Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help...Here is hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please help...Here is hijackthis log

Unread postby gringo_pr » December 29th, 2007, 1:03 pm

Hello neech


Please remember to have all your external drives connected during the fixes


: Run CFScript
Open Notepad and copy/paste the text in the box into the window:

Code: Select all
DirLook:: 
C:\TALLYNL

File:: 
F:\autorun.inf
F:\n1deiect.com
F:\nideiect.com 
C:\nideiect.com 
C:\autorun.inf 
C:\n1deiect.com
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\amvo.exe 

Registry:: 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amva"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4109f6e7-ae24-11dc-b696-0015c51718f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = 01
"ShowSuperHidden" = 01
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue" = 01



Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur!
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation.

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm


I would recommend that you uninstall LimeWire, you can do so via Control Panel >> Add or Remove Programs.

:Run Kaspersky Online AV Scanner:

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply

send me the combofix log
the Kaspersky log
a new hijackthis log

gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico
Advertisement
Register to Remove

Re: Please help...Here is hijackthis log

Unread postby neech » January 5th, 2008, 4:10 am

hi gringo...
Unfornuately your method didnt work for me.
When Kaspersky Scanner was loading in my system, it loaded together with malware/viruses which blocked my internet.
I was not able to access internet at all until i finally uninstalled and reinstalled my network drivers.
The malware which i have in my system loads itself from websites (any websites) when i open them.
I have come to known that combofix, hjt or sdfix wont slove my problem
I need a very strong tool to remove the malware in my system
I recently install Ad-Aware and remove 35 infections which it detected. But they keep coming back
Further help will be much appreciated...
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm

Re: Please help...Here is hijackthis log

Unread postby gringo_pr » January 6th, 2008, 9:29 am

Hello neech

did you do the combofix script or not,
if you did I need to see the log, each pass is getting us closer and closer to the end of this.
if not then run the script from the previous post
I need to see the log from combofix



scan with winpfind3

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files.
It will create a folder named WinPFind3u on your desktop.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Change settings Under Files/Folders Created Within
    • Click on 60 days
  • Change settings Under Files/Folders Modified Within
    • Click on 60 days
Next on the right side of screen Under Additional Scans
  • Put a checkmark in the box next to Reg-ControlSets
  • Put a checkmark in the box next to Reg-File Associations
  • Put a checkmark in the box next to Reg-Security Settings
Now click the Run Scan button on the toolbar.

The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


If, after posting, the last line is not End of Report then the log is too big to fit into a single post and you will need to split it into multiple posts.



Download and Run Blacklight

  • Please download F-Secure Blacklight (fsbl.exe) from here
  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    Code: Select all
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic

I need to see the log from combofix
the log from winpfind
and the log from blacklight

Are there more than one account on this computer? If so please post HijackThis logs for the other accounts as well.

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Please help...Here is hijackthis log

Unread postby neech » January 7th, 2008, 10:45 am

hi gringo
Please note that i ran combofix first, then winpfind3u and finally fsbl

Here is the combofix log:
ComboFix 08-01-07.4 - B h a r a t 2008-01-07 6:17:46.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.84 [GMT -8:00]
Running from: C:\Documents and Settings\B h a r a t\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\B h a r a t\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\autorun.inf
C:\n1deiect.com
C:\nideiect.com
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo1.dll
F:\autorun.inf
F:\n1deiect.com
F:\nideiect.com
.

((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 06:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 13:09 . 2008-01-06 13:09 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-01-05 23:32 . 2008-01-05 23:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-05 23:32 . 2008-01-05 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-05 23:31 . 2008-01-05 23:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 02:12 . 2008-01-05 02:12 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-01-05 02:12 . 2004-05-11 08:14 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-01-05 02:12 . 2006-05-11 18:32 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-01-05 02:12 . 2006-12-12 14:15 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2008-01-05 02:12 . 2006-11-12 13:44 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2008-01-05 02:12 . 2005-11-10 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-01-05 02:12 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-01-05 02:12 . 2004-01-03 00:08 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-01-05 02:12 . 2004-01-03 00:08 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-01-05 02:12 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-01-05 02:12 . 2005-07-11 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-01-05 01:45 . 2008-01-05 01:45 <DIR> d-------- C:\Program Files\eRightSoft
2008-01-04 23:37 . 2008-01-04 23:37 <DIR> d-------- C:\Program Files\Broadcom
2008-01-04 23:37 . 2006-11-21 04:25 45,568 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2008-01-04 03:13 . 2008-01-04 03:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 05:35 . 2007-12-28 05:35 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\PrevxCSI
2007-12-28 05:35 . 2007-12-28 05:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-26 04:48 . 2007-12-26 04:48 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Nokia Multimedia Player
2007-12-25 09:53 . 2007-12-25 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-25 09:52 . 2007-12-25 09:53 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-24 13:13 . 2007-12-24 13:14 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-23 13:40 . 2008-01-07 02:10 <DIR> d-------- C:\Documents and Settings\B h a r a t\Shared
2007-12-23 13:40 . 2008-01-07 06:19 <DIR> d-------- C:\Documents and Settings\B h a r a t\Incomplete
2007-12-23 13:39 . 2007-12-23 13:39 <DIR> d-------- C:\Program Files\LimeWire
2007-12-23 13:39 . 2008-01-04 23:51 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\LimeWire
2007-12-22 01:48 . 2007-12-22 01:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-22 01:46 . 2008-01-06 05:10 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Nokia
2007-12-22 01:46 . 2007-12-22 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Nokia
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-12-22 01:45 . 2007-12-22 08:12 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\PC Suite
2007-12-22 01:45 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-12-22 01:45 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-22 01:45 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-22 01:45 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-12-22 01:45 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-12-22 01:45 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-12-22 01:44 . 2007-12-22 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-12-21 03:25 . 2007-12-21 03:26 <DIR> d-------- C:\TALLYNL
2007-12-20 02:34 . 2007-12-20 02:34 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Camfrog
2007-12-20 02:32 . 2007-12-20 02:44 <DIR> d-------- C:\Program Files\Camfrog
2007-12-19 14:12 . 2007-12-19 14:12 <DIR> d-------- C:\WINDOWS\Sun
2007-12-19 04:08 . 2008-01-07 00:05 <DIR> d-------- C:\Program Files\WebcamMax
2007-12-19 03:17 . 2007-12-29 03:54 230,424 --a------ C:\DC6810xp-001.raw
2007-12-18 05:31 . 2007-12-18 05:31 <DIR> d-------- C:\Program Files\LeechGet 2007
2007-12-16 04:58 . 2007-12-16 04:58 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-16 01:48 . 2008-01-07 04:50 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-16 00:28 . 2007-12-16 00:28 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-16 00:28 . 2007-12-16 00:28 <DIR> d-------- C:\Program Files\Ahead
2007-12-16 00:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-16 00:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-16 00:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-16 00:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-16 00:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-16 00:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-12-16 00:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-16 00:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-14 14:15 . 2004-08-03 10:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-14 14:14 . 2006-09-16 03:02 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-14 03:01 . 2007-12-14 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-13 12:40 . 2007-12-13 12:48 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-13 10:15 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-13 10:14 . 2007-12-13 10:15 <DIR> d-------- C:\Program Files\Java
2007-12-13 08:46 . 2007-12-13 08:46 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-12 08:51 . 2007-07-12 15:31 765,952 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-12-12 04:48 . 2007-12-12 04:48 <DIR> d--hs---- C:\INCINERATE
2007-12-12 04:44 . 2007-12-14 22:35 <DIR> d-------- C:\Program Files\iolo
2007-12-12 04:44 . 2007-12-12 04:44 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2007-12-11 12:10 . 2007-12-14 14:15 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-11 09:56 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-11 09:56 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-11 09:56 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-11 08:51 . 2008-01-07 01:37 89 --a------ C:\WINDOWS\cdplayer.ini
2007-12-11 08:49 . 2007-12-11 08:49 <DIR> d-------- C:\Program Files\Real
2007-12-11 08:49 . 2007-12-11 08:49 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-11 08:49 . 2007-12-11 08:49 <DIR> d-------- C:\Program Files\Common Files\Real
2007-12-11 07:03 . 2007-12-11 07:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-10 22:51 . 2007-03-30 19:58 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2007-12-10 10:30 . 2007-12-10 10:30 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-10 07:50 . 2007-12-11 06:28 <DIR> d-------- C:\Program Files\Windows Live
2007-12-10 07:50 . 2007-12-10 10:20 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-10 07:49 . 2007-12-11 06:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-10 06:14 . 2007-12-10 06:16 <DIR> d-------- C:\Program Files\Microsoft LifeCam
2007-12-10 06:08 . 2007-12-17 23:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-10 05:44 . 2007-12-10 05:44 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-10 05:07 . 2005-07-04 16:03 1,650,688 --a------ C:\WINDOWS\system32\qdiagdwc.ocx
2007-12-10 05:07 . 2005-02-09 13:08 7,168 --a------ C:\WINDOWS\system32\DLPT64.sys
2007-12-10 05:07 . 2005-02-08 13:04 5,632 --a------ C:\WINDOWS\system32\GPCIEn64.sys
2007-12-10 05:07 . 2005-02-08 15:46 5,120 --a------ C:\WINDOWS\system32\GTKCMO64.sys
2007-12-10 05:07 . 2005-02-07 19:07 4,608 --a------ C:\WINDOWS\system32\DDMI64.sys
2007-12-10 04:43 . 2007-12-10 04:43 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2007-12-10 04:43 . 2006-04-26 14:59 217,185 --a------ C:\WINDOWS\system32\GTDownDE_130.ocx
2007-12-10 04:42 . 2007-12-10 04:42 <DIR> d-------- C:\Program Files\Dell Support

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 13:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-10 08:48 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-10 08:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-10 08:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 08:41 --------- d-----w C:\Program Files\Microsoft PowerToys
2007-12-10 08:41 --------- d-----w C:\Program Files\HashTab Shell Extension
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 17:20 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-10-31 03:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-31 03:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 19:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\TALLYNL ----

