Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\slntamr.sys Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\slnthal.sys Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\slwdmsup.sys Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\TVICHW32.SYS EnTech Taiwan [Ver = 6.0 | Size = 23600 bytes | Created Date = 4/8/2007 12:16:02 PM | Attr = ]
C:\WINDOWS\System32\drivers\vchnt5.dll Intel® Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\wadv07nt.sys Intel® Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\wadv08nt.sys Intel® Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\wadv09nt.sys Intel® Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\wadv11nt.sys Intel® Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 4/7/2007 5:33:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\watv06nt.sys Intel® Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 4/7/2007 5:33:32 PM | Attr = ]
C:\WINDOWS\System32\drivers\watv10nt.sys Intel® Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 4/7/2007 5:33:32 PM | Attr = ]
C:\WINDOWS\System32\drivers\WscNetDr.sys McAfee, Inc. [Ver = 2, 0, 1, 2 | Size = 86880 bytes | Created Date = 4/8/2007 12:45:05 PM | Attr = ]
C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [Ver = | Size = 0 bytes | Created Date = 4/7/2007 6:14:09 PM | Attr = H ]

»»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»»

C:\AUTOEXEC.BAT [Ver = | Size = 0 bytes | Modified Date = 4/7/2007 5:16:32 PM | Attr = ]
C:\boot.ini [Ver = | Size = 211 bytes | Modified Date = 4/7/2007 6:34:34 PM | Attr = RHS]
C:\CONFIG.SYS [Ver = | Size = 0 bytes | Modified Date = 4/7/2007 5:16:32 PM | Attr = ]
C:\District B13.avi.MOV [Ver = | Size = 18587695 bytes | Modified Date = 4/7/2007 7:22:08 PM | Attr = ]
C:\IO.SYS [Ver = | Size = 0 bytes | Modified Date = 4/7/2007 5:16:32 PM | Attr = RHS]
C:\MSDOS.SYS [Ver = | Size = 0 bytes | Modified Date = 4/7/2007 5:16:32 PM | Attr = RHS]
C:\NTDETECT.COM [Ver = | Size = 47564 bytes | Modified Date = 4/7/2007 6:28:16 PM | Attr = RHS]
C:\Documents and Settings\All Users\Application Data\desktop.ini [Ver = | Size = 62 bytes | Modified Date = 4/7/2007 12:05:44 PM | Attr = HS]
C:\Documents and Settings\Logan\Application Data\desktop.ini [Ver = | Size = 62 bytes | Modified Date = 4/7/2007 12:05:44 PM | Attr = HS]
C:\Documents and Settings\Logan\Application Data\Dxcdmns.dll [Ver = | Size = 76 bytes | Modified Date = 4/8/2007 11:51:58 AM | Attr = ]
C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 5120 bytes | Modified Date = 4/7/2007 7:20:00 PM | Attr = ]
C:\Documents and Settings\Logan\Local Settings\Application Data\fusioncache.dat [Ver = | Size = 128 bytes | Modified Date = 4/8/2007 1:46:12 PM | Attr = ]
C:\Documents and Settings\Logan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 13104 bytes | Modified Date = 4/8/2007 1:30:28 PM | Attr = ]
C:\Documents and Settings\Logan\Local Settings\Application Data\IconCache.db [Ver = | Size = 6410430 bytes | Modified Date = 4/8/2007 1:54:54 PM | Attr = H ]
C:\Documents and Settings\All Users\Documents\desktop.ini [Ver = | Size = 62 bytes | Modified Date = 4/7/2007 12:05:44 PM | Attr = HS]
C:\Documents and Settings\Logan\My Documents\desktop.ini [Ver = | Size = 76 bytes | Modified Date = 4/7/2007 7:36:44 PM | Attr = HS]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 849 bytes | Modified Date = 4/8/2007 3:06:50 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [Ver = | Size = 671 bytes | Modified Date = 4/8/2007 1:47:48 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [Ver = | Size = 1602 bytes | Modified Date = 4/7/2007 6:00:58 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk [Ver = | Size = 1689 bytes | Modified Date = 4/7/2007 7:18:44 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk [Ver = | Size = 1665 bytes | Modified Date = 4/7/2007 7:18:44 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [Ver = | Size = 719 bytes | Modified Date = 4/7/2007 10:54:48 PM | Attr = ]
C:\Documents and Settings\Logan\Desktop\choose.pdf [Ver = | Size = 236734 bytes | Modified Date = 4/8/2007 2:26:48 PM | Attr = ]
C:\Documents and Settings\Logan\Desktop\click.php Atribune.org [Ver = 6.03.0019 | Size = 97280 bytes | Modified Date = 4/8/2007 3:29:42 PM | Attr = ]
C:\Documents and Settings\Logan\Desktop\Free Download Manager.lnk [Ver = | Size = 664 bytes | Modified Date = 4/7/2007 11:17:10 PM | Attr = ]
C:\Documents and Settings\Logan\Desktop\FrostWire 4.13.1.6 BETA.lnk [Ver = | Size = 856 bytes | Modified Date = 4/8/2007 8:27:40 AM | Attr = ]
C:\Documents and Settings\Logan\Desktop\PowerISO36.exe [Ver = | Size = 871415 bytes | Modified Date = 4/8/2007 1:40:22 PM | Attr = ]
C:\Documents and Settings\Logan\Desktop\µTorrent.lnk [Ver = | Size = 630 bytes | Modified Date = 4/7/2007 10:14:52 PM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Modified Date = 4/7/2007 5:16:34 PM | Attr = HS]
C:\Documents and Settings\Logan\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Modified Date = 4/7/2007 5:16:34 PM | Attr = HS]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 4/8/2007 4:06:14 PM | Attr = S]
C:\WINDOWS\control.ini [Ver = | Size = 0 bytes | Modified Date = 4/7/2007 5:16:32 PM | Attr = ]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1355 bytes | Modified Date = 4/8/2007 7:44:52 AM | Attr = ]
C:\WINDOWS\mozver.dat [Ver = | Size = 1604 bytes | Modified Date = 4/8/2007 1:15:50 PM | Attr = ]
C:\WINDOWS\nsreg.dat [Ver = | Size = 0 bytes | Modified Date = 4/7/2007 6:01:06 PM | Attr = ]
C:\WINDOWS\ODBCINST.INI [Ver = | Size = 4161 bytes | Modified Date = 4/7/2007 5:16:22 PM | Attr = ]
