Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 5.7.2009 / 01:10
Search:        In English   Suomeksi   Pĺ svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > bit defender trojan detected hijack log
Show topics
 
Forums
Forums
Bit Defender Trojan Detected Hijack Log
  Jump to:
 
Posted Message
Page:12Next >
gotrice8
Newbie
_ 		11. March 2008 @ 02:37 _ Link to this message    Send private message to this user   
Trojan clicker detected in opera by bit defender can't delete. On a desktop computer at home. I don't know if you guys need any extra information but heres the log. If you need more just reply thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:28 AM, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\NewsLeecher\newsLeecher.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6344 bytes
[ + quote]
Advertisement
_ 		__
Ltangel
Member
_ 		13. March 2008 @ 00:25 _ Link to this message    Send private message to this user   
Can you post the Bitdefender log as well? Thanks. :)

~Ltangel~
[ + quote]
Windows and system security is my priority.
gotrice8
Newbie
_ 		13. March 2008 @ 19:06 _ Link to this message    Send private message to this user   
BitDefender Log File !!!!!
Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 09:08:05 13/03/2008
Log path : C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1205413685_1_01.xml

Scan Paths:Path0000: C:\
Path0001: F:\


Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes


Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 988393
Archive plugins : 41
Email plugins : 6
Scan plugins : 12
Archive plugins : 41
System plugins : 4
Unpack plugins : 7


Overall scan summaryScanned items : 383237
Infected items : 3
Suspicious items : 0
Resolved items : 14
Individual viruses found : 1
Scanned directories : 10113
Scanned boot sectors : 4
Scanned archives : 5948
Input-output errors : 32
Scan time : 00:02:02:14
Files per second : 52


Scanned processes summaryScanned : 35
Infected : 0


Scanned registry keys summaryScanned : 336
Infected : 0


Scanned cookies summaryScanned : 0
Infected : 0


Remaining issues:Object Name Threat Name Final Status


Resolved issues:Object Name Threat Name Final Status
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\unicows.dll.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\saext.dll.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\pvreadme.htm.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\ppvwintl.dll.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\pptview.exe.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\playlist.txt.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\play.bat.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\intldate.dll.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\How To Motivate Your Employees.ppt.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\gdiplus.dll.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\AUTORUN.INF.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\Application Data\PnkBstrK.sys Trojan.Peed.Gen Deleted
C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP648\A0153205.sys Trojan.Peed.Gen Deleted
C:\WINDOWS\system32\drivers\PnkBstrK.sys Trojan.Peed.Gen Deleted


Objects that were not scanned:Object Name Reason Final Status


PS I seem to have a folder called How To.. and I am unable to delete it. It seems all the viruses are in there.
[ + quote]
Ltangel
Member
_ 		14. March 2008 @ 03:21 _ Link to this message    Send private message to this user   
Hey gotrice8,

Please remove the current HijackThis you have from Add or Remove Programs in Control Panel.

* Click here to download HJTsetup.exe

* Save HJTsetup.exe to your desktop.
* Double-click on the HJTsetup.exe icon on your desktop.
* By default it will install to C:\Program Files\Hijack This.
* Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
* Put a check by Create a desktop icon then click Next again.
* Continue to follow the rest of the prompts from there.
* At the final dialogue box click Finish and it will launch Hijack This.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
* Come back here to this thread and Paste the log in your next reply.

NB: DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

-------------------------------------------------------------------
Scan with RKR

Please download RootKitRevealer from here:
http://www.sysinternals.com/files/rootkitrevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.

Next reply (please include):

Fresh HijackThis log
RootkitRevealer log

Go!

~Ltangel~


[ + quote]
Windows and system security is my priority.
gotrice8
Newbie
_ 		14. March 2008 @ 15:07 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:41 AM, on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NewsLeecher\newsLeecher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205258109281
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205257778265
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6749 bytes


BitDefender Log File !!!!!
Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 09:08:05 13/03/2008
Log path : C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1205413685_1_01.xml

Scan Paths:Path0000: C:\
Path0001: F:\


Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes


Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 988393
Archive plugins : 41
Email plugins : 6
Scan plugins : 12
Archive plugins : 41
System plugins : 4
Unpack plugins : 7


Overall scan summaryScanned items : 383237
Infected items : 3
Suspicious items : 0
Resolved items : 14
Individual viruses found : 1
Scanned directories : 10113
Scanned boot sectors : 4
Scanned archives : 5948
Input-output errors : 32
Scan time : 00:02:02:14
Files per second : 52


Scanned processes summaryScanned : 35
Infected : 0


Scanned registry keys summaryScanned : 336
Infected : 0


Scanned cookies summaryScanned : 0
Infected : 0


Remaining issues:Object Name Threat Name Final Status


Resolved issues:Object Name Threat Name Final Status
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\unicows.dll.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\saext.dll.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\pvreadme.htm.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\ppvwintl.dll.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\pptview.exe.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\playlist.txt.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\play.bat.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\intldate.dll.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\How To Motivate Your Employees.ppt.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\gdiplus.dll.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\AUTORUN.INF.bd.ren Rootkit-Hidden Items Renamed
C:\Documents and Settings\Tuan Nguyen\Application Data\PnkBstrK.sys Trojan.Peed.Gen Deleted
C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP648\A0153205.sys Trojan.Peed.Gen Deleted
C:\WINDOWS\system32\drivers\PnkBstrK.sys Trojan.Peed.Gen Deleted


Objects that were not scanned:Object Name Reason Final Status


Thank you for the help.
[ + quote]
Ltangel
Member
_ 		15. March 2008 @ 23:51 _ Link to this message    Send private message to this user   
Hey gotrice8, you've posted the Bitdefender log again but missed out the Rootkit revealer log. Can you post the RootkitRevealer log for me to see? Thanks. :)