2008-01-06 21:52 7811 --a------ C:\TALLYNL\TALLY.SAV
2008-01-06 21:52 0 --a------ C:\TALLYNL\DATA\3210\Exclusv.TSM
2008-01-06 21:49 0 --a------ C:\TALLYNL\DATA\0010\Exclusv.TSM
2007-12-27 10:21 0 --a------ C:\TALLYNL\DATA\0005\Exclusv.TSM
2007-12-27 10:20 9216 --a------ C:\TALLYNL\DATA\0005\Manager.500
2007-12-27 10:20 7040 --a------ C:\TALLYNL\DATA\0005\Tr01294.500
2007-12-27 10:20 128 --a------ C:\TALLYNL\DATA\0005\TrnTNos.500
2007-12-27 10:20 128 --a------ C:\TALLYNL\DATA\0005\TrnRefs.500
2007-12-27 10:20 128 --a------ C:\TALLYNL\DATA\0005\TrnOrds.500
2007-12-27 10:20 128 --a------ C:\TALLYNL\DATA\0005\TrnLots.500
2007-12-27 10:20 1152 --a------ C:\TALLYNL\DATA\0005\Company.500
2007-12-27 10:20 1152 --a------ C:\TALLYNL\DATA\0005\CmpSave.500
2007-12-27 10:02 9600 --a------ C:\TALLYNL\DATA\0005\Tr01292.500
2007-12-27 10:02 8576 --a------ C:\TALLYNL\DATA\0005\Tr01293.500
2007-12-27 10:02 12800 --a------ C:\TALLYNL\DATA\0005\Tr01291.500
2007-12-27 10:02 128 --a------ C:\TALLYNL\DATA\0005\MsgRead.TSM
2007-12-26 10:23 91264 --a------ C:\TALLYNL\DATA\0003\Tr01284.500
2007-12-26 10:23 81280 --a------ C:\TALLYNL\DATA\0003\Tr01292.500
2007-12-26 10:23 76544 --a------ C:\TALLYNL\DATA\0003\Tr01286.500
2007-12-26 10:23 75776 --a------ C:\TALLYNL\DATA\0003\Tr01289.500
2007-12-26 10:23 70144 --a------ C:\TALLYNL\DATA\0003\Tr01287.500
2007-12-26 10:23 55808 --a------ C:\TALLYNL\DATA\0003\Tr01290.500
2007-12-26 10:23 512 --a------ C:\TALLYNL\DATA\0003\Tr01295.500
2007-12-26 10:23 51072 --a------ C:\TALLYNL\DATA\0003\Tr01293.500
2007-12-26 10:23 47360 --a------ C:\TALLYNL\DATA\0003\Tr01291.500
2007-12-26 10:23 44288 --a------ C:\TALLYNL\DATA\0003\Tr01294.500
2007-12-26 10:23 431616 --a------ C:\TALLYNL\DATA\0003\TrnLots.500
2007-12-26 10:23 392064 --a------ C:\TALLYNL\DATA\0003\Manager.500
2007-12-26 10:23 128 --a------ C:\TALLYNL\DATA\0003\TrnTNos.500
2007-12-26 10:23 128 --a------ C:\TALLYNL\DATA\0003\TrnRefs.500
2007-12-26 10:23 128 --a------ C:\TALLYNL\DATA\0003\TrnOrds.500
2007-12-26 10:23 128 --a------ C:\TALLYNL\DATA\0003\MsgRead.TSM
2007-12-26 10:23 116352 --a------ C:\TALLYNL\DATA\0003\Tr01285.500
2007-12-26 10:23 115968 --a------ C:\TALLYNL\DATA\0003\Tr01288.500
2007-12-26 10:23 1152 --a------ C:\TALLYNL\DATA\0003\Company.500
2007-12-26 10:23 0 --a------ C:\TALLYNL\DATA\0003\Exclusv.TSM
2007-12-26 09:44 9856 --a------ C:\TALLYNL\DATA\3210\Tr01294.500
2007-12-26 09:44 62720 --a------ C:\TALLYNL\DATA\3210\Tr01291.500
2007-12-26 09:44 51072 --a------ C:\TALLYNL\DATA\3210\Manager.500
2007-12-26 09:44 46720 --a------ C:\TALLYNL\DATA\3210\Tr01284.500
2007-12-26 09:44 43392 --a------ C:\TALLYNL\DATA\3210\Tr01292.500
2007-12-26 09:44 42496 --a------ C:\TALLYNL\DATA\3210\Tr01286.500
2007-12-26 09:44 39680 --a------ C:\TALLYNL\DATA\3210\Tr01290.500
2007-12-26 09:44 39296 --a------ C:\TALLYNL\DATA\3210\Tr01289.500
2007-12-26 09:44 384 --a------ C:\TALLYNL\DATA\3210\TrnRefs.500
2007-12-26 09:44 36352 --a------ C:\TALLYNL\DATA\3210\Tr01293.500
2007-12-26 09:44 35200 --a------ C:\TALLYNL\DATA\3210\Tr01288.500
2007-12-26 09:44 34176 --a------ C:\TALLYNL\DATA\3210\Tr01285.500
2007-12-26 09:44 32640 --a------ C:\TALLYNL\DATA\3210\Tr01287.500
2007-12-26 09:44 1536 --a------ C:\TALLYNL\DATA\3210\Company.500
2007-12-26 09:44 1408 --a------ C:\TALLYNL\DATA\3210\Tr01295.500
2007-12-26 09:44 128 --a------ C:\TALLYNL\DATA\3210\TrnTNos.500
2007-12-26 09:44 128 --a------ C:\TALLYNL\DATA\3210\TrnOrds.500
2007-12-26 09:44 128 --a------ C:\TALLYNL\DATA\3210\TrnLots.500
2007-12-26 09:44 128 --a------ C:\TALLYNL\DATA\3210\MsgRead.TSM
2007-12-24 03:53 94592 --a------ C:\TALLYNL\DATA\0010\Tr01294.500
2007-12-24 03:53 48512 --a------ C:\TALLYNL\DATA\0010\Manager.500
2007-12-24 03:53 1920 --a------ C:\TALLYNL\DATA\0010\Tr01295.500
2007-12-24 03:53 1664 --a------ C:\TALLYNL\DATA\0010\Company.500
2007-12-24 03:53 1664 --a------ C:\TALLYNL\DATA\0010\CmpSave.500
2007-12-24 03:53 128 --a------ C:\TALLYNL\DATA\0010\TrnTNos.500
2007-12-24 03:53 128 --a------ C:\TALLYNL\DATA\0010\TrnRefs.500
2007-12-24 03:53 128 --a------ C:\TALLYNL\DATA\0010\TrnOrds.500
2007-12-24 03:53 128 --a------ C:\TALLYNL\DATA\0010\TrnLots.500
2007-12-24 03:45 91776 --a------ C:\TALLYNL\DATA\0010\Tr01289.500
2007-12-24 03:45 78720 --a------ C:\TALLYNL\DATA\0010\Tr01288.500
2007-12-24 03:45 78336 --a------ C:\TALLYNL\DATA\0010\Tr01287.500
2007-12-24 03:45 65152 --a------ C:\TALLYNL\DATA\0010\Tr01293.500
2007-12-24 03:45 64512 --a------ C:\TALLYNL\DATA\0010\Tr01284.500
2007-12-24 03:45 61696 --a------ C:\TALLYNL\DATA\0010\Tr01290.500
2007-12-24 03:45 60672 --a------ C:\TALLYNL\DATA\0010\Tr01285.500
2007-12-24 03:45 54912 --a------ C:\TALLYNL\DATA\0010\Tr01286.500
2007-12-24 03:45 17920 --a------ C:\TALLYNL\DATA\0010\Tr01291.500
2007-12-24 03:45 17792 --a------ C:\TALLYNL\DATA\0010\Tr01292.500
2007-12-24 03:45 128 --a------ C:\TALLYNL\DATA\0010\MsgRead.TSM
2007-12-21 03:25 768 --a------ C:\TALLYNL\DATA\0001\Company.500
2007-12-21 03:25 768 --a------ C:\TALLYNL\DATA\0001\CmpSave.500
2007-12-21 03:25 6656 --a------ C:\TALLYNL\DATA\0001\Manager.500
2007-12-21 03:25 128 --a------ C:\TALLYNL\DATA\0001\MsgRead.TSM
2007-12-21 03:25 0 --a------ C:\TALLYNL\DATA\0001\Exclusv.TSM


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 10:26 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 339968 C:\WINDOWS\stsystra.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 10:29 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 11:41 771704]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-06-29 15:55 994096]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 15:54 269104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 20:00 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 19:59 138008]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-11 08:49 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\CAMTHINS.exe" [2006-07-20 05:25 73728]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49 4579328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\B h a r a t\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-08-16 14:07:08]

R0 ENO;ENO;C:\WINDOWS\system32\drivers\ENO.sys [2003-10-22 12:57]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2006-07-02 22:39]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-29 15:54]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-06-29 15:56]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 12:11]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 12:11]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{218994ac-a727-11dc-b66b-0015c51718f5}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d594374-b264-11dc-b6a9-0015c51718f5}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{916adc1a-a714-11dc-b669-c852667f7a4e}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef87abfe-a974-11dc-b681-0015c51718f5}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-12-10 10:32:46 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - B h a r a t.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 06:19:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 6:20:51
.
2007-12-15 11:06:04 --- E O F ---

--------------------------------------------------------------------------------------------------------------------

Here is the winpfind3u log:
WinPFind3 logfile created on: 1/7/2008 6:25:17 AM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\B h a r a t\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

502.37 Mb Total Physical Memory | 95.52 Mb Available Physical Memory | 19.01% Memory free
1.20 Gb Paging File | 0.56 Gb Available in Paging File | 47.04% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 36.56 Gb Total Space | 26.35 Gb Free Space | 72.08% Space Free
Drive D: | 36.56 Gb Total Space | 7.10 Gb Free Space | 19.41% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: BHARAT
Current User Name: B h a r a t
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
ad-watch2007.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe -> Lavasoft AB [Ver = 7.0.2.5 | Size = 4579328 bytes | Modified Date = 11/7/2007 3:49:36 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 12:49:28 PM | Attr = ]
camthins.exe -> %ProgramFiles%\WebcamMax\CAMTHINS.exe -> [Ver = | Size = 73728 bytes | Modified Date = 7/20/2006 5:25:28 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 10:29:52 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 10:29:32 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 10:29:32 AM | Attr = ]
cyberoamclient.exe -> %ProgramFiles%\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe -> eLitecore Technologies Ltd. [Ver = 1.3.6.1 | Size = 245760 bytes | Modified Date = 1/6/2004 11:12:22 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 162584 bytes | Modified Date = 3/30/2007 8:00:16 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 138008 bytes | Modified Date = 3/30/2007 7:59:36 PM | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 252696 bytes | Modified Date = 3/30/2007 7:59:26 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
limewire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 8/16/2007 2:07:10 PM | Attr = ]
nclrssrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclRSSrv.exe -> [Ver = 6, 85, 4, 4 | Size = 117248 bytes | Modified Date = 10/23/2007 10:03:00 AM | Attr = ]
nclusbsrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclUSBSrv.exe -> [Ver = 6, 85, 6, 7 | Size = 122880 bytes | Modified Date = 12/10/2007 1:59:40 PM | Attr = ]
pcsuite.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe -> [Ver = 6, 85, 11, 8 | Size = 695808 bytes | Modified Date = 12/10/2007 10:12:22 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 12/11/2007 8:49:46 AM | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 85, 91, 18 | Size = 353280 bytes | Modified Date = 12/10/2007 1:59:04 PM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 5:20:44 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 12/11/2007 9:56:08 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 10:29:32 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 10:29:32 AM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 10:29:32 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 10:26:50 AM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 1/14/2007 11:41:06 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 85, 91, 18 | Size = 353280 bytes | Modified Date = 12/10/2007 1:59:04 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 12/11/2007 9:56:08 AM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 12:49:28 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Ad-Watch -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe -> Lavasoft AB [Ver = 7.0.2.5 | Size = 4579328 bytes | Modified Date = 11/7/2007 3:49:36 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 10:29:52 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 162584 bytes | Modified Date = 3/30/2007 8:00:16 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 1/14/2007 11:41:10 AM | Attr = ]
Persistence -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 138008 bytes | Modified Date = 3/30/2007 7:59:36 PM | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 5:20:44 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 12/11/2007 8:49:46 AM | Attr = ]
WebcamMaxMoniter -> %ProgramFiles%\WebcamMax\CAMTHINS.exe -> [Ver = | Size = 73728 bytes | Modified Date = 7/20/2006 5:25:28 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
PC Suite Tray -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe -> [Ver = 6, 85, 11, 8 | Size = 695808 bytes | Modified Date = 12/10/2007 10:12:22 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\24Online Client.lnk -> %ProgramFiles%\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe -> eLitecore Technologies Ltd. [Ver = 1.3.6.1 | Size = 245760 bytes | Modified Date = 1/6/2004 11:12:22 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\B h a r a t\Start Menu\Programs\Startup ->
%UserStartup%\LimeWire On Startup.lnk -> %ProgramFiles%\LimeWire\LimeWire.exe -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 8/16/2007 2:07:10 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 204800 bytes | Modified Date = 3/30/2007 7:59:06 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (736 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Download using LeechGet -> %ProgramFiles%\LeechGet 2007\AddUrl.htm -> File not found
Download using LeechGet Wizard -> %ProgramFiles%\LeechGet 2007\Wizard.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
Parse with LeechGet -> %ProgramFiles%\LeechGet 2007\Parser.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{13194BDE-B386-465C-AE1B-FBC5506F749A} -> (1394 Net Adapter) ->
{569682C4-0837-4F79-A726-B922B94F3166} -> () ->
{9CDA4C1E-8A2F-4654-9288-8E02F7A045AE} -> 172.16.77.254 (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1} -> ewidoOnlineScan Control - CodeBase = http://downloads.ewido.net/ewidoOnlineScan.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.onecare.live.com/resour ... se4009.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/s ... wflash.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< ControlSets > -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Security Settings > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1065 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->