C:\WINDOWS\REGLOCS.OLD [Ver = | Size = 8192 bytes | Modified Date = 4/7/2007 5:18:54 PM | Attr = ]
C:\WINDOWS\super.chm [Ver = | Size = 9292 bytes | Modified Date = 3/14/2007 1:45:20 PM | Attr = H ]
C:\WINDOWS\system.ini [Ver = | Size = 231 bytes | Modified Date = 4/7/2007 12:06:06 PM | Attr = ]
C:\WINDOWS\uni_eh10.exe [Ver = 1.00.0010 | Size = 57344 bytes | Modified Date = 3/15/2007 9:46:36 AM | Attr = ]
C:\WINDOWS\vb.ini [Ver = | Size = 36 bytes | Modified Date = 4/7/2007 5:13:58 PM | Attr = ]
C:\WINDOWS\vbaddin.ini [Ver = | Size = 37 bytes | Modified Date = 4/7/2007 5:13:58 PM | Attr = ]
C:\WINDOWS\VTTC.exe [Ver = | Size = 105434 bytes | Modified Date = 4/8/2007 11:19:12 AM | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 650 bytes | Modified Date = 4/8/2007 11:16:10 AM | Attr = ]
C:\WINDOWS\WindowsShell.Manifest [Ver = | Size = 749 bytes | Modified Date = 4/7/2007 5:15:40 PM | Attr = RH ]
C:\WINDOWS\WMSysPr9.prx [Ver = | Size = 316640 bytes | Modified Date = 4/7/2007 7:07:50 PM | Attr = ]
C:\WINDOWS\WMSysPrx.prx [Ver = | Size = 299552 bytes | Modified Date = 4/7/2007 5:16:28 PM | Attr = ]
C:\WINDOWS\{00000005-00000000-00000009-00001102-00000004-20021102}.BAK [Ver = | Size = 4958588 bytes | Modified Date = 4/8/2007 3:08:18 PM | Attr = ]
C:\WINDOWS\{00000005-00000000-00000009-00001102-00000004-20021102}.CDF [Ver = | Size = 4958588 bytes | Modified Date = 4/8/2007 3:08:18 PM | Attr = ]
C:\WINDOWS\System32\$winnt$.inf [Ver = | Size = 261 bytes | Modified Date = 4/7/2007 5:18:14 PM | Attr = ]
C:\WINDOWS\System32\amcompat.tlb [Ver = | Size = 16832 bytes | Modified Date = 4/7/2007 7:15:04 PM | Attr = ]
C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx [Ver = | Size = 30528 bytes | Modified Date = 4/8/2007 4:05:28 PM | Attr = ]
C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx [Ver = | Size = 30528 bytes | Modified Date = 4/8/2007 4:05:28 PM | Attr = ]
C:\WINDOWS\System32\BMXState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx [Ver = | Size = 31056 bytes | Modified Date = 4/8/2007 4:05:28 PM | Attr = ]
C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx [Ver = | Size = 31056 bytes | Modified Date = 4/8/2007 4:05:28 PM | Attr = ]
C:\WINDOWS\System32\cdplayer.exe.manifest [Ver = | Size = 749 bytes | Modified Date = 4/7/2007 5:15:40 PM | Attr = RH ]
C:\WINDOWS\System32\Config.MPF [Ver = | Size = 13556 bytes | Modified Date = 4/8/2007 4:12:06 PM | Attr = ]
C:\WINDOWS\System32\CONFIG.NT [Ver = | Size = 2577 bytes | Modified Date = 4/7/2007 5:16:32 PM | Attr = ]
C:\WINDOWS\System32\d3d9caps.dat [Ver = | Size = 664 bytes | Modified Date = 4/8/2007 1:16:02 PM | Attr = ]
C:\WINDOWS\System32\DVCState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx [Ver = | Size = 11564 bytes | Modified Date = 4/8/2007 4:05:28 PM | Attr = ]
C:\WINDOWS\System32\emptyregdb.dat [Ver = | Size = 21640 bytes | Modified Date = 4/7/2007 5:14:06 PM | Attr = ]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 95072 bytes | Modified Date = 4/7/2007 7:23:34 PM | Attr = ]
C:\WINDOWS\System32\logonui.exe.manifest [Ver = | Size = 488 bytes | Modified Date = 4/7/2007 5:15:44 PM | Attr = RH ]
C:\WINDOWS\System32\ncpa.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 4/7/2007 5:15:40 PM | Attr = RH ]
C:\WINDOWS\System32\nscompat.tlb [Ver = | Size = 23392 bytes | Modified Date = 4/7/2007 7:15:04 PM | Attr = ]
C:\WINDOWS\System32\nwc.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 4/7/2007 5:15:40 PM | Attr = RH ]
C:\WINDOWS\System32\OpenAL32.dll Portions © Creative Labs Inc. and NVIDIA Corp. [Ver = 6.14.0357.13 | Size = 86016 bytes | Modified Date = 4/7/2007 11:37:48 PM | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 70124 bytes | Modified Date = 4/7/2007 7:30:56 PM | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 436360 bytes | Modified Date = 4/7/2007 7:30:56 PM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 498352 bytes | Modified Date = 4/7/2007 7:30:56 PM | Attr = ]
C:\WINDOWS\System32\sapi.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 4/7/2007 5:15:40 PM | Attr = RH ]
C:\WINDOWS\System32\settings.sfm [Ver = | Size = 1080 bytes | Modified Date = 4/8/2007 4:05:28 PM | Attr = ]
C:\WINDOWS\System32\settingsbkup.sfm [Ver = | Size = 1080 bytes | Modified Date = 4/8/2007 4:05:28 PM | Attr = ]
C:\WINDOWS\System32\WindowsLogon.manifest [Ver = | Size = 488 bytes | Modified Date = 4/7/2007 5:15:44 PM | Attr = RH ]
C:\WINDOWS\System32\wmpscheme.xml [Ver = | Size = 25065 bytes | Modified Date = 4/7/2007 5:21:10 PM | Attr = ]
C:\WINDOWS\System32\wpa.bak [Ver = | Size = 13646 bytes | Modified Date = 4/7/2007 5:37:54 PM | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 13646 bytes | Modified Date = 4/8/2007 4:06:50 PM | Attr = ]
C:\WINDOWS\System32\wrap_oal.dll Creative Labs [Ver = 2.0.8.0 | Size = 409600 bytes | Modified Date = 4/7/2007 11:37:48 PM | Attr = ]
C:\WINDOWS\System32\wuaucpl.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 4/7/2007 5:15:40 PM | Attr = RH ]
C:\WINDOWS\System32\drivers\core.cache.dsk [Ver = | Size = 161849 bytes | Modified Date = 4/8/2007 10:19:34 AM | Attr = ]
C:\WINDOWS\System32\drivers\core.sys [Ver = | Size = 72320 bytes | Modified Date = 4/8/2007 10:19:30 AM | Attr = ]
C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [Ver = | Size = 0 bytes | Modified Date = 4/7/2007 7:12:24 PM | Attr = H ]
C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf [Ver = | Size = 0 bytes | Modified Date = 4/7/2007 7:12:26 PM | Attr = H ]
C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [Ver = | Size = 0 bytes | Modified Date = 4/7/2007 7:14:10 PM | Attr = H ]