~~Ltangel~
[ + quote]
Windows and system security is my priority.
gotrice8
Newbie
_ 		16. March 2008 @ 12:12 _ Link to this message    Send private message to this user   
HKU\S-1-5-21-1659004503-1532298954-839522115-1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 12/23/2007 12:12 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAC* 10/21/2006 1:16 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 10/21/2006 1:16 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg 11/11/2007 5:29 AM 0 bytes Access is denied.
C:\Documents and Settings\Tuan Nguyen\Local Settings\Temporary Internet Files\Content.IE5\2VMZZ1J9\videoByTag[4].xml 3/14/2008 9:38 AM 3.87 KB Hidden from Windows API.
C:\Documents and Settings\Tuan Nguyen\Local Settings\Temporary Internet Files\Content.IE5\2VMZZ1J9\videoByTag[6].xml 3/14/2008 8:56 AM 3.76 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\AUTORUN.INF.bd.ren.bd.ren 3/13/2008 9:08 AM 45 bytes Hidden from Windows API.
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\gdiplus.dll.bd.ren.bd.ren 3/13/2008 9:08 AM 1.69 MB Hidden from Windows API.
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\How To Motivate Your Employees.ppt.bd.ren.bd.ren 3/13/2008 9:08 AM 875.50 KB Hidden from Windows API.
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\intldate.dll.bd.ren.bd.ren 3/13/2008 9:08 AM 63.20 KB Hidden from Windows API.
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\play.bat.bd.ren.bd.ren 3/13/2008 9:08 AM 30 bytes Hidden from Windows API.
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\playlist.txt.bd.ren.bd.ren 3/13/2008 9:08 AM 34 bytes Hidden from Windows API.
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\pptview.exe.bd.ren.bd.ren 3/13/2008 9:08 AM 1.60 MB Hidden from Windows API.
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\ppvwintl.dll.bd.ren.bd.ren 3/13/2008 9:08 AM 125.70 KB Hidden from Windows API.
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\pvreadme.htm.bd.ren.bd.ren 3/13/2008 9:08 AM 4.09 KB Hidden from Windows API.
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\saext.dll.bd.ren.bd.ren 3/13/2008 9:08 AM 206.55 KB Hidden from Windows API.
C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..\unicows.dll.bd.ren.bd.ren 3/13/2008 9:08 AM 240.65 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976 3/14/2008 6:16 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\aphblack.cas 3/6/2008 7:31 PM 263.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\aphblack.ias 3/14/2008 6:16 AM 165.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\aphwhite.cas 12/17/2007 7:44 PM 55.38 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\aphwhite.ias 3/7/2008 1:45 PM 182 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2_adg.slf 3/14/2008 6:16 AM 60.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2_adn.slf 3/14/2008 6:16 AM 33.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2_bgu.slf 3/14/2008 6:16 AM 36.87 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2_fun.slf 3/12/2008 4:16 PM 15.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2_ipx.slf 3/14/2008 6:16 AM 72.15 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2_mdo.slf 3/13/2008 6:47 PM 42.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2_nmd.slf 3/13/2008 6:47 PM 58.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2_vda.slf 3/14/2008 6:16 AM 28.26 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2himgdb.dat 2/26/2008 12:36 PM 68.86 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2more.slf 2/8/2008 7:48 AM 57.19 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2nn.slf 3/11/2008 8:46 AM 64.22 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2nndata.dat 12/17/2007 8:07 PM 601.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2sign.slf 3/13/2008 6:47 PM 1008.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2std.slf 2/28/2008 1:20 PM 57.45 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\as2wl.slf 3/7/2008 1:45 PM 2.54 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\asnnmap.dat 12/17/2007 8:07 PM 11.25 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\aspdict.dat 12/17/2007 8:07 PM 4.44 MB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\asversion.txt 3/14/2008 6:16 AM 5 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\bayescsf.dat 7/9/2007 6:18 PM 10.71 MB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\pcdic.dat 12/19/2007 10:22 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\prlblk.cas 2/5/2008 6:01 PM 316 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\prlwht.cas 2/21/2008 6:32 PM 2.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9976\spoofcsf.dat 3/7/2008 1:45 PM 1.80 MB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978 3/14/2008 9:17 AM 0 bytes Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\aphblack.cas 3/6/2008 7:31 PM 263.85 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\aphblack.ias 3/14/2008 9:17 AM 166.44 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\aphwhite.cas 12/19/2007 10:21 PM 55.38 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\aphwhite.ias 3/7/2008 1:45 PM 182 bytes Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2_adg.slf 3/14/2008 8:17 AM 61.37 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2_adn.slf 3/14/2008 6:16 AM 33.88 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2_bgu.slf 3/14/2008 8:17 AM 36.87 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2_fun.slf 3/12/2008 4:16 PM 15.17 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2_ipx.slf 3/14/2008 8:17 AM 73.31 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2_mdo.slf 3/13/2008 6:47 PM 42.82 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2_nmd.slf 3/13/2008 6:47 PM 58.33 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2_vda.slf 3/14/2008 6:16 AM 28.26 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2himgdb.dat 2/26/2008 12:36 PM 68.86 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2more.slf 2/8/2008 7:48 AM 57.19 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2nn.slf 3/11/2008 8:46 AM 64.22 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2nndata.dat 12/19/2007 10:21 PM 601.33 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2sign.slf 3/14/2008 8:17 AM 1010.26 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2std.slf 2/28/2008 1:20 PM 57.45 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\as2wl.slf 3/7/2008 1:45 PM 2.54 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\asnnmap.dat 12/19/2007 10:21 PM 11.25 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\aspdict.dat 12/19/2007 10:21 PM 4.44 MB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\asversion.txt 3/14/2008 9:17 AM 5 bytes Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\bayescsf.dat 12/19/2007 10:21 PM 10.71 MB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\pcdic.dat 12/19/2007 10:22 PM 0 bytes Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\prlblk.cas 2/5/2008 6:01 PM 316 bytes Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\prlwht.cas 2/21/2008 6:32 PM 2.90 KB Hidden from Windows API.
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9978\spoofcsf.dat 3/7/2008 1:45 PM 1.80 MB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662 3/14/2008 7:16 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\avxdisk.dll 6/15/2007 1:52 PM 52.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\avxs.dll 1/14/2002 2:49 PM 10.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\avxt.dll 1/14/2002 2:49 PM 26.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\bdc.exe 10/28/2006 11:06 PM 90.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\bdc.ini 6/11/2007 12:18 PM 478 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\bdcore.dll 11/6/2007 2:53 PM 92.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\bdupd.dll 9/3/2005 11:28 AM 76.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\libfn.dll 6/13/2007 1:02 AM 174.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins 3/14/2008 7:16 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\plugins.htm 3/14/2008 7:17 AM 3.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\7zip.xmd 12/15/2007 2:34 AM 39.79 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\access.xmd 9/24/2007 12:06 AM 3.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\ace.xmd 7/26/2007 8:01 PM 8.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\adsntfs.xmd 3/12/2008 10:14 AM 3.30 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\alz.xmd 6/8/2007 9:31 PM 18.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\arc.xmd 9/5/2007 2:29 PM 3.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\arj.xmd 9/18/2007 5:26 PM 6.14 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\aspy_emu.cvd 3/7/2008 3:15 PM 99.87 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\bach.xmd 6/7/2007 1:04 AM 7.51 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\boot.xmd 5/10/2006 1:18 PM 2.03 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\bzip2.xmd 12/13/2007 2:40 PM 18.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\cab.xmd 3/6/2008 7:31 PM 14.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\ceva_dll.cvd 3/7/2008 1:45 PM 116.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\ceva_emu.cvd 3/9/2008 4:17 PM 127.55 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\ceva_vfs.cvd 3/12/2008 5:16 PM 387.30 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\ceva_vfs.ivd 3/12/2008 5:16 PM 12 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\cevakrnl.cvd 9/27/2006 11:51 AM 350.32 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\cevakrnl.ivd 3/14/2008 7:16 AM 98.98 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\cevakrnl.rvd 3/12/2008 5:16 PM 387.45 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\cevakrnl.xmd 3/13/2008 6:47 PM 182.32 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\chm.xmd 8/8/2007 6:59 PM 12.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\cookie.cvd 9/27/2006 11:51 AM 6.47 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\cookie.xmd 9/27/2006 11:51 AM 2.11 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\cpio.xmd 12/8/2007 1:00 PM 3.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\cran.cvd 9/4/2007 8:05 PM 288.42 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\cran.ivd 3/14/2008 5:16 AM 91.95 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\dbx.xmd 10/22/2007 8:17 PM 1.31 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\docfile.xmd 12/20/2007 7:22 PM 10.62 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.cvd 11/3/2006 2:00 AM 294.76 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i01 3/14/2008 7:16 AM 57.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i02 2/26/2008 1:05 PM 55.87 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i03 3/4/2008 10:04 AM 49.98 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i04 3/14/2008 7:16 AM 49.40 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i05 2/26/2008 6:06 PM 54.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i06 2/26/2008 6:06 PM 54.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i07 2/26/2008 1:05 PM 48.46 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i08 3/6/2008 7:31 PM 33.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i09 2/27/2008 2:50 PM 26.26 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i10 3/14/2008 7:16 AM 30.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i11 12/17/2007 6:53 PM 30.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i12 2/26/2008 1:05 PM 30.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i13 2/6/2008 4:53 PM 28.44 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i14 2/22/2008 5:03 PM 19.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i15 3/10/2008 4:18 PM 32.03 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i16 3/13/2008 6:47 PM 21.97 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i17 3/4/2008 4:30 PM 29.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i18 3/14/2008 7:16 AM 9.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i19 12/17/2007 6:53 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i20 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i21 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i22 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i23 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i24 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i25 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i26 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i27 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i28 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i29 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i30 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i31 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i32 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i33 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i34 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i35 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i36 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i37 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i38 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i39 2/28/2008 12:20 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i40 3/13/2008 6:47 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i41 3/13/2008 6:47 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i42 3/13/2008 6:47 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i43 3/13/2008 6:47 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i44 3/13/2008 6:47 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i45 3/13/2008 6:47 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i46 3/13/2008 6:47 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i47 3/13/2008 6:47 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i48 3/13/2008 6:47 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.i49 3/13/2008 6:47 PM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\e_spyw.ivd 2/6/2008 4:53 PM 57.06 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.001 3/7/2008 5:00 AM 29.51 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.002 3/10/2008 4:18 PM 30.92 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.003 3/10/2008 5:18 PM 30.44 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.004 3/10/2008 6:18 PM 29.60 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.005 3/12/2008 9:14 AM 29.35 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.006 3/10/2008 10:18 PM 29.34 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.007 3/12/2008 2:14 AM 29.36 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.008 3/12/2008 5:16 PM 33.94 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.009 3/12/2008 8:16 PM 34.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.010 3/13/2008 9:16 PM 30.15 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.011 3/13/2008 9:13 AM 38.64 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.012 3/13/2008 9:16 PM 33.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.013 3/13/2008 10:16 PM 32.79 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.014 3/14/2008 2:16 AM 30.06 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.015 3/14/2008 7:16 AM 16.22 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.016 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.017 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.018 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.019 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.020 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.021 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.022 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.023 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.024 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.025 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.026 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.027 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.028 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.029 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.030 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.031 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.032 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.033 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.034 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.035 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.036 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.037 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.038 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.039 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.040 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.041 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.042 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.043 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.044 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.045 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.046 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.047 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.048 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.049 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.050 3/7/2008 5:00 AM 62 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.cvd 7/18/2007 6:46 PM 6.20 MB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i01 12/17/2007 7:55 PM 29.45 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i02 1/7/2008 8:56 AM 33.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i03 12/17/2007 7:55 PM 25.19 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i04 12/17/2007 7:55 PM 26.22 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i05 12/17/2007 7:55 PM 25.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i06 12/19/2007 10:34 PM 30.40 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i07 1/10/2008 10:21 AM 32.65 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i08 2/12/2008 5:52 AM 30.49 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i09 12/17/2007 7:55 PM 25.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i10 12/17/2007 7:55 PM 33.67 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i11 12/17/2007 7:55 PM 31.32 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i12 12/17/2007 7:55 PM 31.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i13 2/21/2008 6:32 PM 29.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i14 12/17/2007 7:55 PM 28.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i15 2/11/2008 2:11 AM 29.91 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i16 12/17/2007 7:55 PM 27.51 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i17 2/21/2008 6:32 PM 30.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i18 12/17/2007 7:55 PM 27.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i19 12/17/2007 7:55 PM 30.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i20 3/7/2008 1:45 PM 30.55 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i21 12/17/2007 7:55 PM 29.91 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i22 12/17/2007 7:55 PM 33.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i23 12/17/2007 7:55 PM 29.40 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i24 2/21/2008 6:32 PM 30.22 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i25 12/17/2007 7:55 PM 25.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i26 12/17/2007 7:55 PM 27.42 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i27 2/7/2008 10:10 AM 28.47 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i28 12/17/2007 7:55 PM 31.76 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i29 12/17/2007 7:55 PM 29.56 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i30 12/17/2007 7:55 PM 25.26 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i31 12/17/2007 7:55 PM 26.92 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i32 12/17/2007 7:55 PM 28.65 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i33 12/17/2007 7:55 PM 29.46 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i34 12/17/2007 7:55 PM 29.40 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i35 12/17/2007 7:55 PM 31.91 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i36 12/17/2007 7:55 PM 32.87 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i37 12/17/2007 7:55 PM 30.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i38 2/21/2008 6:32 PM 29.98 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i39 12/17/2007 7:55 PM 31.10 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i40 12/17/2007 7:55 PM 29.67 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i41 12/17/2007 7:55 PM 28.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i42 2/20/2008 8:08 PM 32.21 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i43 2/22/2008 10:33 AM 28.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i44 12/27/2007 1:25 PM 29.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i45 12/17/2007 7:55 PM 28.77 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i46 12/17/2007 7:55 PM 26.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i47 12/17/2007 7:55 PM 31.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i48 12/17/2007 7:55 PM 30.56 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i49 12/17/2007 7:55 PM 27.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i50 12/17/2007 7:55 PM 26.02 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i51 12/17/2007 7:55 PM 30.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i52 2/21/2008 6:32 PM 28.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i53 12/17/2007 7:55 PM 28.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i54 2/22/2008 8:33 AM 21.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i55 12/17/2007 7:55 PM 28.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i56 12/17/2007 7:55 PM 25.64 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i57 2/20/2008 8:08 PM 29.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i58 12/17/2007 7:55 PM 32.22 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i59 12/17/2007 7:55 PM 29.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i60 12/17/2007 7:55 PM 28.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i61 12/17/2007 7:55 PM 25.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i62 2/21/2008 6:32 PM 30.32 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i63 2/22/2008 4:03 PM 25.31 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i64 12/17/2007 7:55 PM 25.39 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i65 12/27/2007 1:25 PM 27.26 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i66 12/17/2007 7:55 PM 29.51 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i67 12/17/2007 7:55 PM 32.46 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i68 12/17/2007 7:55 PM 34.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i69 12/17/2007 7:55 PM 32.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i70 3/7/2008 1:45 PM 31.73 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i71 1/25/2008 10:34 AM 28.39 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i72 12/17/2007 7:55 PM 31.74 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i73 1/24/2008 7:26 PM 29.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i74 1/18/2008 4:48 AM 31.32 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i75 12/17/2007 7:55 PM 32.54 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i76 12/17/2007 7:55 PM 32.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i77 12/17/2007 7:55 PM 33.40 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i78 12/17/2007 7:55 PM 35.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i79 12/17/2007 7:55 PM 34.02 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i80 2/26/2008 2:35 AM 30.73 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i81 3/13/2008 6:47 PM 32.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i82 12/17/2007 7:55 PM 30.81 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i83 3/11/2008 8:46 AM 33.25 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i84 12/17/2007 7:55 PM 29.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i85 12/17/2007 7:55 PM 30.65 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i86 2/21/2008 6:32 PM 32.21 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i87 2/28/2008 3:21 PM 29.45 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i88 12/17/2007 7:55 PM 32.56 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i89 12/17/2007 7:55 PM 31.47 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i90 12/17/2007 7:55 PM 29.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i91 12/17/2007 7:55 PM 29.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i92 2/20/2008 4:08 PM 32.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i93 2/21/2008 10:09 AM 29.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i94 12/19/2007 10:34 PM 32.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i95 2/26/2008 12:36 PM 31.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i96 12/19/2007 10:34 PM 31.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i97 12/17/2007 7:55 PM 34.10 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i98 2/21/2008 6:32 PM 33.78 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.i99 3/6/2008 9:28 AM 30.06 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\emalware.ivd 3/7/2008 5:00 AM 31.43 KB Visible in Windows API, but not in MFT or directory index.
[ + quote]
gotrice8
Newbie
_ 		16. March 2008 @ 12:25 _ Link to this message    Send private message to this user   