[Files/Folders - Created Within 60 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = ]
autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Created Date = 12/15/2007 11:16:25 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Created Date = 12/9/2007 4:32:06 PM | Attr = HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = ]
DC6810xp-001.raw -> %SystemDrive%\DC6810xp-001.raw -> [Ver = | Size = 230424 bytes | Created Date = 12/19/2007 3:17:40 AM | Attr = ]
dell -> %SystemDrive%\dell -> [Folder | Created Date = 12/10/2007 1:30:23 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 12/9/2007 4:32:51 PM | Attr = ]
INCINERATE -> %SystemDrive%\INCINERATE -> [Folder | Created Date = 12/12/2007 4:48:28 AM | Attr = HS]
Intel -> %SystemDrive%\Intel -> [Folder | Created Date = 12/10/2007 10:50:05 PM | Attr = ]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Created Date = 12/9/2007 4:34:35 PM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 1/7/2008 6:16:54 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 12/10/2007 7:25:34 AM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 12/28/1753 9:52:52 PM | Attr = HS]
TALLYNL -> %SystemDrive%\TALLYNL -> [Folder | Created Date = 12/21/2007 3:25:28 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 12/11/2007 12:10:14 PM | Attr = H ]
$NtUninstallKB884020$ -> %SystemRoot%\$NtUninstallKB884020$ -> [Folder | Created Date = 12/13/2007 12:05:16 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Created Date = 12/14/2007 3:01:39 AM | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 12/12/2007 3:00:55 AM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 12/11/2007 12:10:15 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 12/12/2007 3:01:09 AM | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 12/12/2007 3:01:02 AM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 12/14/2007 2:14:56 PM | Attr = H ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Created Date = 12/13/2007 3:01:42 AM | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 12/13/2007 3:01:34 AM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 12/14/2007 3:02:18 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 12/13/2007 3:01:19 AM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 12/13/2007 3:01:12 AM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 12/14/2007 3:02:50 AM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 12/13/2007 3:01:27 AM | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 12/14/2007 2:15:46 PM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 12/12/2007 3:00:44 AM | Attr = H ]
$NtUninstallWudf01005$ -> %SystemRoot%\$NtUninstallWudf01005$ -> [Folder | Created Date = 12/22/2007 1:48:37 AM | Attr = H ]
addins -> %SystemRoot%\addins -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 12/10/2007 12:52:11 AM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 89 bytes | Created Date = 12/11/2007 8:51:44 AM | Attr = ]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
Config -> %SystemRoot%\Config -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = ]
Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 12/10/2007 12:43:06 AM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ehome -> %SystemRoot%\ehome -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 12/14/2007 10:14:02 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 12/24/2007 1:13:56 PM | Attr = ]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = R S]
ftpcache -> %SystemRoot%\ftpcache -> [Folder | Created Date = 12/16/2007 4:58:53 AM | Attr = HS]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 12/13/2007 3:00:58 AM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Created Date = 12/9/2007 4:34:44 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 12/9/2007 4:34:41 PM | Attr = HS]
java -> %SystemRoot%\java -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
meta4.exe -> %SystemRoot%\meta4.exe -> [Ver = | Size = 217073 bytes | Created Date = 1/5/2008 2:12:13 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 1/4/2008 11:48:08 PM | Attr = ]
MOTA113.exe -> %SystemRoot%\MOTA113.exe -> [Ver = | Size = 66560 bytes | Created Date = 1/5/2008 2:12:13 AM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
mui -> %SystemRoot%\mui -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Created Date = 12/16/2007 1:48:29 AM | Attr = ]
Network Diagnostic -> %SystemRoot%\Network Diagnostic -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/7/2008 6:16:40 AM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 5:44:23 AM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Created Date = 12/10/2007 2:15:15 AM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4303 bytes | Created Date = 12/9/2007 4:34:40 PM | Attr = ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 12/10/2007 12:43:06 AM | Attr = ]
pchealth -> %SystemRoot%\pchealth -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
PeerNet -> %SystemRoot%\PeerNet -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 12/10/2007 2:34:34 AM | Attr = H ]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 12/10/2007 12:53:21 AM | Attr = ]
Provisioning -> %SystemRoot%\Provisioning -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 12/10/2007 12:43:25 AM | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 12/10/2007 12:53:06 AM | Attr = ]
repair -> %SystemRoot%\repair -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 12/10/2007 12:41:17 AM | Attr = ]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 12/10/2007 12:41:17 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
SET3.tmp -> %SystemRoot%\SET3.tmp -> [Ver = | Size = 1042903 bytes | Created Date = 12/9/2007 4:33:38 PM | Attr = R ]
SET4.tmp -> %SystemRoot%\SET4.tmp -> [Ver = | Size = 1086058 bytes | Created Date = 12/9/2007 4:33:39 PM | Attr = R ]
SET8.tmp -> %SystemRoot%\SET8.tmp -> [Ver = | Size = 13753 bytes | Created Date = 12/9/2007 4:33:43 PM | Attr = R ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1031087 bytes | Created Date = 12/9/2007 4:33:26 PM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Created Date = 12/10/2007 2:13:40 AM | Attr = ]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
speed.reg -> %SystemRoot%\speed.reg -> [Ver = | Size = 666 bytes | Created Date = 12/10/2007 1:30:37 AM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 12/10/2007 12:45:11 AM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Created Date = 12/10/2007 1:34:40 AM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 12/19/2007 2:12:46 PM | Attr = ]
super.chm -> %SystemRoot%\super.chm -> [Ver = | Size = 9292 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = H ]
system -> %SystemRoot%\system -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
system32 -> %System32% -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 12/10/2007 12:45:17 AM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 1/7/2008 6:20:54 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
UnGins.exe -> %SystemRoot%\UnGins.exe -> [Ver = | Size = 128000 bytes | Created Date = 12/10/2007 3:44:18 AM | Attr = ]
vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 12/10/2007 12:43:32 AM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 12/10/2007 12:43:32 AM | Attr = ]
wbem -> %SystemRoot%\wbem -> [Folder | Created Date = 12/10/2007 12:43:05 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = R ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 12/10/2007 12:45:30 AM | Attr = HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 12/10/2007 12:45:30 AM | Attr = HS]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 12/10/2007 12:48:02 AM | Attr = ]
x2.64.exe -> %SystemRoot%\x2.64.exe -> [Ver = | Size = 502784 bytes | Created Date = 1/5/2008 2:12:13 AM | Attr = ]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 12/10/2007 12:41:17 AM | Attr = ]
desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 12/10/2007 12:45:17 AM | Attr = RH ]
Norton AntiVirus - Run Full System Scan - B h a r a t.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - B h a r a t.job -> [Ver = | Size = 568 bytes | Created Date = 12/10/2007 2:32:45 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 12/10/2007 12:53:21 AM | Attr = H ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 12/9/2007 4:32:02 PM | Attr = ]
1025 -> %System32%\1025 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1028 -> %System32%\1028 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1031 -> %System32%\1031 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1033 -> %System32%\1033 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1037 -> %System32%\1037 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1041 -> %System32%\1041 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1042 -> %System32%\1042 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
1054 -> %System32%\1054 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
2052 -> %System32%\2052 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
3076 -> %System32%\3076 -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
3com_dmi -> %System32%\3com_dmi -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ac3DX.ax -> %System32%\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = RHS]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 12/10/2007 12:48:03 AM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 12/10/2007 6:00:44 AM | Attr = ]
AUTOEXEC.NT -> %System32%\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 12/9/2007 4:34:13 PM | Attr = ]
AVCDX.ax -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = RHS]
avisynth.dll -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 7, 0 | Size = 306688 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
AVSredirect.dll -> %System32%\AVSredirect.dll -> [Ver = | Size = 27648 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 34308 bytes | Created Date = 12/11/2007 4:47:43 AM | Attr = ]
Bliss.avi -> %System32%\Bliss.avi -> [Ver = | Size = 1472512 bytes | Created Date = 12/10/2007 12:42:16 AM | Attr = ]
Bliss.scr -> %System32%\Bliss.scr -> Microsoft [Ver = 1.0.0.0 | Size = 291840 bytes | Created Date = 12/10/2007 12:42:17 AM | Attr = ]
bopomofo.uce -> %System32%\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Created Date = 12/9/2007 4:33:32 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Created Date = 12/9/2007 4:33:32 PM | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 16 bytes | Created Date = 12/10/2007 2:34:11 AM | Attr = ]
Com -> %System32%\Com -> [Folder | Created Date = 12/10/2007 12:40:59 AM | Attr = ]
config -> %System32%\config -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Created Date = 12/10/2007 12:48:07 AM | Attr = ]
CONFIG.TMP -> %System32%\CONFIG.TMP -> [Ver = | Size = 2577 bytes | Created Date = 12/9/2007 4:34:14 PM | Attr = ]
CoreAAC.ax -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = RHS]
c_10006.nls -> %System32%\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_10007.nls -> %System32%\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:27 PM | Attr = ]
c_10010.nls -> %System32%\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_10017.nls -> %System32%\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:27 PM | Attr = ]
c_10029.nls -> %System32%\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_10081.nls -> %System32%\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:29 PM | Attr = ]
c_10082.nls -> %System32%\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_28603.nls -> %System32%\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:30 PM | Attr = ]
c_737.nls -> %System32%\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_852.nls -> %System32%\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_855.nls -> %System32%\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:24 PM | Attr = ]
c_857.nls -> %System32%\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:29 PM | Attr = ]
c_866.nls -> %System32%\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:24 PM | Attr = ]
c_869.nls -> %System32%\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_875.nls -> %System32%\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 12/10/2007 10:30:58 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 12/10/2007 12:56:50 AM | Attr = ]
DDMI64.sys -> %System32%\DDMI64.sys -> Gteko Ltd. [Ver = 1, 0, 0, 9 | Size = 4608 bytes | Created Date = 12/10/2007 5:07:33 AM | Attr = ]
devil.dll -> %System32%\devil.dll -> Abysmal Software [Ver = 1.6.6 | Size = 719872 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
dhcp -> %System32%\dhcp -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
DiracSplitter.ax -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = RHS]
DirectX -> %System32%\DirectX -> [Folder | Created Date = 12/10/2007 12:45:57 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = RHS]
DLPT64.sys -> %System32%\DLPT64.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 7168 bytes | Created Date = 12/10/2007 5:07:33 AM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 12/10/2007 12:48:41 AM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Created Date = 12/10/2007 12:43:47 AM | Attr = ]
en -> %System32%\en -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
en-us -> %System32%\en-us -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
export -> %System32%\export -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
flvDX.dll -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Created Date = 1/5/2008 1:46:02 AM | Attr = RHS]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 120544 bytes | Created Date = 12/9/2007 4:32:50 PM | Attr = ]
gb2312.uce -> %System32%\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
GPCIEn64.sys -> %System32%\GPCIEn64.sys -> Gteko Ltd. [Ver = 2, 0, 0, 9 | Size = 5632 bytes | Created Date = 12/10/2007 5:07:33 AM | Attr = ]
GTDownDE_130.ocx -> %System32%\GTDownDE_130.ocx -> Gteko Ltd. [Ver = 1, 0, 0, 130 | Size = 217185 bytes | Created Date = 12/10/2007 4:43:36 AM | Attr = ]
GTKCMO64.sys -> %System32%\GTKCMO64.sys -> Gteko Ltd. [Ver = 1, 0, 0, 7 | Size = 5120 bytes | Created Date = 12/10/2007 5:07:33 AM | Attr = ]
hccutils.dll -> %System32%\hccutils.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 102400 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 162584 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 12/10/2007 12:41:19 AM | Attr = ]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 12/10/2007 12:41:05 AM | Attr = ]
i420vfw.dll -> %System32%\i420vfw.dll -> http://www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
ias -> %System32%\ias -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
icrav03.rat -> %System32%\icrav03.rat -> [Ver = | Size = 8798 bytes | Created Date = 12/10/2007 12:43:08 AM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ideograf.uce -> %System32%\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
IE7Eula.rtf -> %System32%\IE7Eula.rtf -> [Ver = | Size = 74715 bytes | Created Date = 12/10/2007 12:43:08 AM | Attr = ]
igfxcfg.exe -> %System32%\igfxcfg.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 535320 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxCoIn_v4814.dll -> %System32%\igfxCoIn_v4814.dll -> [Ver = | Size = 204800 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxcpl.cpl -> %System32%\igfxcpl.cpl -> Intel Corporation [Ver = 6.14.10.4814 | Size = 122880 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxdev.dll -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 204800 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxdo.dll -> %System32%\igfxdo.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 135168 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxexps.dll -> %System32%\igfxexps.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 24576 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxext.exe -> %System32%\igfxext.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 166680 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 138008 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxpph.dll -> %System32%\igfxpph.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 200704 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxrchs.lrc -> %System32%\igfxrchs.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 110592 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrcht.lrc -> %System32%\igfxrcht.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 110592 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrdeu.lrc -> %System32%\igfxrdeu.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 192512 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrenu.lrc -> %System32%\igfxrenu.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 172032 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxres.dll -> %System32%\igfxres.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 172032 bytes | Created Date = 12/10/2007 10:51:06 PM | Attr = ]
igfxresp.lrc -> %System32%\igfxresp.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 188416 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxress.dll -> %System32%\igfxress.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 3293184 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxrfra.lrc -> %System32%\igfxrfra.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 184320 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrita.lrc -> %System32%\igfxrita.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 188416 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrjpn.lrc -> %System32%\igfxrjpn.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 131072 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxrkor.lrc -> %System32%\igfxrkor.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 126976 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxrptb.lrc -> %System32%\igfxrptb.lrc -> Intel Corporation [Ver = 6.14.10.4814 | Size = 180224 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxsrvc.dll -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 47616 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 252696 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 138008 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igfxzoom.exe -> %System32%\igfxzoom.exe -> Intel Corporation [Ver = 6.14.10.4814 | Size = 170776 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igldev32.dll -> %System32%\igldev32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 450560 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
iglicd32.dll -> %System32%\iglicd32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 2334720 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igxpdv32.dll -> %System32%\igxpdv32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 1612992 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igxpdx32.dll -> %System32%\igxpdx32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 2556928 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
igxpgd32.dll -> %System32%\igxpgd32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 149504 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igxprd32.dll -> %System32%\igxprd32.dll -> Intel Corporation [Ver = 6.14.10.4814 | Size = 57344 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igxpun.exe -> %System32%\igxpun.exe -> Intel(R) Corporation [Ver = 1, 0, 38, 0 | Size = 400152 bytes | Created Date = 12/10/2007 10:50:20 PM | Attr = ]