»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
[PEC2 , PECompact2 , ]C:\Documents and Settings\Logan\Desktop\click.php (Atribune.org)
[UPX! , UPX0 , ]C:\WINDOWS\System32\ac3DX.ax ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\AVCDX.ax (CoreCodec)
[UPX! , UPX0 , ]C:\WINDOWS\System32\avisynth.dll (The Public)
[UPX! , UPX0 , ]C:\WINDOWS\System32\CoreAAC.ax ()
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\DiracSplitter.ax (Gabest)
[UPX! , UPX0 , ]C:\WINDOWS\System32\flvDX.dll (Gabest)
[UPX! , UPX0 , ]C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
[UPX! , UPX0 , ]C:\WINDOWS\System32\MatroskaDX.ax (Gabest)
[PEC2 , PECompact2 , ]C:\WINDOWS\System32\msfDX.dll (Hans Mayerl)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RealMediaDX.ax (Gabest)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLAPEDec.ax (RadLight)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLMPCDec.ax (RadLight)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLOgg.ax (RadLight)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLSpeexDec.ax ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLTheoraDec.ax (RadLight, LLC)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLVorbisDec.ax (RadLight)
[PEC2 , PECompact2 , ]C:\WINDOWS\System32\Smab.dll ()
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\x.264.exe ()
[Thawte Consulting , ]C:\WINDOWS\System32\XceedZip.dll (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com)
[UPX! , UPX0 , ]C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
[UPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll ()
[PTech , ]C:\WINDOWS\System32\drivers\mtlstrm.sys (Smart Link)