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\epoc.xmd 12/13/2007 2:40 PM 2.74 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\gvmscripts.cvd 2/21/2008 6:32 PM 119.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\gzip.xmd 12/13/2007 2:40 PM 3.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\ha.xmd 6/7/2007 1:08 AM 8.10 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\hlp.xmd 9/18/2007 5:26 PM 3.45 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\hpe.cvd 9/27/2006 11:51 AM 4.56 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\hqx.xmd 3/10/2008 4:18 PM 1.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\html.xmd 2/18/2008 3:06 PM 18.51 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\imp.xmd 6/7/2007 1:08 AM 7.40 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\inno.xmd 6/7/2007 1:08 AM 1.15 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\instyler.xmd 1/17/2008 7:29 PM 20.87 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\iso.xmd 2/29/2008 11:11 PM 36.55 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\java.cvd 10/31/2006 2:00 AM 3.23 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\java.xmd 6/7/2007 1:09 AM 9.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\jpeg.xmd 2/21/2008 6:32 PM 4.68 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\lha.xmd 6/7/2007 1:09 AM 10.86 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\lnk.xmd 6/11/2007 1:20 PM 930 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mbox.xmd 12/13/2007 2:40 PM 2.10 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mbx.xmd 6/7/2007 1:09 AM 833 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mdx.xmd 3/7/2008 3:15 PM 44.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mdx_97.cvd 9/27/2006 11:51 AM 336.81 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mdx_97.ivd 3/3/2008 9:03 AM 168.19 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mdx_w95.cvd 10/1/2007 5:40 PM 58.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mdx_x95.cvd 9/27/2006 11:51 AM 9.42 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mdx_xf.cvd 11/14/2006 2:00 AM 1.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mime.xmd 12/13/2007 2:40 PM 6.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mobmalware.cvd 1/25/2008 4:35 PM 5.54 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mobmalware.xmd 6/7/2007 1:09 AM 6.70 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\mso.xmd 12/13/2007 2:40 PM 2.03 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\na.cvd 9/27/2006 11:51 AM 205 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\nelf.cvd 1/31/2008 7:26 PM 17.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\nelf.xmd 6/7/2007 1:10 AM 3.14 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\nsis.xmd 11/20/2007 12:22 PM 14.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\objd.xmd 6/7/2007 1:10 AM 1.06 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\orice.rvd 11/7/2007 7:24 PM 52.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\pdf.xmd 6/7/2007 1:10 AM 12.45 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\proc.xmd 12/13/2007 2:40 PM 4.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\pst.xmd 3/13/2008 6:47 PM 6.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\rar.xmd 11/13/2007 8:31 PM 43.81 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\regarch.cvd 9/27/2006 11:51 AM 203 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\regarch.xmd 12/10/2007 1:38 PM 13.38 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\regscan.cvd 4/20/2007 1:00 AM 14.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\regscan.xmd 7/21/2007 1:15 AM 406 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\rpm.xmd 9/14/2007 7:14 PM 1.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\rtf.xmd 6/7/2007 1:10 AM 2.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\rup.cvd 9/27/2006 11:51 AM 1.86 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\rup.xmd 6/7/2007 1:10 AM 1.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\sdx.cvd 9/27/2006 11:51 AM 186.62 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\sdx.ivd 3/5/2008 1:00 AM 81.91 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\sdx.xmd 10/12/2007 10:38 PM 10.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\sfx.xmd 2/6/2008 4:24 PM 12.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\swf.xmd 6/7/2007 1:11 AM 10.30 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\tar.xmd 12/13/2007 2:40 PM 3.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\td0.xmd 6/7/2007 1:11 AM 2.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\thebat.xmd 12/13/2007 2:40 PM 1.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\tnef.xmd 6/7/2007 1:11 AM 925 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\unpack.cvd 1/30/2008 3:09 PM 188.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\unpack.ivd 3/2/2008 5:33 AM 148.42 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\unpack.xmd 12/13/2007 2:40 PM 44.60 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\update.txt 3/14/2008 7:16 AM 110 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\uudecode.xmd 9/14/2007 7:14 PM 1.94 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\ve.cvd 8/22/2007 6:53 PM 48.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\ve.ivd 8/22/2007 6:53 PM 48 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\ve.xmd 11/28/2007 2:53 PM 77.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\vedata.cvd 9/27/2006 11:51 AM 688 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\viza.xmd 9/14/2007 7:14 PM 12.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\wise.xmd 10/4/2007 3:36 PM 3.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\xcookies.xmd 12/13/2007 2:40 PM 1.52 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\xishield.xmd 6/7/2007 1:15 AM 1.26 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\xlmrd.cvd 8/29/2007 3:55 PM 3.78 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\xlmrd.ivd 8/29/2007 3:55 PM 9.97 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\z.xmd 9/14/2007 7:14 PM 1.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\zip.xmd 12/5/2007 1:48 AM 18.49 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4662\Plugins\zoo.xmd 6/7/2007 1:15 AM 3.59 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664 3/14/2008 9:17 AM 0 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\avxdisk.dll 1/23/2008 1:46 PM 52.00 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\avxs.dll 1/23/2008 1:46 PM 10.00 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\avxt.dll 1/23/2008 1:46 PM 26.50 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\bdc.exe 1/23/2008 1:46 PM 90.00 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\bdc.ini 1/23/2008 1:46 PM 478 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\bdcore.dll 1/23/2008 1:46 PM 92.00 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\bdupd.dll 1/23/2008 1:46 PM 76.00 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\libfn.dll 1/23/2008 1:46 PM 174.00 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins 3/14/2008 9:17 AM 0 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\plugins.htm 3/14/2008 9:17 AM 3.37 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\7zip.xmd 12/19/2007 10:21 PM 39.79 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\access.xmd 12/19/2007 10:21 PM 3.80 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\ace.xmd 12/19/2007 10:21 PM 8.53 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\adsntfs.xmd 3/12/2008 10:14 AM 3.30 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\alz.xmd 12/19/2007 10:21 PM 18.72 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\arc.xmd 12/19/2007 10:21 PM 3.53 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\arj.xmd 12/19/2007 10:21 PM 6.14 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\aspy_emu.cvd 3/7/2008 3:15 PM 99.87 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\bach.xmd 12/19/2007 10:21 PM 7.51 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\boot.xmd 12/19/2007 10:21 PM 2.03 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\bzip2.xmd 12/19/2007 10:21 PM 18.90 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\cab.xmd 3/6/2008 7:31 PM 14.04 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\ceva_dll.cvd 3/7/2008 1:45 PM 116.90 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\ceva_emu.cvd 3/9/2008 4:17 PM 127.55 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\ceva_vfs.cvd 3/12/2008 5:16 PM 387.30 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\ceva_vfs.ivd 3/12/2008 5:16 PM 12 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\cevakrnl.cvd 12/19/2007 10:21 PM 350.32 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\cevakrnl.ivd 3/14/2008 9:17 AM 99.06 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\cevakrnl.rvd 3/12/2008 5:16 PM 387.45 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\cevakrnl.xmd 3/13/2008 6:47 PM 182.32 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\chm.xmd 12/19/2007 10:21 PM 12.88 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\cookie.cvd 12/19/2007 10:21 PM 6.47 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\cookie.xmd 12/19/2007 10:21 PM 2.11 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\cpio.xmd 12/19/2007 10:21 PM 3.41 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\cran.cvd 12/19/2007 10:21 PM 288.42 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\cran.ivd 3/14/2008 5:16 AM 91.95 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\dbx.xmd 12/19/2007 10:21 PM 1.31 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\docfile.xmd 12/20/2007 7:22 PM 10.62 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.cvd 12/19/2007 10:21 PM 294.76 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i01 3/14/2008 7:16 AM 57.93 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i02 2/26/2008 1:05 PM 55.87 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i03 3/4/2008 10:04 AM 49.98 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i04 3/14/2008 7:16 AM 49.40 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i05 2/26/2008 6:06 PM 54.27 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i06 2/26/2008 6:06 PM 54.58 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i07 2/26/2008 1:05 PM 48.46 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i08 3/6/2008 7:31 PM 33.82 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i09 2/27/2008 2:50 PM 26.26 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i10 3/14/2008 7:16 AM 30.85 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i11 12/19/2007 10:21 PM 30.72 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i12 2/26/2008 1:05 PM 30.85 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i13 2/6/2008 4:53 PM 28.44 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i14 2/22/2008 5:03 PM 19.85 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i15 3/10/2008 4:18 PM 32.03 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i16 3/13/2008 6:47 PM 21.97 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i17 3/4/2008 4:30 PM 29.09 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i18 3/14/2008 9:17 AM 10.43 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i19 12/19/2007 10:21 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i20 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i21 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i22 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i23 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i24 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i25 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i26 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i27 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i28 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i29 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i30 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i31 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i32 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i33 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i34 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i35 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i36 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i37 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i38 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i39 2/28/2008 12:20 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i40 3/13/2008 6:47 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i41 3/13/2008 6:47 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i42 3/13/2008 6:47 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i43 3/13/2008 6:47 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i44 3/13/2008 6:47 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i45 3/13/2008 6:47 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i46 3/13/2008 6:47 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i47 3/13/2008 6:47 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i48 3/13/2008 6:47 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.i49 3/13/2008 6:47 PM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\e_spyw.ivd 2/6/2008 4:53 PM 57.06 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.001 3/7/2008 5:00 AM 29.51 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.002 3/10/2008 4:18 PM 30.92 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.003 3/10/2008 5:18 PM 30.44 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.004 3/10/2008 6:18 PM 29.60 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.005 3/12/2008 9:14 AM 29.35 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.006 3/10/2008 10:18 PM 29.34 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.007 3/12/2008 2:14 AM 29.36 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.008 3/12/2008 5:16 PM 33.94 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.009 3/14/2008 9:17 AM 34.66 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.010 3/13/2008 9:16 PM 30.15 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.011 3/13/2008 9:13 AM 38.64 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.012 3/13/2008 9:16 PM 33.82 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.013 3/13/2008 10:16 PM 32.79 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.014 3/14/2008 2:16 AM 30.06 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.015 3/14/2008 9:17 AM 26.59 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.016 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.017 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.018 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.019 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.020 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.021 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.022 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.023 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.024 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.025 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.026 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.027 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.028 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.029 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.030 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.031 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.032 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.033 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.034 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.035 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.036 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.037 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.038 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.039 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.040 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.041 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.042 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.043 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.044 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.045 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.046 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.047 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.048 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.049 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.050 3/7/2008 5:00 AM 62 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.cvd 12/19/2007 10:21 PM 6.20 MB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i01 12/19/2007 10:21 PM 29.45 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i02 1/7/2008 8:56 AM 33.93 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i03 12/19/2007 10:21 PM 25.19 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i04 12/19/2007 10:21 PM 26.22 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i05 12/19/2007 10:21 PM 25.71 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i06 12/19/2007 10:34 PM 30.40 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i07 1/10/2008 10:21 AM 32.65 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i08 2/12/2008 5:52 AM 30.49 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i09 12/19/2007 10:21 PM 25.71 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i10 12/19/2007 10:21 PM 33.67 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i11 12/19/2007 10:21 PM 31.32 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i12 12/19/2007 10:21 PM 31.69 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i13 2/21/2008 6:32 PM 29.41 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i14 12/19/2007 10:21 PM 28.41 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i15 2/11/2008 2:11 AM 29.91 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i16 12/19/2007 10:21 PM 27.51 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i17 2/21/2008 6:32 PM 30.72 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i18 12/19/2007 10:21 PM 27.33 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i19 12/19/2007 10:21 PM 30.71 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i20 3/7/2008 1:45 PM 30.55 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i21 12/19/2007 10:21 PM 29.91 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i22 12/19/2007 10:21 PM 33.96 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i23 12/19/2007 10:21 PM 29.40 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i24 2/21/2008 6:32 PM 30.22 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i25 12/19/2007 10:21 PM 25.75 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i26 12/19/2007 10:21 PM 27.42 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i27 2/7/2008 10:10 AM 28.47 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i28 12/19/2007 10:21 PM 31.76 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i29 12/19/2007 10:21 PM 29.56 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i30 12/19/2007 10:21 PM 25.26 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i31 12/19/2007 10:21 PM 26.92 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i32 12/19/2007 10:21 PM 28.65 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i33 12/19/2007 10:21 PM 29.46 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i34 12/19/2007 10:21 PM 29.40 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i35 12/19/2007 10:21 PM 31.91 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i36 12/19/2007 10:21 PM 32.87 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i37 12/19/2007 10:21 PM 30.29 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i38 2/21/2008 6:32 PM 29.98 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i39 12/19/2007 10:21 PM 31.10 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i40 12/19/2007 10:21 PM 29.67 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i41 12/19/2007 10:21 PM 28.69 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i42 2/20/2008 8:08 PM 32.21 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i43 2/22/2008 10:33 AM 28.69 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i44 12/27/2007 1:25 PM 29.58 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i45 12/19/2007 10:21 PM 28.77 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i46 12/19/2007 10:21 PM 26.80 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i47 12/19/2007 10:21 PM 31.90 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i48 12/19/2007 10:21 PM 30.56 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i49 12/19/2007 10:21 PM 27.00 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i50 12/19/2007 10:21 PM 26.02 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i51 12/19/2007 10:21 PM 30.18 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i52 2/21/2008 6:32 PM 28.16 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i53 12/19/2007 10:21 PM 28.37 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i54 2/22/2008 8:33 AM 21.18 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i55 12/19/2007 10:21 PM 28.93 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i56 12/19/2007 10:21 PM 25.64 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i57 2/20/2008 8:08 PM 29.53 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i58 12/19/2007 10:21 PM 32.22 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i59 12/19/2007 10:21 PM 29.07 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i60 12/19/2007 10:21 PM 28.61 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i61 12/19/2007 10:21 PM 25.33 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i62 2/21/2008 6:32 PM 30.32 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i63 2/22/2008 4:03 PM 25.31 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i64 12/19/2007 10:21 PM 25.39 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i65 12/27/2007 1:25 PM 27.26 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i66 12/19/2007 10:21 PM 29.51 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i67 12/19/2007 10:21 PM 32.46 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i68 12/19/2007 10:21 PM 34.04 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i69 12/19/2007 10:21 PM 32.18 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i70 3/7/2008 1:45 PM 31.73 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i71 1/25/2008 10:34 AM 28.39 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i72 12/19/2007 10:21 PM 31.74 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i73 1/24/2008 7:26 PM 29.96 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i74 1/18/2008 4:48 AM 31.32 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i75 12/19/2007 10:21 PM 32.54 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i76 12/19/2007 10:21 PM 32.85 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i77 12/19/2007 10:21 PM 33.40 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i78 12/19/2007 10:21 PM 35.17 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i79 12/19/2007 10:21 PM 34.02 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i80 2/26/2008 2:35 AM 30.73 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i81 3/13/2008 6:47 PM 32.18 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i82 12/19/2007 10:21 PM 30.81 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i83 3/11/2008 8:46 AM 33.25 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i84 12/19/2007 10:21 PM 29.72 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i85 12/19/2007 10:21 PM 30.65 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i86 2/21/2008 6:32 PM 32.21 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i87 2/28/2008 3:21 PM 29.45 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i88 12/19/2007 10:21 PM 32.56 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i89 12/19/2007 10:21 PM 31.47 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i90 12/19/2007 10:21 PM 29.16 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i91 12/19/2007 10:21 PM 29.41 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i92 2/20/2008 4:08 PM 32.28 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i93 2/21/2008 10:09 AM 29.61 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i94 12/19/2007 10:34 PM 32.28 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i95 2/26/2008 12:36 PM 31.57 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i96 12/19/2007 10:34 PM 31.17 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i97 12/19/2007 10:21 PM 34.10 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i98 2/21/2008 6:32 PM 33.78 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.i99 3/6/2008 9:28 AM 30.06 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\emalware.ivd 3/7/2008 5:00 AM 31.43 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\epoc.xmd 12/19/2007 10:21 PM 2.74 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\gvmscripts.cvd 2/21/2008 6:32 PM 119.80 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\gzip.xmd 12/19/2007 10:21 PM 3.75 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\ha.xmd 12/19/2007 10:21 PM 8.10 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\hlp.xmd 12/19/2007 10:21 PM 3.45 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\hpe.cvd 12/19/2007 10:21 PM 4.56 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\hqx.xmd 3/10/2008 4:18 PM 1.69 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\html.xmd 2/18/2008 3:06 PM 18.51 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\imp.xmd 12/19/2007 10:21 PM 7.40 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\inno.xmd 12/19/2007 10:21 PM 1.15 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\instyler.xmd 1/17/2008 7:29 PM 20.87 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\iso.xmd 2/29/2008 11:11 PM 36.55 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\java.cvd 12/19/2007 10:21 PM 3.23 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\java.xmd 12/19/2007 10:21 PM 9.75 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\jpeg.xmd 2/21/2008 6:32 PM 4.68 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\lha.xmd 12/19/2007 10:21 PM 10.86 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\lnk.xmd 12/19/2007 10:21 PM 930 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mbox.xmd 12/19/2007 10:21 PM 2.10 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mbx.xmd 12/19/2007 10:21 PM 833 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mdx.xmd 3/7/2008 3:15 PM 44.96 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mdx_97.cvd 12/19/2007 10:21 PM 336.81 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mdx_97.ivd 3/3/2008 9:03 AM 168.19 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mdx_w95.cvd 12/19/2007 10:21 PM 58.09 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mdx_x95.cvd 12/19/2007 10:21 PM 9.42 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mdx_xf.cvd 12/19/2007 10:21 PM 1.90 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mime.xmd 12/19/2007 10:21 PM 6.83 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mobmalware.cvd 1/25/2008 4:35 PM 5.54 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mobmalware.xmd 12/19/2007 10:21 PM 6.70 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\mso.xmd 12/19/2007 10:21 PM 2.03 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\na.cvd 12/19/2007 10:21 PM 205 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\nelf.cvd 1/31/2008 7:26 PM 17.83 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\nelf.xmd 12/19/2007 10:21 PM 3.14 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\nsis.xmd 12/19/2007 10:21 PM 14.05 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\objd.xmd 12/19/2007 10:21 PM 1.06 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\orice.rvd 12/19/2007 10:21 PM 52.83 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\pdf.xmd 12/19/2007 10:21 PM 12.45 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\proc.xmd 12/19/2007 10:21 PM 4.18 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\pst.xmd 3/13/2008 6:47 PM 6.04 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\rar.xmd 12/19/2007 10:21 PM 43.81 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\regarch.cvd 12/19/2007 10:21 PM 203 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\regarch.xmd 12/19/2007 10:21 PM 13.38 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\regscan.cvd 12/19/2007 10:21 PM 14.93 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\regscan.xmd 12/19/2007 10:21 PM 406 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\rpm.xmd 12/19/2007 10:21 PM 1.16 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\rtf.xmd 12/19/2007 10:21 PM 2.75 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\rup.cvd 12/19/2007 10:21 PM 1.86 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\rup.xmd 12/19/2007 10:21 PM 1.88 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\sdx.cvd 12/19/2007 10:21 PM 186.62 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\sdx.ivd 3/5/2008 1:00 AM 81.91 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\sdx.xmd 12/19/2007 10:21 PM 10.04 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\sfx.xmd 2/6/2008 4:24 PM 12.85 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\swf.xmd 12/19/2007 10:21 PM 10.30 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\tar.xmd 12/19/2007 10:21 PM 3.90 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\td0.xmd 12/19/2007 10:21 PM 2.80 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\thebat.xmd 12/19/2007 10:21 PM 1.08 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\tnef.xmd 12/19/2007 10:21 PM 925 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\unpack.cvd 1/30/2008 3:09 PM 188.88 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\unpack.ivd 3/2/2008 5:33 AM 148.42 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\unpack.xmd 12/19/2007 10:21 PM 44.60 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\update.txt 3/14/2008 9:17 AM 110 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\uudecode.xmd 12/19/2007 10:21 PM 1.94 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\ve.cvd 12/19/2007 10:21 PM 48.28 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\ve.ivd 12/19/2007 10:21 PM 48 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\ve.xmd 12/19/2007 10:21 PM 77.93 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\vedata.cvd 12/19/2007 10:21 PM 688 bytes Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\viza.xmd 12/19/2007 10:21 PM 12.71 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\wise.xmd 12/19/2007 10:21 PM 3.71 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\xcookies.xmd 12/19/2007 10:21 PM 1.52 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\xishield.xmd 12/19/2007 10:21 PM 1.26 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\xlmrd.cvd 12/19/2007 10:21 PM 3.78 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\xlmrd.ivd 12/19/2007 10:21 PM 9.97 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\z.xmd 12/19/2007 10:21 PM 1.57 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\zip.xmd 12/19/2007 10:21 PM 18.49 KB Hidden from Windows API.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_4664\Plugins\zoo.xmd 12/19/2007 10:21 PM 3.59 KB Hidden from Windows API.
C:\WINDOWS\Temp\tmp000021e7 3/14/2008 9:40 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\tmp000021e7\tmp00000000 3/14/2008 9:17 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\tmp000073fb 3/14/2008 8:24 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Temp\tmp000073fb\tmp00000000 3/14/2008 8:17 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
[ + quote]
Ltangel
Member
_ 		17. March 2008 @ 06:23 _ Link to this message    Send private message to this user   
Hey gotrice8,