igxpxk32.vp -> %System32%\igxpxk32.vp -> [Ver = | Size = 2096 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
igxpxs32.vp -> %System32%\igxpxs32.vp -> [Ver = | Size = 25472 bytes | Created Date = 12/10/2007 10:50:23 PM | Attr = ]
ImagX7.dll -> %System32%\ImagX7.dll -> Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 1568768 bytes | Created Date = 12/16/2007 12:28:24 AM | Attr = ]
ImagXpr7.dll -> %System32%\ImagXpr7.dll -> Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 476320 bytes | Created Date = 12/16/2007 12:28:24 AM | Attr = ]
ImagXR7.dll -> %System32%\ImagXR7.dll -> Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 262144 bytes | Created Date = 12/16/2007 12:28:25 AM | Attr = ]
ImagXRA7.dll -> %System32%\ImagXRA7.dll -> Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 471040 bytes | Created Date = 12/16/2007 12:28:25 AM | Attr = ]
IME -> %System32%\IME -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ioloBootDefrag.cfg -> %System32%\ioloBootDefrag.cfg -> [Ver = | Size = 406 bytes | Created Date = 12/12/2007 4:44:47 AM | Attr = ]
IScrNB.bmp -> %System32%\IScrNB.bmp -> [Ver = | Size = 121232 bytes | Created Date = 12/10/2007 10:50:20 PM | Attr = ]
IScrNBR.bmp -> %System32%\IScrNBR.bmp -> [Ver = | Size = 121232 bytes | Created Date = 12/10/2007 10:50:20 PM | Attr = ]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 12/10/2007 12:44:49 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/13/2007 10:15:32 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 12/13/2007 10:15:32 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/13/2007 10:15:32 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 12/13/2007 10:15:32 AM | Attr = ]
kanji_1.uce -> %System32%\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
kanji_2.uce -> %System32%\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 1/4/2008 3:13:53 AM | Attr = ]
korean.uce -> %System32%\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
Lang -> %System32%\Lang -> [Folder | Created Date = 12/10/2007 10:50:20 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 12/22/2007 1:48:52 AM | Attr = ]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 12/10/2007 12:46:34 AM | Attr = RH ]
Macromed -> %System32%\Macromed -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
MatroskaDX.ax -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
Microsoft -> %System32%\Microsoft -> [Folder | Created Date = 12/10/2007 12:53:20 AM | Attr = S]
MsDtc -> %System32%\MsDtc -> [Folder | Created Date = 12/10/2007 12:41:01 AM | Attr = ]
msdtcprf.h -> %System32%\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 12/10/2007 12:41:13 AM | Attr = ]
msdtcprf.ini -> %System32%\msdtcprf.ini -> [Ver = | Size = 1931 bytes | Created Date = 12/10/2007 12:41:13 AM | Attr = ]
msfDX.dll -> %System32%\msfDX.dll -> Hans Mayerl [Ver = 2.02.2113 | Size = 31232 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
mui -> %System32%\mui -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
NeroCheck.exe -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Created Date = 12/16/2007 12:28:24 AM | Attr = ]
nmwcdcls.dll -> %System32%\nmwcdcls.dll -> Nokia [Ver = 6.83.6.0 | Size = 90624 bytes | Created Date = 12/22/2007 1:45:04 AM | Attr = ]
nmwcdcocls.dll -> %System32%\nmwcdcocls.dll -> Nokia [Ver = 6.83.6.0 | Size = 65536 bytes | Created Date = 12/22/2007 1:45:07 AM | Attr = ]
npp -> %System32%\npp -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 12/10/2007 12:48:03 AM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
oobe -> %System32%\oobe -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Created Date = 12/9/2007 4:34:41 PM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 12/11/2007 8:49:47 AM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 12/11/2007 8:49:48 AM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 12/11/2007 8:49:48 AM | Attr = ]
PreInstall -> %System32%\PreInstall -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
qdiagdwc.ocx -> %System32%\qdiagdwc.ocx -> Gteko Ltd. [Ver = 1, 0, 1, 483 | Size = 1650688 bytes | Created Date = 12/10/2007 5:07:33 AM | Attr = ]
ras -> %System32%\ras -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
RealMediaDX.ax -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
Restore -> %System32%\Restore -> [Folder | Created Date = 12/10/2007 12:44:50 AM | Attr = ]
rixdicon.dll -> %System32%\rixdicon.dll -> [Ver = | Size = 16480 bytes | Created Date = 12/10/2007 1:37:49 AM | Attr = ]
RLAPEDec.ax -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
RLMPCDec.ax -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
RLOgg.ax -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
RLSpeexDec.ax -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
RLTheoraDec.ax -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
RLVorbisDec.ax -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Created Date = 1/5/2008 1:46:03 AM | Attr = RHS]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2049 | Size = 176167 bytes | Created Date = 12/11/2007 8:49:53 AM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Created Date = 12/10/2007 2:26:34 AM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
Setup -> %System32%\Setup -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
shiftjis.uce -> %System32%\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 12/10/2007 12:41:15 AM | Attr = ]
Smab.dll -> %System32%\Smab.dll -> [Ver = | Size = 471552 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
snymsico.dll -> %System32%\snymsico.dll -> Sony Corporation [Ver = 1, 0, 0, 09120 | Size = 90112 bytes | Created Date = 12/10/2007 1:37:48 AM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Created Date = 12/10/2007 4:36:22 AM | Attr = ]
spool -> %System32%\spool -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
stacapi.dll -> %System32%\stacapi.dll -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 172032 bytes | Created Date = 12/10/2007 1:34:31 AM | Attr = ]
staco.dll -> %System32%\staco.dll -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 built by: WinDDK | Size = 112128 bytes | Created Date = 12/10/2007 1:34:32 AM | Attr = ]
subrange.uce -> %System32%\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 12/10/2007 12:41:16 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 12/14/2007 10:12:16 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 12/14/2007 10:12:16 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 12/14/2007 10:12:16 PM | Attr = ]
ticrf.rat -> %System32%\ticrf.rat -> [Ver = | Size = 1988 bytes | Created Date = 12/10/2007 12:43:06 AM | Attr = ]
tslabels.h -> %System32%\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 12/10/2007 12:41:14 AM | Attr = ]
tslabels.ini -> %System32%\tslabels.ini -> [Ver = | Size = 13223 bytes | Created Date = 12/10/2007 12:41:14 AM | Attr = ]
TwnLib20.dll -> %System32%\TwnLib20.dll -> Pegasus Software [Ver = 2.02.010 | Size = 106496 bytes | Created Date = 12/16/2007 12:28:26 AM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
usrlogon.cmd -> %System32%\usrlogon.cmd -> [Ver = | Size = 1161 bytes | Created Date = 12/10/2007 12:41:14 AM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 12/14/2007 10:12:16 PM | Attr = ]
Vista.Emulation.dll -> %System32%\Vista.Emulation.dll -> Rafael & ZoRoNaX [Ver = 1, 1, 0, 1 | Size = 61440 bytes | Created Date = 12/10/2007 12:42:24 AM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 12/10/2007 12:46:34 AM | Attr = RH ]
wins -> %System32%\wins -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
WinsockxpFix.exe -> %System32%\WinsockxpFix.exe -> Option^Explicit Software Solutions [Ver = 1.00 | Size = 1445888 bytes | Created Date = 12/10/2007 12:42:14 AM | Attr = ]
wmimgmt.msc -> %System32%\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 12/10/2007 12:41:06 AM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/10/2007 12:46:29 AM | Attr = RH ]
x.264.exe -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
xircom -> %System32%\xircom -> [Folder | Created Date = 12/10/2007 12:48:54 AM | Attr = ]
yv12vfw.dll -> %System32%\yv12vfw.dll -> http://www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 1/5/2008 2:12:12 AM | Attr = ]
b57xp32.sys -> %System32%\dllcache\b57xp32.sys -> Broadcom Corporation [Ver = 2.16b.0.0 built by: WinDDK | Size = 96640 bytes | Created Date = 12/10/2007 1:55:41 AM | Attr = ]
bcm42xx5.sys -> %System32%\dllcache\bcm42xx5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 54271 bytes | Created Date = 12/10/2007 1:57:17 AM | Attr = ]
bcm4e5.sys -> %System32%\dllcache\bcm4e5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 26568 bytes | Created Date = 12/10/2007 2:00:23 AM | Attr = ]
big5.nls -> %System32%\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 12/10/2007 12:49:29 AM | Attr = ]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 12/10/2007 12:49:30 AM | Attr = ]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 12/10/2007 12:49:34 AM | Attr = ]
chtskf.dll -> %System32%\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 12/10/2007 12:49:37 AM | Attr = ]
c_10006.nls -> %System32%\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_10007.nls -> %System32%\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:27 PM | Attr = ]
c_10010.nls -> %System32%\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_10017.nls -> %System32%\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:27 PM | Attr = ]
c_10029.nls -> %System32%\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_10081.nls -> %System32%\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:29 PM | Attr = ]
c_10082.nls -> %System32%\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_28603.nls -> %System32%\dllcache\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:30 PM | Attr = ]
c_720.nls -> %System32%\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 12:49:33 AM | Attr = ]
c_737.nls -> %System32%\dllcache\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_852.nls -> %System32%\dllcache\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:22 PM | Attr = ]
c_855.nls -> %System32%\dllcache\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:24 PM | Attr = ]
c_857.nls -> %System32%\dllcache\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:29 PM | Attr = ]
c_866.nls -> %System32%\dllcache\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:24 PM | Attr = ]
c_869.nls -> %System32%\dllcache\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
c_875.nls -> %System32%\dllcache\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/9/2007 4:34:25 PM | Attr = ]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 12/10/2007 12:49:48 AM | Attr = ]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 12/10/2007 12:49:48 AM | Attr = ]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 12/10/2007 12:49:48 AM | Attr = ]
FP4.CAT -> %System32%\dllcache\FP4.CAT -> [Ver = | Size = 31281 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
fpencode.dll -> %System32%\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 12/10/2007 12:49:51 AM | Attr = ]
hanja.lex -> %System32%\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 12/10/2007 12:49:56 AM | Attr = ]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 12/10/2007 12:41:19 AM | Attr = ]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 12/10/2007 12:50:04 AM | Attr = ]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
imekr.lex -> %System32%\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 12/10/2007 12:50:23 AM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 12/10/2007 12:50:26 AM | Attr = ]
IMS.CAT -> %System32%\dllcache\IMS.CAT -> [Ver = | Size = 13753 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
imscinst.exe -> %System32%\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 12/10/2007 12:50:27 AM | Attr = ]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 12/10/2007 12:44:49 AM | Attr = ]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 12/10/2007 12:50:37 AM | Attr = ]
ksc.nls -> %System32%\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 12/10/2007 12:50:38 AM | Attr = ]
ltts1033.lxa -> %System32%\dllcache\ltts1033.lxa -> [Ver = | Size = 643717 bytes | Created Date = 12/9/2007 4:34:36 PM | Attr = ]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
mediactr.cat -> %System32%\dllcache\mediactr.cat -> [Ver = | Size = 31965 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 12/10/2007 12:45:08 AM | Attr = ]
msinfo.dll -> %System32%\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 12/10/2007 12:44:52 AM | Attr = ]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
MW770.CAT -> %System32%\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
nls302en.lex -> %System32%\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 12/10/2007 12:46:04 AM | Attr = ]
NT5.CAT -> %System32%\dllcache\NT5.CAT -> [Ver = | Size = 2012670 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT -> [Ver = | Size = 502724 bytes | Created Date = 12/9/2007 4:33:44 PM | Attr = ]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 12/10/2007 12:51:07 AM | Attr = ]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 12/10/2007 12:51:07 AM | Attr = ]
prc.nls -> %System32%\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 12/10/2007 12:51:09 AM | Attr = ]
prcp.nls -> %System32%\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 12/10/2007 12:51:09 AM | Attr = ]
r1033tts.lxa -> %System32%\dllcache\r1033tts.lxa -> [Ver = | Size = 605050 bytes | Created Date = 12/9/2007 4:34:37 PM | Attr = ]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 12/10/2007 12:51:15 AM | Attr = ]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 12/10/2007 12:51:15 AM | Attr = ]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 12/10/2007 12:51:15 AM | Attr = ]
sam.sdf -> %System32%\dllcache\sam.sdf -> [Ver = | Size = 888 bytes | Created Date = 12/9/2007 4:34:37 PM | Attr = ]
sam.spd -> %System32%\dllcache\sam.spd -> [Ver = | Size = 1685606 bytes | Created Date = 12/9/2007 4:34:37 PM | Attr = ]
SP2.CAT -> %System32%\dllcache\SP2.CAT -> [Ver = | Size = 1042903 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 12/9/2007 4:34:16 PM | Attr = ]
srframe.mmf -> %System32%\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 12/10/2007 12:45:22 AM | Attr = ]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat -> [Ver = | Size = 110116 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
wmerrenu.cat -> %System32%\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 12/9/2007 4:33:45 PM | Attr = ]
xjis.nls -> %System32%\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 12/10/2007 12:51:57 AM | Attr = ]
1028_DELL__.MRK -> %System32%\drivers\1028_DELL__.MRK -> [Ver = | Size = 5 bytes | Created Date = 12/10/2007 1:31:10 AM | Attr = ]
b57xp32.sys -> %System32%\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 2.16b.0.0 built by: WinDDK | Size = 96640 bytes | Created Date = 12/10/2007 1:55:41 AM | Attr = ]
bcm42xx5.sys -> %System32%\drivers\bcm42xx5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 54271 bytes | Created Date = 12/10/2007 1:57:17 AM | Attr = ]
BCM4E5.SYS -> %System32%\drivers\BCM4E5.SYS -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 26568 bytes | Created Date = 12/10/2007 2:00:23 AM | Attr = ]
bcm4sbxp.sys -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.60.0.0 built by: WinDDK | Size = 45568 bytes | Created Date = 1/4/2008 11:37:23 PM | Attr = R ]
COH_Mon.cat -> %System32%\drivers\COH_Mon.cat -> [Ver = | Size = 10592 bytes | Created Date = 12/11/2007 9:56:08 AM | Attr = ]
COH_Mon.inf -> %System32%\drivers\COH_Mon.inf -> [Ver = | Size = 705 bytes | Created Date = 12/11/2007 9:56:08 AM | Attr = ]
COH_Mon.sys -> %System32%\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,2,3 | Size = 22112 bytes | Created Date = 12/11/2007 9:56:07 AM | Attr = ]
DELL__.MRK -> %System32%\drivers\DELL__.MRK -> [Ver = | Size = 5 bytes | Created Date = 12/10/2007 1:31:10 AM | Attr = ]
disdn -> %System32%\drivers\disdn -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
igxpmp32.sys -> %System32%\drivers\igxpmp32.sys -> Intel Corporation [Ver = 6.14.10.4814 | Size = 5704672 bytes | Created Date = 12/10/2007 10:50:24 PM | Attr = ]
imagedrv.sys -> %System32%\drivers\imagedrv.sys -> Ahead Software AG [Ver = 2.27.0.0 built by: WinDDK | Size = 5504 bytes | Created Date = 12/16/2007 12:28:56 AM | Attr = ]
imagesrv.sys -> %System32%\drivers\imagesrv.sys -> Ahead Software AG [Ver = 2.27.0.0 built by: WinDDK | Size = 125184 bytes | Created Date = 12/16/2007 12:28:56 AM | Attr = ]
nmwcd.sys -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.83.6.0 | Size = 137216 bytes | Created Date = 12/22/2007 1:45:07 AM | Attr = ]
nmwcdc.sys -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.83.6.0 | Size = 8320 bytes | Created Date = 12/22/2007 1:45:13 AM | Attr = ]
nmwcdcj.sys -> %System32%\drivers\nmwcdcj.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Created Date = 12/22/2007 1:45:15 AM | Attr = ]
nmwcdcm.sys -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Created Date = 12/22/2007 1:45:14 AM | Attr = ]
rimmptsk.sys -> %System32%\drivers\rimmptsk.sys -> REDC [Ver = 6.0.1.4 | Size = 32256 bytes | Created Date = 12/10/2007 1:37:49 AM | Attr = ]
rimsptsk.sys -> %System32%\drivers\rimsptsk.sys -> REDC [Ver = 6.00.01.04 | Size = 43520 bytes | Created Date = 12/10/2007 1:37:48 AM | Attr = ]
rixdptsk.sys -> %System32%\drivers\rixdptsk.sys -> REDC [Ver = 6.00.01.05 | Size = 37376 bytes | Created Date = 12/10/2007 1:37:49 AM | Attr = ]
srtsp.cat -> %System32%\drivers\srtsp.cat -> [Ver = | Size = 10545 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.inf -> %System32%\drivers\srtsp.inf -> [Ver = | Size = 1415 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.sys -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspl.cat -> %System32%\drivers\srtspl.cat -> [Ver = | Size = 10549 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.inf -> %System32%\drivers\srtspl.inf -> [Ver = | Size = 1430 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.sys -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspx.cat -> %System32%\drivers\srtspx.cat -> [Ver = | Size = 10549 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.inf -> %System32%\drivers\srtspx.inf -> [Ver = | Size = 1421 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.sys -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]
sthda.sys -> %System32%\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4823.0 nd322 cp1 | Size = 1047816 bytes | Created Date = 12/10/2007 1:34:31 AM | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Created Date = 12/10/2007 2:26:34 AM | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Created Date = 12/10/2007 2:26:34 AM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Created Date = 12/10/2007 2:26:34 AM | Attr = ]
symlcbrd.sys -> %System32%\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Created Date = 1/6/2008 1:09:38 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 12/9/2007 4:26:24 PM | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 736 bytes | Created Date = 12/10/2007 4:56:46 AM | Attr = ]
MsftWdf_user_01_05_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_05_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 12/22/2007 1:48:57 AM | Attr = H ]
Msft_User_PCCSWpdDriver_01_05_00.Wdf -> %System32%\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 12/22/2007 1:49:03 AM | Attr = H ]