< End of report >

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 08 April 2007 - 05:36 PM

Thanks,lets see if this helps:

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:


Files to delete:
C:\WINDOWS\System32\drivers\core.cache.dsk
C:\WINDOWS\System32\drivers\core.sys

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.
Posted Image
Posted Image

#7 sliktek

sliktek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 08 April 2007 - 05:46 PM

There was no output.txt where you said it would be, but here is avenger.txt:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\woqokjnd

*******************

Script file located at: \??\C:\WINDOWS\system32\plwbtnjy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\System32\drivers\core.cache.dsk deleted successfully.
File C:\WINDOWS\System32\drivers\core.sys deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#8 sliktek

sliktek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 08 April 2007 - 05:50 PM

wow thanx so far it has worked, no popups to this point from the restart.

Can you explain to me what the problem was?

I'm sort of a techie and want to learn more.

Edited by sliktek, 08 April 2007 - 05:51 PM.


#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 08 April 2007 - 06:01 PM

Thats great :thumbsup:
Those two drivers are the two components of Trojan.Drop.Rootkit.A.2 or Rootkit.Agent.CL

Could you please now do the following:
Download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
* Also post a new Hijackthis log please.
Posted Image
Posted Image

#10 sliktek

sliktek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 08 April 2007 - 06:08 PM

Can this one wait a few hours because I'm working on homework?

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 08 April 2007 - 06:12 PM

Of course,do it when you can :thumbsup:
Posted Image
Posted Image

#12 sliktek

sliktek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 08 April 2007 - 07:24 PM

Here are the results to Dr Web even though I did not delete anything because the results that it thought were trojans were actually parts of Mcafee antivirus:
mps.exe;c:\program files\mcafee\mps;Probably BACKDOOR.Trojan;;
mcupdmgr.exe;c:\program files\mcafee\msc;Probably DLOADER.Trojan;;

Here are the results to a new HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 7:20:23 PM, on 4/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Logan\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {4BB81B5B-87BA-4AB1-86F9-81669092ADB7} - C:\Program Files\WindowsUpdate\hokep.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: McAfee Wi-FiScan - http://download.mcafee.com/molbin/iss-loc/...ScannerCtrl.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 09 April 2007 - 03:13 AM

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\Program Files\WindowsUpdate\hokep.dll
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply please.

If Jotti's too busy,try here:
Go here:http://www.virustotal.com/en/virustotalf.html
Using the 'Browse' button,browse to:
C:\Program Files\WindowsUpdate\hokep.dll
Then click on 'Send'.
Post the results into your next reply please.
Posted Image
Posted Image

#14 sliktek

sliktek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 09 April 2007 - 10:04 AM

I am following your instructions now. Ok so the popups are back but there isn't as many.

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 09 April 2007 - 10:39 AM

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt,and a new Hijackthis log into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users