Run Combofix

Let's dig a little deeper and see what's hiding in your computer.

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
[*]Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


If you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday.

Disconnect from the Internet while running ComboFix.

1. Download this file - combofix.exe to your Desktop.

Note:
It is important that it is saved directly to your desktop

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
Do NOT run ComboFix more than once.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Do not run Combofix more than once.

In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

--------------------------------------------------------------------

In your next reply:

Fresh HijackThis log
C:/ComboFix.txt

Go!

~Ltangel~
[ + quote]
Windows and system security is my priority.
gotrice8
Newbie
_ 		17. March 2008 @ 20:08 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:47 PM, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205258109281
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205257778265
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6939 bytes
[ + quote]
gotrice8
Newbie
_ 		17. March 2008 @ 20:55 _ Link to this message    Send private message to this user   
ComboFix 08-03-17.1 - Tuan Nguyen 2008-03-17 20:01:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1576 [GMT -4:00]
Running from: C:\Documents and Settings\Tuan Nguyen\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tuan Nguyen\Application Data\macromedia\Flash Player\#SharedObjects\3MWBCH9E\www.broadcaster.com
C:\Documents and Settings\Tuan Nguyen\Application Data\macromedia\Flash Player\#SharedObjects\3MWBCH9E\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Tuan Nguyen\Application Data\macromedia\Flash Player\#SharedObjects\3MWBCH9E\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Tuan Nguyen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Tuan Nguyen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\_000228_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-17 18:42 . 2008-03-17 18:42 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-17 18:40 . 2008-03-17 18:41 <DIR> d-------- C:\Program Files\Windows Live
2008-03-17 18:40 . 2008-03-17 18:41 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-17 18:40 . 2008-03-17 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 19:40 . 2008-03-15 19:40 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Microsoft Games
2008-03-15 13:18 . 2008-03-15 19:39 <DIR> d-------- C:\Program Files\Microsoft Games
2008-03-14 07:23 . 2008-03-14 07:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-11 13:56 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-11 13:56 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-11 13:56 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-11 13:56 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-11 02:31 . 2008-03-11 02:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-11 02:31 . 2008-03-11 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-11 00:41 . 2008-03-11 00:41 <DIR> d-------- C:\Program Files\Haali
2008-03-11 00:41 . 2008-03-11 00:41 <DIR> d-------- C:\Program Files\CoreCodec
2008-03-09 21:33 . 2008-03-09 22:27 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-03-09 21:33 . 2008-03-09 22:27 32,930 --a------ C:\WINDOWS\scunin.dat
2008-03-09 21:33 . 2008-03-09 22:27 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-09 21:32 . 2008-03-16 18:26 <DIR> d-------- C:\Program Files\Starcraft
2008-03-04 02:06 . 2008-03-09 02:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 02:06 . 2008-03-04 02:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Ubisoft
2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-01 17:36 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-01 17:36 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-01 17:36 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-01 17:36 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-02-29 16:22 . 2008-02-29 16:22 <DIR> d-------- C:\Program Files\GameSpy
2008-02-29 16:21 . 2008-02-29 16:21 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-02-26 00:39 . 2008-02-26 16:31 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Imperium Romanum
2008-02-26 00:38 . 2008-02-26 00:38 <DIR> d-------- C:\Program Files\ProtectDisc Driver Installer
2008-02-25 06:10 . 2003-07-22 01:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-25 06:10 . 2005-01-05 16:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-02-24 18:44 . 2008-02-24 18:47 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\GetRightToGo
2008-02-19 02:31 . 2008-02-19 02:31 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-02-19 02:31 . 2008-02-01 00:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-02-19 02:31 . 2008-02-01 00:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 23:59 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Skype
2008-03-17 22:42 --------- d-----w C:\Program Files\MSN Messenger
2008-03-17 22:40 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\skypePM
2008-03-17 04:33 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Azureus
2008-03-17 03:40 --------- d-----w C:\Program Files\Warcraft III
2008-03-15 23:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 06:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 00:56 --------- d-----w C:\Program Files\Steam
2008-03-06 06:35 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\dvdcss
2008-03-06 01:57 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-06 01:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 20:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-29 20:21 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-21 05:01 --------- d-----w C:\Program Files\Opera
2008-02-19 06:31 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Apple Computer
2008-02-19 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-19 06:21 --------- d-----w C:\Program Files\QuickTime
2008-02-13 20:06 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-10 23:56 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-23 17:41 --------- d-----w C:\Program Files\Razer
2008-01-23 08:19 501,560 ----a-w C:\WINDOWS\system32\drivers\ACEDRV11.sys
2008-01-18 22:29 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-22 07:21 339,328 ----a-w C:\WINDOWS\system32\_AxShlEx.dll
2007-11-18 22:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 21:15 87,608 ----a-w C:\Documents and Settings\Tuan Nguyen\Application Data\ezpinst.exe
2007-06-20 21:15 47,360 ----a-w C:\Documents and Settings\Tuan Nguyen\Application Data\pcouffin.sys
2007-01-16 21:37 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-03 19:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-06-05 00:17 359808 45265cbad25c6254afafc7bdd88bdb4b C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-06-05 00:17 359808 45265cbad25c6254afafc7bdd88bdb4b C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:56 15360]
"TrackerChecker"="" []
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-11 15:55 4608]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RegistryMechanic"="" []
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-22 12:02 360448]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 20:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Tuan Nguyen^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Tuan Nguyen\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tuan Nguyen^Start Menu^Programs^Startup^Warkeys Update.lnk]
backup=C:\WINDOWS\pss\Warkeys Update.lnkStartup
path=C:\Documents and Settings\Tuan Nguyen\Start Menu\Programs\Startup\Warkeys Update.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-11-07 11:29 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 20:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-06-15 16:45 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-07 19:36 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackerChecker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"stllssvr"=3 (0x3)
"rpcapd"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"LIVESRV"=2 (0x2)
"IDriverT"=3 (0x3)
"bdss"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Steam\\steamapps\\nasislike\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WarcraftIII1
"6113:TCP"= 6113:TCP:WarcraftIII2
"6114:TCP"= 6114:TCP:WarcraftIII3

R2 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\acedrv11.sys [2008-01-23 04:19]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-02-13 16:06]
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
S3 XDva011;XDva011;C:\WINDOWS\system32\XDva011.sys []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - USNJSVC
*Newly Created Service* - WLSETUPSVC
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 20:04:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-17 20:04:41
ComboFix-quarantined-files.txt 2008-03-18 00:04:32
[ + quote]
gotrice8
Newbie
_ 		17. March 2008 @ 20:55 _ Link to this message    Send private message to this user   
ComboFix 08-03-17.1 - Tuan Nguyen 2008-03-17 20:01:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1576 [GMT -4:00]
Running from: C:\Documents and Settings\Tuan Nguyen\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tuan Nguyen\Application Data\macromedia\Flash Player\#SharedObjects\3MWBCH9E\www.broadcaster.com
C:\Documents and Settings\Tuan Nguyen\Application Data\macromedia\Flash Player\#SharedObjects\3MWBCH9E\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Tuan Nguyen\Application Data\macromedia\Flash Player\#SharedObjects\3MWBCH9E\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Tuan Nguyen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Tuan Nguyen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\_000228_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-17 18:42 . 2008-03-17 18:42 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-17 18:40 . 2008-03-17 18:41 <DIR> d-------- C:\Program Files\Windows Live
2008-03-17 18:40 . 2008-03-17 18:41 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-17 18:40 . 2008-03-17 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 19:40 . 2008-03-15 19:40 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Microsoft Games
2008-03-15 13:18 . 2008-03-15 19:39 <DIR> d-------- C:\Program Files\Microsoft Games
2008-03-14 07:23 . 2008-03-14 07:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-11 13:56 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-11 13:56 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-11 13:56 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-11 13:56 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-11 02:31 . 2008-03-11 02:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-11 02:31 . 2008-03-11 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-11 00:41 . 2008-03-11 00:41 <DIR> d-------- C:\Program Files\Haali
2008-03-11 00:41 . 2008-03-11 00:41 <DIR> d-------- C:\Program Files\CoreCodec
2008-03-09 21:33 . 2008-03-09 22:27 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-03-09 21:33 . 2008-03-09 22:27 32,930 --a------ C:\WINDOWS\scunin.dat
2008-03-09 21:33 . 2008-03-09 22:27 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-09 21:32 . 2008-03-16 18:26 <DIR> d-------- C:\Program Files\Starcraft
2008-03-04 02:06 . 2008-03-09 02:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 02:06 . 2008-03-04 02:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Ubisoft
2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-01 17:36 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-01 17:36 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-01 17:36 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-01 17:36 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-02-29 16:22 . 2008-02-29 16:22 <DIR> d-------- C:\Program Files\GameSpy
2008-02-29 16:21 . 2008-02-29 16:21 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-02-26 00:39 . 2008-02-26 16:31 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Imperium Romanum
2008-02-26 00:38 . 2008-02-26 00:38 <DIR> d-------- C:\Program Files\ProtectDisc Driver Installer
2008-02-25 06:10 . 2003-07-22 01:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-25 06:10 . 2005-01-05 16:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-02-24 18:44 . 2008-02-24 18:47 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\GetRightToGo
2008-02-19 02:31 . 2008-02-19 02:31 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-02-19 02:31 . 2008-02-01 00:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-02-19 02:31 . 2008-02-01 00:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 23:59 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Skype
2008-03-17 22:42 --------- d-----w C:\Program Files\MSN Messenger
2008-03-17 22:40 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\skypePM
2008-03-17 04:33 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Azureus
2008-03-17 03:40 --------- d-----w C:\Program Files\Warcraft III
2008-03-15 23:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 06:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 00:56 --------- d-----w C:\Program Files\Steam
2008-03-06 06:35 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\dvdcss
2008-03-06 01:57 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-06 01:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 20:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-29 20:21 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-21 05:01 --------- d-----w C:\Program Files\Opera
2008-02-19 06:31 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Apple Computer
2008-02-19 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-19 06:21 --------- d-----w C:\Program Files\QuickTime
2008-02-13 20:06 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-10 23:56 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-23 17:41 --------- d-----w C:\Program Files\Razer
2008-01-23 08:19 501,560 ----a-w C:\WINDOWS\system32\drivers\ACEDRV11.sys
2008-01-18 22:29 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-22 07:21 339,328 ----a-w C:\WINDOWS\system32\_AxShlEx.dll
2007-11-18 22:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 21:15 87,608 ----a-w C:\Documents and Settings\Tuan Nguyen\Application Data\ezpinst.exe
2007-06-20 21:15 47,360 ----a-w C:\Documents and Settings\Tuan Nguyen\Application Data\pcouffin.sys
2007-01-16 21:37 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-03 19:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-06-05 00:17 359808 45265cbad25c6254afafc7bdd88bdb4b C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-06-05 00:17 359808 45265cbad25c6254afafc7bdd88bdb4b C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:56 15360]
"TrackerChecker"="" []
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-11 15:55 4608]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RegistryMechanic"="" []
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-22 12:02 360448]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 20:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Tuan Nguyen^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Tuan Nguyen\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tuan Nguyen^Start Menu^Programs^Startup^Warkeys Update.lnk]
backup=C:\WINDOWS\pss\Warkeys Update.lnkStartup
path=C:\Documents and Settings\Tuan Nguyen\Start Menu\Programs\Startup\Warkeys Update.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-11-07 11:29 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 20:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-06-15 16:45 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-07 19:36 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackerChecker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"stllssvr"=3 (0x3)
"rpcapd"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"LIVESRV"=2 (0x2)
"IDriverT"=3 (0x3)
"bdss"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Steam\\steamapps\\nasislike\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WarcraftIII1
"6113:TCP"= 6113:TCP:WarcraftIII2
"6114:TCP"= 6114:TCP:WarcraftIII3