[Files/Folders - Modified Within 60 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = ]
autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Modified Date = 12/15/2007 11:16:26 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/10/2007 12:39:40 AM | Attr = HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = ]
DC6810xp-001.raw -> %SystemDrive%\DC6810xp-001.raw -> [Ver = | Size = 230424 bytes | Modified Date = 12/29/2007 3:54:58 AM | Attr = ]
dell -> %SystemDrive%\dell -> [Folder | Modified Date = 12/10/2007 1:30:24 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 12/10/2007 12:54:18 AM | Attr = ]
INCINERATE -> %SystemDrive%\INCINERATE -> [Folder | Modified Date = 12/12/2007 4:48:30 AM | Attr = HS]
Intel -> %SystemDrive%\Intel -> [Folder | Modified Date = 12/10/2007 10:50:06 PM | Attr = ]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/5/2008 11:32:10 PM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 1/7/2008 6:20:54 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 12/10/2007 7:25:36 AM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 12/10/2007 12:53:26 AM | Attr = HS]
TALLYNL -> %SystemDrive%\TALLYNL -> [Folder | Modified Date = 12/21/2007 3:26:08 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/7/2008 6:20:56 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 12/14/2007 2:15:44 PM | Attr = H ]
$NtUninstallKB884020$ -> %SystemRoot%\$NtUninstallKB884020$ -> [Folder | Modified Date = 12/13/2007 12:05:18 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Modified Date = 12/14/2007 3:01:40 AM | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 12/12/2007 3:00:58 AM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 12/11/2007 12:10:16 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 12/12/2007 3:01:12 AM | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 12/12/2007 3:01:04 AM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 12/14/2007 2:14:58 PM | Attr = H ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Modified Date = 12/13/2007 3:01:44 AM | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 12/13/2007 3:01:36 AM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 12/14/2007 3:02:22 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 12/13/2007 3:01:22 AM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Modified Date = 12/13/2007 3:01:14 AM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Modified Date = 12/14/2007 3:02:52 AM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Modified Date = 12/13/2007 3:01:30 AM | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 12/14/2007 2:15:48 PM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Modified Date = 12/12/2007 3:00:46 AM | Attr = H ]
$NtUninstallWudf01005$ -> %SystemRoot%\$NtUninstallWudf01005$ -> [Folder | Modified Date = 12/22/2007 1:48:40 AM | Attr = H ]
addins -> %SystemRoot%\addins -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 12/9/2007 4:31:32 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/6/2008 8:09:14 PM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 89 bytes | Modified Date = 1/7/2008 1:37:24 AM | Attr = ]
Config -> %SystemRoot%\Config -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = ]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 12/10/2007 12:42:12 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 12/15/2007 3:04:38 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/4/2008 3:13:56 AM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 12/9/2007 4:29:14 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 12/14/2007 10:14:04 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 12/24/2007 1:14:12 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/10/2007 2:13:50 AM | Attr = R S]
ftpcache -> %SystemRoot%\ftpcache -> [Folder | Modified Date = 12/16/2007 4:58:54 AM | Attr = HS]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/10/2007 4:36:30 AM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 12/13/2007 3:01:00 AM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 12/10/2007 12:48:56 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/14/2007 2:15:52 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/4/2008 11:37:18 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/5/2008 11:32:46 PM | Attr = HS]
java -> %SystemRoot%\java -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 12/9/2007 4:31:36 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 12/10/2007 12:43:08 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/4/2008 11:48:10 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 12/9/2007 4:29:48 PM | Attr = ]
msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
mui -> %SystemRoot%\mui -> [Folder | Modified Date = 12/9/2007 4:29:54 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/7/2008 4:50:12 AM | Attr = ]
Network Diagnostic -> %SystemRoot%\Network Diagnostic -> [Folder | Modified Date = 12/13/2007 3:38:14 AM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 12/10/2007 5:44:24 AM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 12/30/2007 10:30:10 AM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4303 bytes | Modified Date = 12/30/2007 10:10:36 AM | Attr = ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 12/12/2007 7:06:34 AM | Attr = ]
pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 12/10/2007 11:23:48 AM | Attr = ]
PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 12/9/2007 4:30:36 PM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 12/10/2007 2:34:36 AM | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/7/2008 6:24:08 AM | Attr = ]
Provisioning -> %SystemRoot%\Provisioning -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/10/2007 12:47:38 AM | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 12/10/2007 12:53:08 AM | Attr = ]
repair -> %SystemRoot%\repair -> [Folder | Modified Date = 12/10/2007 12:48:54 AM | Attr = ]
Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 1/3/2008 1:05:58 PM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1031087 bytes | Modified Date = 12/11/2007 7:12:14 AM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 12/10/2007 2:14:26 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 12/13/2007 12:23:26 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 12/10/2007 12:46:06 AM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 12/19/2007 2:12:48 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 12/10/2007 2:12:04 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/7/2008 6:19:52 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/6/2008 8:13:40 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 12/10/2007 2:32:46 AM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 1/7/2008 6:20:56 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 12/10/2007 5:53:12 AM | Attr = ]
vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 12/10/2007 12:43:34 AM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 12/10/2007 12:43:34 AM | Attr = ]
wbem -> %SystemRoot%\wbem -> [Folder | Modified Date = 12/10/2007 12:43:06 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 12/10/2007 12:46:40 AM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 603 bytes | Modified Date = 12/10/2007 2:14:58 AM | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/14/2007 3:01:22 AM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 12/10/2007 12:48:04 AM | Attr = ]
Norton AntiVirus - Run Full System Scan - B h a r a t.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - B h a r a t.job -> [Ver = | Size = 568 bytes | Modified Date = 12/10/2007 2:32:48 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/6/2008 8:09:22 PM | Attr = H ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Modified Date = 12/10/2007 12:52:12 AM | Attr = ]
1025 -> %System32%\1025 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1028 -> %System32%\1028 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1031 -> %System32%\1031 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1033 -> %System32%\1033 -> [Folder | Modified Date = 12/9/2007 4:31:10 PM | Attr = ]
1037 -> %System32%\1037 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1041 -> %System32%\1041 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1042 -> %System32%\1042 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
1054 -> %System32%\1054 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
2052 -> %System32%\2052 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
3076 -> %System32%\3076 -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
3com_dmi -> %System32%\3com_dmi -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 12/10/2007 12:48:04 AM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 12/10/2007 6:00:46 AM | Attr = ]
BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 34308 bytes | Modified Date = 12/11/2007 4:51:28 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/4/2008 4:11:22 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/6/2008 8:18:40 PM | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 16 bytes | Modified Date = 12/11/2007 9:36:46 AM | Attr = ]
Com -> %System32%\Com -> [Folder | Modified Date = 12/10/2007 12:43:50 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/12/2007 7:22:08 AM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 12/10/2007 12:48:08 AM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 12/10/2007 10:31:00 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 12/10/2007 10:19:46 PM | Attr = ]
dhcp -> %System32%\dhcp -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 12/10/2007 6:14:44 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 12/19/2007 4:09:00 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/7/2008 6:17:54 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 1/4/2008 11:37:18 PM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Modified Date = 12/10/2007 12:43:48 AM | Attr = ]
en -> %System32%\en -> [Folder | Modified Date = 12/9/2007 4:31:16 PM | Attr = ]
en-us -> %System32%\en-us -> [Folder | Modified Date = 12/10/2007 12:43:10 AM | Attr = ]
export -> %System32%\export -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 120544 bytes | Modified Date = 12/10/2007 2:22:58 AM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 12/10/2007 12:47:24 AM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Modified Date = 12/9/2007 4:28:10 PM | Attr = ]
IME -> %System32%\IME -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
ioloBootDefrag.cfg -> %System32%\ioloBootDefrag.cfg -> [Ver = | Size = 406 bytes | Modified Date = 12/12/2007 4:44:48 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 1/4/2008 3:13:54 AM | Attr = ]
Lang -> %System32%\Lang -> [Folder | Modified Date = 12/10/2007 10:50:22 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 12/22/2007 1:48:54 AM | Attr = ]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 12/10/2007 12:46:36 AM | Attr = RH ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
Microsoft -> %System32%\Microsoft -> [Folder | Modified Date = 12/10/2007 12:53:22 AM | Attr = S]
MsDtc -> %System32%\MsDtc -> [Folder | Modified Date = 12/10/2007 12:43:26 AM | Attr = ]
mui -> %System32%\mui -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
npp -> %System32%\npp -> [Folder | Modified Date = 12/9/2007 4:29:58 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 12/10/2007 12:48:04 AM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
oobe -> %System32%\oobe -> [Folder | Modified Date = 12/10/2007 12:45:46 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 40394 bytes | Modified Date = 1/6/2008 8:13:40 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 312172 bytes | Modified Date = 1/6/2008 8:13:40 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 1/6/2008 8:13:40 PM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 12/11/2007 8:49:48 AM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 12/11/2007 8:49:50 AM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 12/11/2007 8:49:50 AM | Attr = ]
PreInstall -> %System32%\PreInstall -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
ras -> %System32%\ras -> [Folder | Modified Date = 12/9/2007 4:28:16 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/4/2008 11:25:42 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2049 | Size = 176167 bytes | Modified Date = 12/11/2007 8:49:54 AM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 12/11/2007 9:27:58 AM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
Setup -> %System32%\Setup -> [Folder | Modified Date = 12/9/2007 4:31:18 PM | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 12/9/2007 4:31:32 PM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Modified Date = 12/10/2007 4:36:24 AM | Attr = ]
spool -> %System32%\spool -> [Folder | Modified Date = 12/10/2007 12:40:04 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 12/4/2007 1:00:44 AM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Modified Date = 12/9/2007 4:31:34 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 12/13/2007 11:31:20 PM | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 12/10/2007 12:46:36 AM | Attr = RH ]
wins -> %System32%\wins -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/6/2008 8:10:06 PM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/10/2007 12:46:30 AM | Attr = RH ]
xircom -> %System32%\xircom -> [Folder | Modified Date = 12/10/2007 12:48:56 AM | Attr = ]
1028_DELL__.MRK -> %System32%\drivers\1028_DELL__.MRK -> [Ver = | Size = 5 bytes | Modified Date = 12/10/2007 1:31:12 AM | Attr = ]
DELL__.MRK -> %System32%\drivers\DELL__.MRK -> [Ver = | Size = 5 bytes | Modified Date = 12/10/2007 1:31:12 AM | Attr = ]
disdn -> %System32%\drivers\disdn -> [Folder | Modified Date = 12/9/2007 4:26:26 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/2/2008 2:39:26 AM | Attr = ]
secdrv.sys -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:54 AM | Attr = ]
srtsp.cat -> %System32%\drivers\srtsp.cat -> [Ver = | Size = 10545 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.inf -> %System32%\drivers\srtsp.inf -> [Ver = | Size = 1415 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.sys -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspl.cat -> %System32%\drivers\srtspl.cat -> [Ver = | Size = 10549 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.inf -> %System32%\drivers\srtspl.inf -> [Ver = | Size = 1430 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.sys -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspx.cat -> %System32%\drivers\srtspx.cat -> [Ver = | Size = 10549 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.inf -> %System32%\drivers\srtspx.inf -> [Ver = | Size = 1421 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.sys -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Modified Date = 12/11/2007 9:27:58 AM | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 12/11/2007 9:27:58 AM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 12/11/2007 9:27:58 AM | Attr = ]
symlcbrd.sys -> %System32%\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 1/6/2008 1:09:38 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 12/22/2007 8:12:42 AM | Attr = ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 686 bytes | Modified Date = 12/24/2007 1:15:38 PM | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 736 bytes | Modified Date = 1/4/2008 10:53:40 PM | Attr = ]
MsftWdf_user_01_05_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_05_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 12/22/2007 1:48:58 AM | Attr = H ]
Msft_User_PCCSWpdDriver_01_05_00.Wdf -> %System32%\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 12/22/2007 1:49:04 AM | Attr = H ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\upx.exe -> The UPX Team http://upx.sf.net [Ver = 3.00 (2007-04-27) | Size = 261120 bytes | Modified Date = 8/8/2007 4:56:52 AM | Attr = ]
UPX! , UPX0 , -> %System32%\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Modified Date = 9/12/2006 2:46:24 AM | Attr = RHS]
UPX! , UPX0 , -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Modified Date = 1/12/2006 2:23:26 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 7, 0 | Size = 306688 bytes | Modified Date = 11/12/2006 1:44:10 PM | Attr = ]
UPX! , UPX0 , -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Modified Date = 8/16/2006 5:53:32 AM | Attr = RHS]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 3:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Modified Date = 1/17/2005 2:26:36 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Modified Date = 5/3/2006 1:06:54 AM | Attr = RHS]
UPX! , UPX0 , -> %System32%\i420vfw.dll -> http://www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 1/3/2004 12:08:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Modified Date = 3/10/2006 12:48:48 PM | Attr = RHS]
PEC2 , PECompact2 , -> %System32%\msfDX.dll -> Hans Mayerl [Ver = 2.02.2113 | Size = 31232 bytes | Modified Date = 2/21/2007 2:47:16 AM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Modified Date = 11/25/2005 11:46:34 AM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Modified Date = 11/20/2003 2:00:00 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Modified Date = 4/26/2004 2:00:00 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Modified Date = 2/12/2005 2:00:00 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Modified Date = 2/12/2005 2:00:00 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Modified Date = 2/12/2005 2:00:00 PM | Attr = RHS]
UPX! , UPX0 , -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Modified Date = 2/5/2005 2:00:00 PM | Attr = RHS]
PEC2 , PECompact2 , -> %System32%\Smab.dll -> [Ver = | Size = 471552 bytes | Modified Date = 12/12/2006 2:15:08 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 12/4/2007 1:00:44 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 3:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Modified Date = 11/10/2005 1:16:02 PM | Attr = ]
UPX! , UPX0 , -> %System32%\yv12vfw.dll -> http://www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 1/3/2004 12:08:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 3:00:00 AM | Attr = ]

< End of report >
---------------------------------------------------------------------------------------------------------------------

Here is the fsbl log:
01/07/08 06:37:20 [Info]: BlackLight Engine 1.0.67 initialized
01/07/08 06:37:20 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/07/08 06:37:20 [Note]: 7019 4
01/07/08 06:37:20 [Note]: 7005 0
01/07/08 06:37:33 [Note]: 7006 0
01/07/08 06:37:33 [Note]: 7022 0
01/07/08 06:37:33 [Note]: 7011 3776
01/07/08 06:37:33 [Note]: 7026 0
01/07/08 06:37:33 [Note]: 7026 0
01/07/08 06:37:36 [Note]: FSRAW library version 1.7.1024
01/07/08 06:39:35 [Note]: 2000 1012
01/07/08 06:40:03 [Note]: 7007 0
----------------------------------------------------------------------------------------------------------------------
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm

Re: Please help...Here is hijackthis log

Unread postby neech » January 8th, 2008, 7:01 am

Please note that the problems are still there.
Additionally, i want to ask u if you can help me with my flash drives...
When i install them on any pc and try to open them with double click, i cant open them. It display which program you to open with. I ran flash disinfector and combofix, it sloves the problem...but when i uninstall them and reinstall again, the same problem happens...
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm

Re: Please help...Here is hijackthis log

Unread postby neech » January 8th, 2008, 5:20 pm

Hey i have ad watch installed and it has regshield and cookie tracking
It always stops the following regchange but doesnt solve it:
Image name:C:\program files\internet explorer\iexplore.exe
imagePID:3104
Rootkey:HKEY_CURRENT_USER
subkey:sofware\Microsoft\Internet Explorer\Main

The following tracking cookies are blocked but they coming back:

IE:zedo.com
IE:fastclick.net
IE:doubleclick.net
IE:atdmt.com
IE:specificclick.net
IE:adopt.specificclick.net
IE:tacoda.net
IE:advertising.net
IE:serving-sys.com
IE:ad.yieldmanager.com
IE:msnportal.112.2o7.net
IE:mediaplex.com
IE:tribalfusion.net
IE:revsci.net
FF:ad.yieldmanager.com

May be these can help u know the problem
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm

Re: Please help...Here is hijackthis log

Unread postby gringo_pr » January 8th, 2008, 10:52 pm

Hello neech

just to let you know I am working on this but there is a lot of stuff to go thrue



Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Please help...Here is hijackthis log

Unread postby neech » January 9th, 2008, 2:45 am

Thankz gringo...
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm

Re: Please help...Here is hijackthis log

Unread postby gringo_pr » January 13th, 2008, 11:13 pm

Hello neech

well I went over the winp3find log and it came back clean

so I have a couple questions for you
how many external devices do you have for this computer as usb sticks or external drive even cameras
can you hook them all up at the same time?
have you connected the usb drives to any other computer and how are they behaving?
if you havn't connected them to any other computer don't !

I want you to hook up as many of the external drives that you have and keep them hooked up untill we finish

when you have them all hooked up I want you to run another scan

: Download and Run DSS :

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
this is to be done with all your drives hooked up and leave them hooked up please.



send me the log from DSS



Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Please help...Here is hijackthis log

Unread postby neech » January 15th, 2008, 5:22 pm

hi gringo

I have 4 external usb drives which i can connect all at same time.
I have connected all of them while running the scanner
When i connect the usb drives to other computers, they cant be open with double click...And some security risks are blocked by anti-virus programs on that particular pc from the usb drives

Here are the logs:

Main.txt
Deckard's System Scanner v20071014.68
Run by B h a r a t on 2008-01-15 13:06:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
65: 2008-01-15 21:07:21 UTC - RP65 - Deckard's System Scanner Restore Point
64: 2008-01-15 06:08:24 UTC - RP64 - System Checkpoint
63: 2008-01-13 06:50:15 UTC - RP63 - System Checkpoint
62: 2008-01-11 10:09:27 UTC - RP62 - Installed Adobe Reader 7.0
61: 2008-01-10 06:36:01 UTC - RP61 - Installed Broadcom 440x 10/100 Integrated Controller


-- First Restore Point --
1: 2007-12-10 08:55:09 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as B h a r a t.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:37 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\LeechGet 2007\LeechGet.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\B h a r a t\Desktop\dss.exe
C:\DOCUME~1\BHARAT~1\Desktop\B h a r a t.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se4009.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C19D9DE2-DD61-4577-9B1A-0648D1B03F44}: NameServer = 172.16.77.254
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8265 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - inifile - shell\open\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.pif - piffile - shell\open\command - "%1" %*"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ENO - c:\windows\system32\drivers\eno.sys <Not Verified; PCAUSA; ndishk>
R2 CamthWDM (WebcamMax, WDM Video Capture) - c:\windows\system32\drivers\camthwdm.sys <Not Verified; YewSoft; Cam Theme>
R3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
R3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
R3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>

S3 catchme - c:\docume~1\bharat~1\locals~1\temp\catchme.sys (file missing)
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 nmwcd (Nokia USB Phone Parent) - c:\windows\system32\drivers\nmwcd.sys (file missing)
S3 nmwcdc (Nokia USB Generic) - c:\windows\system32\drivers\nmwcdc.sys (file missing)
S3 nmwcdcj (Nokia USB Port) - c:\windows\system32\drivers\nmwcdcj.sys (file missing)
S3 nmwcdcm (Nokia USB Modem) - c:\windows\system32\drivers\nmwcdcm.sys (file missing)
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S4 UStorage Server Service - c:\windows\system32\ustorsrv.exe /service <Not Verified; OTi; OTi Content Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&2973568E&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&2973568E&0&0102
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\17218141484FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\17218141484FC000
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N91
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6233
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6233
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2007-12-10 02:32:46 568 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - B h a r a t.job