R2 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\acedrv11.sys [2008-01-23 04:19]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-02-13 16:06]
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
S3 XDva011;XDva011;C:\WINDOWS\system32\XDva011.sys []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - USNJSVC
*Newly Created Service* - WLSETUPSVC
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 20:04:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-17 20:04:41
ComboFix-quarantined-files.txt 2008-03-18 00:04:32
[ + quote]
Ltangel
Member
_ 		21. March 2008 @ 00:05 _ Link to this message    Send private message to this user   
Hey gotrice8,

Apologies for the late reply.

Please read the entire instructions before commencing and ask any questions you may have BEFORE you follow these steps.

Please go to Add or Remove Programs in Control panel and remove the following program:

Viewpoint

--------------------------------------------------------------------

Fix with HijackThis

Now open HijackThis and put a check beside the following entries:

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

Close all windows/browsers except HijackThis, and click "Fix checked". Close HijackThis.

--------------------------------------------------------------------

1. Please open Notepad. (Use ONLY Notepad and no other text editor)

[*] Click Start , then Run
[*]Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the quotebox below into the Notepad window:


Quote:
Folder::
C:\Documents and Settings\Tuan Nguyen\Application Data\GetRightToGo

File::
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\Tuan Nguyen\Application Data\pcouffin.sys
C:\WINDOWS\system32\drivers\ACEDRV11.sys
Note: The above script is specifically for this user, using it on another computer can may cause permanent damage to your system!

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

[*]Combofix.txt
[*]A new HijackThis log.

Go!

~Ltangel~
[ + quote]
Windows and system security is my priority.

This message has been edited since posting. Last time this message was edited on 21. March 2008 @ 00:06
gotrice8
Newbie
_ 		21. March 2008 @ 03:20 _ Link to this message    Send private message to this user   
ComboFix 08-03-17.1 - Tuan Nguyen 2008-03-21 3:08:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1573 [GMT -4:00]
Running from: C:\Documents and Settings\Tuan Nguyen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tuan Nguyen\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Tuan Nguyen\Application Data\pcouffin.sys
C:\WINDOWS\system32\drivers\ACEDRV11.sys
C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tuan Nguyen\Application Data\GetRightToGo
C:\Documents and Settings\Tuan Nguyen\Application Data\pcouffin.sys
C:\WINDOWS\system32\drivers\ACEDRV11.sys
C:\WINDOWS\system32\KGyGaAvL.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_acedrv11
-------\acedrv11


((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-19 23:03 . 2008-03-19 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tages
2008-03-18 17:44 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-17 18:40 . 2008-03-17 18:41 <DIR> d-------- C:\Program Files\Windows Live
2008-03-17 18:40 . 2008-03-17 18:41 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-17 18:40 . 2008-03-17 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 19:40 . 2008-03-15 19:40 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Microsoft Games
2008-03-15 13:18 . 2008-03-15 19:39 <DIR> d-------- C:\Program Files\Microsoft Games
2008-03-14 07:23 . 2008-03-14 07:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-11 13:56 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-11 13:56 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-11 13:56 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-11 13:56 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-11 02:31 . 2008-03-11 02:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-11 02:31 . 2008-03-11 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-11 00:41 . 2008-03-11 00:41 <DIR> d-------- C:\Program Files\Haali
2008-03-11 00:41 . 2008-03-11 00:41 <DIR> d-------- C:\Program Files\CoreCodec
2008-03-09 21:33 . 2008-03-09 22:27 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-03-09 21:33 . 2008-03-09 22:27 32,930 --a------ C:\WINDOWS\scunin.dat
2008-03-09 21:33 . 2008-03-09 22:27 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-09 21:32 . 2008-03-16 18:26 <DIR> d-------- C:\Program Files\Starcraft
2008-03-04 02:06 . 2008-03-09 02:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 02:06 . 2008-03-04 02:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Ubisoft
2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-01 17:36 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-01 17:36 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-01 17:36 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-01 17:36 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-02-29 16:22 . 2008-02-29 16:22 <DIR> d-------- C:\Program Files\GameSpy
2008-02-29 16:21 . 2008-02-29 16:21 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-02-26 00:39 . 2008-02-26 16:31 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Imperium Romanum
2008-02-26 00:38 . 2008-02-26 00:38 <DIR> d-------- C:\Program Files\ProtectDisc Driver Installer
2008-02-25 06:10 . 2003-07-22 01:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-25 06:10 . 2005-01-05 16:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 06:56 --------- d-----w C:\Program Files\Azureus
2008-03-21 06:56 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Azureus
2008-03-21 06:52 --------- d-----w C:\Program Files\Viewpoint
2008-03-21 06:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-21 06:44 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Skype
2008-03-21 06:28 --------- d-----w C:\Program Files\Warcraft III
2008-03-21 04:00 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\skypePM
2008-03-20 03:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 05:30 --------- d-----w C:\Program Files\PokerStars
2008-03-17 22:42 --------- d-----w C:\Program Files\MSN Messenger
2008-03-11 06:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 00:56 --------- d-----w C:\Program Files\Steam
2008-03-06 06:35 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\dvdcss
2008-03-06 01:57 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-06 01:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-21 05:01 --------- d-----w C:\Program Files\Opera
2008-02-19 06:31 --------- d-----w C:\Program Files\QuickTime Alternative
2008-02-19 06:31 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Apple Computer
2008-02-19 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-19 06:21 --------- d-----w C:\Program Files\QuickTime
2008-02-13 20:06 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-10 23:56 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-23 17:41 --------- d-----w C:\Program Files\Razer
2007-11-18 22:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 21:15 87,608 ----a-w C:\Documents and Settings\Tuan Nguyen\Application Data\ezpinst.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-17_20.04.27.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-16 15:32:55 86,528 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
+ 2007-05-16 15:32:55 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
+ 2007-05-16 15:32:56 1,314,816 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
+ 2007-05-16 15:32:56 510,976 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
+ 2007-05-16 15:32:56 85,504 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
+ 2007-04-16 16:07:27 986,112 ----a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
+ 2007-04-25 20:32:22 144,896 ----a-w C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
+ 2007-06-26 06:06:12 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-04-23 10:14:23 364,160 ----a-w C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
+ 2007-07-06 09:52:38 72,960 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
+ 2007-07-06 13:08:11 138,240 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
+ 2007-07-06 13:08:11 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
+ 2007-07-06 13:08:11 16,896 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
+ 2007-07-06 13:08:11 660,992 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
+ 2007-07-06 13:08:11 177,152 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
+ 2007-07-06 13:08:11 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
+ 2007-07-06 13:08:11 48,640 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
+ 2007-07-06 13:08:11 471,552 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
+ 2007-06-26 15:16:01 851,968 ----a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
+ 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-06-19 13:37:21 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2004-08-04 00:56:50 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
- 2006-11-01 22:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2007-02-20 09:48:03 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-02-20 09:48:03 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-12-07 01:07:12 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-02-20 09:48:04 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-12-07 01:07:12 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-02-20 09:48:03 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-02-20 09:48:03 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-12-07 01:07:12 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-02-20 09:48:04 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-12-07 01:07:12 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2006-11-08 05:06:13 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-05-16 15:12:00 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
- 2007-02-20 09:48:04 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-12-07 01:07:12 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-02-20 09:48:04 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 01:07:12 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-04 00:56:50 1,032,192 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2007-02-20 09:48:04 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-12-07 01:07:12 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-03-08 15:36:28 281,600 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2007-06-19 13:31:19 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-02-19 09:01:28 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-12-06 13:07:07 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-02-20 09:48:04 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-12-07 01:07:12 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-11-08 05:06:13 679,424 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-02-20 09:48:05 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-12-07 01:07:12 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:26:56 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-02-20 09:48:05 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-12-07 01:07:12 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-07-05 10:55:01 984,064 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:52:53 984,576 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2006-08-17 12:28:27 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2004-08-03 22:58:22 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
- 2004-08-04 00:56:44 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
- 2004-08-04 00:56:44 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
- 2004-08-04 00:56:44 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
- 2004-08-04 00:56:44 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
- 2004-08-04 00:56:44 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
- 2004-08-04 00:56:44 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
- 2004-08-04 00:56:44 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
- 2004-08-04 00:56:44 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46:59 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
- 2004-08-03 23:00:58 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2007-02-20 09:48:07 3,056,640 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-07 14:37:14 3,059,200 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-02-20 09:48:08 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-12-07 01:07:13 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-11-08 05:06:13 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-05-16 15:12:08 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
- 2007-02-20 09:48:08 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 01:07:13 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2006-10-19 01:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 20:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2007-02-20 09:48:10 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 01:07:13 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-09-13 05:01:56 1,084,416 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2004-08-04 00:56:46 553,472 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-02-20 09:48:10 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-12-07 01:07:13 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-04 00:56:46 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2004-08-04 00:56:46 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2007-04-25 14:21:15 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
- 2007-02-20 09:48:13 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-02-20 09:48:15 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-06-05 04:17:10 359,808 -c--a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-11-01 22:31:34 315,904 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 02:10:26 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2004-08-03 22:58:34 209,408 -c--a-w C:\WINDOWS\system32\dllcache\update.sys
+ 2007-04-23 10:32:54 364,160 -c--a-w C:\WINDOWS\system32\dllcache\update.sys
- 2007-02-20 09:48:17 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-07 01:07:14 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-12-19 18:08:07 852,480 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-11-08 05:06:13 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:12:12 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2006-11-08 05:06:13 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2007-05-16 15:12:15 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2007-02-20 09:48:18 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-12-07 01:07:14 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-10-19 01:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
+ 2007-10-27 21:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-10-19 01:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 03:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-03 22:58:22 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-03 23:00:58 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2006-10-23 19:46:36 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2007-06-05 04:17:10 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-08-03 22:58:34 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
- 2007-02-20 09:48:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-07 01:07:12 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-02-20 09:48:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 01:07:12 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-02-20 09:48:04 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 01:07:12 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-02-20 09:48:04 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-12-07 01:07:12 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-11-08 05:06:13 679,424 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-02-20 09:48:05 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-12-07 01:07:12 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-02-20 09:48:05 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 01:07:12 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-07-05 10:55:01 984,064 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-21 00:04:14 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
- 2007-12-16 08:43:36 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-03-19 14:05:25 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2004-08-04 00:56:44 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-04 00:56:44 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-04 00:56:44 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-04 00:56:44 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-04 00:56:44 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-04 00:56:44 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-04 00:56:44 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-04 00:56:44 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
- 2007-04-27 20:45:12 14,970,328 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 12:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-02-20 09:48:07 3,056,640 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-07 14:37:14 3,059,200 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-02-20 09:48:08 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 01:07:13 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-02-20 09:48:08 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 01:07:13 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2006-10-19 01:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2007-02-20 09:48:10 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 01:07:13 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-09-13 05:01:56 1,084,416 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2005-05-26 08:16:24 127,208 ----a-w C:\WINDOWS\system32\mucltui.dll
+ 2007-07-30 23:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
- 2004-08-04 00:56:46 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2007-02-20 09:48:10 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-12-07 01:07:13 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 00:56:46 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-04 00:56:46 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2007-02-20 09:48:13 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-02-20 09:48:15 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-01-29 08:58:06 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-02-20 09:48:17 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 01:07:14 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-02-20 09:48:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 01:07:14 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
- 2006-10-19 01:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 21:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-10-19 01:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 03:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2007-03-09 10:02:31 115,200 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:56 15360]
"TrackerChecker"="" []
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-11 15:55 4608]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RegistryMechanic"="" []
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-22 12:02 360448]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 20:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Tuan Nguyen^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Tuan Nguyen\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tuan Nguyen^Start Menu^Programs^Startup^Warkeys Update.lnk]
backup=C:\WINDOWS\pss\Warkeys Update.lnkStartup
path=C:\Documents and Settings\Tuan Nguyen\Start Menu\Programs\Startup\Warkeys Update.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-11-07 11:29 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 20:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-06-15 16:45 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-07 19:36 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackerChecker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"stllssvr"=3 (0x3)
"rpcapd"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"LIVESRV"=2 (0x2)
"IDriverT"=3 (0x3)
"bdss"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Steam\\steamapps\\nasislike\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Games\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WarcraftIII1
"6113:TCP"= 6113:TCP:WarcraftIII2
"6114:TCP"= 6114:TCP:WarcraftIII3

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-02-13 16:06]
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
S3 XDva011;XDva011;C:\WINDOWS\system32\XDva011.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 03:12:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-21 3:16:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-21 07:16:20
ComboFix2.txt 2008-03-18 00:04:42
.
2008-03-19 07:19:14 --- E O F ---
[ + quote]
gotrice8
Newbie
_ 		21. March 2008 @ 03:24 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:44 AM, on 21/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205258109281
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205257778265
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6532 bytes
[ + quote]
Ltangel
Member
_ 		21. March 2008 @ 05:57 _ Link to this message    Send private message to this user   
Hey gotrice,

Please read the entire instructions before commencing and ask any questions you may have before you carry them out.

Remove unnecessary programs

Please go to Add or Remove Programs and remove the following program:

LimeWire

---------------------------------------------------------------------

Run a script with ComboFix

1. Please open Notepad. (Use ONLY Notepad and no other text editor)

[*] Click Start , then Run
[*]Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the quotebox below into the Notepad window:


Quote:
Folder::
C:\Documents and Settings\All Users\Application Data\Tages
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

Driver::
-------\Legacy_acedrv11
-------\acedrv11

File::
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\system32\dllcache\explorer.exe
Note: The above script is specifically for this user, using it on another computer can may cause permanent damage to your system!

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. Reboot your computer when prompted. Otherwise, please reboot manually.

---------------------------------------------------------------------

Fix Awf trojan infection

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder.

* Click here to download FindAWF.exe and save it to your desktop.
[*]Double-click on the FindAWF.exe file to run it.
[*]It will open a command prompt and ask you to "Press any key to continue".
[*]Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
[*]It may take a few minutes to complete so be patient.
[*]When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.
[*]Come back here to this thread and copy and paste the contents of the AWF.txt file in your next reply.

---------------------------------------------------------------------

Run an online scan

Let's try an online scan to see if there are any infections. You will need IE to do the scan.

Go here

1. Click the Scan your PC button
2. A new window will open, click the Check Now button
3. Enter your Country, State/Province and e-mail address and click send
4. Select Home User
5. Click the Scan Now button
8. Allow any installation of ActiveX component(s)
9. It will start downloading the files it requires for the scan (Note: It may take a while)
10. When done, click on My Computer
11. When the scan completes, click the See Report button, then save it to desktop. Post the contents of the ActiveScan report on here.

--------------------------------------------------------------------

In your next reply, please include:

Fresh HijackThis log
ComboFix.txt
AWF.txt
Panda Activescan log

Go!

~Ltangel~

[ + quote]
Windows and system security is my priority.
gotrice8
Newbie
_ 		21. March 2008 @ 13:53 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:13 PM, on 21/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NewsLeecher\newsLeecher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205258109281
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205257778265
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7019 bytes


ComboFix 08-03-17.1 - Tuan Nguyen 2008-03-21 11:56:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1593 [GMT -4:00]
Running from: C:\Documents and Settings\Tuan Nguyen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tuan Nguyen\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\dllcache\explorer.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Tages
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\Viewpoint
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\dllcache\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-18 17:44 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-17 18:40 . 2008-03-17 18:41 <DIR> d-------- C:\Program Files\Windows Live
2008-03-17 18:40 . 2008-03-17 18:41 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-17 18:40 . 2008-03-17 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 19:40 . 2008-03-15 19:40 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Microsoft Games
2008-03-15 13:18 . 2008-03-15 19:39 <DIR> d-------- C:\Program Files\Microsoft Games
2008-03-14 07:23 . 2008-03-14 07:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-11 13:56 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-11 13:56 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-11 13:56 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-11 13:56 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-11 02:31 . 2008-03-11 02:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-11 02:31 . 2008-03-11 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-11 00:41 . 2008-03-11 00:41 <DIR> d-------- C:\Program Files\Haali
2008-03-11 00:41 . 2008-03-11 00:41 <DIR> d-------- C:\Program Files\CoreCodec
2008-03-09 21:33 . 2008-03-09 22:27 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-03-09 21:33 . 2008-03-09 22:27 32,930 --a------ C:\WINDOWS\scunin.dat
2008-03-09 21:33 . 2008-03-09 22:27 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-09 21:32 . 2008-03-16 18:26 <DIR> d-------- C:\Program Files\Starcraft
2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Ubisoft
2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-01 17:36 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-01 17:36 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-01 17:36 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-01 17:36 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-02-29 16:22 . 2008-02-29 16:22 <DIR> d-------- C:\Program Files\GameSpy
2008-02-29 16:21 . 2008-02-29 16:21 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-02-26 00:39 . 2008-02-26 16:31 <DIR> d-------- C:\Documents and Settings\Tuan Nguyen\Application Data\Imperium Romanum
2008-02-26 00:38 . 2008-02-26 00:38 <DIR> d-------- C:\Program Files\ProtectDisc Driver Installer
2008-02-25 06:10 . 2003-07-22 01:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-25 06:10 . 2005-01-05 16:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 06:56 --------- d-----w C:\Program Files\Azureus
2008-03-21 06:56 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Azureus
2008-03-21 06:44 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Skype
2008-03-21 06:28 --------- d-----w C:\Program Files\Warcraft III
2008-03-21 04:00 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\skypePM
2008-03-20 03:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 05:30 --------- d-----w C:\Program Files\PokerStars
2008-03-17 22:42 --------- d-----w C:\Program Files\MSN Messenger
2008-03-11 06:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 00:56 --------- d-----w C:\Program Files\Steam
2008-03-06 06:35 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\dvdcss
2008-03-06 01:57 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-06 01:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 20:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-29 20:21 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-21 05:01 --------- d-----w C:\Program Files\Opera
2008-02-19 06:31 --------- d-----w C:\Program Files\QuickTime Alternative
2008-02-19 06:31 --------- d-----w C:\Documents and Settings\Tuan Nguyen\Application Data\Apple Computer
2008-02-19 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-19 06:21 --------- d-----w C:\Program Files\QuickTime
2008-02-13 20:06 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-10 23:56 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-23 17:41 --------- d-----w C:\Program Files\Razer
2007-12-22 07:21 339,328 ----a-w C:\WINDOWS\system32\_AxShlEx.dll
2007-11-18 22:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 21:15 87,608 ----a-w C:\Documents and Settings\Tuan Nguyen\Application Data\ezpinst.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:56 15360]
"TrackerChecker"="" []
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-11 15:55 4608]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RegistryMechanic"="" []
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-22 12:02 360448]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 20:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Tuan Nguyen^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Tuan Nguyen\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tuan Nguyen^Start Menu^Programs^Startup^Warkeys Update.lnk]
backup=C:\WINDOWS\pss\Warkeys Update.lnkStartup
path=C:\Documents and Settings\Tuan Nguyen\Start Menu\Programs\Startup\Warkeys Update.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-11-07 11:29 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 20:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-06-15 16:45 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-07 19:36 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackerChecker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"stllssvr"=3 (0x3)
"rpcapd"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"LIVESRV"=2 (0x2)
"IDriverT"=3 (0x3)
"bdss"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Steam\\steamapps\\nasislike\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"F:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Games\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WarcraftIII1
"6113:TCP"= 6113:TCP:WarcraftIII2
"6114:TCP"= 6114:TCP:WarcraftIII3

R0 ACPI;Microsoft ACPI Driver;C:\WINDOWS\system32\DRIVERS\ACPI.sys [2004-08-03 19:07]
R0 atapi;Standard IDE/ESDI Hard Disk Controller;C:\WINDOWS\system32\DRIVERS\atapi.sys [2004-08-03 18:59]
R0 Disk;Disk Driver;C:\WINDOWS\system32\DRIVERS\disk.sys [2004-08-03 18:59]
R0 dmio;Logical Disk Manager Driver;C:\WINDOWS\system32\DRIVERS\dmio.sys [2004-08-03 19:07]
R0 dmload;dmload;C:\WINDOWS\system32\drivers\dmload.sys [2001-08-23 10:00]
R0 FltMgr;FltMgr;C:\WINDOWS\system32\DRIVERS\fltMgr.sys [2006-08-21 05:14]
R0 Ftdisk;Volume Manager Driver;C:\WINDOWS\system32\DRIVERS\ftdisk.sys [2001-08-23 10:00]
R0 giveio;giveio;C:\WINDOWS\system32\giveio.sys [1996-04-03 15:33]
R0 isapnp;PnP ISA/EISA Bus Driver;C:\WINDOWS\system32\DRIVERS\isapnp.sys [2001-08-23 10:00]
R0 KSecDD;KSecDD;C:\WINDOWS\system32\drivers\KSecDD.sys [2004-08-03 18:59]
R0 MountMgr;MountMgr;C:\WINDOWS\system32\drivers\MountMgr.sys [2004-08-03 18:58]
R0 Mup;Mup;C:\WINDOWS\system32\drivers\Mup.sys [2004-08-03 19:15]
R0 NDIS;NDIS System Driver;C:\WINDOWS\system32\drivers\NDIS.sys [2004-08-03 19:14]
R0 PartMgr;PartMgr;C:\WINDOWS\system32\drivers\PartMgr.sys [2001-08-23 10:00]
R0 PCI;PCI Bus Driver;C:\WINDOWS\system32\DRIVERS\pci.sys [2004-08-03 19:07]
R0 PCIIde;PCIIde;C:\WINDOWS\system32\DRIVERS\pciide.sys [2001-08-23 10:00]
R0 PxHelp20;PxHelp20;C:\WINDOWS\system32\Drivers\PxHelp20.sys [2007-03-07 19:51]
R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys [2006-09-24 09:28]
R0 sptd;sptd;C:\WINDOWS\system32\Drivers\sptd.sys [2008-02-10 19:56]
R0 sr;System Restore Filter Driver;C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 19:06]
R0 VolSnap;VolSnap;C:\WINDOWS\system32\drivers\VolSnap.sys [2004-08-03 19:00]
R1 AFD;AFD Networking Support Environment;C:\WINDOWS\system32\drivers\afd.sys [2004-08-03 19:14]
R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-02-12 11:28]
R1 Beep;Beep;C:\WINDOWS\system32\drivers\Beep.sys [2001-08-23 10:00]
R1 Cdrom;CD-ROM Driver;C:\WINDOWS\system32\DRIVERS\cdrom.sys [2004-08-03 18:59]
R1 Fips;Fips;C:\WINDOWS\system32\drivers\Fips.sys [2001-08-23 10:00]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\WINDOWS\system32\DRIVERS\i8042prt.sys [2004-08-03 19:14]
R1 intelppm;Intel Processor Driver;C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 18:59]
R1 IPSec;IPSEC driver;C:\WINDOWS\system32\DRIVERS\ipsec.sys [2004-08-03 19:14]
R1 Kbdclass;Keyboard Class Driver;C:\WINDOWS\system32\DRIVERS\kbdclass.sys [2004-08-03 18:58]
R1 mnmdd;mnmdd;C:\WINDOWS\system32\drivers\mnmdd.sys [2001-08-23 10:00]
R1 Mouclass;Mouse Class Driver;C:\WINDOWS\system32\DRIVERS\mouclass.sys [2004-08-03 21:05]
R1 MRxSmb;MRXSMB;C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [2006-05-05 05:41]
R1 Msfs;Msfs;C:\WINDOWS\system32\drivers\Msfs.sys [2004-08-03 19:00]
R1 NetBIOS;NetBIOS Interface;C:\WINDOWS\system32\DRIVERS\netbios.sys [2004-08-03 19:03]
R1 NetBT;NetBios over Tcpip;C:\WINDOWS\system32\DRIVERS\netbt.sys [2004-08-03 19:14]
R1 Npfs;Npfs;C:\WINDOWS\system32\drivers\Npfs.sys [2004-08-03 19:00]
R1 Null;Null;C:\WINDOWS\system32\drivers\Null.sys [2001-08-23 10:00]
R1 RasAcd;Remote Access Auto Connection Driver;C:\WINDOWS\system32\DRIVERS\rasacd.sys [2001-08-23 10:00]
R1 Rdbss;Rdbss;C:\WINDOWS\system32\DRIVERS\rdbss.sys [2006-05-05 05:47]
R1 RDPCDD;RDPCDD;C:\WINDOWS\system32\DRIVERS\RDPCDD.sys [2001-08-23 10:00]
R1 redbook;Digital CD Audio Playback Filter Driver;C:\WINDOWS\system32\DRIVERS\redbook.sys [2004-08-03 22:59]
R1 Serial;Serial port driver;C:\WINDOWS\system32\DRIVERS\serial.sys [2004-08-03 19:15]
R1 Tcpip;TCP/IP Protocol Driver;C:\WINDOWS\system32\DRIVERS\tcpip.sys [2007-10-30 13:20]
R1 TermDD;Terminal Device Driver;C:\WINDOWS\system32\DRIVERS\termdd.sys [2004-08-04 01:01]
R1 VgaSave;VgaSave;C:\WINDOWS\system32\drivers\vga.sys [2004-08-03 19:07]
R2 aawservice;Ad-Aware 2007 Service;"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" [2008-01-04 13:27]
R2 Alerter;Alerter;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 AudioSrv;Windows Audio;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 BITS;Background Intelligent Transfer Service;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 Browser;Computer Browser;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 CryptSvc;Cryptographic Services;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 DcomLaunch;DCOM Server Process Launcher;C:\WINDOWS\system32\svchost -k DcomLaunch []
R2 Dhcp;DHCP Client;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 dmserver;Logical Disk Manager;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 Dnscache;DNS Client;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 ERSvc;Error Reporting Service;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 Eventlog;Event Log;C:\WINDOWS\system32\services.exe [2004-08-03 20:56]
R2 helpsvc;Help and Support;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 lanmanserver;Server;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 lanmanworkstation;Workstation;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 LmHosts;TCP/IP NetBIOS Helper;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 10:51]
R2 ParVdm;ParVdm;C:\WINDOWS\system32\drivers\ParVdm.sys [2001-08-23 10:00]
R2 PlugPlay;Plug and Play;C:\WINDOWS\system32\services.exe [2004-08-03 20:56]
R2 PolicyAgent;IPSEC Services;C:\WINDOWS\system32\lsass.exe [2004-08-03 20:56]
R2 ProtectedStorage;Protected Storage;C:\WINDOWS\system32\lsass.exe [2004-08-03 20:56]
R2 RemoteRegistry;Remote Registry;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 RpcSs;Remote Procedure Call (RPC);C:\WINDOWS\system32\svchost -k rpcss []
R2 SamSs;Security Accounts Manager;C:\WINDOWS\system32\lsass.exe [2004-08-03 20:56]
R2 Schedule;Task Scheduler;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 Secdrv;Secdrv;C:\WINDOWS\system32\DRIVERS\secdrv.sys [2007-11-13 06:25]
R2 seclogon;Secondary Logon;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 SENS;System Event Notification;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 SharedAccess;Windows Firewall/Internet Connection Sharing (ICS);C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 ShellHWDetection;Shell Hardware Detection;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 Spooler;Print Spooler;C:\WINDOWS\system32\spoolsv.exe [2005-06-10 19:53]
R2 srservice;System Restore Service;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 Themes;Themes;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 TrkWks;Distributed Link Tracking Client;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 W32Time;Windows Time;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 WebClient;WebClient;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 winmgmt;Windows Management Instrumentation;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 wscsvc;Security Center;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 wuauserv;Automatic Updates;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R2 WZCSVC;Wireless Zero Configuration;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R2 XCOMM;BitDefender Communicator;"C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service []
R3 ALG;Application Layer Gateway Service;C:\WINDOWS\System32\alg.exe [2004-08-03 20:56]
R3 audstub;Audio Stub Driver;C:\WINDOWS\system32\DRIVERS\audstub.sys [2001-08-17 09:59]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-02-13 16:06]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 18:41]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-01-23 13:50]
R3 EventSystem;COM+ Event System;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R3 Fdc;Floppy Disk Controller Driver;C:\WINDOWS\system32\DRIVERS\fdc.sys [2004-08-03 18:59]
R3 Flpydisk;Floppy Disk Driver;C:\WINDOWS\system32\DRIVERS\flpydisk.sys [2004-08-03 18:59]
R3 Gpc;Generic Packet Classifier;C:\WINDOWS\system32\DRIVERS\msgpc.sys [2004-08-03 19:04]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 17:07]
R3 hidusb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 10:00]
R3 HTTP;HTTP;C:\WINDOWS\system32\Drivers\HTTP.sys [2006-03-16 20:33]
R3 HTTPFilter;HTTP SSL;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 19:26]
R3 IpNat;IP Network Address Translator;C:\WINDOWS\system32\DRIVERS\ipnat.sys [2004-09-29 18:28]
R3 kmixer;Microsoft Kernel Wave Audio Mixer;C:\WINDOWS\system32\drivers\kmixer.sys [2006-06-14 04:47]
R3 mouhid;Mouse HID Driver;C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 10:00]
R3 MRxDAV;WebDav Client Redirector;C:\WINDOWS\system32\DRIVERS\mrxdav.sys [2007-12-18 05:51]
R3 mssmbios;Microsoft System Management BIOS Driver;C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2004-08-03 21:05]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\WINDOWS\system32\DRIVERS\ndistapi.sys [2001-08-23 10:00]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\ndisuio.sys [2004-08-03 21:05]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\WINDOWS\system32\DRIVERS\ndiswan.sys [2004-08-03 19:14]
R3 NDProxy;NDIS Proxy;C:\WINDOWS\system32\drivers\NDProxy.sys [2001-08-23 10:00]
R3 Netman;Network Connections;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R3 Nla;Network Location Awareness (NLA);C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R3 nv;nv;C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 02:41]
R3 Parport;Parallel port driver;C:\WINDOWS\system32\DRIVERS\parport.sys [2004-08-03 21:05]
R3 PptpMiniport;WAN Miniport (PPTP);C:\WINDOWS\system32\DRIVERS\raspptp.sys [2004-08-03 19:14]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 19:04]
R3 Ptilink;Direct Parallel Link Driver;C:\WINDOWS\system32\DRIVERS\ptilink.sys [2001-08-23 10:00]
R3 Rasl2tp;WAN Miniport (L2TP);C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [2004-08-03 19:14]
R3 RasMan;Remote Access Connection Manager;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R3 RasPppoe;Remote Access PPPOE Driver;C:\WINDOWS\system32\DRIVERS\raspppoe.sys [2004-08-03 19:05]
R3 Raspti;Direct Parallel;C:\WINDOWS\system32\DRIVERS\raspti.sys [2001-08-23 10:00]
R3 rdpdr;Terminal Server Device Redirector Driver;C:\WINDOWS\system32\DRIVERS\rdpdr.sys [2004-08-03 23:01]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R3 serenum;Serenum Filter Driver;C:\WINDOWS\system32\DRIVERS\serenum.sys [2004-08-03 18:59]
R3 Srv;Srv;C:\WINDOWS\system32\DRIVERS\srv.sys [2006-08-14 06:34]
R3 SSDPSRV;SSDP Discovery Service;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R3 stisvc;Windows Image Acquisition (WIA);C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
R3 swenum;Software Bus Driver;C:\WINDOWS\system32\DRIVERS\swenum.sys [2004-08-03 21:05]
R3 sysaudio;Microsoft Kernel System Audio Device;C:\WINDOWS\system32\drivers\sysaudio.sys [2004-08-03 21:05]
R3 TapiSrv;Telephony;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
R3 TermService;Terminal Services;C:\WINDOWS\System32\svchost -k DComLaunch []
R3 Update;Microcode Update Driver;C:\WINDOWS\system32\DRIVERS\update.sys [2007-04-23 06:32]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 19:08]
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 19:08]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 19:08]
R3 Wanarp;Remote Access IP ARP Driver;C:\WINDOWS\system32\DRIVERS\wanarp.sys [2004-08-03 19:04]
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;C:\WINDOWS\system32\drivers\wdmaud.sys [2006-06-14 05:00]
R4 Cdfs;Cdfs;C:\WINDOWS\system32\drivers\Cdfs.sys [2004-08-03 19:14]
R4 Fastfat;Fastfat;C:\WINDOWS\system32\drivers\Fastfat.sys [2004-08-03 19:14]
R4 Ntfs;Ntfs;C:\WINDOWS\system32\drivers\Ntfs.sys [2007-02-09 07:10]
S1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 09:08]
S1 Cdaudio;Cdaudio;C:\WINDOWS\system32\drivers\Cdaudio.sys [2001-08-23 10:00]
S1 Imapi;CD-Burning Filter Driver;C:\WINDOWS\system32\DRIVERS\imapi.sys [2004-08-03 19:00]
S1 kbdhid;Keyboard HID Driver;C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 18:58]
S1 Processor;Processor Driver;C:\WINDOWS\system32\DRIVERS\processr.sys [2004-08-03 21:05]
S1 Sfloppy;Sfloppy;C:\WINDOWS\system32\drivers\Sfloppy.sys [2004-08-03 18:59]
S3 Adobe LM Service;Adobe LM Service;"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [2007-01-20 16:38]
S3 aec;Microsoft Kernel Acoustic Echo Canceller;C:\WINDOWS\system32\drivers\aec.sys [2006-02-14 20:22]
S3 AppMgmt;Application Management;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
S3 aspnet_state;ASP.NET State Service;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 08:28]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\WINDOWS\system32\DRIVERS\asyncmac.sys [2004-08-03 19:05]
S3 ATIAVAIW;ATI T200 Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavt2.sys []
S3 Atmarpc;ATM ARP Client Protocol;C:\WINDOWS\system32\DRIVERS\atmarpc.sys [2004-08-03 18:58]
S3 CCDECODE;Closed Caption Decoder;C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 00:10]
S3 cisvc;Indexing Service;C:\WINDOWS\system32\cisvc.exe [2004-08-03 20:56]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 08:28]
S3 COMSysApp;COM+ System Application;C:\WINDOWS\system32\dllhost.exe [2004-08-03 20:56]
S3 dmadmin;Logical Disk Manager Administrative Service;C:\WINDOWS\System32\dmadmin.exe [2004-08-03 20:56]
S3 DMusic;Microsoft Kernel DLS Syntheiszer;C:\WINDOWS\system32\drivers\DMusic.sys [2004-08-03 23:07]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler;C:\WINDOWS\system32\drivers\drmkaud.sys [2004-08-03 21:05]
S3 ENTECH;ENTECH;C:\WINDOWS\system32\DRIVERS\ENTECH.sys [2004-10-25 20:02]
S3 FastUserSwitchingCompatibility;Fast User Switching Compatibility;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
S3 IDriverT;InstallDriver Table Manager;"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [2005-04-04 00:41]
S3 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-10-18 01:14]
S3 IKSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys [2008-01-10 22:00]
S3 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys [2008-01-10 22:00]
S3 ImapiService;IMAPI CD-Burning COM Service;C:\WINDOWS\system32\imapi.exe [2004-08-03 20:56]
S3 Ip6Fw;IPv6 Windows Firewall Driver;C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [2004-08-03 19:00]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [2001-08-23 10:00]
S3 IpInIp;IP in IP Tunnel Driver;C:\WINDOWS\system32\DRIVERS\ipinip.sys [2004-08-03 19:04]
S3 IRENUM;IR Enumerator Service;C:\WINDOWS\system32\DRIVERS\irenum.sys [2004-08-03 19:00]
S3 mnmsrvc;NetMeeting Remote Desktop Sharing;C:\WINDOWS\System32\mnmsrvc.exe [2004-08-03 20:56]
S3 Modem;Modem;C:\WINDOWS\system32\drivers\Modem.sys [2004-08-03 21:05]
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 00:10]
S3 MSDTC;Distributed Transaction Coordinator;C:\WINDOWS\System32\msdtc.exe [2004-08-03 20:56]
S3 MSIServer;Windows Installer;C:\WINDOWS\system32\msiexec.exe [2005-05-04 14:45]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\WINDOWS\system32\drivers\MSKSSRV.sys [2004-08-03 21:05]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\WINDOWS\system32\drivers\MSPCLOCK.sys [2004-08-03 21:05]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\WINDOWS\system32\drivers\MSPQM.sys [2004-08-03 21:05]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 23:58]
S3 NABTSFEC;NABTS/FEC VBI Codec;C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 00:10]
S3 Netlogon;Net Logon;C:\WINDOWS\system32\lsass.exe [2004-08-03 20:56]
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 18:59]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
S3 NtLmSsp;NT LM Security Support Provider;C:\WINDOWS\system32\lsass.exe [2004-08-03 20:56]
S3 NtmsSvc;Removable Storage;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
S3 NwlnkFlt;IPX Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [2001-08-23 10:00]
S3 NwlnkFwd;IPX Traffic Forwarder Driver;C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [2001-08-23 10:00]
S3 Profos;Profos;C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2007-07-12 01:32]
S3 RasAuto;Remote Access Auto Connection Manager;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
S3 RDPWD;RDPWD;C:\WINDOWS\system32\drivers\RDPWD.sys [2005-06-10 00:09]
S3 RDSessMgr;Remote Desktop Help Session Manager;C:\WINDOWS\system32\sessmgr.exe [2004-08-03 20:56]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\WINDOWS\system32\locator.exe [2004-08-03 20:56]
S3 RSVP;QoS RSVP;C:\WINDOWS\system32\rsvp.exe [2001-08-23 10:00]
S3 SCardDrv;Smart Card Helper;C:\WINDOWS\System32\SCardSvr.exe [2004-08-03 20:56]
S3 SCardSvr;Smart Card;C:\WINDOWS\System32\SCardSvr.exe [2004-08-03 20:56]
S3 sdCoreService;PC Tools Security Service;C:\Program Files\Spyware Doctor\swdsvc.exe [2007-11-02 18:25]
S3 splitter;Microsoft Kernel Audio Splitter;C:\WINDOWS\system32\drivers\splitter.sys [2006-06-14 04:47]
S3 streamip;BDA IPSink;C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 00:10]
S3 swmidi;Microsoft Kernel GS Wavetable Synthesizer;C:\WINDOWS\system32\drivers\swmidi.sys [2001-08-23 10:00]
S3 SwPrv;MS Software Shadow Copy Provider;C:\WINDOWS\system32\dllhost.exe [2004-08-03 20:56]
S3 SysmonLog;Performance Logs and Alerts;C:\WINDOWS\system32\smlogsvc.exe [2004-08-03 20:56]
S3 TDPIPE;TDPIPE;C:\WINDOWS\system32\drivers\TDPIPE.sys [2004-08-03 21:01]
S3 TDTCP;TDTCP;C:\WINDOWS\system32\drivers\TDTCP.sys [2004-08-03 21:01]
S3 Trufos;Trufos;C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2007-07-10 08:00]
S3 upnphost;Universal Plug and Play Device Host;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
S3 UPS;Uninterruptible Power Supply;C:\WINDOWS\System32\ups.exe [2004-08-03 20:56]
S3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 19:08]
S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S3 usprserv;User Privilege Service;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
S3 VSS;Volume Shadow Copy;C:\WINDOWS\System32\vssvc.exe [2004-08-03 20:56]
S3 WLSetupSvc;Windows Live Setup Service;"C:\Program Files\Windows Live\installer\WLSetupSvc.exe" [2007-10-25 15:27]
S3 WmdmPmSN;Portable Media Serial Number Service;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
S3 Wmi;Windows Management Instrumentation Driver Extensions;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
S3 WmiApSrv;WMI Performance Adapter;C:\WINDOWS\system32\wbem\wmiapsrv.exe [2004-08-03 20:56]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service;"C:\Program Files\Windows Media Player\WMPNetwk.exe" [2006-10-18 20:05]
S3 WSTCODEC;World Standard Teletext Codec;C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 00:10]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 18:55]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 19:00]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
S3 XDva011;XDva011;C:\WINDOWS\system32\XDva011.sys []
S3 xmlprov;Network Provisioning Service;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller;C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-09-18 08:59]
S4 ACPIEC;ACPIEC;C:\WINDOWS\system32\drivers\ACPIEC.sys [2001-08-23 10:00]
S4 cbidf2k;cbidf2k;C:\WINDOWS\system32\drivers\cbidf2k.sys [2001-08-23 10:00]
S4 ClipSrv;ClipBook;C:\WINDOWS\system32\clipsrv.exe [2004-08-03 20:56]
S4 dmboot;dmboot;C:\WINDOWS\system32\drivers\dmboot.sys [2004-08-03 19:07]
S4 HidServ;Human Interface Device Access;C:\WINDOWS\System32\svchost.exe [2004-08-03 20:56]
S4 MDM;Machine Debug Manager;"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [2003-06-20 01:00]
S4 Messenger;Messenger;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
S4 NetDDE;Network DDE;C:\WINDOWS\system32\netdde.exe [2004-08-03 20:56]
S4 NetDDEdsdm;Network DDE DSDM;C:\WINDOWS\system32\netdde.exe [2004-08-03 20:56]
S4 ose;Office Source Engine;"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [2003-06-20 01:00]
S4 Pcmcia;Pcmcia;C:\WINDOWS\system32\drivers\Pcmcia.sys [2004-08-03 19:07]
S4 RemoteAccess;Routing and Remote Access;C:\WINDOWS\system32\svchost.exe [2004-08-03 20:56]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental);"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" []
S4 TlntSvr;Telnet;C:\WINDOWS\system32\tlntsvr.exe [2004-08-03 20:56]
S4 Udfs;Udfs;C:\WINDOWS\system32\drivers\Udfs.sys [2004-08-03 19:00]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;C:\WINDOWS\system32\drivers\ws2ifsl.sys [2001-08-23 10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 11:58:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-21 11:59:05
ComboFix-quarantined-files.txt 2008-03-21 15:58:56
ComboFix2.txt 2008-03-21 07:16:25
ComboFix3.txt 2008-03-18 00:04:42
.
2008-03-19 07:19:14 --- E O F ---
[ + quote]
gotrice8
Newbie
_ 		21. March 2008 @ 13:57 _ Link to this message    Send private message to this user   
Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 21/03/2008
The current time is: 12:11:45.53


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report



Incident Status Location

Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[counter.hitslink.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[.xiti.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[.toplist.cz/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[.clickbank.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies.txt[.com.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tuan Nguyen\Cookies\tuan nguyen@ads.pointroll[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tuan Nguyen\Cookies\tuan nguyen@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tuan Nguyen\Cookies\tuan nguyen@doubleclick[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tuan Nguyen\Cookies\tuan nguyen@doubleclick[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tuan Nguyen\Cookies\tuan nguyen@mediaplex[1].txt
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
[ + quote]
gotrice8
Newbie
_ 		22. March 2008 @ 03:22 _ Link to this message    Send private message to this user   
I have a folder located C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To..

I am unsucessful in deleting it and it's full of viruses. Should I try to go into safe mode and delete it? Or are we trying to do that currently?
[ + quote]
Ltangel
Member
_ 		22. March 2008 @ 04:58 _ Link to this message    Send private message to this user   
Hey gotrice8,

Can you give me the full name of that folder you are talking about?


Fix with HijackThis

Please reopen HijackThis and put a check next to the the following entries:

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

Now close all windows and browsers except HijackThis and click "Fix Checked". Close HijackThis and reboot into safe mode.

--> Once in safe mode, go to Add or Remove Programs in Control Panel and remove the following program:

DAP

--> Using Windows Explorer, search for the following folder and delete it:

C:\Program Files\DAP\

Reboot back into normal mode.

--------------------------------------------------------------------

Clean your temporary files

Download ATF Cleaner.

*Double-click ATF-Cleaner.exe.
* Under Main tab choose "Select All".
* Click the Empty Selected button.

If you use Firefox browser

Click Firefox and choose Select All
Click the Empty Selected button.

If you use Opera browser

Click Opera at the top and choose Select All
Click the Empty Selected button.

Click Exit to close the program.

--------------------------------------------------------------------

Do an online scan with Panda Activescan

Let's try an online scan to see if there are any infections. You will need IE to do the scan.

Go here

1. Click the Scan your PC button
2. A new window will open, click the Check Now button
3. Enter your Country, State/Province and e-mail address and click send
4. Select Home User
5. Click the Scan Now button
8. Allow any installation of ActiveX component(s)
9. It will start downloading the files it requires for the scan (Note: It may take a while)
10. When done, click on My Computer
11. When the scan completes, click the See Report button, then save it to desktop. Post the contents of the ActiveScan report on here.

---------------------------------------------------------------------

In your next reply (please include):

Fresh HijackThis log
PandaActive Scan log
Description of how your PC is doing
Full name of the folder you referred to

~Ltangel~
[ + quote]
Windows and system security is my priority.

This message has been edited since posting. Last time this message was edited on 22. March 2008 @ 04:59
gotrice8
Newbie
_ 		22. March 2008 @ 15:28 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:04 PM, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205258109281
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205257778265
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6715 bytes



Incident Status Location

Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[counter.hitslink.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[.xiti.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[.toplist.cz/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Tuan Nguyen\Application Data\Mozilla\Firefox\Profiles\q1wzkbia.default\cookies-1.txt[.clickbank.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tuan Nguyen\Cookies\tuan nguyen@atdmt[1].txt
[ + quote]
gotrice8
Newbie
_ 		22. March 2008 @ 15:35 _ Link to this message    Send private message to this user   
Currently I am not having any visible trouble with my PC. From the previous post of the Bit Defender Scan there seems to be a lot of viruses and trojans located in the folder named "How To.." located C:\Documents and Settings\Tuan Nguyen\My Documents\shit\How To.. That is the full name of the folder and sorry if i was not clear. I would like to get rid of the folder and viruses inside with your help.

Thank you
[ + quote]

This message has been edited since posting. Last time this message was edited on 22. March 2008 @ 16:07
Ltangel
Member
_ 		23. March 2008 @ 01:07 _ Link to this message    Send private message to this user   
Hey gotrice8,

Your HijackThis log looks fine now. :) Good work! Don't worry about that folder, we'll delete it now.

Delete Unwanted Folder with Unlocker 1.8.6

* Please download Unlocker 1.8.6 to your desktop.
* Double click on the setup file and follow the prompts.
* When done, click "Finish" to close setup.
* Now, go to C:\Documents and Settings\Tuan Nguyen\My Documents\ and locate the folder shit.
* Right click on that folder and select "Unlocker".
* A window will open, click on "Kill all processes".
* Then right click on the folder and select Delete. The folder should now be moved to Recycle bin.

---------------------------------------------------------------------

Scan with Dr WebCureIt


* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe


* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:
* If so, click it and then click the next icon right below and select Move incurable.

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

---------------------------------------------------------------------

In your next reply (please include):

Fresh HijackThis log
WebCureIt log

~Ltangel~








[ + quote]
Windows and system security is my priority.
gotrice8
Newbie
_ 		23. March 2008 @ 13:52 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:43 PM, on 23/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205258109281
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1205257778265
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6728 bytes


livesrv.exe;c:\program files\common files\bitdefender\bitdefender update service;Probably DLOADER.Trojan;Incurable.Deleted.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
aolsetup.exe;C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0158089.bat;C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP673;Probably BATCH.Virus;Incurable.Moved.;
A0158094.bat;C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP673;Probably SCRIPT.Virus;Incurable.Moved.;
A0158795.bat;C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP677;Probably BATCH.Virus;Incurable.Moved.;
A0158801.bat;C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP677;Probably SCRIPT.Virus;Incurable.Moved.;
A0158849.bat;C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP678;Probably BATCH.Virus;Incurable.Moved.;
A0158855.bat;C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP678;Probably SCRIPT.Virus;Incurable.Moved.;
A0158927.bat;C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP678;Probably BATCH.Virus;Incurable.Moved.;
A0158933.bat;C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP678;Probably SCRIPT.Virus;Incurable.Moved.;
A0158968.bat;C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP679;Probably BATCH.Virus;Incurable.Moved.;
A0158973.bat;C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP679;Probably SCRIPT.Virus;Incurable.Moved.;
A0159608.exe;C:\System Volume Information\_restore{BC7BD415-6941-456E-B61A-AE4165AA5675}\RP680;Probably DLOADER.Trojan;Incurable.Moved.;
[ + quote]
Advertisement
_ 		__
 
_
Ltangel
Member
_ 		24. March 2008 @ 06:57 _ Link to this message    Send private message to this user   
Hey gotrice8,

Good work! Just a few more issues and we can close this. :)

Update your Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

* Download and install the latest version of Java here.
* Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java (they begin with "J2SE Runtime Environment...").
* It may prompt you to reboot once you have removed previous versions, please click "Yes" if the prompt comes up.

---------------------------------------------------------------------

Reset System Restore

Now, we shall clean and reset the Restore Points so as to clean up previously infected Restore Points.

Please right click on My Computer, select "Properties". Then in "System Properties" window, select the "System Restore" tab.

Clean existing Restore Points
* Put a check next to "Turn off System Restore on all drives". Click Apply. (Please wait for a moment to complete the cleaning process)

Set new Restore Points
* Uncheck "Turn off System Restore on all drives". Click Apply. (Please wait for a moment to complete the reset process)

----------------------------------------------------------------------

Now that your log is fine, I have some recommended downloads for you. Please have a look at them and decide for yourself what you would like to use as protection for your system. After you have chosen the protection softwares you want to download, please don't forget to set them to automatic updating to get the latest protection.

[*]Spybot Search & Destroy- An excellent and free anti-spyware software with Immunize functionability that will help prevent future infections. PGPhantom has written a very comprehensive instruction set for Spybot, available here.

[*]SpywareBlaster - A wonderful prevention tool to protect yourself from installation of malicious codes. SpywareBlaster tutorial (by Grinler) is available here.

[*]IE-SpyAd - It puts over 5000 sites in your restricted zone and protect your Internet browser from being redirected to a malicious site. Lawrence Abrams has written an excellent tutorial about IE-SpyAd here.

Special Note: It is vital to know that you should only have ONE anti-spyware resident protection and ONE anti-virus resident protection running. Running more than one resident protection can slow down your system and cause conflicts between the protection softwares. Exceptions are Spywareblaster and IE-SpyAd which can be used with any other protection softwares.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Happy safe surfing!

~Ltangel~
[ + quote]
Windows and system security is my priority.
 
Page:12Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > bit defender trojan detected hijack log
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2009 by AfterDawn Ltd.