-- Files created between 2007-12-15 and 2008-01-15 -----------------------------

2008-01-12 02:19:17 0 d-------- C:\Program Files\Camfrog
2008-01-11 22:24:26 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\Paltalk
2008-01-11 22:24:19 0 d-------- C:\WINDOWS\PaltalkScene
2008-01-11 22:24:18 0 d-------- C:\Program Files\Paltalk Messenger
2008-01-11 22:15:33 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-01-11 22:15:32 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; http://www.helixcommunity.org; Helix YV12 YUV Codec>
2008-01-11 22:15:32 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; http://www.helixcommunity.org; Helix I420 YUV Codec>
2008-01-11 22:15:32 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-01-11 22:15:32 217073 --a------ C:\WINDOWS\meta4.exe
2008-01-11 22:15:31 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-01-11 22:15:31 306688 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-01-11 22:15:30 471552 --a------ C:\WINDOWS\system32\Smab.dll
2008-01-11 02:09:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-11 02:09:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-01-09 22:36:11 0 d-------- C:\Program Files\Broadcom
2008-01-09 08:43:09 139264 --a------ C:\WINDOWS\system32\OPDSL.DLL <Not Verified; ; MU828it Dynamic Link Library>
2008-01-09 08:43:08 139264 --a------ C:\WINDOWS\system32\UStorSrv.exe <Not Verified; OTi; OTi Content Service>
2008-01-05 23:32:08 0 d-------- C:\Program Files\Lavasoft
2008-01-05 23:32:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-05 23:31:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 02:12:11 0 d-------- C:\Program Files\AviSynth 2.5
2008-01-05 01:46:03 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-01-05 01:46:02 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-01-05 01:45:35 0 d-------- C:\Program Files\eRightSoft
2008-01-04 03:13:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 05:35:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-28 05:35:18 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\PrevxCSI
2007-12-26 04:48:00 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\Nokia Multimedia Player
2007-12-25 09:53:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-25 09:52:59 0 d-------- C:\Program Files\Yahoo!
2007-12-23 13:40:11 0 d-------- C:\Documents and Settings\B h a r a t\Shared
2007-12-23 13:40:07 0 d-------- C:\Documents and Settings\B h a r a t\Incomplete
2007-12-23 13:39:45 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\LimeWire
2007-12-23 13:39:28 0 d-------- C:\Program Files\LimeWire
2007-12-22 01:48:52 0 d-------- C:\WINDOWS\system32\LogFiles
2007-12-22 01:46:47 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-22 01:46:34 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\Nokia
2007-12-22 01:45:55 0 d-------- C:\Program Files\Common Files\PCSuite
2007-12-22 01:45:54 0 d-------- C:\Program Files\Common Files\Nokia
2007-12-22 01:45:36 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\PC Suite
2007-12-22 01:45:22 0 d-------- C:\Program Files\PC Connectivity Solution
2007-12-22 01:45:00 0 d-------- C:\Program Files\Nokia
2007-12-22 01:44:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-12-21 03:25:28 0 d-------- C:\TALLYNL
2007-12-20 02:34:09 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\Camfrog
2007-12-19 14:12:46 0 d-------- C:\WINDOWS\Sun
2007-12-19 14:12:46 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\Sun
2007-12-19 04:08:17 0 d-------- C:\Program Files\WebcamMax
2007-12-18 05:31:47 0 d-------- C:\Program Files\LeechGet 2007
2007-12-16 00:28:26 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-12-16 00:28:24 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-12-16 00:28:22 0 d-------- C:\Program Files\Common Files\Ahead
2007-12-16 00:28:21 0 d-------- C:\Program Files\Ahead
2007-12-15 23:16:25 0 d-------- C:\autorun.inf


-- Find3M Report ---------------------------------------------------------------

2008-01-12 18:30:43 1054 --a------ C:\Documents and Settings\B h a r a t\Application Data\NMM-MetaData.db
2008-01-11 02:09:45 0 d-------- C:\Program Files\Common Files
2008-01-07 05:30:59 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-22 01:46:33 0 d-------- C:\Program Files\DIFX
2007-12-14 22:35:09 0 d-------- C:\Program Files\iolo
2007-12-14 03:01:16 0 d-------- C:\Program Files\MSXML 4.0
2007-12-13 12:48:36 0 d-------- C:\Program Files\Windows Live Safety Center
2007-12-13 10:15:28 0 d-------- C:\Program Files\Java
2007-12-13 09:57:13 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\Macromedia
2007-12-13 09:57:13 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\Adobe
2007-12-13 08:46:15 0 d-------- C:\Program Files\Common Files\Java
2007-12-11 10:03:08 0 d-------- C:\Program Files\Norton AntiVirus
2007-12-11 09:27:58 0 d-------- C:\Program Files\Symantec
2007-12-11 08:51:46 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\Real
2007-12-11 08:49:58 0 d-------- C:\Program Files\Common Files\xing shared
2007-12-11 08:49:56 0 d-------- C:\Program Files\Common Files\Real
2007-12-11 08:49:42 0 d-------- C:\Program Files\Real
2007-12-11 07:03:15 0 d-------- C:\Program Files\MSXML 6.0
2007-12-11 06:28:11 0 d-------- C:\Program Files\Windows Live
2007-12-11 04:47:36 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\WinRAR
2007-12-10 22:19:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-10 10:30:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-10 10:20:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-10 06:16:03 0 d-------- C:\Program Files\Microsoft LifeCam
2007-12-10 05:44:23 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-10 05:44:16 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\Mozilla
2007-12-10 04:43:35 0 d--h----- C:\Documents and Settings\B h a r a t\Application Data\GTek
2007-12-10 04:42:19 0 d-------- C:\Program Files\Dell Support
2007-12-10 03:44:17 0 d-------- C:\Program Files\eLitecore
2007-12-10 02:14:31 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-12-10 01:34:30 0 d-------- C:\Program Files\SigmaTel
2007-12-10 01:34:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-10 01:33:11 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-10 01:30:38 0 d-------- C:\Program Files\Dell
2007-12-10 00:54:30 0 d-------- C:\Documents and Settings\B h a r a t\Application Data\Identities
2007-12-10 00:48:54 0 d-------- C:\Program Files\Windows NT
2007-12-10 00:48:54 0 d-------- C:\Program Files\microsoft frontpage
2007-12-10 00:48:07 0 -rahs---- C:\MSDOS.SYS
2007-12-10 00:48:07 0 -rahs---- C:\IO.SYS
2007-12-10 00:48:07 0 --a------ C:\CONFIG.SYS
2007-12-10 00:48:07 0 --a------ C:\AUTOEXEC.BAT
2007-12-10 00:46:21 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-10 00:46:16 0 d-------- C:\Program Files\Online Services
2007-12-10 00:45:16 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-10 00:45:04 0 d-------- C:\Program Files\Movie Maker
2007-12-10 00:43:47 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-10 00:42:55 0 d-------- C:\Program Files\Microsoft Games
2007-12-10 00:41:28 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-10 00:41:24 0 d-------- C:\Program Files\Microsoft PowerToys
2007-12-10 00:41:23 0 d-------- C:\Program Files\HashTab Shell Extension
2007-12-10 00:41:21 0 d-------- C:\Program Files\Messenger
2007-12-09 16:34:40 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-09 16:34:36 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-09 16:34:02 62 --ahs---- C:\Documents and Settings\B h a r a t\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 05:20 PM C:\WINDOWS\stsystra.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 10:29 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [01/14/2007 11:41 AM]
"VX6000"="C:\WINDOWS\vVX6000.exe" [06/29/2006 03:55 PM]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [06/29/2006 03:54 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/30/2007 08:00 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [03/30/2007 07:59 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/11/2007 08:49 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\CAMTHINS.exe" [07/20/2006 05:25 AM]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [11/07/2007 03:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:26 AM]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [12/10/2007 10:12 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\B h a r a t\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [8/16/2007 2:07:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
24Online Client.lnk - C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe [1/6/2004 11:12:22 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
@=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{218994ac-a727-11dc-b66b-0015c51718f5}]
AutoRun\command- ntde1ect.com
explore\Command- ntde1ect.com
open\Command- ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d594374-b264-11dc-b6a9-0015c51718f5}]
AutoRun\command- ntde1ect.com
explore\Command- ntde1ect.com
open\Command- ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{916adc1a-a714-11dc-b669-c852667f7a4e}]
AutoRun\command- H:\ntde1ect.com
explore\Command- H:\ntde1ect.com
open\Command- H:\ntde1ect.com

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER



-- End of Deckard's System Scanner: finished at 2008-01-15 13:10:26 ------------


Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 502.37 MiB / 139.07 MiB
Pagefile Memory (total/avail): 1227.47 MiB / 497.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.59 MiB

C: is Fixed (NTFS) - 36.56 GiB total, 25.18 GiB free.
D: is Fixed (NTFS) - 36.56 GiB total, 7.08 GiB free.
E: is CDROM (No Media)
F: is Removable (FAT32)
G: is Removable (FAT32)
H: is Removable (FAT32)
I: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080BH - 73.13 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 36.56 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 36.56 GiB - D:

\\.\PHYSICALDRIVE4 - Portable Media Player USB Device - 1913.99 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 1927.94 MiB - I:

\\.\PHYSICALDRIVE3 - Portable Media Player USB Device - 1913.99 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 1927.94 MiB - H:

\\.\PHYSICALDRIVE2 - USB Flash Disk USB Device - 243.17 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 249.98 MiB - F:

\\.\PHYSICALDRIVE1 - USB2.0 Mobile Disk USB Device - 494.19 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 499.73 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\B h a r a t\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BHARAT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\B h a r a t
LOGONSERVER=\\BHARAT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BHARAT~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BHARAT~1\LOCALS~1\Temp
USERDOMAIN=BHARAT
USERNAME=B h a r a t
USERPROFILE=C:\Documents and Settings\B h a r a t
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

B h a r a t (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Camfrog Video Chat 4.0 (remove only) --> "C:\Program Files\Camfrog\Camfrog Video Chat\uninstall.exe"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Cyberoam Client for 24Online --> C:\WINDOWS\UnGins.exe "C:\Program Files\eLitecore\Cyberoam Client for 24Online\install.log"
Dell Support 3.2.1 --> MsiExec.exe /X{7A35F91E-1D16-454F-A248-B9B782A2327C}
HijackThis 2.0.2 --> "C:\Documents and Settings\B h a r a t\Desktop\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LeechGet 2007 Version 2.1 --> "C:\Program Files\LeechGet 2007\unins000.exe"
LimeWire PRO 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft LifeCam --> MsiExec.exe /X{4DEE75B1-B201-4DA3-A50F-007CDB00DA23}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_eng_web.exe
Nokia PC Suite --> MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
PaltalkScene --> "C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SUPER © Version 2007.bld.22 (Mar 14, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
WebcamMax --> "C:\Program Files\WebcamMax\uninst.exe"
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Vista Freecell Game --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VGmz1.inf,RemoveFreeGame
Windows Vista Games Main (uninstall last) --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VGmz.inf,RemoveMainFiles
Windows Vista Hearts Game --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VGmz2.inf,RemoveHeartsGame
Windows Vista Minesweeper Game --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VGmz3.inf,RemoveMinesweeperGame
Windows Vista Solitaire Game --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VGmz6.inf,RemoveSolitaireGame
Windows Vista Spider Solitaire Game --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VGmz7.inf,RemoveSpSolitaireGame
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type6378 / Success
Event Submitted/Written: 01/15/2008 08:13:00 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type6331 / Success
Event Submitted/Written: 01/15/2008 02:54:16 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type6268 / Success
Event Submitted/Written: 01/13/2008 11:15:06 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type6231 / Success
Event Submitted/Written: 01/12/2008 11:59:45 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type6152 / Success
Event Submitted/Written: 01/12/2008 10:51:17 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8299 / Warning
Event Submitted/Written: 01/15/2008 00:16:50 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8298 / Error
Event Submitted/Written: 01/15/2008 11:47:41 AM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer REJITH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C19D9DE2-DD61-4577.
The master browser is stopping or an election is being forced.

Event Record #/Type8289 / Warning
Event Submitted/Written: 01/15/2008 08:52:46 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8286 / Warning
Event Submitted/Written: 01/15/2008 07:54:37 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8282 / Warning
Event Submitted/Written: 01/15/2008 06:51:16 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-01-15 13:10:26 ------------
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm

Re: Please help...Here is hijackthis log

Unread postby gringo_pr » January 18th, 2008, 2:14 am

Hello neech

I have connected all of them while running the scanner
please keep them connected if possible some of the scripts we are useing are very specific and if you change ports they may not work

When i connect the usb drives to other computers
at this time I would addvise not to connect them to other computers



Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
Wait until it has finished scanning and then exit the program.
The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well.

we ran this earlier if you dont have it download it here

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
File:: 
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\amvo.exe 
C:\autorun.inf
C:\n1deiect.com
C:\nideiect.com  
D:\autorun.inf
D:\n1deiect.com
D:\nideiect.com  
E:\autorun.inf
E:\n1deiect.com
E:\nideiect.com  
F:\autorun.inf
F:\n1deiect.com
F:\nideiect.com  
G:\autorun.inf
G:\n1deiect.com
G:\nideiect.com  
H:\autorun.inf
H:\n1deiect.com
H:\nideiect.com  
I:\autorun.inf
I:\n1deiect.com
I:\nideiect.com 

Registry:: 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{218994ac-a727-11dc-b66b-0015c51718f5}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d594374-b264-11dc-b6a9-0015c51718f5}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{916adc1a-a714-11dc-b669-c852667f7a4e}]



Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall




: Run Panda Online Scan

Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- Save the log file to your desktop


send me the log from combofix
and the log from panda
and a new hijackthis log


Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Please help...Here is hijackthis log

Unread postby neech » January 18th, 2008, 4:09 pm

hey gringo
Please note that i was not able to run panda online scan as i have dialup connection

Here is the combofix log:
ComboFix 08-01-09.2 - B h a r a t 2008-01-18 12:00:06.11 - NTFSx86
Running from: C:\Documents and Settings\B h a r a t\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\B h a r a t\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\autorun.inf
C:\n1deiect.com
C:\nideiect.com
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo1.dll
D:\autorun.inf
D:\n1deiect.com
D:\nideiect.com
E:\autorun.inf
E:\n1deiect.com
E:\nideiect.com
F:\autorun.inf
F:\n1deiect.com
F:\nideiect.com
G:\autorun.inf
G:\n1deiect.com
G:\nideiect.com
H:\autorun.inf
H:\n1deiect.com
H:\nideiect.com
I:\autorun.inf
I:\n1deiect.com
I:\nideiect.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 07:37 . 2008-01-18 07:38 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-18 07:37 . 2008-01-18 07:37 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-18 07:36 . 2008-01-18 08:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-18 07:36 . 2008-01-18 11:44 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-18 07:36 . 2008-01-18 07:37 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-18 07:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 06:27 . 2008-01-18 06:27 <DIR> d-------- C:\Program Files\Live_TV
2008-01-18 06:25 . 2008-01-18 06:25 <DIR> d-------- C:\Program Files\RADIO_USA
2008-01-18 04:33 . 2008-01-18 04:33 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Grisoft
2008-01-18 04:33 . 2008-01-18 04:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-18 04:33 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-18 04:06 . 2008-01-18 04:06 0 --a------ C:\WINDOWS\PowerReg.dat
2008-01-18 04:04 . 2008-01-18 04:04 <DIR> d-------- C:\Program Files\NovaLogic
2008-01-18 04:03 . 2008-01-18 04:03 <DIR> d-------- C:\Documents and Settings\B h a r a t\WINDOWS
2008-01-18 04:03 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-12 02:19 . 2008-01-12 02:19 <DIR> d-------- C:\Program Files\Camfrog
2008-01-11 22:24 . 2008-01-11 22:24 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-01-11 22:24 . 2008-01-18 11:44 <DIR> d-------- C:\Program Files\Paltalk Messenger
2008-01-11 22:24 . 2008-01-18 11:44 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Paltalk
2008-01-11 22:15 . 2004-05-11 08:14 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-01-11 22:15 . 2006-05-11 18:32 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-01-11 22:15 . 2006-12-12 14:15 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2008-01-11 22:15 . 2006-11-12 13:44 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2008-01-11 22:15 . 2005-11-10 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-01-11 22:15 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-01-11 22:15 . 2004-01-03 00:08 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-01-11 22:15 . 2004-01-03 00:08 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-01-11 22:15 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-01-11 22:15 . 2005-07-11 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-01-11 02:09 . 2008-01-11 02:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-09 22:36 . 2008-01-09 22:36 <DIR> d-------- C:\Program Files\Broadcom
2008-01-09 22:36 . 2006-11-21 04:25 45,568 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2008-01-09 11:19 . 2007-10-30 09:20 360,064 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-01-09 08:43 . 2004-07-13 20:16 139,264 --a------ C:\WINDOWS\system32\UStorSrv.exe
2008-01-09 08:43 . 2004-07-26 02:34 139,264 --a------ C:\WINDOWS\system32\OPDSL.DLL
2008-01-05 23:32 . 2008-01-05 23:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-05 02:12 . 2008-01-05 02:12 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-01-05 01:45 . 2008-01-05 01:45 <DIR> d-------- C:\Program Files\eRightSoft
2008-01-04 03:13 . 2008-01-04 03:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 05:35 . 2007-12-28 05:35 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\PrevxCSI
2007-12-28 05:35 . 2007-12-28 05:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-26 04:48 . 2007-12-26 04:48 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Nokia Multimedia Player
2007-12-25 09:53 . 2007-12-25 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-25 09:52 . 2007-12-25 09:53 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-23 13:40 . 2008-01-18 06:40 <DIR> d-------- C:\Documents and Settings\B h a r a t\Shared
2007-12-23 13:40 . 2008-01-18 12:03 <DIR> d-------- C:\Documents and Settings\B h a r a t\Incomplete
2007-12-23 13:39 . 2007-12-23 13:39 <DIR> d-------- C:\Program Files\LimeWire
2007-12-23 13:39 . 2008-01-18 11:47 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\LimeWire
2007-12-22 01:48 . 2007-12-22 01:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-22 01:46 . 2008-01-06 05:10 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Nokia
2007-12-22 01:46 . 2007-12-22 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Nokia
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-22 01:45 . 2007-12-22 01:45 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-12-22 01:45 . 2007-12-22 08:12 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\PC Suite
2007-12-22 01:44 . 2007-12-22 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-12-21 03:25 . 2007-12-21 03:26 <DIR> d-------- C:\TALLYNL
2007-12-20 02:34 . 2008-01-10 11:22 <DIR> d-------- C:\Documents and Settings\B h a r a t\Application Data\Camfrog
2007-12-19 14:12 . 2007-12-19 14:12 <DIR> d-------- C:\WINDOWS\Sun
2007-12-19 04:08 . 2008-01-11 03:22 <DIR> d-------- C:\Program Files\WebcamMax
2007-12-18 05:31 . 2007-12-18 05:31 <DIR> d-------- C:\Program Files\LeechGet 2007

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 13:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-22 09:46 --------- d-----w C:\Program Files\DIFX
2007-12-18 07:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-16 08:28 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-16 08:28 --------- d-----w C:\Program Files\Ahead
2007-12-15 06:35 --------- d-----w C:\Program Files\iolo
2007-12-14 11:01 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-13 18:15 --------- d-----w C:\Program Files\Java
2007-12-13 16:46 --------- d-----w C:\Program Files\Common Files\Java
2007-12-11 18:03 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-11 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-11 17:27 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-11 17:27 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-11 17:27 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-11 17:27 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-11 17:27 --------- d-----w C:\Program Files\Symantec
2007-12-11 16:49 --------- d-----w C:\Program Files\Real
2007-12-11 16:49 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-11 16:49 --------- d-----w C:\Program Files\Common Files\Real
2007-12-11 15:03 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-11 14:28 --------- d-----w C:\Program Files\Windows Live
2007-12-11 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-10 18:20 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-10 14:16 --------- d-----w C:\Program Files\Microsoft LifeCam
2007-12-10 12:43 --------- d--h--w C:\Documents and Settings\B h a r a t\Application Data\GTek
2007-12-10 12:43 --------- d-----w C:\Documents and Settings\Default User\Application Data\Gtek
2007-12-10 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-12-10 12:42 --------- d-----w C:\Program Files\Dell Support
2007-12-10 11:44 --------- d-----w C:\Program Files\eLitecore
2007-12-10 10:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-10 09:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-10 09:34 --------- d-----w C:\Program Files\SigmaTel
2007-12-10 09:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-10 09:31 5 ----a-w C:\WINDOWS\system32\drivers\DELL__.MRK
2007-12-10 09:31 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL__.MRK
2007-12-10 09:30 --------- d-----w C:\Program Files\Dell
2007-12-10 08:48 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-10 08:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-10 08:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 08:41 --------- d-----w C:\Program Files\Microsoft PowerToys
2007-12-10 08:41 --------- d-----w C:\Program Files\HashTab Shell Extension
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 17:20 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-10-31 03:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-31 03:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 19:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-18_ 7.21.48.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-24 16:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
- 2008-01-18 15:17:47 319,488 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 19:59:54 319,488 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 15:17:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 19:59:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 15:17:47 319,488 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 19:59:54 319,488 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 15:17:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 19:59:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 15:17:48 4,616,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 19:59:55 4,616,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-18 15:17:48 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 19:59:55 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-03-29 17:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-06 00:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 22:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 19:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 21:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2007-11-12 17:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
+ 2006-02-17 02:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-26 02:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 19:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 23:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 21:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 18:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 21:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-17 02:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-06 00:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2007-06-04 19:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 22:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 22:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2007-10-30 18:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
+ 2006-08-01 21:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2007-11-21 18:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-10-31 21:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 19:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 19:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 16:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 22:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 18:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 18:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-21 00:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 17:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 18:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 22:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 22:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 21:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 16:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 16:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-10-18 17:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll
+ 2007-11-23 22:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll
+ 2007-10-18 17:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll
+ 2007-10-30 19:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 16:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll
+ 2007-11-12 23:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
+ 2007-08-22 16:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 16:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll
+ 2007-10-04 23:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 19:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll
+ 2007-05-24 19:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
+ 2007-04-19 01:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 22:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 2007-06-08 17:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 18:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys
+ 1997-09-18 14:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-03-01 01:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2007-09-17 17:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll
+ 2006-08-02 20:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
+ 2003-03-26 02:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 10:26 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 339968 C:\WINDOWS\stsystra.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 10:29 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 11:41 771704]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-06-29 15:55 994096]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 15:54 269104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 20:00 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 19:59 138008]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-11 08:49 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\CAMTHINS.exe" [2006-07-20 05:25 73728]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\B h a r a t\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-08-16 14:07:08]

R0 ENO;ENO;C:\WINDOWS\system32\drivers\ENO.sys [2003-10-22 12:57]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2006-07-02 22:39]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-29 15:54]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 12:11]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 12:11]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-06-29 15:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4109f6e7-ae24-11dc-b696-0015c51718f5}]
\Shell\AutoRun\command - F:\uxdeiect.com
\Shell\explore\Command - F:\uxdeiect.com
\Shell\open\Command - F:\uxdeiect.com

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2007-12-10 10:32:46 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - B h a r a t.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 12:03:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 12:05:07
ComboFix-quarantined-files.txt 2008-01-18 20:04:57
ComboFix2.txt 2008-01-18 15:22:05
.
2008-01-09 23:09:47 --- E O F ---


Here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49, on 2008-01-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\LeechGet 2007\LeechGet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\B h a r a t\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C19D9DE2-DD61-4577-9B1A-0648D1B03F44}: NameServer = 172.16.77.254
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8145 bytes
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm

Re: Please help...Here is hijackthis log

Unread postby gringo_pr » January 20th, 2008, 4:11 pm

Hello neech

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
File:: 
C:\uxdeiect.com
D:\uxdeiect.com
E:\uxdeiect.com
F:\uxdeiect.com
G:\uxdeiect.com
H:\uxdeiect.com
I:\uxdeiect.com

driver::
LEGACY_SEWFXCU 

Registry:: 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4109f6e7-ae24-11dc-b696-0015c51718f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = 01
"ShowSuperHidden" = 01
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue" = 01
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"amva" =-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEWFXCU]



Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Download and run Sysclean
  • Create a folder on your desktop called Sysclean.
  • Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
  • Go to http://www.trendmicro.com/download/pattern.asp and download the Virus Pattern File (Official Pattern Release) to your desktop.
    This file will be called lptXXX.zip (XXX represents the version number)
  • Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX. Read here how to unzip/extract properly.
  • Move the lpt$vpn.XXX to the Sysclean-folder you created on your desktop.
  • Open the sysclean-folder and doubleclick sysclean.com.
  • Check: "Automatically clean or delete detected files".
  • Click scan.
Open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.

you didn't say if you ran flashdisinfecter?

send me the log from combofix
and send me the log from sysclean.log
let me have a new hijackthis log also

gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Please help...Here is hijackthis log

Unread postby neech » January 22nd, 2008, 3:30 pm

SORRY I HAVE A PROBLEM...MY COMBOFIX VERSION HAS EXPIRED AND I AM UNABLE TO DOWNLOAD NEW VERSION FROM FOROSPYWARE OR SUB.GEEKSTOGO....THEY HAVE BOTH SERVER ERRORS...WHERE I CAN GET LATEST COMBOFIX DOWNLOAD?
neech
Regular Member
 
Posts: 24
Joined: December 12th, 2007, 5:44 pm

Re: Please help...Here is hijackthis log

Unread postby gringo_pr » January 22nd, 2008, 5:30 pm

try these


Link 1
Link 2
Link 3


gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware